[....] Starting OpenBSD Secure Shell server: sshd[?25l[?1c7[ ok 8[?25h[?0c. [....] Starting file context maintaining daemon: restorecond[?25l[?1c7[ ok 8[?25h[?0c. Debian GNU/Linux 7 syzkaller ttyS0 syzkaller login: [ 39.449335] random: sshd: uninitialized urandom read (32 bytes read) [ 39.672871] kauditd_printk_skb: 9 callbacks suppressed [ 39.672879] audit: type=1400 audit(1570781546.354:35): avc: denied { map } for pid=6846 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 [ 39.717047] random: sshd: uninitialized urandom read (32 bytes read) [ 40.308105] random: sshd: uninitialized urandom read (32 bytes read) Warning: Permanently added '10.128.0.251' (ECDSA) to the list of known hosts. [ 45.770788] random: sshd: uninitialized urandom read (32 bytes read) 2019/10/11 08:12:32 fuzzer started [ 45.974681] audit: type=1400 audit(1570781552.654:36): avc: denied { map } for pid=6855 comm="syz-fuzzer" path="/root/syz-fuzzer" dev="sda1" ino=16482 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:user_home_t:s0 tclass=file permissive=1 [ 46.740699] random: cc1: uninitialized urandom read (8 bytes read) 2019/10/11 08:12:34 dialing manager at 10.128.0.105:34941 2019/10/11 08:12:34 syscalls: 2500 2019/10/11 08:12:34 code coverage: enabled 2019/10/11 08:12:34 comparison tracing: ioctl(KCOV_TRACE_CMP) failed: invalid argument 2019/10/11 08:12:34 extra coverage: extra coverage is not supported by the kernel 2019/10/11 08:12:34 setuid sandbox: enabled 2019/10/11 08:12:34 namespace sandbox: enabled 2019/10/11 08:12:34 Android sandbox: /sys/fs/selinux/policy does not exist 2019/10/11 08:12:34 fault injection: enabled 2019/10/11 08:12:34 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2019/10/11 08:12:34 net packet injection: enabled 2019/10/11 08:12:34 net device setup: enabled 2019/10/11 08:12:34 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist [ 48.571390] random: crng init done 08:14:01 executing program 5: r0 = open(&(0x7f0000000080)='.\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(r0, 0x40046629, &(0x7f0000000000)) 08:14:01 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:01 executing program 3: r0 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12}, &(0x7f0000044000)) semtimedop(0x0, &(0x7f0000000000)=[{}], 0x1, &(0x7f0000000040)={0x77359400}) socketpair$unix(0x1, 0x40000000000001, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r1, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) tkill(r0, 0x1000000000016) 08:14:01 executing program 1: socket$inet_tcp(0x2, 0x1, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) creat(0x0, 0x0) bind$alg(r0, &(0x7f0000000240)={0x26, 'hash\x00', 0x0, 0x0, 'sha384\x00'}, 0x58) r1 = accept$alg(r0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000007f00)=[{{&(0x7f00000056c0)=@can, 0x50, &(0x7f00000000c0)}}, {{&(0x7f0000005900)=@pppoe={0x18, 0x0, {0x0, @link_local, 'syzkaller0\x00'}}, 0x80, &(0x7f0000007ac0), 0x1a9, &(0x7f0000007b00)}}], 0x3fffffffffffe0d, 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f0000000440)=ANY=[@ANYRES64], 0x8) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000), 0x8080fffffffe) bind$inet(0xffffffffffffffff, 0x0, 0x0) 08:14:01 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_SET_CPUID2(0xffffffffffffffff, 0x4008ae90, &(0x7f00000005c0)=ANY=[@ANYBLOB="02000000000000fe4f552762"]) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$full(0xffffffffffffff9c, &(0x7f0000000140)='/dev/full\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000500)={[0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0xff], 0x1f004}) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x0, 0x0) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, &(0x7f00000001c0)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000200)=0x7, 0x4) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000400)) ioctl$KVM_RUN(r2, 0xae80, 0x900000000000000) ioctl$sock_inet_SIOCSIFNETMASK(0xffffffffffffffff, 0x891c, 0x0) 08:14:01 executing program 4: prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x50000}]}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGPTLCK(r0, 0x80045439, 0x0) [ 134.708482] audit: type=1400 audit(1570781641.384:37): avc: denied { map } for pid=6855 comm="syz-fuzzer" path="/root/syzkaller-shm461246667" dev="sda1" ino=2233 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 [ 134.742630] audit: type=1400 audit(1570781641.404:38): avc: denied { map } for pid=6872 comm="syz-executor.5" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3152 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 [ 135.050925] IPVS: ftp: loaded support on port[0] = 21 [ 135.898734] chnl_net:caif_netlink_parms(): no params data found [ 135.906952] IPVS: ftp: loaded support on port[0] = 21 [ 135.938975] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.945844] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.952934] device bridge_slave_0 entered promiscuous mode [ 135.959739] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.966184] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.973040] device bridge_slave_1 entered promiscuous mode [ 135.994733] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 136.007855] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.031011] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.038289] team0: Port device team_slave_0 added [ 136.045880] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.052986] team0: Port device team_slave_1 added [ 136.062339] IPVS: ftp: loaded support on port[0] = 21 [ 136.071246] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 136.078774] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 136.182215] device hsr_slave_0 entered promiscuous mode [ 136.230420] device hsr_slave_1 entered promiscuous mode [ 136.272606] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 136.283347] chnl_net:caif_netlink_parms(): no params data found [ 136.291683] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 136.338015] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.345308] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.352480] device bridge_slave_0 entered promiscuous mode [ 136.359163] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.365597] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.372443] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.378816] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.387756] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.394248] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.402268] IPVS: ftp: loaded support on port[0] = 21 [ 136.402887] device bridge_slave_1 entered promiscuous mode [ 136.428484] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 136.444398] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.462854] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.469983] team0: Port device team_slave_0 added [ 136.481524] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.488599] team0: Port device team_slave_1 added [ 136.495601] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 136.507056] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 136.592526] device hsr_slave_0 entered promiscuous mode [ 136.660313] device hsr_slave_1 entered promiscuous mode [ 136.720591] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 136.727630] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 136.742995] chnl_net:caif_netlink_parms(): no params data found [ 136.787736] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.794456] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.801856] device bridge_slave_0 entered promiscuous mode [ 136.808313] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.814852] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.821806] device bridge_slave_1 entered promiscuous mode [ 136.840181] bridge0: port 2(bridge_slave_1) entered blocking state [ 136.846548] bridge0: port 2(bridge_slave_1) entered forwarding state [ 136.853155] bridge0: port 1(bridge_slave_0) entered blocking state [ 136.859482] bridge0: port 1(bridge_slave_0) entered forwarding state [ 136.880267] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 136.898028] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 136.906988] IPVS: ftp: loaded support on port[0] = 21 [ 136.925259] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 136.932729] team0: Port device team_slave_0 added [ 136.951975] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.958818] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.966619] bridge0: port 1(bridge_slave_0) entered disabled state [ 136.973310] bridge0: port 2(bridge_slave_1) entered disabled state [ 136.984078] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 136.991616] team0: Port device team_slave_1 added [ 137.009363] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.016761] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 137.026141] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 137.040552] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.102942] device hsr_slave_0 entered promiscuous mode [ 137.140326] device hsr_slave_1 entered promiscuous mode [ 137.210502] chnl_net:caif_netlink_parms(): no params data found [ 137.218857] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 137.227768] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 137.235808] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.253536] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.261147] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.271671] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 137.277738] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.303593] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 137.312929] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 137.328073] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.336500] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.344132] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.350520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 137.357679] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 137.366055] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 137.373657] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.380007] bridge0: port 2(bridge_slave_1) entered forwarding state [ 137.395472] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 137.407106] bridge0: port 1(bridge_slave_0) entered blocking state [ 137.413997] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.420993] device bridge_slave_0 entered promiscuous mode [ 137.429355] bridge0: port 2(bridge_slave_1) entered blocking state [ 137.435829] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.442790] device bridge_slave_1 entered promiscuous mode [ 137.462902] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 137.469749] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 137.479350] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 137.489611] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 137.497561] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 137.507982] IPVS: ftp: loaded support on port[0] = 21 [ 137.514122] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 137.522398] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 137.530237] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 137.540208] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 137.549371] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 137.559534] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 137.569873] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 137.577955] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 137.587373] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 137.608522] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 137.616016] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 137.625332] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 137.637642] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 137.646064] team0: Port device team_slave_0 added [ 137.651868] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 137.659598] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 137.670724] 8021q: adding VLAN 0 to HW filter on device bond0 [ 137.678056] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 137.685950] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 137.692703] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 137.713067] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 137.720365] team0: Port device team_slave_1 added [ 137.727252] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 137.737744] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 137.744230] 8021q: adding VLAN 0 to HW filter on device team0 [ 137.785389] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 137.792825] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 137.799657] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 137.809257] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 137.827426] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 137.855029] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 137.902110] device hsr_slave_0 entered promiscuous mode [ 137.940324] device hsr_slave_1 entered promiscuous mode [ 137.980689] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 137.988467] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 137.996163] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.002554] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.011170] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.021059] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.028725] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.036428] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.042870] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.053263] chnl_net:caif_netlink_parms(): no params data found [ 138.070893] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 138.081573] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 138.089362] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 138.102647] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 138.119054] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.126947] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 138.139464] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready [ 138.147750] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.163428] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 138.172282] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 138.199031] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 138.207039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 138.215133] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 138.223743] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 138.233263] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.239620] bridge0: port 1(bridge_slave_0) entered disabled state [ 138.247274] device bridge_slave_0 entered promiscuous mode [ 138.265209] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 138.273293] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 138.282018] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.288382] bridge0: port 2(bridge_slave_1) entered disabled state [ 138.296125] device bridge_slave_1 entered promiscuous mode [ 138.314416] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.324977] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 138.334603] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 138.357395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 138.365713] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 138.375208] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 138.390704] 8021q: adding VLAN 0 to HW filter on device bond0 [ 138.397613] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 138.418918] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.425414] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 138.433688] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 138.441396] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.448283] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.456194] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 138.462338] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 138.483841] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 138.489962] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.508967] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 138.518518] chnl_net:caif_netlink_parms(): no params data found [ 138.529574] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready [ 138.537114] team0: Port device team_slave_0 added [ 138.543077] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 138.550580] team0: Port device team_slave_1 added [ 138.555977] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 138.565621] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready 08:14:05 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 138.589384] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 138.597830] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 138.614807] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready 08:14:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000020000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newqdisc={0x444, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {0x0, 0xe}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbq={{0x8, 0x1, 'cbq\x00'}, {0x418, 0x2, [@TCA_CBQ_RTAB={0x404}, @TCA_CBQ_RATE={0x10, 0x5, {0x6, 0x0, 0x0, 0x0, 0x0, 0x5}}]}}]}, 0x444}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000980)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000009c0)=@newqdisc={0x24, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {0x0, 0x6}, {0x0, 0xe}}}, 0x24}}, 0x0) [ 138.636218] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 138.644570] audit: type=1400 audit(1570781645.324:39): avc: denied { syslog } for pid=6908 comm="syz-executor.5" capability=34 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 138.670042] bridge0: port 1(bridge_slave_0) entered blocking state [ 138.676398] bridge0: port 1(bridge_slave_0) entered forwarding state [ 138.683595] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 138.692985] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 138.701955] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 138.711920] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 138.720894] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 138.727136] 8021q: adding VLAN 0 to HW filter on device team0 [ 138.744977] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 138.754831] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 138.762630] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 138.770286] bridge0: port 2(bridge_slave_1) entered blocking state [ 138.776652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 138.784616] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 138.794262] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 138.853720] device hsr_slave_0 entered promiscuous mode [ 138.890413] device hsr_slave_1 entered promiscuous mode [ 138.930771] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 138.945135] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 138.953044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 138.960444] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=6914 comm=syz-executor.5 [ 138.973388] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready 08:14:05 executing program 5: perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_REVISION_TARGET(r0, 0x0, 0x43, &(0x7f0000000200)={'icmp\x00'}, &(0x7f0000000240)=0x1e) [ 138.983197] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 138.992151] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.000458] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 139.019898] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 139.041992] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 139.049628] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 139.059044] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 139.068950] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.077055] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.083452] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.090463] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 139.098126] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.109331] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.115730] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.123253] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.130240] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 139.138741] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.145813] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.152928] device bridge_slave_0 entered promiscuous mode [ 139.161388] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 139.172462] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 08:14:05 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 139.191532] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 139.203199] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 139.209967] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 139.219807] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.227636] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.235329] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.243402] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.252767] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 139.260551] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.266913] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.276796] device bridge_slave_1 entered promiscuous mode [ 139.297341] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 139.305005] BTRFS: device fsid fff6f2a2-2997-48ae-b81e-1b00920efd9a devid 0 transid 1563797359499952001 /dev/loop5 [ 139.317615] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 139.328944] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 139.339324] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 139.358547] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 139.368267] BTRFS error (device loop5): superblock checksum mismatch [ 139.374066] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 139.393343] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 139.400574] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 139.408108] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 139.416201] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.423815] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.431498] BTRFS error (device loop5): open_ctree failed [ 139.439004] bond0: Enslaving bond_slave_0 as an active interface with an up link [ 139.449029] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 139.467697] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 139.475797] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.484698] bond0: Enslaving bond_slave_1 as an active interface with an up link [ 139.504865] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 139.514577] BTRFS error (device loop5): superblock checksum mismatch [ 139.521686] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.565181] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 139.576048] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 139.587296] BTRFS error (device loop5): open_ctree failed [ 139.593178] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 139.593239] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 139.593915] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready 08:14:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 139.613554] team0: Port device team_slave_0 added [ 139.620260] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 139.629010] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.641128] 8021q: adding VLAN 0 to HW filter on device bond0 [ 139.659360] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 139.672486] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready [ 139.679847] team0: Port device team_slave_1 added [ 139.685578] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready [ 139.699277] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready [ 139.715396] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 139.735700] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 139.762607] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 139.786753] BTRFS error (device loop5): superblock checksum mismatch [ 139.787882] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.804685] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 139.819930] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.840227] BTRFS error (device loop5): open_ctree failed 08:14:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 139.882943] device hsr_slave_0 entered promiscuous mode [ 139.920519] device hsr_slave_1 entered promiscuous mode [ 139.935476] BTRFS error (device loop5): superblock checksum mismatch [ 139.961056] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready [ 139.968168] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready [ 139.975240] BTRFS error (device loop5): open_ctree failed 08:14:06 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 139.986372] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 139.995702] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 140.007921] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.024929] IPv6: ADDRCONF(NETDEV_UP): bridge0: link is not ready 08:14:06 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 140.046068] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 140.067628] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.081741] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.089938] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.096359] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.124450] BTRFS error (device loop5): superblock checksum mismatch [ 140.140823] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 140.152941] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.165334] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.173277] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.181620] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.187998] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.202058] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.209315] BTRFS error (device loop5): open_ctree failed [ 140.219607] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.229575] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.237869] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.248539] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.268552] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.287813] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.313591] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.349089] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.366329] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.379506] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.400753] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.422700] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.432614] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.439604] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.492192] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.499887] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.550645] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.559469] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready [ 140.570813] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 140.576882] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.592544] IPv6: ADDRCONF(NETDEV_UP): veth1: link is not ready [ 140.599931] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.607273] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.616426] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready [ 140.629379] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.640643] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.649263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 140.658639] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bridge: link is not ready [ 140.666738] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.679204] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.687062] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.693594] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.701994] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.711360] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bridge: link is not ready [ 140.720627] IPv6: ADDRCONF(NETDEV_UP): veth0_to_bond: link is not ready [ 140.728166] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.737153] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.745209] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.751634] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.761253] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.771453] IPv6: ADDRCONF(NETDEV_UP): veth1_to_bond: link is not ready [ 140.780623] IPv6: ADDRCONF(NETDEV_UP): veth0_to_team: link is not ready [ 140.791761] IPv6: ADDRCONF(NETDEV_UP): veth1_to_team: link is not ready [ 140.799373] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.807691] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.815654] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.823416] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.831355] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.838853] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.850235] IPv6: ADDRCONF(NETDEV_UP): veth0_to_hsr: link is not ready [ 140.857680] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.866207] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.877509] IPv6: ADDRCONF(NETDEV_UP): veth1_to_hsr: link is not ready [ 140.885505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.893446] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.902973] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready [ 140.908994] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.922971] IPv6: ADDRCONF(NETDEV_UP): vxcan1: link is not ready [ 140.935779] 8021q: adding VLAN 0 to HW filter on device batadv0 08:14:07 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x400000000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb02, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffdffffffffffffd, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x22, 0x200000000011, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) write(r3, &(0x7f00000001c0), 0xfffffef3) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) ioprio_set$pid(0x0, 0x0, 0x0) 08:14:07 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 141.127564] hrtimer: interrupt took 25881 ns [ 141.925841] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. 08:14:08 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCG_STATS(r0, 0x9208, &(0x7f0000000100)) 08:14:08 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:08 executing program 4: creat(&(0x7f0000000180)='./file0\x00', 0x0) gettid() clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$bpf(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000003c0)='bpf\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="2c63536e7465d2f4894ed7ebd5b842aa0cf843ef787e3d73ed1c61646d5f752c726f6f74636f6e746578743d"]) 08:14:08 executing program 1: r0 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000014c0)='/proc/self/net/pfkey\x00', 0x0, 0x0) pread64(r0, 0x0, 0x0, 0x4) 08:14:08 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) 08:14:08 executing program 3: openat$tun(0xffffffffffffff9c, &(0x7f0000000100)='/dev/net/tun\x00', 0x0, 0x0) r0 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0) write(r0, &(0x7f0000000040)="0600", 0x2) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000200)=ANY=[@ANYBLOB="34efff00ffe720000095aca42d657f93700cfe9983b835b712b579fb6caede9beeb876ae00"], 0xe) socket$inet_udplite(0x2, 0x2, 0x88) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x0, 0x1) socket$caif_stream(0x25, 0x1, 0x0) openat(0xffffffffffffff9c, &(0x7f000052fff8)='./file0\x00', 0x0, 0x0) ioctl$EXT4_IOC_SETFLAGS(0xffffffffffffffff, 0x40046602, &(0x7f0000000040)=0x100cd) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000001c0)='cpu.stat\x00', 0x0, 0x0) ioctl$NBD_SET_BLKSIZE(r1, 0xab01, 0x1) perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x8, 0x0, 0x0, 0x0, 0x0, 0x5, 0x80000, 0x8, 0x0, 0x0, 0x0, 0x0, 0x401, 0x9, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x1f, 0x0, 0x2, 0x0, 0x46, 0xffffffff, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0xfffffffffffffffb}, 0x0, 0x0, 0x0, 0x7}, 0x0, 0x2, 0xffffffffffffffff, 0x1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcs\x00', 0x321001, 0x0) ioctl$BLKPG(r2, 0x1269, &(0x7f0000000280)={0x400, 0xffffffff, 0x0, 0x0}) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x102, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = socket$netlink(0x10, 0x3, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @dev}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0xb, 0xa, 0x209e1e, 0x3, 0x1}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000b40)={r4, &(0x7f0000000300), &(0x7f0000000340)}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000200)={r4, &(0x7f0000000080), &(0x7f00000000c0)=""/111}, 0x18) setsockopt$inet6_udp_encap(0xffffffffffffffff, 0x11, 0x64, &(0x7f0000000140)=0x3, 0x4) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000240)={r4, &(0x7f0000000140), &(0x7f0000000040)=""/92}, 0x20) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x14, 0x14, 0x901, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x0) execveat(0xffffffffffffffff, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000) memfd_create(&(0x7f0000000280)='/dev/input/event#\x00', 0x0) [ 142.022840] SELinux: unknown mount option 08:14:08 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="000000000f000094e083cbdcd1c625fb45548acaf33e00"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=@newqdisc={0x48, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8, 0x1, 'htb\x00'}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)=ANY=[@ANYBLOB="240000002e00edb100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000000000002cf60b3ad6c9e4dfd891b00deb3aa7b0df809aa7a530b76488d35623b2cfbce5a61700000000000000005a464bb81dc2f6336dfcfb0a3165b1e903bd2897e68773a182ab279733ae8c33d5219b7690ea560334739279ae36c80bd70fd6e81dd5dd7ff30278f0cb6f616ed913cb2e6e72511dac69752252e777e1eb5084ce22ba09c4c598d9d52b1986fb837e9dda167377290d83d7274b48be52a6583222b09b119897e8165b1ea339e9e7f01c667b3cecfaa6de7ad95739691698527e0428398fc47102cc7a898eba3442feb563a50b85f11b8a"], 0x24}}, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket(0x10, 0x200080002, 0x0) sendmmsg$alg(r6, &(0x7f0000000140)=[{0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000100)}], 0x492492492492805, 0x0) 08:14:08 executing program 2: syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffff801, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, 0x0) poll(0x0, 0x0, 0xfffffffd) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000bc0), 0x4000000000002e5, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000004e00)=[{0x0, 0x36b, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000010000aac9665cbcb83859e9a3ac000100006f09908b2131b67e2e29ddd52245f8711e07a435d0b5af4d7c0ba3ffbac46028fe53e0bf06f561173ff90e48fac8dac37c4fcb74ec0e330e1646c1b607c0fae848cfe3bff066732ea6dcfc048062f844", @ANYRES32, @ANYRES32], 0x18}], 0x492492492492556, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086602, 0x0) 08:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 142.055051] SELinux: unknown mount option 08:14:08 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:08 executing program 5: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) [ 142.143425] audit: type=1400 audit(1570781648.824:40): avc: denied { map } for pid=7049 comm="syz-executor.4" path="/dev/binder4" dev="devtmpfs" ino=15100 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=chr_file permissive=1 08:14:08 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:08 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 142.235987] binder_alloc: binder_alloc_mmap_handler: 7049 20ff9000-20ffc000 already mapped failed -16 08:14:08 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) 08:14:09 executing program 1: clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 142.306970] binder_alloc: binder_alloc_mmap_handler: 7071 20ff9000-20ffc000 already mapped failed -16 08:14:09 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:09 executing program 1: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) r0 = open$dir(0x0, 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) perf_event_open(0x0, 0x0, 0x6, 0xffffffffffffffff, 0x0) open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) add_key$user(0x0, &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000100)="bc", 0x1, 0xfffffffffffffffc) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000280)={{{@in=@remote, @in=@empty}}, {{@in6}, 0x0, @in6=@ipv4={[], [], @remote}}}, &(0x7f0000000380)=0xe8) mount$bpf(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='bpf\x00', 0x8000, &(0x7f00000006c0)={[{@mode={'mode', 0x3d, 0x5}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0x2}}, {@mode={'mode'}}, {@mode={'mode'}}, {@mode={'mode'}}, {@mode={'mode', 0x3d, 0xb72c}}, {@mode={'mode', 0x3d, 0x3f}}, {@mode={'mode', 0x3d, 0x71d}}], [{@dont_measure='dont_measure'}, {@dont_appraise='dont_appraise'}, {@context={'context', 0x3d, 'root'}}]}) 08:14:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 142.356943] ptrace attach of "/root/syz-executor.1"[7079] was attempted by "/root/syz-executor.1"[7081] [ 142.459048] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 [ 142.489283] binder_alloc: binder_alloc_mmap_handler: 7093 20ff9000-20ffc000 already mapped failed -16 [ 142.514027] SELinux: security_context_str_to_sid(root) failed for (dev bpf, type bpf) errno=-22 08:14:09 executing program 2: r0 = socket$inet6(0xa, 0x803, 0x2) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) fstat(0xffffffffffffffff, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@loopback, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x80000000000001}, {{@in6=@rand_addr="c636a4f1b0424ced4a7c4bdc485a69a0", 0x0, 0x3c}, 0x0, @in, 0x0, 0x4}}, 0xe8) sendmmsg(r0, &(0x7f0000008440)=[{{0x0, 0x1aa, 0x0}}], 0x400000000000107, 0x0) 08:14:09 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) 08:14:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:09 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:09 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x8001}) perf_event_open(&(0x7f000001d000)={0x1, 0x352, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0xfe9a) syz_genetlink_get_family_id$ipvs(0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x200c2, 0x0) write$nbd(r4, &(0x7f0000000380)=ANY=[], 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat(r4, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x7c8d645823812c52, 0x100) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048c64}, 0x4) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') preadv(r5, 0x0, 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x12100, 0x0) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x20600, 0x0) faccessat(r6, 0x0, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x9, 0x4, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r3, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x1, 0x0, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) [ 143.008211] binder_alloc: binder_alloc_mmap_handler: 7112 20ff9000-20ffc000 already mapped failed -16 08:14:09 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:09 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x9, 0x0) 08:14:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(0xffffffffffffffff, 0x84, 0x6d, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="e902000098f3f57e87b6c968e4dd6eacd768ddd925dcb9ca9fe1a43f457d0a725f18e05046bc30674d2d824f583c736883b88e5090644e5874fa4a38aaa6e68738cb954df926f2dd2860d71a2d5fc665365fa8dc382a25bf01fcdd7a0d954233866d25fed641e2b64a43ae58c3798b0b7437223332a0a132de607563bdbb047db585abdb134afdf16821f2e12ee797b6f437e11269ef06cd34dbe359083589f8571ce3920ec1393c78be321673d828a28d2d706f314ec3517033c7e3277dc7d4b677f856dcfbf056d89a459eb664e2c5c9726cb6a7a2e7ec3f3ba5ce44d730bf3d51ba997e866843b2654865b85912d4e0b5ad0a5d49afd4bfbc1ec0fb7fd9a3df2992e9150ba61cecabd8288fabf082aca6f9340f94d606a49999023d3fe6c9ba45823977ea2feef4fdadbfe40f9566152bcd04628aa181de7e42d182715f764b4c032d98e11393728508056f1c95639a6293ecc08a36d1ba5471a010de96a80dc3e371138678f1308992d62bcadd5cba1076ca6e83432bbe97d6a479"], 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 143.038106] audit: type=1400 audit(1570781649.714:41): avc: denied { create } for pid=7108 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 08:14:09 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:09 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:09 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:09 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) [ 143.206949] audit: type=1400 audit(1570781649.754:42): avc: denied { write } for pid=7108 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 08:14:09 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 143.277829] audit: type=1400 audit(1570781649.784:43): avc: denied { read } for pid=7108 comm="syz-executor.1" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 143.283075] binder_alloc: binder_alloc_mmap_handler: 7141 20ff9000-20ffc000 already mapped failed -16 08:14:10 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:10 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:14:10 executing program 0: sendmsg$TIPC_CMD_SET_NODE_ADDR(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x9000}, 0xc, 0x0}, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:12 executing program 2: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_MIN_LINKS={0x8, 0x12, 0x2}]}}}]}, 0x3c}}, 0x0) 08:14:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:12 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:12 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:12 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:14:12 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x8001}) perf_event_open(&(0x7f000001d000)={0x1, 0x352, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0xfe9a) syz_genetlink_get_family_id$ipvs(0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x200c2, 0x0) write$nbd(r4, &(0x7f0000000380)=ANY=[], 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat(r4, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x7c8d645823812c52, 0x100) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048c64}, 0x4) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') preadv(r5, 0x0, 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x12100, 0x0) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x20600, 0x0) faccessat(r6, 0x0, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x9, 0x4, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r3, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x1, 0x0, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 08:14:12 executing program 3: bpf$PROG_LOAD(0x5, 0x0, 0x0) 08:14:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) [ 146.009307] binder_alloc: binder_alloc_mmap_handler: 7173 20ff9000-20ffc000 already mapped failed -16 08:14:12 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:12 executing program 2: socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket(0x1, 0x2, 0x0) getsockname$packet(r0, &(0x7f0000000040), 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/load\x00', 0x2, 0x0) poll(0x0, 0x0, 0xffffffff) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000200), 0x8}, 0x8004, 0x6, 0xfffff7bd, 0x0, 0x7, 0x0, 0x7}, 0x0, 0x7, 0xffffffffffffffff, 0x8) clone(0x20886100, 0x0, 0x0, 0x0, &(0x7f00000002c0)="d353ff072d68b2e4dc05000000b3d94c22") 08:14:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:12 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:12 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:12 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:12 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 146.267945] binder_alloc: binder_alloc_mmap_handler: 7202 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x8001}) perf_event_open(&(0x7f000001d000)={0x1, 0x352, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0xfe9a) syz_genetlink_get_family_id$ipvs(0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x200c2, 0x0) write$nbd(r4, &(0x7f0000000380)=ANY=[], 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat(r4, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x7c8d645823812c52, 0x100) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048c64}, 0x4) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') preadv(r5, 0x0, 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x12100, 0x0) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x20600, 0x0) faccessat(r6, 0x0, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x9, 0x4, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r3, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x1, 0x0, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 146.505154] binder_alloc: binder_alloc_mmap_handler: 7232 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0xfffffffd) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000bc0), 0x4000000000002e5, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000004e00)=[{0x0, 0x36b, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000010000aac9665cbcb83859e9a3ac000100006f09908b2131b67e2e29ddd52245f8711e07a435d0b5af4d7c0ba3ffbac46028fe53e0bf06f561173ff90e48fac8dac37c4fcb74ec0e330e1646c1b607c0fae848cfe3bff066732ea6dcfc048062f844", @ANYRES32, @ANYRES32], 0x18}], 0x492492492492556, 0x0) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:13 executing program 1: r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000200)={'lo\x00@\x00', 0x8001}) perf_event_open(&(0x7f000001d000)={0x1, 0x352, 0x0, 0x20000000000, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x81, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) getsockopt$inet_mtu(0xffffffffffffffff, 0x0, 0xa, 0x0, 0x0) fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0xfe9a) syz_genetlink_get_family_id$ipvs(0x0) r4 = open(&(0x7f0000000100)='./file0\x00', 0x200c2, 0x0) write$nbd(r4, &(0x7f0000000380)=ANY=[], 0x0) sendfile(0xffffffffffffffff, r4, 0x0, 0x0) openat(r4, &(0x7f0000000600)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//../file0\x00', 0x7c8d645823812c52, 0x100) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r4, 0x0) mmap$binder(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x11, 0xffffffffffffffff, 0x0) setsockopt$inet_mreq(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f0000000380)='SEG6\x00') sendmsg$SEG6_CMD_SETHMAC(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20048c64}, 0x4) write$P9_RREMOVE(0xffffffffffffffff, 0x0, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') preadv(r5, 0x0, 0x0, 0x0) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/enforce\x00', 0x12100, 0x0) r6 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/enforce\x00', 0x20600, 0x0) faccessat(r6, 0x0, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x20000001, &(0x7f0000000140)={0xa, 0x2}, 0x1c) socket(0x9, 0x4, 0x0) splice(r3, 0x0, r2, 0x0, 0x1000000000000003, 0x0) inotify_init1(0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x0) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, 0x0, 0x0) ioctl$RNDGETENTCNT(0xffffffffffffffff, 0x80045200, 0x0) sendto$packet(r3, &(0x7f00000000c0), 0xfffffffffffffd4d, 0x1, 0x0, 0x44) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000000)={'lo\x00'}) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x0, 0x0, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) [ 146.672797] binder_alloc: binder_alloc_mmap_handler: 7249 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:13 executing program 2: dup(0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) fanotify_mark(0xffffffffffffffff, 0x9c, 0x0, 0xffffffffffffffff, 0x0) [ 146.839038] binder_alloc: binder_alloc_mmap_handler: 7272 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:13 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$MON_IOCG_STATS(r0, 0x4018920a, &(0x7f0000000100)) 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:13 executing program 1: r0 = syz_open_dev$dri(&(0x7f00000002c0)='/dev/dri/card#\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_GEM_OPEN(r0, 0xc010640b, &(0x7f0000000100)) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x3, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:13 executing program 2: sync() setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) [ 147.027041] binder_alloc: binder_alloc_mmap_handler: 7291 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x0, 0x0) 08:14:13 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@flushpolicy={0x10, 0x12, 0x4e326d0846e0c50d}, 0x10}, 0x8}, 0x0) 08:14:13 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:13 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:13 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 147.213650] binder_alloc: binder_alloc_mmap_handler: 7319 20ff9000-20ffc000 already mapped failed -16 08:14:13 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:14 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x281, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vxcan1\x00', 0xf) r1 = dup2(r0, r0) sendmsg$tipc(r1, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000180)="fe", 0x1}], 0x1}, 0x0) epoll_create(0x1) sendto$inet(r0, &(0x7f0000000400)="f62ab313949355e0273e65d3abda21f068933ec46b1fdf41a833e981e7de5b6aa4a1b65d8ec8094ee099d8271d26428366e221fc061208889c5686a4dc0c2d3d4fd66741cc11c4c833102fc156857f99a8b799636ea87c35b0283036520e5953baf9c51316d8d93aa5096030bd0d0dfbbdf445006af75ad33303c89c2de7ee8ac49a59a6605f3343c51ee399b1977da2e34ffbe0425866c7b7ad499ab8611286d60c0f27a1e62be4fb4b9e41eabec273531810fb81d733a5ea29408c19aba4587f9da5920ad564ad6bb89ac4565194535c7f6f54993deceb58a75e137be85d7600", 0xffffff90, 0x60, 0x0, 0x127) 08:14:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(0xffffffffffffffff, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 147.319370] binder_alloc: binder_alloc_mmap_handler: 7344 20ff9000-20ffc000 already mapped failed -16 08:14:14 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d9639ce821c5e27a0c7e5b58534c38ebf4ba03c466678dd8e0eaa4042c8f16f0235eb045fbc35bacfeec4cc79212abf371e6819052c1f71296b263ec7dd09e3f5078e48a6a181194893a37696afec9ec28346594ca5f8d399e60dfc5f14743634", 0xbe, 0x10000}], 0x0, 0x0) 08:14:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:14 executing program 2: r0 = syz_open_dev$usbmon(&(0x7f0000000040)='/dev/usbmon#\x00', 0x0, 0x0) ioctl$MON_IOCG_STATS(r0, 0x9205, 0x0) 08:14:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) [ 147.605666] BTRFS error (device loop5): superblock checksum mismatch [ 147.712446] BTRFS error (device loop5): open_ctree failed 08:14:14 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, &(0x7f0000000180)={0x80fb}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x1, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000003c0)='SEG6\x00') poll(0x0, 0x0, 0xffffffff) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000200), 0x8}, 0x8004, 0x6, 0xfffff7bd, 0x9fcf1f20715a1d09, 0x7}, 0x0, 0x7, 0xffffffffffffffff, 0x8) clone(0x20886100, 0x0, 0x0, 0x0, &(0x7f00000002c0)="d353ff072d68b2e4dc05000000b3d94c22") 08:14:14 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, 0x0, 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:14 executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x2}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, 0x0) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:14 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 08:14:14 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:14 executing program 2: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000fd5ff8)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000440)='proc\x00', 0x0, 0x0) r0 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) getdents(r0, &(0x7f00000005c0)=""/223, 0xfc61) r1 = inotify_init1(0x0) gettid() fcntl$setown(r1, 0x8, 0x0) r2 = creat(&(0x7f0000000000)='./bus\x00', 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000200)={0x5, 0x0, 0x2, 0x8, 0x0, 0x0, 0x1}) r3 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = gettid() bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x2, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100000048700000"], &(0x7f0000000140)='vS\xfdIG|\x8aL[\xf2\'\x9c\xea\xb1\xc0\xb1\x19\x91\x9d/Q\xd9\xe3T\xce\xdax;\x02%\xc5\x1c\xd5GA\xad[(\xbblZ\x01\x1dF\x92#]%sj\xd0i\xc6C\x1f&\xe2\xc5\xa5z\x7f\xe1 \xfb\xc27\x03\x84\x8e\xef\x82-\xfc$$\xaf\v\xbd\x95\x1e\x0f\xbeVI\xec\r!\f\x86\xf5\xfb[Y\x1e\xd4\xdfc\xb1\xc8\xa2\xc1/5\xffr\x1f\x80@\xb8F\xea\xde\x93\xa1\xcb6\xee\xf2\xce\x95\xf2\xfdxR\x17F\xad\xc1~\xa2\x97=O^o\"\xbb\xa8\x9746', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={r4, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000000300)='/dev/usbmon#\x00'}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000340)={0xffffffffffffffff, r3, 0x0, 0xd, &(0x7f0000000300)='security.evm\x00'}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, r2, 0x0, 0x5, &(0x7f0000000000)='proc\x00'}, 0x30) getpid() ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f00000000c0)) syz_open_pts(0xffffffffffffffff, 0x0) close(0xffffffffffffffff) syz_open_procfs(0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) 08:14:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:14 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 08:14:15 executing program 1: socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$PPPIOCSNPMODE(0xffffffffffffffff, 0x4008744b, &(0x7f0000000180)={0x80fb}) openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket(0x1, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getsockopt$IP6T_SO_GET_ENTRIES(0xffffffffffffffff, 0x29, 0x41, 0x0, 0x0) clone(0x0, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) syz_genetlink_get_family_id$SEG6(&(0x7f00000003c0)='SEG6\x00') poll(0x0, 0x0, 0xffffffff) ioctl$PIO_UNIMAP(0xffffffffffffffff, 0x4b67, 0x0) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x80, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x0, @perf_bp={&(0x7f0000000200), 0x8}, 0x8004, 0x6, 0xfffff7bd, 0x9fcf1f20715a1d09, 0x7}, 0x0, 0x7, 0xffffffffffffffff, 0x8) clone(0x20886100, 0x0, 0x0, 0x0, &(0x7f00000002c0)="d353ff072d68b2e4dc05000000b3d94c22") 08:14:15 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:15 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:15 executing program 4: mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 08:14:15 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) open(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0xffff, 0x4) bind$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x0, @local}, 0x10) fchdir(0xffffffffffffffff) 08:14:15 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x0, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:15 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:15 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:15 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) 08:14:15 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:16 executing program 1: r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f0000000900)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @multicast1}}, 0x24) syz_emit_ethernet(0x46, &(0x7f0000000000)={@random="e187a48d30b3", @dev, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x11, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}, @multicast1}, @udp={0x0, 0x4e21, 0x24, 0x0, [@guehdr={0x2, 0x0, 0x0, 0x0, 0x0, [0x0]}, @guehdr={0x2, 0x0, 0x0, 0x0, 0x0, [0x0]}, @guehdr={0x2, 0x0, 0x0, 0x0, 0x0, [0x0]}, @guehdr={0x1}]}}}}}, 0x0) 08:14:16 executing program 4: r0 = syz_open_dev$binderN(0x0, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:16 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) 08:14:16 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, 0x0, 0x0, 0x0) 08:14:16 executing program 2: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:16 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f0000000380)='./file0\x00', 0x0, 0x2001001, 0x0) syz_mount_image$ext4(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0xacc4e2, &(0x7f0000000080)={[{@max_dir_size_kb={'max_dir_size_kb'}}], [], 0x700}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) close(0xffffffffffffffff) 08:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:16 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, 0x0, 0x0, 0x0) 08:14:16 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) 08:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:16 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 150.084828] EXT4-fs (sda1): re-mounted. Opts: max_dir_size_kb=0x0000000000000000, 08:14:16 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, 0x0, 0x0, 0x0) 08:14:16 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:16 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) [ 150.178677] EXT4-fs (sda1): re-mounted. Opts: max_dir_size_kb=0x0000000000000000, [ 150.233034] BTRFS error (device loop5): superblock checksum mismatch 08:14:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:17 executing program 1: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_inet_SIOCDELRT(r0, 0x890c, &(0x7f0000000080)={0x0, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x2, 0x0, @empty}, 0x6}) 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x70) 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0), 0x0, 0x0) 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 150.322195] binder_alloc: binder_alloc_mmap_handler: 7565 20ff9000-20ffc000 already mapped failed -16 [ 150.333237] BTRFS error (device loop5): open_ctree failed 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) 08:14:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) [ 150.410598] binder_alloc: binder_alloc_mmap_handler: 7569 20ff9000-20ffc000 already mapped failed -16 08:14:17 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffff801}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0xfffffffd) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000bc0), 0x4000000000002e5, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000004e00)=[{0x0, 0x36b, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000010000aac9665cbcb83859e9a3ac000100006f09908b2131b67e2e29ddd52245f8711e07a435d0b5af4d7c0ba3ffbac46028fe53e0bf06f561173ff90e48fac8dac37c4fcb74ec0e330e1646c1b607c0fae848cfe3bff066732ea6dcfc048062f844", @ANYRES32, @ANYRES32], 0x18}], 0x492492492492556, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, 0x0, 0x0) 08:14:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0), 0x0, 0x0) 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) [ 150.628421] XFS (loop2): Invalid superblock magic number 08:14:17 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0x11}, [@ldst={0x7}]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x70) 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(0xffffffffffffffff, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:17 executing program 1: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) getsockopt$netlink(r3, 0x10e, 0x0, 0x0, &(0x7f00000000c0)) 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0), 0x0, 0x0) 08:14:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) 08:14:17 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) creat(0x0, 0x0) [ 150.795171] binder_alloc: binder_alloc_mmap_handler: 7630 20ff9000-20ffc000 already mapped failed -16 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0) 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:17 executing program 1: syz_open_procfs(0x0, &(0x7f0000000040)='mountstats\x00') perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x3000000a0160101, 0x0, 0x0, 0x0, 0x0) mkdir(&(0x7f00000000c0)='./file1\x00', 0x0) poll(0x0, 0x0, 0xfffffffd) socketpair$unix(0x1, 0x1000000005, 0x0, &(0x7f000087fff8)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r0, &(0x7f0000000bc0), 0x4000000000002e5, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000004e00)=[{0x0, 0x36b, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1800000000000000010000aac9665cbcb83859e9a3ac000100006f09908b2131b67e2e29ddd52245f8711e07a435d0b5af4d7c0ba3ffbac46028fe53e0bf06f561173ff90e48fac8dac37c4fcb74ec0e330e1646c1b607c0fae848cfe3bff066732ea6dcfc048062f844", @ANYRES32, @ANYRES32], 0x18}], 0x492492492492556, 0x0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, 0x0, 0x0) 08:14:17 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) creat(0x0, 0x0) 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 150.926421] binder_alloc: binder_alloc_mmap_handler: 7647 20ff9000-20ffc000 already mapped failed -16 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0) [ 150.974796] XFS (loop2): Invalid superblock magic number 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:17 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) creat(0x0, 0x0) 08:14:17 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) creat(0x0, 0x0) [ 151.097136] binder_alloc: binder_alloc_mmap_handler: 7676 20ff9000-20ffc000 already mapped failed -16 08:14:17 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:17 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:17 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) 08:14:17 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{0x0}], 0x1, 0x0) [ 151.194711] binder_alloc: binder_alloc_mmap_handler: 7702 20ff9000-20ffc000 already mapped failed -16 [ 151.223418] XFS (loop2): Invalid superblock magic number 08:14:18 executing program 1: r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0xffff, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 08:14:18 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:18 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:18 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) 08:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:18 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1, 0x0) 08:14:18 executing program 3: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 151.833128] binder_alloc: binder_alloc_mmap_handler: 7730 20ff9000-20ffc000 already mapped failed -16 08:14:18 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:18 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1, 0x0) 08:14:18 executing program 3: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) [ 151.914733] binder_alloc: binder_alloc_mmap_handler: 7746 20ff9000-20ffc000 already mapped failed -16 08:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) [ 151.976709] XFS (loop2): Invalid superblock magic number [ 152.093548] binder_alloc: binder_alloc_mmap_handler: 7771 20ff9000-20ffc000 already mapped failed -16 08:14:18 executing program 1: 08:14:18 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:18 executing program 3: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) 08:14:18 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:18 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1, 0x0) 08:14:18 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:19 executing program 3: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) 08:14:19 executing program 1: [ 152.304339] binder_alloc: binder_alloc_mmap_handler: 7785 20ff9000-20ffc000 already mapped failed -16 08:14:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05", 0x3}], 0x1, 0x0) 08:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:19 executing program 1: 08:14:19 executing program 3: syslog(0x4, 0x0, 0x0) 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05", 0x3}], 0x1, 0x0) 08:14:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) [ 152.445010] XFS (loop2): Invalid superblock magic number 08:14:19 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:19 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @local}, 0x10) setsockopt$inet_int(r0, 0x0, 0x4, &(0x7f0000000000)=0x10001, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x20008800, &(0x7f0000002140)={0x2, 0x100004e20, @multicast1}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7d072c1797286b2976154eb0970c322dff5b4df0c5d2a7b7d2d3fce7e131141b390d7617af2927af960d42e700c00be410e588c32e544900848e0af8cfff48ced0a37f3377dac042a6579ffa7431c2da2686bf9a50a23eb12918b58d4db514a1905dceaa96e87cf541c883437390739c2d33cdebdfe3e5d4f9170169b332b0485c8ba9625ec2bde313544c62c40025137097a3aeea39a8f1bad3c3be9828ba763654d925775276b365a249d5d853d73c7d86ed4a3053b07d7548550a99ae5aa58e5513c4245f310ca2998a8bb3c364aad97e510669191d7f64040e0453c1bd9e67f672a21eb08a1bfe7e98c5272aca240262be686a43adc87d585ae4789977f71d83e45342c0a8ca68217f010883e496072d0809d35546712e29bc28e86c0f72d50744ac81238e0c698b5fcaef9a508db1bf0201959d41a6e075c7dc05964b9765dc29bf3228db4e6e7b4fd00fda6a32310ba5c3be5627896af471dabbc45ee515fa3d8ad0100e5d7f5fee73b228ff78f0ed965f91c25dded6a33e00159195537bccc8673112c569c5eda218d272dedc82144d74e741ef1be23a50d923cf7db0ebdaf44f93bb4ee1df8cac70b15f19a4d8225fc673718befb711ecbd0c18f1aaf298f1fa04e6de31c0d1052ba18e6025c20ff4417a18fa60c4828aa552a3b06af9bc998a12e25ba5da5d7d982a18ee6b9ad2ba928b9e2c401c83cfb96357365b2b3bf310d03faa4ac6cd647e57b4d129ee54032e1502c634189b84b075caa7971e0cb14a778b233950dd5d684f5d2ba0b2274f4d8451cb90c7623b6d913b24778f284af184897ba17aba65e1b51c4ae200048c9a1d4e2e1bdae3960f9ba03acd01acff5a8d5b5d672b79faab7eeee73a5d233ceb297f9e9fb8a409e6eef15d4162eb025c78c7e1307c47d0a5c744388667054588b971f4eb188a3ec02175a539048ff6bc7b134af7d0e572171a41ae800148c44ea78396738135c50be6a9a336ab7544f2d26d78f9941af9a1d1ada84f789d2fda76fa28a6b50445969e3ebb94f2aeefd8264e1211622d36bc559b003c145b1b5c47f5f6b0f13c227ebd3e89850f49bcf43a7c59ff04db1bf774d98e8a3551b2448784a54c939ba6b75694315816398456df93770e8a2334330a1b58fcaae331107c842dbcc4dc9021cdfa36a9f2b891696b03b6cf9fccb6fc2b30a31ae93246fb7ba088f93940e190acda1fada1696ed047e6cb8676be5b2f8793bebeb255efc00257c47ee72c827d9014f5144267f692319badc85ce08c75f661c765860f6d26ea85316c9046366bf654f6f889689ae3c95f5169b2f490d50cb8db8162c3c11e98ca81c546a0f54c814d72ba25c5061b7631ed8ae45cf08969ccbe9e74354554002fecd7e707cd22a14a9e96e6d72ff13855d0cbe5b519d62bf2ba875c5adf019e901400b37affa89a321d148a89425c4b63d73101cb60f1fb6e2a63795fdc77421b5be5acf098271065838023264bb72b65b6651e99c74746b6b9f4680b7a79149ec63b9015c887d6bb8551b8446d43f3d72a081a4274bb39bb66d17bad4a1c079744d2526e851953618cce55dc42173a25ea4ec79ebe39457d030d01a49884d20e1be421fb6fd1fa2e2adcca649f664b2691155b4595d2dbbbb5a73c91b47ae3fd2b752b974e1eb01ad8568dd101f1af6526ab26f528ec874037f7fd1503b832f87b2c4c49042c764786dd2e611d4f7af531ac3f414c743a6987d0dd62b0309a15d0a52eed43de7bc70d218a7792be1ce25f681fb8ad9467d9d1059b2c60e8632c40e95624763a4cd12bbe1653165a14e887e4e6269219ea49b21f5d4fd8eadfe1d65966c6d7479b9fa4d5d8be51aee5ba14efffa59269d5b9b5fc1d5201c2b2540b6c6a632f6586014baca257e3a14e82eb5568c7d11e22d7f89aadd3a1b438ea881c453cc032fac340751a37a18498619748ad6e66faf3e1ebc11f0821c99be0727eea6d5614cd77d6194686fb78174a1ca607562e7aec532ad5bffc751beb79e355f1ec6662cc1264a760cdfb1f7d99ccca41e1937a4e5334c189d3cc7c91385f60eb0886d4c7", 0xfc3f, 0x0, 0x0, 0xffffffffffffffa8) 08:14:19 executing program 3: syslog(0x4, 0x0, 0x0) [ 152.526448] binder_alloc: binder_alloc_mmap_handler: 7815 20ff9000-20ffc000 already mapped failed -16 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05", 0x3}], 0x1, 0x0) 08:14:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) 08:14:19 executing program 1: sendmsg(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000180)}], 0x3}, 0x0) clone(0x800007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f00000021c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)=ANY=[@ANYBLOB="13d50f34"], 0x4}}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000b80)=ANY=[@ANYBLOB="68b35159e28eb6986f9dcb24abdd8f70a25f36c5eea52f2ad1001236d68c45825663800a983d791d21210fb47897baffe36e16f980307225c76e5da057692699f49c7be00067d7e9e670dbbd6dc8924f426e6b128ba2aa61c89d93ec1ed5619ad141042301", @ANYBLOB="0cda366f094eaeac44b8055fadbfac2a7dfe5d4965c1dcbe2544be6077bf0925f49126b4bd2dcbf0c45ceecc872b56070000000000000036bc9e892451c93db0ed05311b9e56d77397f8640cef47628488498f2c8c6624e7329e5b17f60fe94e963686a647bbcddc1417ad4f79a4d290e964644e4f7edcd054a09445138614285d08a070367e9ff5bd0c614c2afbc2497c768734e309012b00d1d25249a0dcae009edaf1ae", @ANYBLOB="8a7cfcb0bd543a073725047b455dc076640764ef04ff46cf47e8137f38ee38898fd565", @ANYRES64], 0x0, 0x135}, 0x20) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/enforce\x00', 0x200000, 0x0) tkill(r0, 0x3b) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 08:14:19 executing program 3: syslog(0x4, 0x0, 0x0) 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd050093", 0x5}], 0x1, 0x0) 08:14:19 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000100)=0x1, 0x4) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='sit0\x00\x01\x00\x00\x00\x00\x00@\x00', 0xc2) sendmmsg$inet(r0, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001940)="a5", 0x1}], 0x1}}], 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmmsg$inet(r0, &(0x7f0000002a00)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000040)="181f0278a7f56e8fb6a549793a2963e15951014aa42dc28d7a03a544cbd0315a41be8f17346398854f86527d03bebac17384969168", 0x20000075}, {&(0x7f0000002a40)="fafacd67e4b0bb33f0b5a103e20a72ad11c316434add360637e1b9d107687caca19a0a12bdf981913f7f21f2c7b425abb4a42b314fe751f674ac61c97adf71665ea094c5bbb2110685527e738af521e0ced784cc959450e91206bef4a012101719e91c3e0136af72541b24f14354b074d5dea4c9d61cce65c41833607883d7183d3d3ac77e33e4c00e41cba0b842163a6991db27da5e8258075e5b1687942770d903811e75e7c48f5cfe392fa82781bc8344cbe6628f06d8c02b9ae0cd2d571467570f5a71f5edbf45387165216b457a5852b4fc804924c678d5b2bf38450ac387adbca9b586c995d7389d63427bbdba3b2b1d977eb41dacb6a90fbac8de5192fa2fe123e13e2452fca98fc34707e7de62792171c2ee1067f4eb631cba6302091046d78273dc049e4ea36346dd7ee6d27e80846d0df9e03c537bd12b0c5430044b2eeaf6834d3cb5dbe9bd203634c1afc6fa369734a979beaaf158bb664c0fc6f3ded911b7804e584d77b014c153958a8bc4ced8afa03ff67fe579a3a67f46661eab65862265c787bf637a3ef2103e3ea3e8fef1aa42b6fef28d0c7ee642838cea39f2cd2ca3f2e0e6e6a45e0f9e8d50f63d2915fa37981de1d5c89d4676bfddfd886938ffb312c8ae8bb802cbd78a1fa86bb7d7ecd0c3373e7b9d1ef4a670ef0520838624aeff2d008abbcbbe4603876e7f4ac8e665d465954701ace47847780f8417f5c8c9ea70c2ae175121f94159389d830499493a848962378de6d76ba5843990635fbc232986f6640b1228f2b9af59bf12acd6be5eef50ee07749f0c61d624c54f3e3f5322fae293068ea4d9808b9eabedb43e0eaf39727a25bb1c54bba994621a48efdd6a734bf53ac6d8f921890a2123efed8786390648b77d3dff362595d68bd230317f76a1d84058cb2bfb0b0adcb56e735b3b343c5070009674072351636f0688627c8c04e6a5db44701fb6a739137c2b4baaaaec3905c60cf1f7ea94bba1513f55ce19d7e1e1eb3185a3f0c75ce332350ad190d1790a1b55610be0d981e0485ee5a606078b5ba0425fe6b7dc8bef9dc0afaaf43163ce76aad46634cabdda6a7a84cfa1aa9c5c8fe57e780ea8b147f8f4f987097fbdfbc859f92c52c4f7393511ac84839bfe39b69d501ceb7a676b027598756c96968cb43083315a478cf3bb44045ceb0acc0a9d5be4e037d3af6cc18c2bd8910a58c836c22da2fbb635cb0524085857d156d768af9ec9e20968618d9500f38bd5299d4c253664107eb7a903e384b36d85fa48cde49589d0762af6406002aa293724f1416328df133e9714cfe1631d7af22ea82c67e384ce17303c80bd08b0d5da7c97ba9c9705aa416b08ec2bcb8ba129d2b2a96c8c385e0940202874a51c55d83b5b20dd41c3e193af5bd4dd78c1d0835e85890198e597cb1373ae7402d886eded2fb9b0e1ed36ad1ab50498f747c7d5072c6bbd209343325326136a2e97974f35545e5bbc0898b614681fe5c4bdbe47fa5a1abd006a1c57e57bc05ac0acb18326b90475e453a45af9b134e9da6dda02dd983999a9cba969cca4e9830deecdadb9e35bbf55263a6f7132715bd6665d1a6d90561c99984780efc62e65e12c81dec8bbe27ad8918291632873396bbe527b2618a5c1c543c6e6a27cf94123d8d667688d4f5c886e095c15d5e3f59f105962a99e17fc807d9abcd2f92f18d14088ee3e23e3f240dca5572151606fab8f360fe0c44f37da973ccfd64293be5cfd0a18cbaaf30238b83469541dd596e8015889fa684f3d41b85fc0cb5d14789ac0fe21f35f1cfd09bb37fa3b1afb10f18fdd6d92c9742ad0979570c196e05042a13300dbcd395db40b28ffd4a5666938476f78302186e3feacd0f49a469e29b7558f385215af7bc8e1439d382ddaa600c7b33cdfc7fb645b9b2f2f499771e393cf9f3ed054420dffde", 0x560}], 0x2}}], 0x1, 0x4000000) 08:14:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) [ 152.699206] binder_alloc: binder_alloc_mmap_handler: 7845 20ff9000-20ffc000 already mapped failed -16 [ 152.737291] XFS (loop2): Invalid superblock magic number 08:14:19 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd050093", 0x5}], 0x1, 0x0) [ 152.793498] ptrace attach of "/root/syz-executor.1"[7865] was attempted by "/root/syz-executor.1"[7866] 08:14:19 executing program 1: 08:14:19 executing program 1: 08:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) 08:14:19 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) 08:14:19 executing program 1: 08:14:19 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x101002, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd050093", 0x5}], 0x1, 0x0) 08:14:19 executing program 4: r0 = syz_open_dev$binderN(&(0x7f0000000080)='/dev/binder#\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) mmap$binder(&(0x7f0000ff9000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) [ 153.037298] XFS (loop2): Invalid superblock magic number 08:14:20 executing program 3: 08:14:20 executing program 1: 08:14:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) 08:14:20 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:20 executing program 4: 08:14:20 executing program 0: 08:14:20 executing program 4: [ 153.616026] syz-executor.3 (7873) used greatest stack depth: 23760 bytes left 08:14:20 executing program 0: 08:14:20 executing program 3: 08:14:20 executing program 1: 08:14:20 executing program 0: 08:14:20 executing program 4: [ 153.737749] XFS (loop2): Invalid superblock magic number 08:14:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) 08:14:20 executing program 3: 08:14:20 executing program 1: 08:14:20 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:20 executing program 4: 08:14:20 executing program 0: 08:14:20 executing program 1: 08:14:20 executing program 3: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000000c0)='./cgroup.cpu\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='cpuset.mems\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f00000002c0)=ANY=[@ANYRESOCT], 0x17) 08:14:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) 08:14:20 executing program 0: 08:14:20 executing program 1: 08:14:20 executing program 4: 08:14:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) 08:14:20 executing program 1: 08:14:20 executing program 3: [ 154.043871] XFS (loop2): Invalid superblock magic number 08:14:20 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:20 executing program 0: 08:14:20 executing program 4: 08:14:20 executing program 3: 08:14:20 executing program 1: 08:14:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:20 executing program 0: 08:14:20 executing program 4: 08:14:20 executing program 3: 08:14:20 executing program 1: 08:14:20 executing program 0: 08:14:21 executing program 3: [ 154.341128] XFS (loop2): Invalid superblock magic number 08:14:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:21 executing program 4: 08:14:21 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:21 executing program 1: 08:14:21 executing program 0: 08:14:21 executing program 3: 08:14:21 executing program 3: 08:14:21 executing program 4: 08:14:21 executing program 1: 08:14:21 executing program 0: 08:14:21 executing program 3: 08:14:21 executing program 4: [ 154.574865] XFS (loop2): Invalid superblock magic number 08:14:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:21 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:21 executing program 1: 08:14:21 executing program 0: 08:14:21 executing program 4: 08:14:21 executing program 3: 08:14:21 executing program 3: 08:14:21 executing program 4: 08:14:21 executing program 1: 08:14:21 executing program 0: 08:14:21 executing program 3: 08:14:21 executing program 1: [ 154.836670] XFS (loop2): Invalid superblock magic number 08:14:21 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:21 executing program 1: r0 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x404e21, 0x0, @ipv4={[], [], @local}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000240)={0x0, @in6={{0x2, 0x0, 0x0, @loopback}}, 0x0, 0x3, 0x0, 0x0, 0x300}, 0x9c) 08:14:21 executing program 0: 08:14:21 executing program 4: r0 = gettid() open(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) process_vm_writev(0x0, &(0x7f0000000240), 0x0, &(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, 0x0) process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 08:14:21 executing program 3: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)="580000001400add427323b470c458c560a", 0x11}], 0x1) close(r2) socket$netlink(0x10, 0x3, 0x4) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000140)) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r3, 0x1000008912, &(0x7f0000000140)="0800b5055e0bcfe87b0071") splice(r0, 0x0, r2, 0x0, 0x80000001, 0xf) [ 155.006776] XFS (loop2): Invalid superblock magic number 08:14:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:21 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) [ 155.073521] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.088565] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.101372] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 08:14:21 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:21 executing program 0: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = getpid() ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) socket$kcm(0x2b, 0x5, 0x0) socket$kcm(0xa, 0x2, 0x73) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000140)) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='pids.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0xfffffffffffffdca) socketpair(0x0, 0x0, 0x100000000000, 0x0) perf_event_open(0x0, r1, 0x0, r0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)) socketpair(0x1f, 0x0, 0xfffffffffffffffd, &(0x7f0000000200)) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000440)='lo\x00\x96o\xd6Q\xb9Y\xa9dJ,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000a00)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') [ 155.115729] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.130832] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.147660] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.162766] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.183837] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.206491] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 08:14:21 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) 08:14:21 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 155.220683] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=0 sclass=netlink_tcpdiag_socket pig=8144 comm=syz-executor.3 [ 155.237097] BTRFS error (device loop1): superblock checksum mismatch 08:14:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:22 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) io_setup(0x0, 0x0) [ 155.294395] BTRFS error (device loop1): open_ctree failed [ 155.304007] device lo entered promiscuous mode [ 155.331903] XFS (loop2): Invalid superblock magic number 08:14:22 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:22 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:22 executing program 0: [ 155.506462] BTRFS error (device loop1): superblock checksum mismatch [ 155.558149] XFS (loop2): Invalid superblock magic number [ 155.571660] BTRFS error (device loop1): open_ctree failed 08:14:22 executing program 3: 08:14:22 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$snapshot(0xffffffffffffff9c, 0x0, 0x0, 0x0) 08:14:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:22 executing program 0: 08:14:22 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:22 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:22 executing program 0: 08:14:22 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:22 executing program 3: 08:14:22 executing program 0: [ 155.845995] BTRFS error (device loop1): superblock checksum mismatch 08:14:22 executing program 0: 08:14:22 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:22 executing program 3: 08:14:22 executing program 5: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) [ 155.925366] BTRFS error (device loop1): open_ctree failed [ 155.977654] XFS (loop2): Invalid superblock magic number 08:14:22 executing program 3: 08:14:22 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:22 executing program 0: 08:14:22 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:22 executing program 5: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) 08:14:22 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:22 executing program 0: 08:14:22 executing program 5: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) 08:14:22 executing program 3: 08:14:22 executing program 5: syslog(0x4, 0x0, 0x0) 08:14:22 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:22 executing program 0: r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r0, 0xc004743e, &(0x7f00000002c0)=""/246) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080)="80fd05009341", 0x6}], 0x1000000000000006, 0x0) 08:14:22 executing program 5: syslog(0x4, 0x0, 0x0) [ 156.290691] XFS (loop2): Invalid superblock magic number 08:14:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:23 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:23 executing program 4: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:23 executing program 5: syslog(0x4, 0x0, 0x0) 08:14:23 executing program 0 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 156.401835] BTRFS error (device loop3): superblock checksum mismatch [ 156.441244] FAULT_INJECTION: forcing a failure. 08:14:23 executing program 1: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 156.441244] name failslab, interval 1, probability 0, space 0, times 1 [ 156.468830] CPU: 1 PID: 8330 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 156.475803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.485186] Call Trace: [ 156.487788] dump_stack+0x138/0x197 [ 156.491435] should_fail.cold+0x10f/0x159 [ 156.495598] should_failslab+0xdb/0x130 [ 156.499587] __kmalloc+0x2f0/0x7a0 [ 156.503134] ? __sb_end_write+0xc1/0x100 [ 156.507192] ? strnlen_user+0x12f/0x1a0 [ 156.511154] ? SyS_memfd_create+0xba/0x3a0 [ 156.515389] SyS_memfd_create+0xba/0x3a0 [ 156.519498] ? shmem_fcntl+0x130/0x130 [ 156.523375] ? do_syscall_64+0x53/0x640 [ 156.527334] ? shmem_fcntl+0x130/0x130 [ 156.531216] do_syscall_64+0x1e8/0x640 [ 156.535163] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 156.539990] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 156.545226] RIP: 0033:0x459a59 08:14:23 executing program 5 (fault-call:0 fault-nth:0): syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 156.548402] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 156.556101] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 156.563358] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 156.570622] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 156.577886] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 156.585150] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 156.600174] BTRFS error (device loop3): open_ctree failed 08:14:23 executing program 0 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 156.656064] FAULT_INJECTION: forcing a failure. [ 156.656064] name failslab, interval 1, probability 0, space 0, times 0 [ 156.697017] FAULT_INJECTION: forcing a failure. [ 156.697017] name failslab, interval 1, probability 0, space 0, times 0 [ 156.718103] CPU: 0 PID: 8344 Comm: syz-executor.5 Not tainted 4.14.148 #0 [ 156.725081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.725086] Call Trace: [ 156.725104] dump_stack+0x138/0x197 [ 156.725122] should_fail.cold+0x10f/0x159 [ 156.725136] should_failslab+0xdb/0x130 [ 156.725149] kmem_cache_alloc_trace+0x2e9/0x790 [ 156.725161] ? selinux_capable+0x36/0x40 [ 156.749023] syslog_print_all+0x55/0x790 [ 156.749037] ? selinux_syslog+0xde/0x2c0 [ 156.749049] ? security_syslog+0x79/0xa0 [ 156.749063] do_syslog+0x16b/0xb60 [ 156.749072] ? __sb_end_write+0xc1/0x100 [ 156.749084] ? log_buf_vmcoreinfo_setup+0x120/0x120 [ 156.782544] ? fput+0xd4/0x150 [ 156.785729] ? SyS_write+0x15e/0x230 [ 156.789445] SyS_syslog+0x26/0x30 [ 156.792888] ? do_syslog+0xb60/0xb60 [ 156.796597] do_syscall_64+0x1e8/0x640 [ 156.800482] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 156.805322] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 156.810500] RIP: 0033:0x459a59 [ 156.813679] RSP: 002b:00007f6f63243c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000067 [ 156.821389] RAX: ffffffffffffffda RBX: 00007f6f63243c90 RCX: 0000000000459a59 [ 156.828647] RDX: 000000000000005c RSI: 00000000200000c0 RDI: 0000000000000004 [ 156.835906] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 156.843167] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f6f632446d4 [ 156.850427] R13: 00000000004c8c02 R14: 00000000004dff90 R15: 0000000000000003 [ 156.857710] CPU: 1 PID: 8354 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 156.864654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 156.874010] Call Trace: [ 156.874029] dump_stack+0x138/0x197 [ 156.874047] should_fail.cold+0x10f/0x159 [ 156.874062] should_failslab+0xdb/0x130 [ 156.880274] kmem_cache_alloc+0x2d7/0x780 [ 156.880287] ? __alloc_fd+0x1d4/0x4a0 [ 156.880304] __d_alloc+0x2d/0x9f0 [ 156.880315] ? lock_downgrade+0x740/0x740 [ 156.880326] d_alloc_pseudo+0x1e/0x30 [ 156.880337] __shmem_file_setup.part.0+0xd8/0x400 [ 156.880344] ? __alloc_fd+0x1d4/0x4a0 [ 156.880353] ? shmem_fill_super+0x8c0/0x8c0 [ 156.880369] SyS_memfd_create+0x1f9/0x3a0 [ 156.880379] ? shmem_fcntl+0x130/0x130 [ 156.880388] ? do_syscall_64+0x53/0x640 [ 156.880398] ? shmem_fcntl+0x130/0x130 [ 156.936516] do_syscall_64+0x1e8/0x640 [ 156.940385] ? trace_hardirqs_off_thunk+0x1a/0x1c 08:14:23 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) [ 156.945213] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 156.950384] RIP: 0033:0x459a59 [ 156.953560] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 156.961251] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 156.968498] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 156.975750] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 156.983013] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 156.990351] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:23 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 157.009060] BTRFS error (device loop3): superblock checksum mismatch [ 157.016382] XFS (loop2): Invalid superblock magic number 08:14:23 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:23 executing program 0 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:23 executing program 5 (fault-call:0 fault-nth:1): syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 157.071118] BTRFS error (device loop3): open_ctree failed 08:14:23 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:23 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x5, 0xc8000) ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_INFO(r0, 0xc08c5335, &(0x7f0000000140)={0x0, 0x1, 0x7, 'queue1\x00', 0xfffffffa}) [ 157.139911] FAULT_INJECTION: forcing a failure. [ 157.139911] name failslab, interval 1, probability 0, space 0, times 0 [ 157.173616] CPU: 1 PID: 8383 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 157.180605] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.189962] Call Trace: [ 157.192648] dump_stack+0x138/0x197 [ 157.196290] should_fail.cold+0x10f/0x159 [ 157.200450] should_failslab+0xdb/0x130 [ 157.204433] kmem_cache_alloc+0x2d7/0x780 [ 157.208585] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 157.214041] ? rcu_read_lock_sched_held+0x110/0x130 [ 157.219063] ? shmem_destroy_callback+0xa0/0xa0 [ 157.223730] shmem_alloc_inode+0x1c/0x50 [ 157.223740] alloc_inode+0x64/0x180 [ 157.223749] new_inode_pseudo+0x19/0xf0 [ 157.223758] new_inode+0x1f/0x40 08:14:23 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:23 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = socket$inet6(0xa, 0x400000000001, 0x0) close(r1) socket$inet6_sctp(0xa, 0x801, 0x84) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r3}, 0x20) ioctl$EXT4_IOC_MIGRATE(r0, 0x6609) syslog(0x4, &(0x7f0000000000)=""/92, 0x5c) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f00000000c0)=0xffffffe1) [ 157.223767] shmem_get_inode+0x75/0x750 [ 157.223782] __shmem_file_setup.part.0+0x111/0x400 [ 157.223791] ? __alloc_fd+0x1d4/0x4a0 [ 157.223801] ? shmem_fill_super+0x8c0/0x8c0 [ 157.223818] SyS_memfd_create+0x1f9/0x3a0 [ 157.235447] ? shmem_fcntl+0x130/0x130 [ 157.235460] ? do_syscall_64+0x53/0x640 [ 157.235470] ? shmem_fcntl+0x130/0x130 [ 157.235482] do_syscall_64+0x1e8/0x640 [ 157.235493] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 157.280401] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 157.285595] RIP: 0033:0x459a59 08:14:23 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000080)={@my=0x0}) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x207000, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000180)={0x7fff, 0x204, 0x40, 0xfffc}, 0x346) 08:14:24 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 157.288791] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 157.296497] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 157.303769] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 157.311032] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 157.311039] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 157.311045] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 157.363518] BTRFS error (device loop3): superblock checksum mismatch 08:14:24 executing program 5: write$char_usb(0xffffffffffffffff, &(0x7f0000000000)="4d90609b3ad706889a2b44a9688a8e0fc65c0a37b1292ec8b3ab691aad550609d4c81114a352518cfbadb5fba8e7e586e34d7a5555c2da786b82fc7418928ccada1bab576e43fcc6fb76653923c026402241937beb89d0f8b23f486aa4f7ae3cf5cd73b3d78fe885686b8a51dcaf2fc9b4147ddcef14f62290b728d7251aeb93f331a280ca5c206c9a2536", 0x8b) syslog(0xd, &(0x7f0000000100)=""/105, 0xfffffeff) 08:14:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 157.440257] BTRFS error (device loop3): open_ctree failed [ 157.447063] XFS (loop2): Invalid superblock magic number 08:14:24 executing program 0 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:24 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = dup(r0) ioctl$IMSETDEVNAME(r1, 0x80184947, &(0x7f0000000000)={0x4, 'syz0\x00'}) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:24 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:24 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) 08:14:24 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) write$vhci(r0, &(0x7f0000000140)=@HCI_SCODATA_PKT={0x3, "f3761b5e9c9da1d17239d5fe9cd2f0ea14a861be684c1e81cb08dbd305ac2f354227289c9bc351994821f5d7fa6857a9f391941951db0b749b55f20f3eb0474709d65f0b9f0cbd6d2ce1c9f5c0963d94ad0c0194f8d682e5c83e86219d40f1a56e07cfeec66757f68b194b49155824deccf6de0bad79960b7cce7570bf9c2f934e2b530f6c4a2699c0cd66e4156c378e5405a99e4a69056b8b1d7c6330934d233825193b3c276d7f5a38b8c706baebc81504f5ef629828eb22e944ae941b24027c7451a62b76bfab03da0f5993d04015da04de10f39920d1271d249dc9f2b5b40cffa59806efe3926d7ee5dece0978a3d7"}, 0xf2) 08:14:24 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) [ 157.609694] FAULT_INJECTION: forcing a failure. [ 157.609694] name failslab, interval 1, probability 0, space 0, times 0 [ 157.669113] CPU: 0 PID: 8442 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 157.676096] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.685449] Call Trace: [ 157.685468] dump_stack+0x138/0x197 [ 157.685487] should_fail.cold+0x10f/0x159 [ 157.685504] should_failslab+0xdb/0x130 [ 157.685513] kmem_cache_alloc+0x2d7/0x780 [ 157.685526] ? shmem_alloc_inode+0x1c/0x50 [ 157.691742] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 157.691760] selinux_inode_alloc_security+0xb6/0x2a0 [ 157.691774] security_inode_alloc+0x94/0xd0 [ 157.691784] inode_init_always+0x552/0xaf0 [ 157.691794] alloc_inode+0x81/0x180 [ 157.691803] new_inode_pseudo+0x19/0xf0 [ 157.691816] new_inode+0x1f/0x40 [ 157.738299] shmem_get_inode+0x75/0x750 [ 157.742463] __shmem_file_setup.part.0+0x111/0x400 [ 157.747407] ? __alloc_fd+0x1d4/0x4a0 [ 157.747419] ? shmem_fill_super+0x8c0/0x8c0 [ 157.747438] SyS_memfd_create+0x1f9/0x3a0 [ 157.747449] ? shmem_fcntl+0x130/0x130 [ 157.747459] ? do_syscall_64+0x53/0x640 [ 157.747471] ? shmem_fcntl+0x130/0x130 [ 157.755602] do_syscall_64+0x1e8/0x640 [ 157.755612] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 157.755629] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 157.755638] RIP: 0033:0x459a59 [ 157.755643] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 157.755655] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 157.755661] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 157.755666] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 08:14:24 executing program 0 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:24 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x101801, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) writev(r1, &(0x7f0000000340)=[{&(0x7f0000000140)="04db293fc5baa0f766c8270dceeffd62cbb1f5b7d65b5332a5c97bd80e9fc6929b108f06a24892a62dbe752d152e13ea1f961925e58b227eeab667f97346c4dc09893e9dfffae7ace2cbb3c9695dc66b9e32a58fd8e3d1599a040712bfd418d01318611ea1c261406d04ea83f520312ad4b060fac3277dc827c6717f2300d86ccce8f4d72bb63e7d1aa000", 0x8b}, {&(0x7f0000000200)="97aa74b9ee5c93609abe312754e055277ee972298ac1d5cbf90643c5a49c07847e8d2269ee4feacc90c84cfb24c3e622d52afe9ea0167f96c9a15bab4cd9a52e0b7dea1f0726a5a7e5a3cedff42b372df9af801e4801b77b9cde6d58ae822b88201758845c05c2cd3ccd39461e4ab148aa676a64027a378039046be164a725ca648bb59d8a1e687d6e8534318c30b0ee8e4a2e7054764549132f24924026ffdfea9b43d9ac6f6c6335608cca94ff7a9a1b629d8b159d06d6923883e23d1cf475", 0xc0}, {&(0x7f00000002c0)="b921fb84c57597204c3fd1786b2f4fbef4d0e8f255a037325f647776518921fd29800031e4e2fd7ca5284ee71d87de08d617c6d3fdc947af6dcc78923926d6404e9d24eeb67171951f1b2bf09389ce16a63421b30a9f6abadabe1668e6c62413df4376284f89bfffb4862ed4ffd3bf683df2a3cabb483ed702e00261f5a9", 0x7e}], 0x3) ioctl$SNDRV_TIMER_IOCTL_STATUS(r0, 0x80605414, &(0x7f0000000000)=""/56) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$SG_GET_KEEP_ORPHAN(r2, 0x2288, &(0x7f0000000080)) 08:14:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) [ 157.755676] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 157.763679] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 157.812348] XFS (loop2): Invalid superblock magic number 08:14:24 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:24 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:24 executing program 5: [ 157.892636] FAULT_INJECTION: forcing a failure. [ 157.892636] name failslab, interval 1, probability 0, space 0, times 0 [ 157.948599] CPU: 1 PID: 8482 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 157.955583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 157.964949] Call Trace: [ 157.964969] dump_stack+0x138/0x197 [ 157.964991] should_fail.cold+0x10f/0x159 [ 157.965008] should_failslab+0xdb/0x130 [ 157.965018] kmem_cache_alloc+0x2d7/0x780 [ 157.965033] ? lock_downgrade+0x740/0x740 [ 157.965045] get_empty_filp+0x8c/0x3f0 [ 157.965054] alloc_file+0x23/0x440 08:14:24 executing program 0 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 157.965067] __shmem_file_setup.part.0+0x1b1/0x400 [ 157.965076] ? __alloc_fd+0x1d4/0x4a0 [ 157.965085] ? shmem_fill_super+0x8c0/0x8c0 [ 157.965100] SyS_memfd_create+0x1f9/0x3a0 [ 157.971308] ? shmem_fcntl+0x130/0x130 [ 157.971322] ? do_syscall_64+0x53/0x640 [ 157.971333] ? shmem_fcntl+0x130/0x130 [ 157.971345] do_syscall_64+0x1e8/0x640 [ 157.971353] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 157.971368] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 157.971375] RIP: 0033:0x459a59 [ 157.971380] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 157.971390] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 157.971395] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 157.971401] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 157.971407] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 157.971412] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 158.092770] FAULT_INJECTION: forcing a failure. [ 158.092770] name failslab, interval 1, probability 0, space 0, times 0 [ 158.109013] CPU: 1 PID: 8497 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 158.115978] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.125335] Call Trace: [ 158.127935] dump_stack+0x138/0x197 [ 158.131569] should_fail.cold+0x10f/0x159 [ 158.135732] should_failslab+0xdb/0x130 [ 158.139719] kmem_cache_alloc+0x2d7/0x780 [ 158.143870] ? rcu_lockdep_current_cpu_online+0xf2/0x140 08:14:24 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:24 executing program 5: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_tcp_buf(r0, 0x6, 0x12, 0x0, &(0x7f0000000000)=0x2) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:24 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 158.149324] ? check_preemption_disabled+0x3c/0x250 [ 158.149342] selinux_file_alloc_security+0xb4/0x190 [ 158.149355] security_file_alloc+0x6d/0xa0 [ 158.149372] get_empty_filp+0x162/0x3f0 [ 158.159381] alloc_file+0x23/0x440 [ 158.159397] __shmem_file_setup.part.0+0x1b1/0x400 [ 158.159407] ? __alloc_fd+0x1d4/0x4a0 [ 158.159416] ? shmem_fill_super+0x8c0/0x8c0 [ 158.159431] SyS_memfd_create+0x1f9/0x3a0 [ 158.176052] ? shmem_fcntl+0x130/0x130 [ 158.176064] ? do_syscall_64+0x53/0x640 [ 158.176075] ? shmem_fcntl+0x130/0x130 [ 158.176087] do_syscall_64+0x1e8/0x640 [ 158.176095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 158.176111] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 158.184231] RIP: 0033:0x459a59 [ 158.184237] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 158.184248] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 0000000000459a59 [ 158.184254] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004be9b7 [ 158.184261] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 08:14:25 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) [ 158.184267] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f5bea5056d4 [ 158.184272] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 158.280499] XFS (loop2): Invalid superblock magic number 08:14:25 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:25 executing program 0 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:25 executing program 5: r0 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x80a40, 0x0) ioctl$SIOCX25SDTEFACILITIES(r0, 0x89eb, &(0x7f0000000040)={0x7ff, 0x5, 0x7fff, 0x8, 0xed, 0x0, 0x1c, "856ee7ce2c63030f00fc0be31c20522d45ec5a40", "f562a387ff8b7682f324581ce458cb68ca6c6f56"}) syslog(0xa, &(0x7f00000000c0)=""/92, 0x22c) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f0000000280)={0x34, 0x2}) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f0000000240)=0x9) writev(r1, &(0x7f0000001880), 0x0) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000300)='nbd\x00') sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f00000003c0)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2002000}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)=ANY=[@ANYBLOB='\f\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="000425bd7000fddbdf25030000000c0008000800000000000000"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x2000008c) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140)='TIPC\x00') sendmsg$TIPC_CMD_RESET_LINK_STATS(r1, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4131004}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r4, 0x400, 0x70bd26, 0x25dfdbfb, {{}, 0x0, 0x410c, 0x0, {0xc, 0x14, 'syz0\x00'}}, ["", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x400c014) 08:14:25 executing program 3: syz_mount_image$btrfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:25 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 158.395921] FAULT_INJECTION: forcing a failure. [ 158.395921] name fail_page_alloc, interval 1, probability 0, space 0, times 1 08:14:25 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) [ 158.516190] CPU: 1 PID: 8537 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 158.523177] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.532533] Call Trace: [ 158.532560] dump_stack+0x138/0x197 [ 158.532579] should_fail.cold+0x10f/0x159 [ 158.532588] ? __might_sleep+0x93/0xb0 [ 158.532602] __alloc_pages_nodemask+0x1d6/0x7a0 [ 158.532613] ? __alloc_pages_slowpath+0x2930/0x2930 [ 158.532621] ? lock_downgrade+0x740/0x740 [ 158.532639] alloc_pages_vma+0xc9/0x4c0 [ 158.532653] shmem_alloc_page+0xf6/0x1a0 [ 158.532662] ? shmem_swapin+0x1a0/0x1a0 [ 158.532673] ? cred_has_capability+0x142/0x290 [ 158.532686] ? check_preemption_disabled+0x3c/0x250 [ 158.538899] ? __this_cpu_preempt_check+0x1d/0x30 [ 158.538913] ? percpu_counter_add_batch+0x112/0x160 [ 158.538929] ? __vm_enough_memory+0x26a/0x490 [ 158.538946] shmem_alloc_and_acct_page+0x12a/0x680 [ 158.538964] shmem_getpage_gfp+0x3e7/0x25d0 [ 158.556693] ? shmem_add_to_page_cache+0x860/0x860 [ 158.556709] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 158.556724] shmem_write_begin+0xfd/0x1b0 [ 158.556737] ? trace_hardirqs_on_caller+0x400/0x590 [ 158.556750] generic_perform_write+0x1f8/0x480 [ 158.556778] ? page_endio+0x530/0x530 [ 158.565022] ? current_time+0xb0/0xb0 [ 158.565037] ? generic_file_write_iter+0x9a/0x660 [ 158.565050] __generic_file_write_iter+0x239/0x5b0 [ 158.565067] generic_file_write_iter+0x303/0x660 [ 158.565084] __vfs_write+0x4a7/0x6b0 [ 158.565095] ? selinux_file_open+0x420/0x420 [ 158.565105] ? kernel_read+0x120/0x120 08:14:25 executing program 5: writev(0xffffffffffffffff, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r0, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000240)={0x1, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000280)=0xfffffffffffffe8e) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x7a, &(0x7f00000001c0)={r2}, &(0x7f00000009c0)=0x14) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, &(0x7f0000000080)={r2, 0x3, 0xad, 0x9a67, 0x800, 0x7f}, &(0x7f00000000c0)=0x14) syslog(0x4, &(0x7f0000000000)=""/100, 0x64) [ 158.565121] ? check_preemption_disabled+0x3c/0x250 [ 158.669300] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 158.674771] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 158.679538] ? __sb_start_write+0x153/0x2f0 [ 158.683868] vfs_write+0x198/0x500 [ 158.687414] SyS_pwrite64+0x115/0x140 [ 158.691228] ? SyS_pread64+0x140/0x140 [ 158.695121] ? do_syscall_64+0x53/0x640 [ 158.699100] ? SyS_pread64+0x140/0x140 [ 158.702993] do_syscall_64+0x1e8/0x640 [ 158.706884] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 158.711736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 158.716925] RIP: 0033:0x4139a7 [ 158.720231] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 158.728038] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 00000000004139a7 [ 158.735311] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000004 [ 158.742608] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 158.749908] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 158.757185] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:25 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) 08:14:25 executing program 0 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:25 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) [ 158.891687] XFS (loop2): Invalid superblock magic number [ 158.901653] FAULT_INJECTION: forcing a failure. [ 158.901653] name failslab, interval 1, probability 0, space 0, times 0 [ 158.913730] CPU: 1 PID: 8593 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 158.913757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 158.913761] Call Trace: [ 158.913777] dump_stack+0x138/0x197 [ 158.913793] should_fail.cold+0x10f/0x159 [ 158.940599] should_failslab+0xdb/0x130 [ 158.944584] kmem_cache_alloc+0x47/0x780 [ 158.948649] ? __alloc_pages_slowpath+0x2930/0x2930 [ 158.953672] ? lock_downgrade+0x740/0x740 [ 158.957837] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 158.963479] __radix_tree_create+0x337/0x4d0 [ 158.967900] __radix_tree_insert+0xab/0x570 [ 158.972223] ? __radix_tree_create+0x4d0/0x4d0 [ 158.972244] shmem_add_to_page_cache+0x5a4/0x860 [ 158.972256] ? shmem_writepage+0xbb0/0xbb0 [ 158.972263] ? __radix_tree_preload+0x1d2/0x260 [ 158.972276] shmem_getpage_gfp+0x1757/0x25d0 [ 158.972296] ? shmem_add_to_page_cache+0x860/0x860 [ 158.972308] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 158.972321] shmem_write_begin+0xfd/0x1b0 [ 158.972332] ? trace_hardirqs_on_caller+0x400/0x590 [ 158.972344] generic_perform_write+0x1f8/0x480 [ 158.972357] ? page_endio+0x530/0x530 [ 159.022577] ? current_time+0xb0/0xb0 [ 159.026388] ? generic_file_write_iter+0x9a/0x660 [ 159.031252] __generic_file_write_iter+0x239/0x5b0 [ 159.036195] generic_file_write_iter+0x303/0x660 [ 159.040965] __vfs_write+0x4a7/0x6b0 [ 159.044682] ? selinux_file_open+0x420/0x420 [ 159.049097] ? kernel_read+0x120/0x120 [ 159.052987] ? check_preemption_disabled+0x3c/0x250 [ 159.058005] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 159.063458] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 159.068215] ? __sb_start_write+0x153/0x2f0 [ 159.072543] vfs_write+0x198/0x500 [ 159.076094] SyS_pwrite64+0x115/0x140 [ 159.080072] ? SyS_pread64+0x140/0x140 [ 159.083961] ? do_syscall_64+0x53/0x640 [ 159.087934] ? SyS_pread64+0x140/0x140 [ 159.091841] do_syscall_64+0x1e8/0x640 [ 159.095734] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 159.100592] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 159.105808] RIP: 0033:0x4139a7 [ 159.108994] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 159.116706] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 00000000004139a7 [ 159.124014] RDX: 0000000000000048 RSI: 00000000200001c0 RDI: 0000000000000004 [ 159.131284] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 159.138560] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 159.145835] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:25 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:25 executing program 5: syslog(0x3, &(0x7f00000000c0)=""/92, 0xfffffffffffffe13) 08:14:25 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', 0x0, 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d813fb0c169b9b3154a012e22a467dc1c594c29bfa68d96", 0x5f, 0x10000}], 0x9, 0x0) 08:14:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 08:14:26 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:26 executing program 5: syslog(0x3, &(0x7f0000000000)=""/97, 0x61) [ 159.327980] BTRFS error (device loop0): superblock checksum mismatch 08:14:26 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) [ 159.400752] BTRFS error (device loop0): open_ctree failed [ 159.479591] XFS (loop2): Invalid superblock magic number 08:14:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 08:14:26 executing program 0 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:26 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:26 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 159.636627] FAULT_INJECTION: forcing a failure. [ 159.636627] name failslab, interval 1, probability 0, space 0, times 0 [ 159.712688] CPU: 0 PID: 8652 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 159.719673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 159.729043] Call Trace: [ 159.731648] dump_stack+0x138/0x197 [ 159.735292] should_fail.cold+0x10f/0x159 [ 159.739453] should_failslab+0xdb/0x130 [ 159.743438] kmem_cache_alloc+0x2d7/0x780 [ 159.747590] ? vfs_write+0x25f/0x500 [ 159.751338] getname_flags+0xcb/0x580 [ 159.755140] ? check_preemption_disabled+0x3c/0x250 08:14:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x0, 0x0) 08:14:26 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) [ 159.760164] getname+0x1a/0x20 [ 159.763387] do_sys_open+0x1e7/0x430 [ 159.767107] ? filp_open+0x70/0x70 [ 159.770650] ? fput+0xd4/0x150 [ 159.773844] ? SyS_pwrite64+0xca/0x140 [ 159.777737] SyS_open+0x2d/0x40 [ 159.781041] ? do_sys_open+0x430/0x430 [ 159.784935] do_syscall_64+0x1e8/0x640 [ 159.788823] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 159.793679] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 159.798873] RIP: 0033:0x413941 [ 159.802060] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 159.809765] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413941 [ 159.817028] RDX: 00007f5bea504b0a RSI: 0000000000000002 RDI: 00007f5bea504b00 [ 159.824295] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 159.824302] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 159.824307] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:26 executing program 0 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x0, 0x0) [ 159.874879] XFS (loop2): Invalid superblock magic number 08:14:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x9, 0x0) 08:14:26 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup3(0xffffffffffffffff, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:26 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) [ 159.984627] FAULT_INJECTION: forcing a failure. [ 159.984627] name failslab, interval 1, probability 0, space 0, times 0 [ 160.030092] CPU: 1 PID: 8683 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 160.037069] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.047125] Call Trace: [ 160.049724] dump_stack+0x138/0x197 [ 160.053361] should_fail.cold+0x10f/0x159 [ 160.053378] should_failslab+0xdb/0x130 [ 160.053390] kmem_cache_alloc+0x2d7/0x780 [ 160.061596] ? save_stack+0xa9/0xd0 [ 160.061614] get_empty_filp+0x8c/0x3f0 [ 160.061623] path_openat+0x8f/0x3f70 [ 160.061633] ? generic_perform_write+0x34f/0x480 [ 160.061652] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 160.061663] ? save_trace+0x290/0x290 [ 160.061674] ? __alloc_fd+0x1d4/0x4a0 [ 160.061685] do_filp_open+0x18e/0x250 [ 160.061695] ? may_open_dev+0xe0/0xe0 [ 160.061707] ? lock_downgrade+0x740/0x740 [ 160.061724] ? _raw_spin_unlock+0x2d/0x50 [ 160.061733] ? __alloc_fd+0x1d4/0x4a0 [ 160.061751] do_sys_open+0x2c5/0x430 [ 160.117414] ? filp_open+0x70/0x70 [ 160.120963] ? fput+0xd4/0x150 [ 160.124157] ? SyS_pwrite64+0xca/0x140 [ 160.128053] SyS_open+0x2d/0x40 [ 160.131513] ? do_sys_open+0x430/0x430 [ 160.135411] do_syscall_64+0x1e8/0x640 [ 160.139307] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.144160] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.149354] RIP: 0033:0x413941 [ 160.152548] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 160.160261] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413941 [ 160.167550] RDX: 00007f5bea504b0a RSI: 0000000000000002 RDI: 00007f5bea504b00 08:14:26 executing program 5: r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000480)='asymmetric\x00', 0x0) r1 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, r0) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000200)='/proc/self/net/pfkey\x00', 0x10000, 0x0) ioctl$SIOCAX25DELFWD(r2, 0x89eb, &(0x7f0000000240)={@default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}) request_key(&(0x7f0000000000)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)='\x00', r1) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$vnet(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/vhost-net\x00', 0x2, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r4, 0x84, 0x7a, &(0x7f00000001c0)={r6, 0x0, 0x0, 0x0, 0x9, 0xffffffff}, &(0x7f00000009c0)=0xfffffffffffffea5) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f0000000280)={r6, 0x8f0, 0x6, [0x5, 0x401, 0x74fc, 0x3, 0x7, 0x2]}, 0x14) [ 160.174833] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 160.174839] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 160.174845] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:26 executing program 0 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:26 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x0, 0x0) 08:14:26 executing program 5: ioctl$TIOCGSOFTCAR(0xffffffffffffffff, 0x5419, &(0x7f0000000000)) syslog(0xa, &(0x7f0000000040)=""/98, 0x2f5) 08:14:27 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x9, 0x0) [ 160.307536] FAULT_INJECTION: forcing a failure. [ 160.307536] name failslab, interval 1, probability 0, space 0, times 0 [ 160.344329] XFS (loop2): Invalid superblock magic number [ 160.366145] CPU: 0 PID: 8720 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 160.373131] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.373137] Call Trace: [ 160.373154] dump_stack+0x138/0x197 [ 160.373173] should_fail.cold+0x10f/0x159 [ 160.373190] should_failslab+0xdb/0x130 [ 160.373204] kmem_cache_alloc+0x2d7/0x780 [ 160.373213] ? save_stack+0xa9/0xd0 [ 160.373226] get_empty_filp+0x8c/0x3f0 [ 160.373235] path_openat+0x8f/0x3f70 [ 160.373248] ? trace_hardirqs_on+0x10/0x10 [ 160.373260] ? check_preemption_disabled+0x3c/0x250 [ 160.373274] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 160.373281] ? find_held_lock+0x35/0x130 [ 160.373290] ? save_trace+0x290/0x290 [ 160.373301] ? __alloc_fd+0x1d4/0x4a0 [ 160.373312] do_filp_open+0x18e/0x250 [ 160.373321] ? may_open_dev+0xe0/0xe0 [ 160.373332] ? lock_downgrade+0x740/0x740 [ 160.373345] ? _raw_spin_unlock+0x2d/0x50 [ 160.373353] ? __alloc_fd+0x1d4/0x4a0 [ 160.373370] do_sys_open+0x2c5/0x430 [ 160.373381] ? filp_open+0x70/0x70 [ 160.373388] ? fput+0xd4/0x150 [ 160.373401] ? SyS_pwrite64+0xca/0x140 [ 160.388979] SyS_open+0x2d/0x40 [ 160.388989] ? do_sys_open+0x430/0x430 [ 160.389003] do_syscall_64+0x1e8/0x640 [ 160.389012] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.389030] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.389042] RIP: 0033:0x413941 [ 160.496217] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 160.503917] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413941 08:14:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x0, 0x0) [ 160.511173] RDX: 00007f5bea504b0a RSI: 0000000000000002 RDI: 00007f5bea504b00 [ 160.518423] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 160.525751] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 160.533002] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:27 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x85000, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000300)={&(0x7f0000000200)=[0x0], &(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[0x0, 0x0, 0x0, 0x0], 0x1, 0x4253, 0x4000000000000192, 0x4}) openat(r0, &(0x7f0000000000)='./file0\x00', 0x4000, 0x46) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(0xffffffffffffffff, 0xc034564b, &(0x7f0000000040)={0x2, 0x6462a4b0, 0x6, 0xfffffff8, 0x3, @discrete={0x8, 0x6}}) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000280)={0x0, 0xffffffe3, 0x0, 0x6, 0x19, 0x4, 0x0, 0x4, 0x6, 0x101, 0x2, 0x25}) lsetxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='security.evm\x00', &(0x7f0000000580)=ANY=[@ANYBLOB="0287712f878e35983826aa890100d177ba0029c35e888d851e3ca75d91f338d2762e504ca023db8efd7e0d4fb09df102000000a35ff0f7d6083c73e5378929c497ed1c874d35f15c2a376568c81e411e3182ef1bd92c461b7904056c04fbe489f000000000000000000000000000001f2dbb25f094bef8329adc7f4c227aa1bcda93bf95c0f249bb717b599d7f7d2b0f6fd60db006812a3ef9cbf03f727f71fe0ec1669dc63a5565610788d118a33338b6be70c4b87a8ff5be2000fef0d459250ed1d140eff5b2c7c2c4fd65197e9214b24e0451fd12d7c2116c622948cc0cb254ed44ec0c0521ca54e1e5e532b25806cea2bdaa3b1dca3cbc7dc4a604fddbb4a5bb6c2ba422ff7a1563eec161259866890d273205fc16a4dd5f7bc7a20b4a202899891a8c2ad6a55e7fa79b57dc5b0ba00a56a3b6ce7b43e2daafd7ae549ce88c626d06302bea42b95f22d80d504ba66e80089ef528df458614992ae5a80e51c282403c7f4cab7c4dda9399a0748332ceba4cee957e2ad3192def3b1b2ed54f432c0f47081158b45d4cc49fda8ff03ae33d23d3fef56bdf4d5e8bbb12bbcf7be6def2739d6aa96349"], 0x10, 0x0) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:27 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:27 executing program 0 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:27 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x9, 0x0) [ 160.672239] FAULT_INJECTION: forcing a failure. [ 160.672239] name failslab, interval 1, probability 0, space 0, times 0 [ 160.689914] CPU: 0 PID: 8756 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 160.696887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 160.706237] Call Trace: [ 160.708820] dump_stack+0x138/0x197 [ 160.712435] should_fail.cold+0x10f/0x159 [ 160.716570] should_failslab+0xdb/0x130 [ 160.720530] kmem_cache_alloc+0x2d7/0x780 [ 160.724815] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 160.730258] ? check_preemption_disabled+0x3c/0x250 [ 160.735280] selinux_file_alloc_security+0xb4/0x190 [ 160.740286] security_file_alloc+0x6d/0xa0 [ 160.744507] get_empty_filp+0x162/0x3f0 [ 160.748464] path_openat+0x8f/0x3f70 [ 160.752163] ? trace_hardirqs_on+0x10/0x10 [ 160.756383] ? check_preemption_disabled+0x3c/0x250 [ 160.761395] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 160.766052] ? find_held_lock+0x35/0x130 [ 160.770094] ? save_trace+0x290/0x290 [ 160.773883] ? __alloc_fd+0x1d4/0x4a0 [ 160.777667] do_filp_open+0x18e/0x250 [ 160.781453] ? may_open_dev+0xe0/0xe0 [ 160.785242] ? lock_downgrade+0x740/0x740 [ 160.789376] ? _raw_spin_unlock+0x2d/0x50 [ 160.793504] ? __alloc_fd+0x1d4/0x4a0 [ 160.797302] do_sys_open+0x2c5/0x430 [ 160.801009] ? filp_open+0x70/0x70 [ 160.804532] ? fput+0xd4/0x150 [ 160.807706] ? SyS_pwrite64+0xca/0x140 [ 160.811577] SyS_open+0x2d/0x40 [ 160.815986] ? do_sys_open+0x430/0x430 [ 160.819859] do_syscall_64+0x1e8/0x640 [ 160.823726] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 160.828554] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 160.833725] RIP: 0033:0x413941 [ 160.836901] RSP: 002b:00007f5bea504a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 160.844600] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000413941 [ 160.851949] RDX: 00007f5bea504b0a RSI: 0000000000000002 RDI: 00007f5bea504b00 [ 160.859203] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 08:14:27 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x9, 0x0) 08:14:27 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x1, 0x2) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r0, 0x800448d2, &(0x7f0000000040)={0x0, &(0x7f0000000140)}) [ 160.866453] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 160.873703] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:27 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x9, 0x0) 08:14:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 08:14:27 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) prctl$PR_SET_FP_MODE(0x2d, 0x0) mq_unlink(&(0x7f0000000000)='\x00') 08:14:27 executing program 0 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:27 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) [ 161.013206] XFS (loop2): Invalid superblock magic number 08:14:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 08:14:27 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:27 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x9, 0x0) [ 161.081162] FAULT_INJECTION: forcing a failure. [ 161.081162] name failslab, interval 1, probability 0, space 0, times 0 08:14:27 executing program 5: syslog(0xa, &(0x7f00000001c0)=""/102, 0x66) [ 161.167616] CPU: 0 PID: 8795 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 161.174595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.184040] Call Trace: [ 161.186646] dump_stack+0x138/0x197 [ 161.190289] should_fail.cold+0x10f/0x159 [ 161.194455] should_failslab+0xdb/0x130 [ 161.198431] kmem_cache_alloc+0x2d7/0x780 [ 161.202583] ? trace_hardirqs_on+0x10/0x10 [ 161.206815] ? save_trace+0x290/0x290 [ 161.210629] __kernfs_new_node+0x70/0x420 [ 161.214782] kernfs_new_node+0x80/0xf0 [ 161.218659] kernfs_create_dir_ns+0x41/0x140 [ 161.223064] internal_create_group+0xea/0x7b0 [ 161.227544] sysfs_create_group+0x20/0x30 [ 161.231674] lo_ioctl+0x1176/0x1ce0 [ 161.235562] ? loop_probe+0x160/0x160 [ 161.239353] blkdev_ioctl+0x96b/0x1860 [ 161.243221] ? blkpg_ioctl+0x980/0x980 [ 161.247111] ? __might_sleep+0x93/0xb0 [ 161.250981] ? __fget+0x210/0x370 [ 161.254420] block_ioctl+0xde/0x120 [ 161.258034] ? blkdev_fallocate+0x3b0/0x3b0 [ 161.262351] do_vfs_ioctl+0x7ae/0x1060 [ 161.266221] ? selinux_file_mprotect+0x5d0/0x5d0 [ 161.270958] ? lock_downgrade+0x740/0x740 [ 161.275098] ? ioctl_preallocate+0x1c0/0x1c0 [ 161.279489] ? __fget+0x237/0x370 [ 161.282926] ? security_file_ioctl+0x89/0xb0 [ 161.287317] SyS_ioctl+0x8f/0xc0 [ 161.290666] ? do_vfs_ioctl+0x1060/0x1060 [ 161.294802] do_syscall_64+0x1e8/0x640 [ 161.298674] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 161.303508] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 161.308688] RIP: 0033:0x4598c7 08:14:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2", 0x24, 0x10000}], 0x0, 0x0) 08:14:28 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x8000, 0x0) ioctl$VIDIOC_G_DV_TIMINGS(r0, 0xc0845658, &(0x7f0000000140)={0x0, @bt={0x7fff, 0x2, 0x0, 0x4, 0x2, 0x2, 0x6, 0x4d, 0x2, 0xf5f7, 0x10000, 0x1, 0x0, 0xbcc, 0x849250f94ae9b4ad}}) [ 161.311860] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.319646] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 161.326906] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 161.334850] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 161.342103] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 161.349361] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:28 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x9, 0x0) 08:14:28 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x2000, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x80, 0x151240) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x9c, &(0x7f0000000140)=[@in6={0xa, 0x4e20, 0x4, @ipv4={[], [], @multicast1}, 0x8000}, @in6={0xa, 0x4e24, 0x7, @dev={0xfe, 0x80, [], 0x11}}, @in6={0xa, 0x4e24, 0x1c, @rand_addr="2e313a724f6f8d5607983a4ad5d3122c", 0x5212}, @in6={0xa, 0x4e24, 0x8, @remote, 0x8}, @in={0x2, 0x4e22, @multicast1}, @in6={0xa, 0x4e23, 0x7a1d, @ipv4={[], [], @multicast2}, 0xfffffdbd}]}, &(0x7f0000000200)=0x10) setsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x1, &(0x7f0000000240)={r3, 0x20c, 0x4, 0x6, 0x5, 0x5}, 0x14) ioctl$RTC_PIE_OFF(r0, 0x7006) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r4, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$USBDEVFS_RELEASE_PORT(r4, 0x80045519, &(0x7f0000000280)=0x2) [ 161.451044] BTRFS error (device loop0): superblock checksum mismatch 08:14:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) r1 = dup3(r0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 161.497101] XFS (loop2): Invalid superblock magic number [ 161.510927] BTRFS error (device loop0): open_ctree failed 08:14:28 executing program 0 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 08:14:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{0x0, 0x0, 0x10000}], 0x9, 0x0) 08:14:28 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x9, 0x0) 08:14:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) 08:14:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) [ 161.697843] FAULT_INJECTION: forcing a failure. [ 161.697843] name failslab, interval 1, probability 0, space 0, times 0 [ 161.766712] CPU: 1 PID: 8860 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 161.773692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 161.783135] Call Trace: [ 161.783155] dump_stack+0x138/0x197 [ 161.783174] should_fail.cold+0x10f/0x159 [ 161.783189] should_failslab+0xdb/0x130 [ 161.783201] kmem_cache_alloc+0x2d7/0x780 [ 161.783213] ? __mutex_unlock_slowpath+0x71/0x800 [ 161.783222] ? __lock_is_held+0xb6/0x140 [ 161.783236] __kernfs_new_node+0x70/0x420 [ 161.801683] kernfs_new_node+0x80/0xf0 [ 161.801698] __kernfs_create_file+0x46/0x323 [ 161.801709] sysfs_add_file_mode_ns+0x1e4/0x450 [ 161.801721] internal_create_group+0x232/0x7b0 [ 161.801736] sysfs_create_group+0x20/0x30 [ 161.801747] lo_ioctl+0x1176/0x1ce0 [ 161.801759] ? loop_probe+0x160/0x160 [ 161.819848] XFS (loop2): Invalid superblock magic number [ 161.823066] blkdev_ioctl+0x96b/0x1860 [ 161.823076] ? blkpg_ioctl+0x980/0x980 [ 161.823093] ? __might_sleep+0x93/0xb0 [ 161.823105] ? __fget+0x210/0x370 [ 161.864581] block_ioctl+0xde/0x120 [ 161.868221] ? blkdev_fallocate+0x3b0/0x3b0 [ 161.872555] do_vfs_ioctl+0x7ae/0x1060 [ 161.876449] ? selinux_file_mprotect+0x5d0/0x5d0 [ 161.881379] ? lock_downgrade+0x740/0x740 [ 161.881391] ? ioctl_preallocate+0x1c0/0x1c0 [ 161.881405] ? __fget+0x237/0x370 [ 161.881421] ? security_file_ioctl+0x89/0xb0 [ 161.881431] SyS_ioctl+0x8f/0xc0 [ 161.881440] ? do_vfs_ioctl+0x1060/0x1060 [ 161.881452] do_syscall_64+0x1e8/0x640 [ 161.881460] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 161.881477] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 161.920380] RIP: 0033:0x4598c7 [ 161.923572] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 161.931294] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 161.938660] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 161.946024] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 161.953309] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 161.960585] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 161.982954] BTRFS error (device loop0): superblock checksum mismatch 08:14:28 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:28 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x9, 0x0) 08:14:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000", 0x36, 0x10000}], 0x0, 0x0) [ 162.020503] BTRFS error (device loop0): open_ctree failed 08:14:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) 08:14:28 executing program 0 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:28 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x9, 0x0) 08:14:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) [ 162.208319] FAULT_INJECTION: forcing a failure. [ 162.208319] name failslab, interval 1, probability 0, space 0, times 0 [ 162.219996] CPU: 0 PID: 8925 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 162.226961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.236320] Call Trace: [ 162.239043] dump_stack+0x138/0x197 [ 162.242690] should_fail.cold+0x10f/0x159 [ 162.246855] should_failslab+0xdb/0x130 [ 162.250847] kmem_cache_alloc+0x47/0x780 [ 162.254919] ? save_stack_trace+0x16/0x20 [ 162.259071] ? save_stack+0x45/0xd0 [ 162.262704] ? kasan_kmalloc+0xce/0xf0 [ 162.266594] ? kasan_slab_alloc+0xf/0x20 [ 162.270661] ? kmem_cache_alloc+0x12e/0x780 [ 162.274994] ? __kernfs_new_node+0x70/0x420 [ 162.279318] ? kernfs_new_node+0x80/0xf0 [ 162.283377] ? kernfs_create_dir_ns+0x41/0x140 [ 162.287981] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 162.293624] idr_get_free_cmn+0x563/0x8d0 [ 162.297793] idr_alloc_cmn+0x10e/0x210 [ 162.301692] ? __fprop_inc_percpu_max+0x1e0/0x1e0 [ 162.306556] ? __lock_is_held+0xb6/0x140 [ 162.310623] ? check_preemption_disabled+0x3c/0x250 [ 162.315654] idr_alloc_cyclic+0xd0/0x1e2 [ 162.319728] ? ida_simple_remove+0x60/0x60 [ 162.323978] __kernfs_new_node+0xe4/0x420 [ 162.328147] kernfs_new_node+0x80/0xf0 [ 162.332043] kernfs_create_dir_ns+0x41/0x140 [ 162.336465] internal_create_group+0xea/0x7b0 [ 162.340989] sysfs_create_group+0x20/0x30 [ 162.345146] lo_ioctl+0x1176/0x1ce0 [ 162.348787] ? loop_probe+0x160/0x160 [ 162.352597] blkdev_ioctl+0x96b/0x1860 [ 162.356515] ? blkpg_ioctl+0x980/0x980 [ 162.360414] ? __might_sleep+0x93/0xb0 [ 162.364311] ? __fget+0x210/0x370 [ 162.367775] block_ioctl+0xde/0x120 [ 162.371410] ? blkdev_fallocate+0x3b0/0x3b0 [ 162.375738] do_vfs_ioctl+0x7ae/0x1060 [ 162.379638] ? selinux_file_mprotect+0x5d0/0x5d0 [ 162.384404] ? lock_downgrade+0x740/0x740 [ 162.388563] ? ioctl_preallocate+0x1c0/0x1c0 [ 162.392983] ? __fget+0x237/0x370 [ 162.396454] ? security_file_ioctl+0x89/0xb0 [ 162.400980] SyS_ioctl+0x8f/0xc0 [ 162.404355] ? do_vfs_ioctl+0x1060/0x1060 [ 162.408512] do_syscall_64+0x1e8/0x640 [ 162.412406] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 162.417262] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 162.422458] RIP: 0033:0x4598c7 [ 162.425654] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.433369] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 162.440646] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 162.447919] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 08:14:28 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0), 0x0, 0x10000}], 0x9, 0x0) [ 162.455192] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 162.462465] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 162.480621] XFS (loop2): Invalid superblock magic number 08:14:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 162.508250] BTRFS error (device loop0): superblock checksum mismatch 08:14:29 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x9, 0x0) 08:14:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) 08:14:29 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) [ 162.580649] BTRFS error (device loop0): open_ctree failed 08:14:29 executing program 0 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:29 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x9, 0x0) [ 162.731628] FAULT_INJECTION: forcing a failure. [ 162.731628] name failslab, interval 1, probability 0, space 0, times 0 [ 162.756989] CPU: 0 PID: 8974 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 162.763967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 162.773331] Call Trace: [ 162.773350] dump_stack+0x138/0x197 08:14:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000", 0x3f, 0x10000}], 0x0, 0x0) [ 162.773368] should_fail.cold+0x10f/0x159 [ 162.773384] should_failslab+0xdb/0x130 [ 162.773397] kmem_cache_alloc+0x2d7/0x780 [ 162.783770] ? wait_for_completion+0x420/0x420 [ 162.783791] __kernfs_new_node+0x70/0x420 [ 162.792003] kernfs_new_node+0x80/0xf0 [ 162.792018] __kernfs_create_file+0x46/0x323 [ 162.792029] sysfs_add_file_mode_ns+0x1e4/0x450 [ 162.792042] internal_create_group+0x232/0x7b0 [ 162.792056] sysfs_create_group+0x20/0x30 [ 162.792067] lo_ioctl+0x1176/0x1ce0 [ 162.792079] ? loop_probe+0x160/0x160 [ 162.792095] blkdev_ioctl+0x96b/0x1860 [ 162.792104] ? blkpg_ioctl+0x980/0x980 [ 162.792120] ? __might_sleep+0x93/0xb0 [ 162.792128] ? __fget+0x210/0x370 [ 162.792139] block_ioctl+0xde/0x120 [ 162.792148] ? blkdev_fallocate+0x3b0/0x3b0 [ 162.792158] do_vfs_ioctl+0x7ae/0x1060 [ 162.792170] ? selinux_file_mprotect+0x5d0/0x5d0 [ 162.826171] ? lock_downgrade+0x740/0x740 [ 162.833836] ? ioctl_preallocate+0x1c0/0x1c0 [ 162.870132] ? __fget+0x237/0x370 [ 162.873608] ? security_file_ioctl+0x89/0xb0 [ 162.878146] SyS_ioctl+0x8f/0xc0 [ 162.881877] ? do_vfs_ioctl+0x1060/0x1060 [ 162.886041] do_syscall_64+0x1e8/0x640 [ 162.889946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 162.894810] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 162.900014] RIP: 0033:0x4598c7 [ 162.903220] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.910933] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 162.918210] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 162.925507] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 162.932782] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 162.940061] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:29 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) 08:14:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 08:14:29 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x9, 0x0) [ 162.976429] XFS (loop2): Invalid superblock magic number [ 163.006478] BTRFS error (device loop0): superblock checksum mismatch 08:14:29 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 08:14:29 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a", 0x30, 0x10000}], 0x9, 0x0) [ 163.073612] BTRFS error (device loop0): open_ctree failed 08:14:29 executing program 0 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:29 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x9, 0x0) 08:14:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f424852", 0x44, 0x10000}], 0x0, 0x0) 08:14:29 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 163.229603] XFS (loop2): Invalid superblock magic number [ 163.248360] FAULT_INJECTION: forcing a failure. [ 163.248360] name failslab, interval 1, probability 0, space 0, times 0 [ 163.286021] CPU: 1 PID: 9034 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 163.292992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 163.302362] Call Trace: [ 163.304952] dump_stack+0x138/0x197 [ 163.308592] should_fail.cold+0x10f/0x159 [ 163.312731] should_failslab+0xdb/0x130 [ 163.316691] kmem_cache_alloc+0x2d7/0x780 [ 163.320822] ? wait_for_completion+0x420/0x420 [ 163.325403] __kernfs_new_node+0x70/0x420 [ 163.329539] kernfs_new_node+0x80/0xf0 [ 163.333763] __kernfs_create_file+0x46/0x323 [ 163.338164] sysfs_add_file_mode_ns+0x1e4/0x450 [ 163.342817] internal_create_group+0x232/0x7b0 [ 163.347386] sysfs_create_group+0x20/0x30 [ 163.351530] lo_ioctl+0x1176/0x1ce0 [ 163.355149] ? loop_probe+0x160/0x160 [ 163.358931] blkdev_ioctl+0x96b/0x1860 [ 163.362810] ? blkpg_ioctl+0x980/0x980 [ 163.366774] ? __might_sleep+0x93/0xb0 [ 163.370644] ? __fget+0x210/0x370 [ 163.374082] block_ioctl+0xde/0x120 [ 163.377690] ? blkdev_fallocate+0x3b0/0x3b0 [ 163.381998] do_vfs_ioctl+0x7ae/0x1060 [ 163.385869] ? selinux_file_mprotect+0x5d0/0x5d0 [ 163.390608] ? lock_downgrade+0x740/0x740 [ 163.394749] ? ioctl_preallocate+0x1c0/0x1c0 [ 163.399163] ? __fget+0x237/0x370 [ 163.402603] ? security_file_ioctl+0x89/0xb0 [ 163.407004] SyS_ioctl+0x8f/0xc0 [ 163.410357] ? do_vfs_ioctl+0x1060/0x1060 [ 163.414494] do_syscall_64+0x1e8/0x640 [ 163.418362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 163.423201] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 163.428386] RIP: 0033:0x4598c7 08:14:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 163.431560] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 163.439251] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 163.446502] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 163.453752] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 163.461004] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 163.468262] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) [ 163.534062] BTRFS error (device loop3): superblock checksum mismatch 08:14:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) 08:14:30 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x0, 0x0) [ 163.670442] BTRFS error (device loop3): open_ctree failed [ 163.681389] BTRFS error (device loop0): superblock checksum mismatch 08:14:30 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) [ 163.741873] BTRFS error (device loop0): open_ctree failed [ 163.748129] XFS (loop2): Invalid superblock magic number 08:14:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:30 executing program 0 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 08:14:30 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:30 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) [ 163.959729] FAULT_INJECTION: forcing a failure. [ 163.959729] name failslab, interval 1, probability 0, space 0, times 0 [ 163.985417] CPU: 0 PID: 9100 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 163.992566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.001924] Call Trace: [ 164.004500] dump_stack+0x138/0x197 [ 164.008114] should_fail.cold+0x10f/0x159 [ 164.012256] should_failslab+0xdb/0x130 [ 164.016216] kmem_cache_alloc+0x2d7/0x780 [ 164.020353] ? wait_for_completion+0x420/0x420 [ 164.024976] __kernfs_new_node+0x70/0x420 [ 164.029247] kernfs_new_node+0x80/0xf0 [ 164.033139] __kernfs_create_file+0x46/0x323 [ 164.037533] sysfs_add_file_mode_ns+0x1e4/0x450 [ 164.042190] internal_create_group+0x232/0x7b0 [ 164.046775] sysfs_create_group+0x20/0x30 [ 164.050917] lo_ioctl+0x1176/0x1ce0 [ 164.054542] ? loop_probe+0x160/0x160 [ 164.058329] blkdev_ioctl+0x96b/0x1860 [ 164.062204] ? blkpg_ioctl+0x980/0x980 [ 164.066100] ? __might_sleep+0x93/0xb0 [ 164.069982] ? __fget+0x210/0x370 [ 164.073430] block_ioctl+0xde/0x120 [ 164.077046] ? blkdev_fallocate+0x3b0/0x3b0 [ 164.081351] do_vfs_ioctl+0x7ae/0x1060 [ 164.085238] ? selinux_file_mprotect+0x5d0/0x5d0 [ 164.089974] ? lock_downgrade+0x740/0x740 [ 164.094112] ? ioctl_preallocate+0x1c0/0x1c0 [ 164.098503] ? __fget+0x237/0x370 [ 164.102121] ? security_file_ioctl+0x89/0xb0 [ 164.106519] SyS_ioctl+0x8f/0xc0 [ 164.109873] ? do_vfs_ioctl+0x1060/0x1060 [ 164.114008] do_syscall_64+0x1e8/0x640 [ 164.118071] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.122908] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 164.128082] RIP: 0033:0x4598c7 [ 164.131264] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.139060] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 164.146310] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 164.153565] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 08:14:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) [ 164.160820] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 164.168082] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 164.179233] XFS (loop2): Invalid superblock magic number 08:14:30 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:30 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a00", 0x31, 0x10000}], 0x9, 0x0) 08:14:30 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 164.291700] BTRFS error (device loop0): superblock checksum mismatch 08:14:31 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) [ 164.382097] BTRFS error (device loop0): open_ctree failed 08:14:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x0, 0x0) 08:14:31 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:31 executing program 0 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:31 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) [ 164.563178] XFS (loop2): Invalid superblock magic number [ 164.596774] FAULT_INJECTION: forcing a failure. [ 164.596774] name failslab, interval 1, probability 0, space 0, times 0 [ 164.695190] CPU: 1 PID: 9163 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 164.702178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 164.711636] Call Trace: [ 164.714220] dump_stack+0x138/0x197 [ 164.717863] should_fail.cold+0x10f/0x159 [ 164.722006] should_failslab+0xdb/0x130 [ 164.725968] kmem_cache_alloc+0x2d7/0x780 [ 164.730100] ? wait_for_completion+0x420/0x420 [ 164.734692] __kernfs_new_node+0x70/0x420 [ 164.738833] kernfs_new_node+0x80/0xf0 [ 164.742722] __kernfs_create_file+0x46/0x323 [ 164.747120] sysfs_add_file_mode_ns+0x1e4/0x450 [ 164.751777] internal_create_group+0x232/0x7b0 [ 164.756348] sysfs_create_group+0x20/0x30 [ 164.760482] lo_ioctl+0x1176/0x1ce0 [ 164.764116] ? loop_probe+0x160/0x160 [ 164.767905] blkdev_ioctl+0x96b/0x1860 [ 164.771783] ? blkpg_ioctl+0x980/0x980 [ 164.775672] ? __might_sleep+0x93/0xb0 [ 164.779537] ? __fget+0x210/0x370 [ 164.782973] block_ioctl+0xde/0x120 [ 164.786579] ? blkdev_fallocate+0x3b0/0x3b0 [ 164.790882] do_vfs_ioctl+0x7ae/0x1060 [ 164.794752] ? selinux_file_mprotect+0x5d0/0x5d0 [ 164.799500] ? lock_downgrade+0x740/0x740 [ 164.803628] ? ioctl_preallocate+0x1c0/0x1c0 [ 164.808025] ? __fget+0x237/0x370 [ 164.811463] ? security_file_ioctl+0x89/0xb0 [ 164.815869] SyS_ioctl+0x8f/0xc0 [ 164.819215] ? do_vfs_ioctl+0x1060/0x1060 [ 164.823358] do_syscall_64+0x1e8/0x640 [ 164.827227] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 164.832059] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 164.837230] RIP: 0033:0x4598c7 [ 164.840405] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 164.848109] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 164.856325] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 164.863607] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 164.870874] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 164.878125] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:31 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) 08:14:31 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) 08:14:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) 08:14:31 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff6", 0x3d, 0x10000}], 0x9, 0x0) 08:14:31 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x0, 0x0) [ 165.203073] BTRFS error (device loop0): superblock checksum mismatch 08:14:31 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 165.290624] BTRFS error (device loop0): open_ctree failed 08:14:32 executing program 0 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:32 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:32 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) [ 165.447824] FAULT_INJECTION: forcing a failure. [ 165.447824] name failslab, interval 1, probability 0, space 0, times 0 [ 165.508846] CPU: 0 PID: 9236 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 165.515829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.525628] Call Trace: [ 165.528234] dump_stack+0x138/0x197 [ 165.532056] should_fail.cold+0x10f/0x159 [ 165.536218] should_failslab+0xdb/0x130 [ 165.540217] kmem_cache_alloc+0x2d7/0x780 [ 165.544378] ? wait_for_completion+0x420/0x420 [ 165.548974] __kernfs_new_node+0x70/0x420 [ 165.553137] kernfs_new_node+0x80/0xf0 [ 165.557041] __kernfs_create_file+0x46/0x323 [ 165.561467] sysfs_add_file_mode_ns+0x1e4/0x450 [ 165.566158] internal_create_group+0x232/0x7b0 [ 165.570784] sysfs_create_group+0x20/0x30 [ 165.574965] lo_ioctl+0x1176/0x1ce0 [ 165.578607] ? loop_probe+0x160/0x160 [ 165.582418] blkdev_ioctl+0x96b/0x1860 [ 165.586321] ? blkpg_ioctl+0x980/0x980 [ 165.590221] ? __might_sleep+0x93/0xb0 [ 165.594114] ? __fget+0x210/0x370 [ 165.597580] block_ioctl+0xde/0x120 [ 165.601217] ? blkdev_fallocate+0x3b0/0x3b0 [ 165.606072] do_vfs_ioctl+0x7ae/0x1060 [ 165.609972] ? selinux_file_mprotect+0x5d0/0x5d0 [ 165.614741] ? lock_downgrade+0x740/0x740 [ 165.618906] ? ioctl_preallocate+0x1c0/0x1c0 [ 165.623325] ? __fget+0x237/0x370 [ 165.626794] ? security_file_ioctl+0x89/0xb0 [ 165.631208] SyS_ioctl+0x8f/0xc0 [ 165.634584] ? do_vfs_ioctl+0x1060/0x1060 [ 165.638743] do_syscall_64+0x1e8/0x640 [ 165.642650] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 165.647774] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 165.652964] RIP: 0033:0x4598c7 08:14:32 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) [ 165.656150] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 165.663873] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 165.671150] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 165.678426] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 165.685701] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 165.692978] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 165.725716] BTRFS error (device loop0): superblock checksum mismatch 08:14:32 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248", 0x43, 0x10000}], 0x9, 0x0) 08:14:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 165.785177] BTRFS error (device loop0): open_ctree failed 08:14:32 executing program 0 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 165.911990] FAULT_INJECTION: forcing a failure. [ 165.911990] name failslab, interval 1, probability 0, space 0, times 0 [ 165.928246] CPU: 0 PID: 9267 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 165.935236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 165.944586] Call Trace: [ 165.947179] dump_stack+0x138/0x197 [ 165.950809] should_fail.cold+0x10f/0x159 [ 165.955036] should_failslab+0xdb/0x130 [ 165.958996] kmem_cache_alloc_trace+0x2e9/0x790 [ 165.963657] ? kernfs_put+0x35e/0x490 [ 165.967439] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 165.972265] ? devm_device_remove_groups+0x50/0x50 [ 165.977187] kobject_uevent_env+0x378/0xc23 [ 165.981492] ? internal_create_group+0x49a/0x7b0 [ 165.986247] kobject_uevent+0x20/0x26 [ 165.990543] lo_ioctl+0x11e7/0x1ce0 [ 165.994158] ? loop_probe+0x160/0x160 [ 165.997941] blkdev_ioctl+0x96b/0x1860 [ 166.001819] ? blkpg_ioctl+0x980/0x980 [ 166.005692] ? __might_sleep+0x93/0xb0 [ 166.009560] ? __fget+0x210/0x370 [ 166.012996] block_ioctl+0xde/0x120 [ 166.016604] ? blkdev_fallocate+0x3b0/0x3b0 [ 166.020908] do_vfs_ioctl+0x7ae/0x1060 [ 166.024788] ? selinux_file_mprotect+0x5d0/0x5d0 [ 166.029526] ? lock_downgrade+0x740/0x740 [ 166.033839] ? ioctl_preallocate+0x1c0/0x1c0 [ 166.038229] ? __fget+0x237/0x370 [ 166.041672] ? security_file_ioctl+0x89/0xb0 [ 166.046065] SyS_ioctl+0x8f/0xc0 [ 166.049409] ? do_vfs_ioctl+0x1060/0x1060 [ 166.054584] do_syscall_64+0x1e8/0x640 [ 166.058453] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 166.063280] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 166.068468] RIP: 0033:0x4598c7 [ 166.071637] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.079326] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 166.086579] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 166.093839] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 166.101091] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 166.108350] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:32 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) [ 166.136883] BTRFS error (device loop0): superblock checksum mismatch 08:14:32 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 166.204465] BTRFS error (device loop0): open_ctree failed 08:14:33 executing program 0 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:33 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:33 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 166.391760] FAULT_INJECTION: forcing a failure. [ 166.391760] name failslab, interval 1, probability 0, space 0, times 0 [ 166.419427] CPU: 1 PID: 9307 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 166.426398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 166.436540] Call Trace: [ 166.439145] dump_stack+0x138/0x197 [ 166.442826] should_fail.cold+0x10f/0x159 [ 166.446991] should_failslab+0xdb/0x130 [ 166.450980] kmem_cache_alloc_trace+0x2e9/0x790 [ 166.455657] ? kernfs_put+0x35e/0x490 [ 166.459460] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 166.464313] ? devm_device_remove_groups+0x50/0x50 [ 166.469256] kobject_uevent_env+0x378/0xc23 [ 166.473586] ? internal_create_group+0x49a/0x7b0 [ 166.478354] kobject_uevent+0x20/0x26 [ 166.482165] lo_ioctl+0x11e7/0x1ce0 [ 166.485804] ? loop_probe+0x160/0x160 [ 166.489611] blkdev_ioctl+0x96b/0x1860 [ 166.493507] ? blkpg_ioctl+0x980/0x980 [ 166.497411] ? __might_sleep+0x93/0xb0 [ 166.501302] ? __fget+0x210/0x370 [ 166.504758] block_ioctl+0xde/0x120 [ 166.508394] ? blkdev_fallocate+0x3b0/0x3b0 [ 166.512724] do_vfs_ioctl+0x7ae/0x1060 [ 166.516622] ? selinux_file_mprotect+0x5d0/0x5d0 [ 166.521384] ? lock_downgrade+0x740/0x740 [ 166.525547] ? ioctl_preallocate+0x1c0/0x1c0 [ 166.529961] ? __fget+0x237/0x370 [ 166.533439] ? security_file_ioctl+0x89/0xb0 [ 166.537858] SyS_ioctl+0x8f/0xc0 [ 166.541236] ? do_vfs_ioctl+0x1060/0x1060 [ 166.545393] do_syscall_64+0x1e8/0x640 [ 166.549284] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 166.554142] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 166.559335] RIP: 0033:0x4598c7 [ 166.562646] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 166.570450] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 166.577730] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 166.585008] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 166.592279] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 166.599551] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) [ 166.646692] XFS (loop4): Invalid superblock magic number 08:14:33 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f4248526653", 0x46, 0x10000}], 0x9, 0x0) 08:14:33 executing program 1: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 166.832986] BTRFS error (device loop0): superblock checksum mismatch [ 166.858167] XFS (loop2): Invalid superblock magic number [ 166.882522] BTRFS error (device loop0): open_ctree failed 08:14:33 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:33 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) 08:14:33 executing program 0 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 166.920204] BTRFS error (device loop1): superblock checksum mismatch [ 166.989794] XFS (loop4): Invalid superblock magic number [ 167.002634] FAULT_INJECTION: forcing a failure. [ 167.002634] name failslab, interval 1, probability 0, space 0, times 0 [ 167.020294] BTRFS error (device loop1): open_ctree failed [ 167.023716] CPU: 1 PID: 9378 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 167.032822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.042176] Call Trace: [ 167.042198] dump_stack+0x138/0x197 [ 167.042216] should_fail.cold+0x10f/0x159 [ 167.042232] should_failslab+0xdb/0x130 [ 167.042245] kmem_cache_alloc_node+0x287/0x780 [ 167.042260] __alloc_skb+0x9c/0x500 [ 167.042268] ? skb_scrub_packet+0x4b0/0x4b0 [ 167.042283] ? netlink_has_listeners+0x20a/0x330 [ 167.048499] kobject_uevent_env+0x781/0xc23 [ 167.078131] ? internal_create_group+0x49a/0x7b0 [ 167.082907] kobject_uevent+0x20/0x26 [ 167.086715] lo_ioctl+0x11e7/0x1ce0 [ 167.090352] ? loop_probe+0x160/0x160 [ 167.094154] blkdev_ioctl+0x96b/0x1860 [ 167.098044] ? blkpg_ioctl+0x980/0x980 [ 167.101956] ? __might_sleep+0x93/0xb0 [ 167.105847] ? __fget+0x210/0x370 [ 167.109305] block_ioctl+0xde/0x120 [ 167.112933] ? blkdev_fallocate+0x3b0/0x3b0 [ 167.117264] do_vfs_ioctl+0x7ae/0x1060 [ 167.121159] ? selinux_file_mprotect+0x5d0/0x5d0 [ 167.125915] ? lock_downgrade+0x740/0x740 [ 167.130068] ? ioctl_preallocate+0x1c0/0x1c0 [ 167.134475] ? __fget+0x237/0x370 [ 167.134494] ? security_file_ioctl+0x89/0xb0 [ 167.134507] SyS_ioctl+0x8f/0xc0 [ 167.134515] ? do_vfs_ioctl+0x1060/0x1060 [ 167.134528] do_syscall_64+0x1e8/0x640 [ 167.142361] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.142380] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.142388] RIP: 0033:0x4598c7 [ 167.142394] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.142403] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 167.142408] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 167.142412] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 167.142417] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 167.142423] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 167.221677] BTRFS error (device loop0): superblock checksum mismatch 08:14:33 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 167.247501] XFS (loop2): Invalid superblock magic number 08:14:34 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) 08:14:34 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 167.305429] BTRFS error (device loop0): open_ctree failed 08:14:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:34 executing program 0 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 167.428629] FAULT_INJECTION: forcing a failure. [ 167.428629] name failslab, interval 1, probability 0, space 0, times 0 [ 167.453012] CPU: 0 PID: 9423 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 167.459996] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 167.469355] Call Trace: [ 167.471962] dump_stack+0x138/0x197 [ 167.475606] should_fail.cold+0x10f/0x159 [ 167.479771] should_failslab+0xdb/0x130 [ 167.483761] kmem_cache_alloc_node+0x287/0x780 [ 167.488362] __alloc_skb+0x9c/0x500 [ 167.491997] ? skb_scrub_packet+0x4b0/0x4b0 [ 167.496331] ? netlink_has_listeners+0x20a/0x330 [ 167.501104] kobject_uevent_env+0x781/0xc23 [ 167.505532] kobject_uevent+0x20/0x26 [ 167.509344] lo_ioctl+0x11e7/0x1ce0 [ 167.512979] ? loop_probe+0x160/0x160 [ 167.516784] blkdev_ioctl+0x96b/0x1860 [ 167.520677] ? blkpg_ioctl+0x980/0x980 [ 167.524577] ? __might_sleep+0x93/0xb0 [ 167.528469] ? __fget+0x210/0x370 [ 167.531930] block_ioctl+0xde/0x120 [ 167.535564] ? blkdev_fallocate+0x3b0/0x3b0 [ 167.539894] do_vfs_ioctl+0x7ae/0x1060 [ 167.543793] ? selinux_file_mprotect+0x5d0/0x5d0 [ 167.548564] ? lock_downgrade+0x740/0x740 [ 167.552729] ? ioctl_preallocate+0x1c0/0x1c0 [ 167.557149] ? __fget+0x237/0x370 [ 167.560756] ? security_file_ioctl+0x89/0xb0 [ 167.565175] SyS_ioctl+0x8f/0xc0 [ 167.568560] ? do_vfs_ioctl+0x1060/0x1060 [ 167.572718] do_syscall_64+0x1e8/0x640 [ 167.576605] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 167.581469] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 167.586664] RIP: 0033:0x4598c7 [ 167.589846] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 167.597557] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 167.604831] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 167.612106] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 167.619377] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 167.626650] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 167.657057] XFS (loop1): Invalid superblock magic number [ 167.678557] XFS (loop4): Invalid superblock magic number [ 167.698211] XFS (loop2): Invalid superblock magic number 08:14:34 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f", 0x47, 0x10000}], 0x9, 0x0) [ 167.705012] BTRFS error (device loop0): superblock checksum mismatch 08:14:34 executing program 1: r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23}, 0x1c) listen(r0, 0x5eb857) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000000340)={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x20}}, 0x10) r2 = accept4(r0, 0x0, 0x0, 0x0) dup2(r1, r2) read$alg(r2, &(0x7f0000000040)=""/33, 0x21) 08:14:34 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r0, r1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 167.800429] BTRFS error (device loop0): open_ctree failed 08:14:34 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 167.837763] audit: type=1400 audit(1570781674.514:44): avc: denied { name_bind } for pid=9449 comm="syz-executor.1" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 08:14:34 executing program 0 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:34 executing program 1: prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000ffb000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000002000/0x3000)=nil, &(0x7f0000003000/0x2000)=nil, &(0x7f0000007000/0x3000)=nil, &(0x7f0000008000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000000000/0x1000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000009000/0x1000)=nil, &(0x7f0000fff000/0x1000)=nil, 0x0}, 0x68) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000100)={0x0, 0x0}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f0000000400)={"2e482281430a1fddcaaa118c09c116e822b4b95edae44b418ac24653630276faba52648071d5fd252719c5b2efb94df462bf5c4fc830a3df31a35b077234ba238aff17d946141154dc1e11b4d031030fafe5cdc19ce403387344a6d6c07d9ff87703456458a9738f5b6e410ba7cb882acc08427d13db648559d97cd08213460aa832c8a1b8e7b99d05704b6756e3954a4ba747d480860871f339f195c6f3d379e68780e3ecc7a21f756f6feafb2eaa246282eafd3b4e3f356e0c6d70371a3fda629877deb6f8954eda77b4efab146af6df8ead6380c4326184ed792334cf85d796b21a81cf77c4f662cfd96299977fdaa8c373a999d2a062658fc437a1aaaffe21605f6b3130ba7e6e882dd384d5843b025248f677b19395444e59c41c4d7963144f9f89fa03c810eaf0d146ba9160ccaa2b53b8f188358d4709703dddbb393882041efb30959a27b8695613ee373707e4271b9a77387921672156344475adc40bf3ea0337b3288301f3f191841d7de9d07ef6252000baaef727a25078978a4a34a4d36944b501a7402372b2e236368c7e02178fb82c738a877244b5ace6b5d77799541544f1cce7d4e7692e05f12578ef7bb4a2cd362ffb40e59fe80e0dd9b60a2b0092e1da13a8f8f4f93013c59b5002b8b98302e6d39af7c85ad3ca972421ad7daacbe8837b8696a8db4996d903f98801b208d589e1563151d0a8ef05cf25448797824cf18f192214c386d4ff2d407e2d9100a23be98e427c1a4ef89eb36bc0f287775b4f8f01edd578b60ccd54b774679ad1f618c8befc680a202999fd1277b5b4df5e3e2932b160ada0c06a008b0a771eaf4b90d8d78d316a6be4bb63655006a95fa5961643cb79ad5ff55b5dcf79c551c4e783f5b34648475594fa17373b34fe68fb1d26e2c8bdda9209c68bed0a90f39c9ae894334b9c2be5e79d5ac18c95dc5ea4c98050a9982615e7b0f664bc455bf1fa4829402b7bbd2aaba5e99c7c34df0c4c40c58b6a82f147b49638a5be4ca9136d45606d8274c47b4459cf4483cb59716bbb84d80b422fb1b660e26fc9f5512a51f0f56ebf873ea13c6a53e98008e59fcf77a857c6a03cccd79a2a31a82f84d2d08b27fd268f84faa014da8fd8f50b48f83789c405f76cc562629593f96e55083c8db114ee67f9ad8591a5eb6a8ee96948bb0e2b8dd6caa3b8a974a5d5ea5f4eb1fea08fc275984f4b706821eb69e250e0060e465fba05ef4069f765b899fd2010382b5a91243dc9ad6fbf711e194e4bc7af93dfa3178e02e7f5c7c2638fedf0f130aa6deb38fbb84d42ff0ef2288b233135104d9ca1af191c1ea43fe8a72f53961deae871ffcd6b8a94750257a64892a522cb2b331d0d4147298eba1a735a000d07efbdb30cd26ade3ee16c4992b6eec86feda090f527a7b27be64d469a5a119dde460b4a4ff8dc986b375a"}) process_vm_readv(r1, &(0x7f0000000380)=[{&(0x7f0000000340)=""/61, 0x3d}], 0x1, &(0x7f0000002540)=[{&(0x7f00000003c0)=""/63, 0x7ffff002}], 0x2, 0x0) [ 167.938678] audit: type=1400 audit(1570781674.544:45): avc: denied { node_bind } for pid=9449 comm="syz-executor.1" src=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:node_t:s0 tclass=dccp_socket permissive=1 [ 167.992372] FAULT_INJECTION: forcing a failure. [ 167.992372] name failslab, interval 1, probability 0, space 0, times 0 08:14:34 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) [ 168.006463] ptrace attach of "/root/syz-executor.1"[6880] was attempted by " °ÿ àÿ 0 p €  ÿ Àÿ ðÿ ÿÿÿÿ   @ = [ 168.095841] CPU: 0 PID: 9470 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 168.102796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.112156] Call Trace: [ 168.114757] dump_stack+0x138/0x197 [ 168.118398] should_fail.cold+0x10f/0x159 [ 168.122554] should_failslab+0xdb/0x130 [ 168.126534] kmem_cache_alloc_node_trace+0x280/0x770 [ 168.131640] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 168.137095] __kmalloc_node_track_caller+0x3d/0x80 [ 168.142032] __kmalloc_reserve.isra.0+0x40/0xe0 [ 168.146709] __alloc_skb+0xcf/0x500 [ 168.150347] ? skb_scrub_packet+0x4b0/0x4b0 [ 168.154677] ? netlink_has_listeners+0x20a/0x330 [ 168.159441] kobject_uevent_env+0x781/0xc23 [ 168.163863] kobject_uevent+0x20/0x26 [ 168.167668] lo_ioctl+0x11e7/0x1ce0 [ 168.171303] ? loop_probe+0x160/0x160 [ 168.175132] blkdev_ioctl+0x96b/0x1860 [ 168.179023] ? blkpg_ioctl+0x980/0x980 [ 168.183620] ? __might_sleep+0x93/0xb0 [ 168.187504] ? __fget+0x210/0x370 [ 168.190960] block_ioctl+0xde/0x120 [ 168.194606] ? blkdev_fallocate+0x3b0/0x3b0 [ 168.198935] do_vfs_ioctl+0x7ae/0x1060 [ 168.202824] ? selinux_file_mprotect+0x5d0/0x5d0 [ 168.207582] ? lock_downgrade+0x740/0x740 [ 168.211732] ? ioctl_preallocate+0x1c0/0x1c0 [ 168.216141] ? __fget+0x237/0x370 [ 168.219603] ? security_file_ioctl+0x89/0xb0 [ 168.224010] SyS_ioctl+0x8f/0xc0 [ 168.227371] ? do_vfs_ioctl+0x1060/0x1060 [ 168.231523] do_syscall_64+0x1e8/0x640 [ 168.235418] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 168.240300] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 168.245485] RIP: 0033:0x4598c7 [ 168.248669] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.256379] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 168.263646] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 168.270917] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 168.278914] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 168.286270] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 168.297701] audit: type=1400 audit(1570781674.544:46): avc: denied { name_connect } for pid=9449 comm="syz-executor.1" dest=20003 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:port_t:s0 tclass=dccp_socket permissive=1 [ 168.338554] XFS (loop2): Invalid superblock magic number [ 168.374560] BTRFS error (device loop0): superblock checksum mismatch [ 168.385708] XFS (loop4): Invalid superblock magic number 08:14:35 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) 08:14:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 168.415053] ptrace attach of "/root/syz-executor.1"[6880] was attempted by " °ÿ àÿ 0 p €  ÿ Àÿ ðÿ ÿÿÿÿ   @ = 08:14:35 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:35 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48}], 0x9, 0x0) 08:14:35 executing program 1: r0 = socket$inet_sctp(0x2, 0x400000000001, 0x84) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000005c0)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x0, 0x0, 0x30}, 0x98) sendmsg$inet_sctp(r0, &(0x7f0000000740)={&(0x7f0000000240)=@in={0x2, 0x0, @loopback}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000280)='u', 0x1}], 0x1}, 0x0) [ 168.592577] BTRFS error (device loop0): open_ctree failed [ 168.625728] XFS (loop2): Invalid superblock magic number 08:14:35 executing program 0 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:35 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x281, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vxcan1\x00', 0xf) r1 = dup2(r0, r0) sendmsg$tipc(r1, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000000240)}, 0x0) epoll_create(0x1) sendto$inet(r0, &(0x7f0000000400)="f62ab313949355e0273e65d3abda21f068933ec46b1fdf41a833e981e7de5b6aa4a1b65d8ec8094ee099d8271d26428366e221fc061208889c5686a4dc0c2d3d4fd66741cc11c4c833102fc156857f99a8b799636ea87c35b0283036520e5953baf9c51316d8d93aa5096030bd0d0dfbbdf445006af75ad33303c89c2de7ee8ac49a59a6605f3343c51ee399b1977da2e34ffbe0425866c7b7ad499ab8611286d60c0f27a1e62be4fb4b9e41eabec273531810fb81d733a5ea29408c19aba4587f9da5920ad564ad6bb89ac4565194535c7f6f54993deceb58a75e137be85d7600", 0xffffff90, 0x60, 0x0, 0x127) 08:14:35 executing program 3: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:14:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 168.765902] FAULT_INJECTION: forcing a failure. [ 168.765902] name failslab, interval 1, probability 0, space 0, times 0 [ 168.784875] XFS (loop4): Invalid superblock magic number [ 168.827368] CPU: 1 PID: 9535 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 168.834353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 168.843710] Call Trace: [ 168.843729] dump_stack+0x138/0x197 [ 168.843749] should_fail.cold+0x10f/0x159 [ 168.843770] should_failslab+0xdb/0x130 [ 168.850016] kmem_cache_alloc_node_trace+0x280/0x770 [ 168.850031] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 168.850048] __kmalloc_node_track_caller+0x3d/0x80 [ 168.850059] __kmalloc_reserve.isra.0+0x40/0xe0 [ 168.850070] __alloc_skb+0xcf/0x500 [ 168.850078] ? skb_scrub_packet+0x4b0/0x4b0 [ 168.850089] ? netlink_has_listeners+0x20a/0x330 [ 168.850103] kobject_uevent_env+0x781/0xc23 [ 168.850122] kobject_uevent+0x20/0x26 [ 168.891043] lo_ioctl+0x11e7/0x1ce0 [ 168.891059] ? loop_probe+0x160/0x160 [ 168.891072] blkdev_ioctl+0x96b/0x1860 [ 168.891080] ? blkpg_ioctl+0x980/0x980 [ 168.891095] ? __might_sleep+0x93/0xb0 [ 168.891105] ? __fget+0x210/0x370 [ 168.891117] block_ioctl+0xde/0x120 [ 168.891127] ? blkdev_fallocate+0x3b0/0x3b0 [ 168.891142] do_vfs_ioctl+0x7ae/0x1060 [ 168.899254] ? selinux_file_mprotect+0x5d0/0x5d0 [ 168.899266] ? lock_downgrade+0x740/0x740 [ 168.899279] ? ioctl_preallocate+0x1c0/0x1c0 [ 168.899292] ? __fget+0x237/0x370 [ 168.899308] ? security_file_ioctl+0x89/0xb0 [ 168.899319] SyS_ioctl+0x8f/0xc0 [ 168.958652] ? do_vfs_ioctl+0x1060/0x1060 [ 168.962812] do_syscall_64+0x1e8/0x640 [ 168.966706] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 168.971563] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 168.976750] RIP: 0033:0x4598c7 [ 168.979929] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 168.987637] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 168.994905] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 169.002176] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 169.009450] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 169.016716] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:35 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r4 = dup(r0) ioctl$DRM_IOCTL_GEM_OPEN(0xffffffffffffffff, 0xc010640b, &(0x7f0000000000)={0x0, 0x0, 0x1}) r6 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r6, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000040)={r5, 0x180000, r6}) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:35 executing program 4: socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 169.089857] BTRFS error (device loop3): superblock checksum mismatch 08:14:35 executing program 1: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x281, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vxcan1\x00', 0xf) r1 = dup2(r0, r0) sendmsg$tipc(r1, &(0x7f0000002580)={0x0, 0x0, &(0x7f0000000240)}, 0x0) epoll_create(0x1) sendto$inet(r0, &(0x7f0000000400)="f62ab313949355e0273e65d3abda21f068933ec46b1fdf41a833e981e7de5b6aa4a1b65d8ec8094ee099d8271d26428366e221fc061208889c5686a4dc0c2d3d4fd66741cc11c4c833102fc156857f99a8b799636ea87c35b0283036520e5953baf9c51316d8d93aa5096030bd0d0dfbbdf445006af75ad33303c89c2de7ee8ac49a59a6605f3343c51ee399b1977da2e34ffbe0425866c7b7ad499ab8611286d60c0f27a1e62be4fb4b9e41eabec273531810fb81d733a5ea29408c19aba4587f9da5920ad564ad6bb89ac4565194535c7f6f54993deceb58a75e137be85d7600", 0xffffff90, 0x60, 0x0, 0x127) 08:14:35 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x1, 0x2) r1 = add_key$user(&(0x7f0000000140)='user\x00', &(0x7f0000000180)={'syz', 0x2}, &(0x7f00000001c0)="c20e8b0cf61f871f6e2a77b02747cde7d2bd6e8cf5d82b4e1bfdc7c6467304eeea48a2f462880b", 0x27, 0xfffffffffffffffe) keyctl$setperm(0x5, r1, 0x200000) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$BLKROSET(r2, 0x125d, &(0x7f0000000040)=0x7) r3 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm_plock\x00', 0x10000, 0x0) getsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f0000000280)=@assoc_value={0x0, 0x5}, &(0x7f00000002c0)=0x8) setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000300)={r4, 0x6}, 0x8) ioctl$RTC_WKALM_RD(r0, 0x80287010, &(0x7f0000000200)) write$selinux_create(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a667361646d5f6c6f675f743a7330202f7573722f7362696e2f637570732d62726f77736564203030303030303030303030202e2f66696c65300000000000000000000085aa92dcc11d2d4e8d5262484f09cfb9ff015561"], 0x55) [ 169.179994] XFS (loop2): Invalid superblock magic number [ 169.191079] BTRFS error (device loop3): open_ctree failed 08:14:35 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:35 executing program 0 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:36 executing program 3: r0 = socket$inet_sctp(0x2, 0x400000000001, 0x84) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYBLOB="1f000700005e45000010"], 0xe) [ 169.317722] XFS (loop4): Invalid superblock magic number 08:14:36 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/d\x02\x00\x00\x00\x00\x00\x00\x00rbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x100, 0x0) 08:14:36 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x211, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) listen(r0, 0x0) [ 169.379994] FAULT_INJECTION: forcing a failure. [ 169.379994] name failslab, interval 1, probability 0, space 0, times 0 [ 169.411941] CPU: 1 PID: 9595 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 169.418925] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 169.428285] Call Trace: [ 169.430890] dump_stack+0x138/0x197 [ 169.434534] should_fail.cold+0x10f/0x159 [ 169.438694] should_failslab+0xdb/0x130 [ 169.442711] kmem_cache_alloc_node_trace+0x280/0x770 [ 169.447835] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 169.453293] __kmalloc_node_track_caller+0x3d/0x80 [ 169.458230] __kmalloc_reserve.isra.0+0x40/0xe0 [ 169.462902] __alloc_skb+0xcf/0x500 [ 169.466530] ? skb_scrub_packet+0x4b0/0x4b0 [ 169.470857] ? netlink_has_listeners+0x20a/0x330 [ 169.475620] kobject_uevent_env+0x781/0xc23 [ 169.479960] kobject_uevent+0x20/0x26 [ 169.483769] lo_ioctl+0x11e7/0x1ce0 [ 169.487405] ? loop_probe+0x160/0x160 [ 169.491208] blkdev_ioctl+0x96b/0x1860 [ 169.495093] ? blkpg_ioctl+0x980/0x980 [ 169.498985] ? __might_sleep+0x93/0xb0 [ 169.502875] ? __fget+0x210/0x370 [ 169.506335] block_ioctl+0xde/0x120 [ 169.509960] ? blkdev_fallocate+0x3b0/0x3b0 [ 169.514281] do_vfs_ioctl+0x7ae/0x1060 [ 169.518171] ? selinux_file_mprotect+0x5d0/0x5d0 [ 169.522932] ? lock_downgrade+0x740/0x740 [ 169.527081] ? ioctl_preallocate+0x1c0/0x1c0 [ 169.531502] ? __fget+0x237/0x370 [ 169.534975] ? security_file_ioctl+0x89/0xb0 [ 169.539392] SyS_ioctl+0x8f/0xc0 [ 169.542759] ? do_vfs_ioctl+0x1060/0x1060 [ 169.546916] do_syscall_64+0x1e8/0x640 [ 169.550803] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 169.555652] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 169.560944] RIP: 0033:0x4598c7 [ 169.564132] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 169.571846] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 08:14:36 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$restrict_keyring(0x1d, r0, 0x0, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$TIOCEXCL(r1, 0x540c) 08:14:36 executing program 1: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$TIOCLINUX4(0xffffffffffffffff, 0x541c, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) getpeername$packet(0xffffffffffffffff, &(0x7f0000000b80)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000000)=0x14) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$IPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x40, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a970000660f3806581e0f08bad004b0beeef30f2af8baa100b000ee", 0x2b}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040), 0x4) openat$pfkey(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x708e]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x3, 0x0) [ 169.579123] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 169.586402] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 169.593676] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 169.600951] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:36 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7}, 0x20) r0 = socket$kcm(0xa, 0x122000000003, 0x11) setsockopt$sock_attach_bpf(r0, 0x29, 0x24, &(0x7f0000000140), 0x4) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000040)=@nl=@unspec={0xa, 0x0, 0x0, 0x80fe}, 0x80, &(0x7f0000000180)=[{&(0x7f00000002c0)="035db86376863a68fec00000200000004208c349d7c40346d59be131ad18d92c2bca9d7f6e6a6ac7", 0x28}], 0x1}, 0x0) 08:14:36 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_SIOCSIFBR(r0, 0x8941, &(0x7f0000000040)=@get={0x1, &(0x7f0000000140)=""/75, 0x8}) 08:14:36 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:36 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet(0x10, 0x3, 0x20000000006) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000080)="24000000150007031dfffd946fa2830002200a0009000000741d85680c1ba3a20400ff7e280000002600ffffba16a08a1c0009b3ebea8653b1cc7e63975c0ac47b6268e3966cf055d90f15a3", 0x4c}], 0x1}, 0x0) [ 169.636761] XFS (loop2): Invalid superblock magic number 08:14:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 169.705257] BTRFS error (device loop0): superblock checksum mismatch [ 169.717232] audit: type=1400 audit(1570781676.394:47): avc: denied { create } for pid=9617 comm="syz-executor.5" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 08:14:36 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) accept$packet(r0, 0x0, &(0x7f0000000000)) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 169.753749] audit: type=1400 audit(1570781676.394:48): avc: denied { ioctl } for pid=9617 comm="syz-executor.5" path="socket:[33461]" dev="sockfs" ino=33461 ioctlcmd=0x8941 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_crypto_socket permissive=1 [ 169.801323] BTRFS error (device loop0): open_ctree failed [ 169.816107] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. 08:14:36 executing program 0 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:36 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) 08:14:36 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x0, 0x0) write$P9_RREADLINK(r0, &(0x7f0000000040)={0x10, 0x17, 0x2, {0x7, './file0'}}, 0x10) [ 169.892292] XFS (loop2): Invalid superblock magic number [ 169.905301] XFS (loop4): Invalid superblock magic number 08:14:36 executing program 4: syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:36 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 169.958124] audit: type=1400 audit(1570781676.634:49): avc: denied { map } for pid=9662 comm="syz-executor.3" path=2F616E6F6E5F6875676570616765202864656C6574656429 dev="hugetlbfs" ino=34244 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:hugetlbfs_t:s0 tclass=file permissive=1 [ 170.007312] FAULT_INJECTION: forcing a failure. [ 170.007312] name failslab, interval 1, probability 0, space 0, times 0 [ 170.049573] CPU: 1 PID: 9667 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 170.056550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.065906] Call Trace: [ 170.068497] dump_stack+0x138/0x197 [ 170.072130] should_fail.cold+0x10f/0x159 [ 170.076276] should_failslab+0xdb/0x130 [ 170.080251] kmem_cache_alloc_node_trace+0x280/0x770 [ 170.085352] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 170.090802] __kmalloc_node_track_caller+0x3d/0x80 [ 170.095724] __kmalloc_reserve.isra.0+0x40/0xe0 [ 170.100386] __alloc_skb+0xcf/0x500 [ 170.104003] ? skb_scrub_packet+0x4b0/0x4b0 [ 170.108314] ? netlink_has_listeners+0x20a/0x330 [ 170.113063] kobject_uevent_env+0x781/0xc23 [ 170.117382] kobject_uevent+0x20/0x26 [ 170.121178] lo_ioctl+0x11e7/0x1ce0 [ 170.124800] ? loop_probe+0x160/0x160 [ 170.128592] blkdev_ioctl+0x96b/0x1860 [ 170.132475] ? blkpg_ioctl+0x980/0x980 [ 170.136363] ? __might_sleep+0x93/0xb0 [ 170.140256] ? __fget+0x210/0x370 [ 170.143719] block_ioctl+0xde/0x120 [ 170.147365] ? blkdev_fallocate+0x3b0/0x3b0 [ 170.151681] do_vfs_ioctl+0x7ae/0x1060 [ 170.155559] ? selinux_file_mprotect+0x5d0/0x5d0 [ 170.160308] ? lock_downgrade+0x740/0x740 [ 170.164467] ? ioctl_preallocate+0x1c0/0x1c0 [ 170.168869] ? __fget+0x237/0x370 [ 170.172324] ? security_file_ioctl+0x89/0xb0 [ 170.176723] SyS_ioctl+0x8f/0xc0 [ 170.180082] ? do_vfs_ioctl+0x1060/0x1060 [ 170.184654] do_syscall_64+0x1e8/0x640 [ 170.188530] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 170.193371] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 170.198564] RIP: 0033:0x4598c7 [ 170.201743] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.209448] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 170.216717] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 170.224845] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 170.232107] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 170.239459] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 170.280431] BTRFS error (device loop0): superblock checksum mismatch [ 170.332967] BTRFS error (device loop0): open_ctree failed [ 170.357419] XFS (loop2): Invalid superblock magic number 08:14:37 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x0, 0x0) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x1) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000001780)="0800b5055e0bcfe87b0071") ioctl$UI_DEV_SETUP(r0, 0x405c5503, &(0x7f0000000000)={{}, 'syz0\x00\x00\x00\x00\x00\x80\xa017\b\xec\xd6#\x00\x00\x00\x00\x00\x00\x00\b\x00\x00\x00q\xab\x94%\x00\x00\xff\xff\xff\xff\xff\xff\xff\xe7\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xa6\x00'}) ioctl$UI_SET_KEYBIT(r0, 0x40045565, 0x2ad) ioctl$UI_DEV_CREATE(r0, 0x5501) 08:14:37 executing program 5: syslog(0x0, &(0x7f0000000140)=""/77, 0x4d) 08:14:37 executing program 3: rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) getpid() rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0) perf_event_open(&(0x7f0000000a00)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/fib_trie\x00') preadv(r0, &(0x7f0000000480), 0x100000000000022c, 0x6c00000000000000) 08:14:37 executing program 4: syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:37 executing program 0 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:37 executing program 5: r0 = add_key$user(&(0x7f0000000740)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000004c0)="004dde0301b3d8a52150dbf7f3649aa4a133b1b47392870e2defc66e389f1912e8d05566b4faa7040cc60d103d385210cae9cc0804628a83533410d5996991644a3fe726a1063c39e41d570890b0d9256e0b19698ef7213a67bcfc7af200080000f071991224ad9524b280b9fa224a833ea0cc3c5a51d5d20acd5aa3a5926c8079170000000000000000000000000054db45165107b9c877a83a6bfaf6f33a59150445c45cc59c3a967d69bd8ecb5724a39784673c37c977e61cc6b3e20cd4f9", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000040)='user\x00', &(0x7f0000000380)={'syz'}, &(0x7f00000001c0)="bc", 0x1, 0xffffffffffffffff) keyctl$dh_compute(0x17, &(0x7f0000000400)={r0, r0, r1}, &(0x7f0000000080)=""/92, 0x21, &(0x7f0000000200)={&(0x7f0000000280)={'md5-generic\x00'}}) keyctl$get_security(0x11, r0, &(0x7f0000000140)=""/197, 0xc5) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x40, 0x0) ioctl$TCSETAF(r2, 0x5408, &(0x7f0000000240)={0x202, 0x3, 0x93, 0x80, 0x3, 0x2, 0x3f, 0x11, 0x0, 0x4}) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) rt_sigreturn() 08:14:37 executing program 4: syz_mount_image$xfs(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:37 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x18, 0x2, [@IFLA_BOND_ARP_IP_TARGET={0x4}, @IFLA_BOND_ARP_VALIDATE={0x8, 0x9, 0x3}, @IFLA_BOND_MIIMON={0x8, 0x3, 0xa6e3}]}}}]}, 0x48}}, 0x0) [ 170.525293] FAULT_INJECTION: forcing a failure. [ 170.525293] name failslab, interval 1, probability 0, space 0, times 0 [ 170.538207] input: syz0 as /devices/virtual/input/input5 [ 170.589700] CPU: 1 PID: 9712 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 170.596697] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 170.606064] Call Trace: [ 170.608655] dump_stack+0x138/0x197 [ 170.612295] should_fail.cold+0x10f/0x159 [ 170.616447] should_failslab+0xdb/0x130 [ 170.620418] kmem_cache_alloc_node+0x287/0x780 [ 170.625014] __alloc_skb+0x9c/0x500 [ 170.628635] ? skb_scrub_packet+0x4b0/0x4b0 [ 170.632965] ? netlink_has_listeners+0x20a/0x330 08:14:37 executing program 5: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) socket$vsock_dgram(0x28, 0x2, 0x0) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/dlm_plock\x00', 0x800, 0x0) bind$vsock_dgram(r0, &(0x7f0000000000)={0x28, 0x0, 0xffffffff, @host}, 0x10) [ 170.637760] kobject_uevent_env+0x781/0xc23 [ 170.642096] kobject_uevent+0x20/0x26 [ 170.645900] lo_ioctl+0x11e7/0x1ce0 [ 170.649545] ? loop_probe+0x160/0x160 [ 170.653434] blkdev_ioctl+0x96b/0x1860 [ 170.657306] ? blkpg_ioctl+0x980/0x980 [ 170.661180] ? __might_sleep+0x93/0xb0 [ 170.665103] ? __fget+0x210/0x370 [ 170.668542] block_ioctl+0xde/0x120 [ 170.672196] ? blkdev_fallocate+0x3b0/0x3b0 [ 170.676542] do_vfs_ioctl+0x7ae/0x1060 [ 170.680412] ? selinux_file_mprotect+0x5d0/0x5d0 [ 170.685155] ? lock_downgrade+0x740/0x740 [ 170.689282] ? ioctl_preallocate+0x1c0/0x1c0 [ 170.693672] ? __fget+0x237/0x370 [ 170.697110] ? security_file_ioctl+0x89/0xb0 [ 170.701501] SyS_ioctl+0x8f/0xc0 [ 170.704851] ? do_vfs_ioctl+0x1060/0x1060 [ 170.708987] do_syscall_64+0x1e8/0x640 [ 170.712864] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 170.717823] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 170.723001] RIP: 0033:0x4598c7 [ 170.726178] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 170.733873] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 170.741141] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 170.749621] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 170.756998] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 170.764259] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:37 executing program 5: syslog(0x4, &(0x7f0000000000)=""/105, 0x69) [ 170.823593] BTRFS error (device loop0): superblock checksum mismatch [ 170.844923] input: syz0 as /devices/virtual/input/input6 08:14:37 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 170.881551] (unnamed net_device) (uninitialized): ARP validating cannot be used with MII monitoring [ 170.892119] BTRFS error (device loop0): open_ctree failed 08:14:37 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000080)=""/63) 08:14:37 executing program 3: socket(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x3, 0x9) recvmmsg(r0, &(0x7f0000002b40)=[{{0x0, 0x40000, 0x0}}], 0x4000000000003be, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0xffff, 0x4) bind$inet(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 08:14:37 executing program 5: syslog(0x9, &(0x7f00000000c0)=""/72, 0x48) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) listen(r0, 0xfffffffd) [ 170.940551] XFS (loop2): Invalid superblock magic number 08:14:37 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:37 executing program 0 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:37 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) bind$isdn(r0, &(0x7f0000000000)={0x22, 0xf9, 0x40, 0x3, 0x1}, 0x6) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(r0, 0xc0305710, &(0x7f0000000040)={0x1, 0x6, 0x0, 0x9}) socket(0x1, 0x34a2ffefe1b34c9d, 0x2) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:37 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:37 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) [ 171.086486] FAULT_INJECTION: forcing a failure. [ 171.086486] name failslab, interval 1, probability 0, space 0, times 0 [ 171.113284] CPU: 1 PID: 9771 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 171.120269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 171.129632] Call Trace: [ 171.132241] dump_stack+0x138/0x197 [ 171.135903] should_fail.cold+0x10f/0x159 [ 171.140070] should_failslab+0xdb/0x130 [ 171.144054] kmem_cache_alloc_node+0x287/0x780 [ 171.148649] __alloc_skb+0x9c/0x500 [ 171.152279] ? skb_scrub_packet+0x4b0/0x4b0 [ 171.156605] ? netlink_has_listeners+0x20a/0x330 [ 171.161366] kobject_uevent_env+0x781/0xc23 [ 171.165694] kobject_uevent+0x20/0x26 [ 171.169499] lo_ioctl+0x11e7/0x1ce0 [ 171.173130] ? loop_probe+0x160/0x160 [ 171.176932] blkdev_ioctl+0x96b/0x1860 [ 171.180823] ? blkpg_ioctl+0x980/0x980 [ 171.184719] ? __might_sleep+0x93/0xb0 [ 171.188601] ? __fget+0x210/0x370 [ 171.192057] block_ioctl+0xde/0x120 [ 171.195681] ? blkdev_fallocate+0x3b0/0x3b0 [ 171.200003] do_vfs_ioctl+0x7ae/0x1060 [ 171.203892] ? selinux_file_mprotect+0x5d0/0x5d0 [ 171.208644] ? lock_downgrade+0x740/0x740 [ 171.212970] ? ioctl_preallocate+0x1c0/0x1c0 [ 171.217383] ? __fget+0x237/0x370 [ 171.220843] ? security_file_ioctl+0x89/0xb0 [ 171.225250] SyS_ioctl+0x8f/0xc0 [ 171.228618] ? do_vfs_ioctl+0x1060/0x1060 [ 171.232771] do_syscall_64+0x1e8/0x640 08:14:37 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f00000001c0)=[{&(0x7f0000000180)="25bca274769e7c0aa734fa0095e0612687463915e38802a9d8aea872943afd874e2f98b479a7316270146d0e0af8e63ba8863cd7dcc6760253ef", 0x3a, 0x400}], 0x0, &(0x7f0000000100)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0xc000009}}]}) [ 171.236663] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 171.241518] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 171.246710] RIP: 0033:0x4598c7 [ 171.249896] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 171.257603] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 171.264886] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 171.272162] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 171.279435] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 08:14:38 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$PPPIOCGCHAN(r0, 0x80047437, &(0x7f0000000000)) 08:14:38 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', 0x0, 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 171.286711] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 171.312476] BTRFS error (device loop0): superblock checksum mismatch [ 171.324724] EXT4-fs (loop1): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 [ 171.384301] BTRFS error (device loop0): open_ctree failed [ 171.398459] XFS (loop2): Invalid superblock magic number [ 171.409140] EXT4-fs (loop1): EXT4-fs: inode_readahead_blks must be 0 or a power of 2 smaller than 2^31 08:14:38 executing program 1: getsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) 08:14:38 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000140)={0x8, @pix={0x0, 0x4, 0x31435750, 0x7, 0x3, 0x20, 0x9, 0x3, 0x2, 0x2, 0x1, 0x6}}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) setsockopt$inet_mreqsrc(r1, 0x0, 0xde9acfbb6417f048, &(0x7f0000000000)={@multicast1, @multicast2, @multicast2}, 0xc) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000140), 0xffffffffffffffe7) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f0000000240)={0x0, 0x5, 0x4, [], &(0x7f0000000040)}) 08:14:38 executing program 3: bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000040)={0xffffffffffffffff, 0x0, 0x0, 0x7}, 0x20) r0 = socket$kcm(0xa, 0x122000000003, 0x11) sendmsg$kcm(r0, &(0x7f0000000000)={&(0x7f0000000040)=@nl=@unspec={0xa, 0x0, 0x0, 0x10000120}, 0x80, 0x0}, 0x0) 08:14:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:38 executing program 0 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:38 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:38 executing program 1: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000020000000000"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000480)=@newqdisc={0x444, 0x24, 0x507, 0x0, 0x0, {0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cbq={{0x8, 0x1, 'cbq\x00'}, {0x418, 0x2, [@TCA_CBQ_RTAB={0x404}, @TCA_CBQ_RATE={0x10, 0x5, {0x6, 0x0, 0x0, 0x0, 0x0, 0x5}}]}}]}, 0x444}}, 0x0) 08:14:38 executing program 5: r0 = syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0x9650, 0x20000) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000040)={0x8, 0x39565559, 0x2, @discrete={0x5, 0x5}}) syslog(0x0, &(0x7f00000001c0)=""/106, 0x6a) [ 171.982264] FAULT_INJECTION: forcing a failure. [ 171.982264] name failslab, interval 1, probability 0, space 0, times 0 [ 171.995885] CPU: 0 PID: 9841 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 172.002842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.002847] Call Trace: [ 172.002865] dump_stack+0x138/0x197 [ 172.002885] should_fail.cold+0x10f/0x159 [ 172.002902] should_failslab+0xdb/0x130 [ 172.002915] kmem_cache_alloc_node+0x287/0x780 [ 172.002932] __alloc_skb+0x9c/0x500 [ 172.002942] ? skb_scrub_packet+0x4b0/0x4b0 [ 172.002955] ? netlink_has_listeners+0x20a/0x330 [ 172.002968] kobject_uevent_env+0x781/0xc23 [ 172.002986] kobject_uevent+0x20/0x26 [ 172.002995] lo_ioctl+0x11e7/0x1ce0 [ 172.003013] ? loop_probe+0x160/0x160 [ 172.044010] blkdev_ioctl+0x96b/0x1860 [ 172.044022] ? blkpg_ioctl+0x980/0x980 [ 172.044038] ? __might_sleep+0x93/0xb0 [ 172.044049] ? __fget+0x210/0x370 [ 172.052154] block_ioctl+0xde/0x120 [ 172.052166] ? blkdev_fallocate+0x3b0/0x3b0 [ 172.052176] do_vfs_ioctl+0x7ae/0x1060 [ 172.052187] ? selinux_file_mprotect+0x5d0/0x5d0 [ 172.052197] ? lock_downgrade+0x740/0x740 [ 172.052206] ? ioctl_preallocate+0x1c0/0x1c0 [ 172.052218] ? __fget+0x237/0x370 [ 172.052233] ? security_file_ioctl+0x89/0xb0 [ 172.052245] SyS_ioctl+0x8f/0xc0 [ 172.052254] ? do_vfs_ioctl+0x1060/0x1060 [ 172.052267] do_syscall_64+0x1e8/0x640 [ 172.052274] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.052288] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 172.052302] RIP: 0033:0x4598c7 [ 172.052309] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 [ 172.091059] XFS (loop2): Invalid superblock magic number [ 172.091375] ORIG_RAX: 0000000000000010 [ 172.146999] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 172.154262] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 172.161527] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 172.168923] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 08:14:38 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880), 0x0) ioctl$KVM_GET_DEBUGREGS(r0, 0x8080aea1, &(0x7f0000000040)) syz_open_dev$vbi(&(0x7f0000000140)='/dev/vbi#\x00', 0x0, 0x2) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r2 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/enforxe\x00', 0x202440, 0x0) ioctl$NBD_SET_SIZE_BLOCKS(r2, 0xab07, 0x1) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) fcntl$setflags(r3, 0x2, 0x1) [ 172.176186] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:38 executing program 5: syslog(0x9, &(0x7f0000000000)=""/92, 0x5c) 08:14:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:38 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @broadcast}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000440)=0x1, 0xffe6) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendmmsg$inet(r0, &(0x7f0000010080)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="6053c9b671f2a0c02e4c849dc82a0a62a8a4952e8dbd40e07368e71e05bdc464540f2b4855b09d104cc0ac7cd64eea64721925722df53f4e63a084ed07a5aac045826753cf3af02afcff0269bdd5f3f8af1ddf06858351f2ddc4176cebbc3858c7c7f4b54d69d8963ac11642ec384c6c67", 0x71}, {&(0x7f0000000000)="8a9035a375b549e4ed15c4e6baea459557db2d942cb3", 0x16}, {&(0x7f0000000200)="4849e52dbd6380af8e772f1b59adb1d5eda86c1174aeeee80f1a6836d9fb9ef2daa1bf3f57ffb586f2f9c662d8f3ec17f8d582e50e56f4a4f75bd2be9fda7947da9b3d7a5d0c30ea16af4edf5829f82306352cef46cf33a2e69ea710d746cd39a8651cb0eaa849ec857faff6e027fc1bdf7e8ce4f64281770ef353c1bd5c2e0ad31c70889a5c5cbf8fc92fcc", 0x8c}], 0x3}}, {{0x0, 0x0, &(0x7f0000002e80)=[{&(0x7f0000005a40)="70ccee915109fb51f779cbc24a47fb67880356489ede019e3f80ed50ad68fe5abe72753607d6ba9e34446f4a5563d8d9b4c3739cc6501b958922ba9dee95ac31481a035bf4d48b34b515af534bc6473061120346d4a169c6233510ed7dc4d11261d7f287018384ed276e9bcf4724d9acbdeea4c71b5c7871b66be8a8d9981bd2ef3f844abdc7670b18473de7134f679f979caaf6ec3aad49fd81ece0052faa841f9a46a39bff406230906deaa5a452f967dbd9fbea2622a93eb655b9e22d5c20990b6af1ae2c83aa6b2e53ba307f5893710261270e5738ff7ff691496a23c41c939fe2d92f0981faa71ec8c44b0e99627203df2816d15a70b8a580754f082197e8362e45c0cafb47b91d711f838a03f2d74f0b8a95def2fc18c4e1884afbe4255a3ccc1ce2ab1abcb177c541b7e5eba87cce8729edccb8356ead39b2e2d9543e3c1172af0b8baed62027b2a5b2ae30ac32f1a9b129f298bfd4f290fd92faaebbfeb7038d74c5bfacc19b8a19479b9198c8bd44b77fae69e00e22894c4424f058044894ab560a297bb446c155cf8837423a53317681a3f609626d3d950122812f22bbf0bb20eed492db6649f96fe95e5441f13918a4870f09d8aebcc54023ba5d6c79f57bdbf3f94bd21de6d3a181cbe67d62a37b7e5cc423f0a40a6daa9b5d2276589be19a81a914f83e57d1036a0048d308a8f98ee61464bd37b0caa5e3b766ce9fa5e036d9bf3c9a0b15d65da7f3d2e10d48e3d9706629afeee079e37cd34032135470a7c2b371173318a5d97149ab6592861ac67c7af124d0a3005c925e732608f0c82f7ebcebfb82e28249933fe20bf624134b9fa80bafadfb3ba1f8bba1782183fbba244390399fb4da458e6237be55ffa26c7563ff2caeec388146f54f0b3ef34b8e394c9e247e6cdeb01cfea51b77e55afc729fb29d6fe3b0ea7cb9805c3eae254a0cd8ac1f11c1885b4952e3412602c45d8ab5f8c8ec54c6bd41fcbf2b33783a9b28753678737e04ea19d0784b114111d85464afb7bbc5bf6bbd54ba2602ad6142e567dc6a2d8b1dbc123af5bf214f881b47caa796e41f5d00aeef1fe219ab43f8cf4945f42b22566ff8dc1f42a79b90075983fef2efc5f703b9c78cdd4bfef7105d1ad15702a911f83c0f4442933b63c7e0c23367a97c83c99d8ddd4a476bb62447772210ed95ef0ef5f5d176063107998aef75917bf7328a6a2b27193a3be4dd46e7622921cd7ec6a5eb93f084ab19daad215b541a28ffd629b3bc748b71e24d86321576f1efa31d6def721e9267e118476fba4b5d304eb8055b3ab68e27f1e5aa49c0da5014965e1b28ec7206efd817e3ccac9eaf0e53830a04519a45b4768a1d36769352069c614fd9c57d6febf8e90508845901c0c229db71d4c0dfbd981b01cf18f578109447a3ff8e0d57782e0439efc949a7c38d3f3e415db1afdd7076f0d9a60edfdd8f475e0230111c314fcb08d822f3b1f1627a295649983722778300a4551bd9c36779cfa044ef81c77c53d4800b76627053ad565f869dde74d5e471f4ba71bf7a80edc9e660e5f241fa9d39ac345ac1b73bd3c5", 0x45e}], 0x1}}], 0x2, 0x600d054) 08:14:38 executing program 5: syslog(0x9, &(0x7f00000000c0)=""/92, 0xffffffffffffff7d) [ 172.261376] selinux_nlmsg_perm: 5 callbacks suppressed [ 172.261386] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=9849 comm=syz-executor.1 [ 172.290457] BTRFS error (device loop0): superblock checksum mismatch 08:14:39 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_tcp_buf(r0, 0x6, 0xd, 0x0, &(0x7f0000000000)=0x2) 08:14:39 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuset.memory_pressure\x00', 0x0, 0x0) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snapshot\x00', 0x1000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) bind$bt_hci(r1, &(0x7f0000000400)={0x1f, r2, 0x1}, 0xc) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(r3, 0xc0305602, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}) r4 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000240)='/selinux/status\x00', 0x0, 0x0) name_to_handle_at(r4, &(0x7f0000000280)='./file0\x00', &(0x7f00000002c0)={0x6c, 0x82f, "0f7239ed0a2d3e943ce2fa89cd435fed7728a1bec48baaff74a8333955d9abc71b65e9fb17f510bacf3e245e59b1bffc5c56c650c35ab70a4fee7e937719eb34de29f8d4d9a529776a3c7e69d801a287e1449aeef233be6e30b40a6874d70708ac33733e"}, &(0x7f0000000340), 0x1000) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vga_arbiter\x00', 0x80800, 0x0) ioctl$KVM_SET_IRQCHIP(r5, 0x8208ae63, &(0x7f0000000140)={0x3, 0x0, @ioapic={0xf000, 0x3, 0x1, 0x40, 0x0, [{0xa9, 0x1, 0x6, [], 0x5}, {0x0, 0x3, 0x3f, [], 0x5}, {0x40, 0x2, 0x1, [], 0x3f}, {0x5, 0x1, 0x1}, {0x4, 0x9, 0x81, [], 0x2}, {0x3, 0xc3, 0xe0, [], 0x81}, {0x6, 0x1, 0x81, [], 0x7f}, {0x7, 0x7, 0x3, [], 0x3}, {0xfd, 0x40, 0x0, [], 0x4}, {0x5, 0x3f, 0xff, [], 0x5}, {0x40, 0x3f, 0x2, [], 0x7}, {0x53, 0x7f, 0x9, [], 0x81}, {0x48, 0x40, 0x9, [], 0x3f}, {0x3f, 0x80, 0x0, [], 0x7}, {0x40, 0x3, 0x81}, {0x1, 0x40, 0x6, [], 0x1b}, {0x1, 0x87, 0x90, [], 0x6}, {0x4, 0x8, 0xff}, {0x4d, 0x1, 0x0, [], 0x40}, {0xff, 0x80, 0x5, [], 0x1}, {0x40, 0x1, 0x80, [], 0x6}, {0x9, 0xfa, 0x81, [], 0xcd}, {0x7, 0xf1, 0x7, [], 0x7}, {0x6, 0xff, 0x8, [], 0x1f}]}}) 08:14:39 executing program 3: perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x281, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @dev}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x2000000004e23, @dev={0xac, 0x14, 0x14, 0x1e}}, 0x10) sendto$inet(r0, &(0x7f0000000400)="f62ab313949355e0273e65d3abda21f068933ec46b1fdf41a833e981e7de5b6aa4a1b65d8ec8094ee099d8271d26428366e221fc061208889c5686a4dc0c2d3d4fd66741cc11c4c833102fc156857f99a8b799636ea87c35b0283036520e5953baf9c51316d8d93aa5096030bd0d0dfbbdf445006af75ad33303c89c2de7ee8ac49a59a6605f3343c51ee399b1977da2e34ffbe0425866c7b7ad499ab8611286d60c0f27a1e62be4fb4b9e41eabec273531810fb81d733a5ea29408c19aba4587f9da5920ad564ad6bb89ac4565194535c7f6f54993deceb58a75e137be85d7600", 0xffffff90, 0x60, 0x0, 0x127) [ 172.334088] XFS (loop4): Invalid superblock magic number [ 172.356674] BTRFS error (device loop0): open_ctree failed 08:14:39 executing program 0 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:39 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 172.413138] XFS (loop2): Invalid superblock magic number 08:14:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:39 executing program 1: getsockopt$IP_VS_SO_GET_SERVICE(0xffffffffffffffff, 0x0, 0x483, 0x0, 0x0) ioctl$KDSETKEYCODE(0xffffffffffffffff, 0x4b4d, 0x0) syz_open_procfs(0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = creat(0x0, 0x0) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, 0x0, &(0x7f0000005c00)) setsockopt$inet6_IPV6_IPSEC_POLICY(r0, 0x29, 0x22, 0x0, 0x0) rt_sigtimedwait(0x0, 0x0, 0x0, 0x0) prctl$PR_GET_NO_NEW_PRIVS(0x27) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, 0x0) ioctl$KDSKBSENT(0xffffffffffffffff, 0x4b49, 0x0) arch_prctl$ARCH_MAP_VDSO_32(0x2002, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0) 08:14:39 executing program 5: r0 = socket$tipc(0x1e, 0x2, 0x0) shutdown(r0, 0x0) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 172.530427] FAULT_INJECTION: forcing a failure. [ 172.530427] name failslab, interval 1, probability 0, space 0, times 0 [ 172.566315] CPU: 1 PID: 9917 Comm: syz-executor.0 Not tainted 4.14.148 #0 08:14:39 executing program 1: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000002c0)='sysfs\x00', 0x0, 0x0) mount(0x0, &(0x7f00000003c0)='./file0/bus\x00', 0x0, 0x0, 0x0) 08:14:39 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 172.573306] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 172.582665] Call Trace: [ 172.585274] dump_stack+0x138/0x197 [ 172.588919] should_fail.cold+0x10f/0x159 [ 172.593078] should_failslab+0xdb/0x130 [ 172.597065] kmem_cache_alloc_node+0x287/0x780 [ 172.601666] __alloc_skb+0x9c/0x500 [ 172.605293] ? skb_scrub_packet+0x4b0/0x4b0 [ 172.609760] ? netlink_has_listeners+0x20a/0x330 [ 172.614530] kobject_uevent_env+0x781/0xc23 [ 172.618866] kobject_uevent+0x20/0x26 [ 172.622690] lo_ioctl+0x11e7/0x1ce0 [ 172.626328] ? loop_probe+0x160/0x160 08:14:39 executing program 3: ioctl$MON_IOCG_STATS(0xffffffffffffffff, 0xc0109207, 0x0) r0 = creat(&(0x7f00000000c0)='./file0\x00', 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000400)=0xff) ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, &(0x7f0000000240)) [ 172.630132] blkdev_ioctl+0x96b/0x1860 [ 172.634022] ? blkpg_ioctl+0x980/0x980 [ 172.637915] ? __might_sleep+0x93/0xb0 [ 172.641794] ? __fget+0x210/0x370 [ 172.645231] block_ioctl+0xde/0x120 [ 172.648850] ? blkdev_fallocate+0x3b0/0x3b0 [ 172.653286] do_vfs_ioctl+0x7ae/0x1060 [ 172.657310] ? selinux_file_mprotect+0x5d0/0x5d0 [ 172.662059] ? lock_downgrade+0x740/0x740 [ 172.666224] ? ioctl_preallocate+0x1c0/0x1c0 [ 172.670640] ? __fget+0x237/0x370 [ 172.674083] ? security_file_ioctl+0x89/0xb0 [ 172.678491] SyS_ioctl+0x8f/0xc0 [ 172.682199] ? do_vfs_ioctl+0x1060/0x1060 [ 172.686343] do_syscall_64+0x1e8/0x640 [ 172.690219] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 172.695050] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 172.700223] RIP: 0033:0x4598c7 [ 172.703402] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 172.711092] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 172.718367] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 08:14:39 executing program 5: r0 = syz_open_dev$dmmidi(&(0x7f0000000000)='/dev/dmmidi#\x00', 0x80000001, 0x20a01) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000080)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_GET(r0, &(0x7f0000000280)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800010}, 0xc, &(0x7f0000000240)={&(0x7f00000000c0)={0x144, r1, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x1c, 0x7, [@TIPC_NLA_NET_ID={0x8, 0x1, 0x4800000}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x1}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x6}]}, @TIPC_NLA_MON={0x3c, 0x9, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x7fff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x20}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8}]}, @TIPC_NLA_BEARER={0x30, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x3ff}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}]}]}, @TIPC_NLA_SOCK={0x44, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffff7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0xca70}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x6}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x10000}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_BEARER={0x64, 0x1, [@TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'vxcan1\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffffff7}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e22, 0x37, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0xe}}, 0x1}}, {0x14, 0x2, @in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x24}}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @udp='udp:syz1\x00'}]}]}, 0x144}}, 0x4000000) [ 172.725800] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 172.733055] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 172.740397] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 172.784111] BTRFS error (device loop0): superblock checksum mismatch 08:14:39 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000280), 0x12) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0x4, &(0x7f0000000040)=@raw=[@map={0x18, 0x5992e972deb5550f}, @jmp={0x5, 0x0, 0x8, 0x9, 0x0, 0xc}, @alu={0x7, 0x1, 0x6, 0x0, 0xd, 0x80, 0xf8f0e9cc205fc430}], &(0x7f0000000100)='GPL\x00', 0x0, 0x3b, &(0x7f0000000140)=""/59, 0x0, 0x0, [], 0x0, 0xe, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x0, 0x1}, 0x8, 0x10, 0x0}, 0x70) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, &(0x7f0000000000), 0x252) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200)=0x5000000, 0x400000) 08:14:39 executing program 5: syslog(0x3, &(0x7f00000000c0)=""/92, 0x5c) 08:14:39 executing program 0 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 172.847825] XFS (loop2): Invalid superblock magic number [ 172.853989] BTRFS error (device loop0): open_ctree failed 08:14:39 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 172.897271] XFS (loop4): Invalid superblock magic number 08:14:39 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:39 executing program 5: syslog(0xa, &(0x7f00000000c0)=""/92, 0xfffffffffffffeb0) 08:14:39 executing program 3: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000340)={0x15, 0x65, 0xffff, 0x8001, 0x8, '9P2000.L'}, 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000300)='9p\x00', 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) lstat(&(0x7f00000003c0)='./file0\x00', 0x0) llistxattr(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='net/sockstat\x00') sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000080)=0xf0, 0x100001) r5 = syz_open_procfs(0x0, &(0x7f0000000000)='net/sockstat\x00') r6 = socket$inet6(0xa, 0x2, 0x0) sendfile(r6, r5, &(0x7f0000000080)=0xf0, 0x100001) 08:14:39 executing program 5: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x140004, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\a'], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000054c0)=ANY=[@ANYBLOB="740000002400070500"/20, @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000080001007366710048000229c6090032d0ed64f3c3545aaf6e000085a4e4ebb5ef6700"/96], 0x74}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000500)=@newtfilter={0x3c, 0x2c, 0x701, 0x0, 0x0, {0x0, r4, {}, {}, {0x3}}, [@filter_kind_options=@f_tcindex={{0xc, 0x1, 'tcindex\x00'}, {0x4}}, @TCA_CHAIN={0x8, 0xb, 0x9863}]}, 0x3c}}, 0x0) bind$can_raw(r0, &(0x7f0000000040)={0x1d, r4}, 0x10) syslog(0x2, &(0x7f0000000340)=""/97, 0x61) [ 172.986034] XFS (loop1): Invalid superblock magic number [ 172.999959] FAULT_INJECTION: forcing a failure. [ 172.999959] name failslab, interval 1, probability 0, space 0, times 0 [ 173.052010] CPU: 0 PID: 9984 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 173.058997] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.068449] Call Trace: [ 173.068469] dump_stack+0x138/0x197 [ 173.068488] should_fail.cold+0x10f/0x159 [ 173.068502] should_failslab+0xdb/0x130 [ 173.074731] kmem_cache_alloc_node_trace+0x280/0x770 [ 173.074752] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 173.074768] __kmalloc_node_track_caller+0x3d/0x80 [ 173.074783] __kmalloc_reserve.isra.0+0x40/0xe0 [ 173.082905] __alloc_skb+0xcf/0x500 [ 173.082914] ? skb_scrub_packet+0x4b0/0x4b0 [ 173.082924] ? netlink_has_listeners+0x20a/0x330 [ 173.082938] kobject_uevent_env+0x781/0xc23 [ 173.082955] kobject_uevent+0x20/0x26 [ 173.082974] lo_ioctl+0x11e7/0x1ce0 [ 173.082989] ? loop_probe+0x160/0x160 [ 173.082999] blkdev_ioctl+0x96b/0x1860 [ 173.083007] ? blkpg_ioctl+0x980/0x980 [ 173.083023] ? __might_sleep+0x93/0xb0 [ 173.083033] ? __fget+0x210/0x370 [ 173.083045] block_ioctl+0xde/0x120 [ 173.083056] ? blkdev_fallocate+0x3b0/0x3b0 [ 173.154403] do_vfs_ioctl+0x7ae/0x1060 [ 173.158281] ? selinux_file_mprotect+0x5d0/0x5d0 [ 173.163032] ? lock_downgrade+0x740/0x740 [ 173.167163] ? ioctl_preallocate+0x1c0/0x1c0 [ 173.171570] ? __fget+0x237/0x370 [ 173.175031] ? security_file_ioctl+0x89/0xb0 [ 173.179439] SyS_ioctl+0x8f/0xc0 [ 173.182817] ? do_vfs_ioctl+0x1060/0x1060 [ 173.186967] do_syscall_64+0x1e8/0x640 [ 173.190844] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 173.195703] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 173.200888] RIP: 0033:0x4598c7 [ 173.204072] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 173.211780] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 173.219041] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 173.226317] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 173.233589] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 173.240879] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) socketpair(0x9, 0x4, 0x1d, &(0x7f0000000000)) [ 173.286949] BTRFS error (device loop0): superblock checksum mismatch 08:14:40 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0xf0, 0x0) close(r0) r1 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000300)={0xffffffffffffffff, 0x28, &(0x7f00000002c0)}, 0x10) bpf$OBJ_GET_MAP(0x7, &(0x7f0000000140)={&(0x7f0000000100)='./file0\x00'}, 0x10) bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x8}, 0xc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001c00)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_pid(r2, &(0x7f0000000000), 0xcbaa60f5) bpf$BPF_MAP_FREEZE(0x16, &(0x7f0000000080)=r2, 0x4) r3 = openat$cgroup(r0, 0x0, 0x200002, 0x0) close(r3) write$cgroup_subtree(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="b3e6000073200563707520"], 0xb) ioctl$PERF_EVENT_IOC_QUERY_BPF(r1, 0xc008240a, 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup\x00\f\x7f\xd9\xfa;\x8b\x88gb\xefi\x16\x91\xbb\xc4\xd5Jk\tU~ \xa4\vR\\\x8a\xdb\xcel\xe0\xa3[\xae\x9d\xac\x84\x9f\v\x9e\x9f\r\x10\x1f\xd3\x80\xc1\xccq\xab\x01y\xed\xfc\x96)\xf6_>+\xa030\xbbE\xb0\xc3\x94\xd53\x87\xd6\xc4\\\xc7\x82\xe9\xafs^p\x12Y*WU\x98\x1c\xebq/\xf5\x81#\x85\xc5\xa0\xfd\xfac\xd9\xf2c`\xe9[c\a\x12\x1bb\x82\x83\x86d\xf0k\xa8\x90\x06\xa8\x1cK\xea\x19\x91\a1z)\xde_r`\xee\xb6\x9e\xcb\x05\x00\x00\x82\xa1\t\xc9\x05\xcc^\x00\x00', 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000080)='memory.high\x00', 0x2, 0x0) write$cgroup_int(r5, 0x0, 0x0) 08:14:40 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=@framed={{0xffffffb7, 0x0, 0x0, 0x0, 0x0, 0x6f, 0xa}, [@ldst]}, &(0x7f0000003ff6)='OPL\x00', 0x1, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 08:14:40 executing program 5: pipe2(&(0x7f0000000080)={0xffffffffffffffff}, 0x800) ioctl$KVM_SET_BOOT_CPU_ID(r0, 0xae78, &(0x7f00000000c0)) syslog(0x4, &(0x7f0000000000)=""/98, 0x62) 08:14:40 executing program 3: mkdir(&(0x7f0000000340)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000240)='fuse\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) mknod$loop(&(0x7f00000001c0)='./file0/file1\x00', 0x0, 0xffffffffffffffff) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 173.354592] XFS (loop4): Invalid superblock magic number [ 173.377035] XFS (loop2): Invalid superblock magic number 08:14:40 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 173.460958] BTRFS error (device loop0): open_ctree failed 08:14:40 executing program 0 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$md(0xffffffffffffff9c, &(0x7f0000000000)='/dev/md0\x00', 0x0, 0x0) 08:14:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x20000000080002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x10001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe8100000000000000e9ffffff0000ddff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3620700100000000000236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69ccc47a3712c3028596ed443bc6d025ddefa7ff2abbb3ee83954d390d617a867358f810f1325b2fc3ea3940102e58259d92371410770b11a6eeddb8fcef90fc6fd65b1e04acdee7ba47d7000000000200000000000000ff4667974557f7217644d6d3e0b3ddb24590beb2108445d955f27436d9feff6bf06101ce03c061a81f1e0bae433e421a18ebc1864376d7ccaeab9a187b02d3fd8f3b528234bd4b4e01303999ac9ab41fa6884848a3bf2abd3ff85f23309d9f554c5511821e2de9db6b5d88c124a977242787f2fed0b5d36022bf9adb4b07ebc1dd1c8d8d47d549e27dbe0cbed59432a13ac5a2b5eb2def9f6910216f3ebfb0dd587583528e01a8a0ac4ceda457384efb233f84820f7f0c6fad7148e0d1dd484455dcf38efdec6777ff72aa9104cc7bd6e422c102ca80eb8ff2182ad6eec8cf171fb2ede81adb12f27d60a15ff42119ea08f115b80a1c3a7c6feb4abf437dc3e260893d1b870d8beeac0d9b9bf4eb78cfc5fdac9980bda0104d1b82a63c907c517d52e5253a2c0e6cb66755c0184a09f88f6ff9c87a528c3677d397e6d3e8fa1213866a026764574b712f2fc3fcfd60ad331f4a03bdc20998ec227cf0671036d11dc0c9cd10273c456a4979b887b33ca333a62d47525c3e00"/599], 0x0) read(r0, &(0x7f0000000080)=""/132, 0x397) shutdown(r0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)) 08:14:40 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x190) [ 173.627458] FAULT_INJECTION: forcing a failure. [ 173.627458] name failslab, interval 1, probability 0, space 0, times 0 [ 173.668314] CPU: 0 PID: 10065 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 173.675378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 173.684736] Call Trace: [ 173.687341] dump_stack+0x138/0x197 [ 173.691095] should_fail.cold+0x10f/0x159 [ 173.695255] should_failslab+0xdb/0x130 [ 173.699237] kmem_cache_alloc_node_trace+0x280/0x770 [ 173.704355] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 173.709823] __kmalloc_node_track_caller+0x3d/0x80 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_S_FBUF(r0, 0x4030560b, &(0x7f0000000040)={0x0, 0x26, &(0x7f0000000140)="0e1eb88e12a0fd79c2407d6afd727001c4e5a06beb6b5b2d1d9cb0f31a2b4f7c626616df23b8176c0b10e775b6475a554e9680aa60036bbc62179a7cfdff7d85d83366dee8987f7f6bf540a2e562121be32bff6ec38d8dd4c60191ac00c44acdf78ba8d4dead43e9b3da7bf106917f281c661be751493dc441fa21725b8bac54d9cece002f906d9ff1d4b20f953e4d722748eb1e25f4d1f062ed038d9c27c15608be4d4de9a8a23062173456058451fda3225eede3308b3000022d999f7100de4bab5060351dc52082f07ca633e60c6d69c51f7a024df7937b576c93250a08a8", {0x8, 0x9, 0x30313953, 0x3, 0xfffffffc, 0x81, 0x0, 0x4}}) 08:14:40 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x92b6, 0x40a80) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x2e0, 0x0, 0x0, 0x6}) ioctl$DRM_IOCTL_AGP_BIND(r0, 0x40106436, &(0x7f0000000080)={r1, 0x8}) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$bt_BT_DEFER_SETUP(r2, 0x112, 0x7, &(0x7f0000000140), &(0x7f0000000180)=0x4) [ 173.714764] __kmalloc_reserve.isra.0+0x40/0xe0 [ 173.719438] __alloc_skb+0xcf/0x500 [ 173.723072] ? skb_scrub_packet+0x4b0/0x4b0 [ 173.727404] ? netlink_has_listeners+0x20a/0x330 [ 173.732175] kobject_uevent_env+0x781/0xc23 [ 173.736508] kobject_uevent+0x20/0x26 [ 173.740447] lo_ioctl+0x11e7/0x1ce0 [ 173.744096] ? loop_probe+0x160/0x160 [ 173.747902] blkdev_ioctl+0x96b/0x1860 [ 173.751791] ? blkpg_ioctl+0x980/0x980 [ 173.755692] ? __might_sleep+0x93/0xb0 [ 173.759581] ? __fget+0x210/0x370 [ 173.763040] block_ioctl+0xde/0x120 08:14:40 executing program 5: r0 = open(&(0x7f0000001680)='./file0\x00', 0x222300, 0x18) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000040)={0x0}, &(0x7f0000000200)=0xc) fcntl$setownex(0xffffffffffffffff, 0xf, &(0x7f0000000240)={0x1, r1}) ioctl$sock_inet6_tcp_SIOCOUTQ(r0, 0x5411, &(0x7f00000016c0)) syslog(0x4, &(0x7f00000000c0)=""/85, 0x10c) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) setsockopt$CAIFSO_REQ_PARAM(r3, 0x116, 0x80, &(0x7f0000000140)="af32b46cc40fca10754031979d993afc1d35f9bde9950c48c74860d31bcb4a067ca33a3104ab9b4e2df7c2473345562e61987ef4dcd1fe53ac8bc9215a48554c0c4b016dfb430fa1eb85062d845cb30f29e84370d80b7b664ea9efe4f4a2dd16401536789314bf4ea1c8a51464d92c6760c547b292a288aff9be87db6a54ef4b5a18bcbb83937279065594155256c1c88dd89b6a5e2d13b2b55304bd1845a446038684d751e3f806fcac4989c07aee3c9b66c56b5931b392dc5656", 0xbb) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$TIOCLINUX3(r2, 0x541c, &(0x7f0000000000)) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r4, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000280)=@req3={0x80000000, 0x1, 0x8, 0x8, 0x1, 0x2, 0x8}, 0x1c) [ 173.766670] ? blkdev_fallocate+0x3b0/0x3b0 [ 173.770996] do_vfs_ioctl+0x7ae/0x1060 [ 173.774888] ? selinux_file_mprotect+0x5d0/0x5d0 [ 173.779644] ? lock_downgrade+0x740/0x740 [ 173.783793] ? ioctl_preallocate+0x1c0/0x1c0 [ 173.788202] ? __fget+0x237/0x370 [ 173.791664] ? security_file_ioctl+0x89/0xb0 [ 173.796080] SyS_ioctl+0x8f/0xc0 [ 173.799448] ? do_vfs_ioctl+0x1060/0x1060 [ 173.804381] do_syscall_64+0x1e8/0x640 [ 173.808272] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 173.813131] entry_SYSCALL_64_after_hwframe+0x42/0xb7 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) [ 173.818317] RIP: 0033:0x4598c7 [ 173.821505] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 173.829215] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 173.836486] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 173.843757] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 173.851029] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 173.858305] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 173.867361] XFS (loop2): Invalid superblock magic number 08:14:40 executing program 5: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x81, 0x4) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x7a, &(0x7f00000001c0)={r3}, &(0x7f00000009c0)=0x14) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000080)={r3, 0x30, &(0x7f0000000040)=[@in={0x2, 0x4e20, @local}, @in={0x2, 0x4e20, @rand_addr=0x7ff}, @in={0x2, 0x4e23, @empty}]}, &(0x7f0000000140)=0x10) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) [ 173.897449] BTRFS error (device loop0): superblock checksum mismatch [ 173.913548] XFS (loop4): Invalid superblock magic number 08:14:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x20000000080002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x10001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe8100000000000000e9ffffff0000ddff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3620700100000000000236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69ccc47a3712c3028596ed443bc6d025ddefa7ff2abbb3ee83954d390d617a867358f810f1325b2fc3ea3940102e58259d92371410770b11a6eeddb8fcef90fc6fd65b1e04acdee7ba47d7000000000200000000000000ff4667974557f7217644d6d3e0b3ddb24590beb2108445d955f27436d9feff6bf06101ce03c061a81f1e0bae433e421a18ebc1864376d7ccaeab9a187b02d3fd8f3b528234bd4b4e01303999ac9ab41fa6884848a3bf2abd3ff85f23309d9f554c5511821e2de9db6b5d88c124a977242787f2fed0b5d36022bf9adb4b07ebc1dd1c8d8d47d549e27dbe0cbed59432a13ac5a2b5eb2def9f6910216f3ebfb0dd587583528e01a8a0ac4ceda457384efb233f84820f7f0c6fad7148e0d1dd484455dcf38efdec6777ff72aa9104cc7bd6e422c102ca80eb8ff2182ad6eec8cf171fb2ede81adb12f27d60a15ff42119ea08f115b80a1c3a7c6feb4abf437dc3e260893d1b870d8beeac0d9b9bf4eb78cfc5fdac9980bda0104d1b82a63c907c517d52e5253a2c0e6cb66755c0184a09f88f6ff9c87a528c3677d397e6d3e8fa1213866a026764574b712f2fc3fcfd60ad331f4a03bdc20998ec227cf0671036d11dc0c9cd10273c456a4979b887b33ca333a62d47525c3e00"/599], 0x0) read(r0, &(0x7f0000000080)=""/132, 0x397) shutdown(r0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)) [ 173.954338] BTRFS error (device loop0): open_ctree failed 08:14:40 executing program 0 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:40 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:40 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:40 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:40 executing program 1: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x20000000080002, 0x88) bind$inet6(r0, &(0x7f0000009400)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x5}, 0x1c) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000000)=0x10001, 0x4) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa86dd601bfc97004d8800fe8100000000000000e9ffffff0000ddff02000000000000000000000000000100004e20004d9078e29607149378d33e1db1c73936c77aa3620700100000000000236862531934ecb1c373d6ea51369e92fb96cc7c6fe4e24d1fcafff87429e50b32881721afab69ccc47a3712c3028596ed443bc6d025ddefa7ff2abbb3ee83954d390d617a867358f810f1325b2fc3ea3940102e58259d92371410770b11a6eeddb8fcef90fc6fd65b1e04acdee7ba47d7000000000200000000000000ff4667974557f7217644d6d3e0b3ddb24590beb2108445d955f27436d9feff6bf06101ce03c061a81f1e0bae433e421a18ebc1864376d7ccaeab9a187b02d3fd8f3b528234bd4b4e01303999ac9ab41fa6884848a3bf2abd3ff85f23309d9f554c5511821e2de9db6b5d88c124a977242787f2fed0b5d36022bf9adb4b07ebc1dd1c8d8d47d549e27dbe0cbed59432a13ac5a2b5eb2def9f6910216f3ebfb0dd587583528e01a8a0ac4ceda457384efb233f84820f7f0c6fad7148e0d1dd484455dcf38efdec6777ff72aa9104cc7bd6e422c102ca80eb8ff2182ad6eec8cf171fb2ede81adb12f27d60a15ff42119ea08f115b80a1c3a7c6feb4abf437dc3e260893d1b870d8beeac0d9b9bf4eb78cfc5fdac9980bda0104d1b82a63c907c517d52e5253a2c0e6cb66755c0184a09f88f6ff9c87a528c3677d397e6d3e8fa1213866a026764574b712f2fc3fcfd60ad331f4a03bdc20998ec227cf0671036d11dc0c9cd10273c456a4979b887b33ca333a62d47525c3e00"/599], 0x0) read(r0, &(0x7f0000000080)=""/132, 0x397) shutdown(r0, 0x0) ioctl$IOC_PR_CLEAR(0xffffffffffffffff, 0x401070cd, &(0x7f0000000040)) [ 174.142130] FAULT_INJECTION: forcing a failure. [ 174.142130] name failslab, interval 1, probability 0, space 0, times 0 [ 174.164614] XFS (loop2): Invalid superblock magic number [ 174.174352] CPU: 1 PID: 10131 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 174.181403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.190768] Call Trace: [ 174.193367] dump_stack+0x138/0x197 [ 174.197016] should_fail.cold+0x10f/0x159 [ 174.201181] should_failslab+0xdb/0x130 [ 174.205168] kmem_cache_alloc_node+0x287/0x780 [ 174.209772] __alloc_skb+0x9c/0x500 [ 174.213400] ? skb_scrub_packet+0x4b0/0x4b0 [ 174.217733] ? netlink_has_listeners+0x20a/0x330 [ 174.222509] kobject_uevent_env+0x781/0xc23 [ 174.226849] kobject_uevent+0x20/0x26 [ 174.230660] lo_ioctl+0x11e7/0x1ce0 [ 174.234299] ? loop_probe+0x160/0x160 [ 174.238105] blkdev_ioctl+0x96b/0x1860 [ 174.241999] ? blkpg_ioctl+0x980/0x980 [ 174.245898] ? __might_sleep+0x93/0xb0 [ 174.249787] ? __fget+0x210/0x370 [ 174.253249] block_ioctl+0xde/0x120 [ 174.256885] ? blkdev_fallocate+0x3b0/0x3b0 [ 174.261388] do_vfs_ioctl+0x7ae/0x1060 [ 174.265374] ? selinux_file_mprotect+0x5d0/0x5d0 [ 174.270135] ? lock_downgrade+0x740/0x740 [ 174.274289] ? ioctl_preallocate+0x1c0/0x1c0 [ 174.278705] ? __fget+0x237/0x370 [ 174.282166] ? security_file_ioctl+0x89/0xb0 [ 174.286587] SyS_ioctl+0x8f/0xc0 [ 174.289956] ? do_vfs_ioctl+0x1060/0x1060 [ 174.294109] do_syscall_64+0x1e8/0x640 [ 174.298015] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.302869] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 174.308057] RIP: 0033:0x4598c7 [ 174.311245] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.322954] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 174.330225] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 08:14:40 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r1, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r1, 0x84, 0x7a, &(0x7f00000001c0)={r3}, &(0x7f00000009c0)=0x14) setsockopt$inet_sctp_SCTP_DELAYED_SACK(r0, 0x84, 0x10, &(0x7f0000000000)=@sack_info={r3, 0x1, 0x3}, 0xc) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r4, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r5, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000300)={0x1, 0x4000}) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r7, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$PPPIOCSCOMPRESS(r7, 0x4010744d) r8 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r6, 0x84, 0x7a, &(0x7f00000001c0)={r9}, &(0x7f00000009c0)=0x14) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f0000000200)={r9, @in={{0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x1e}}}, 0x5, 0x7, 0x401, 0x6, 0x40000}, &(0x7f00000002c0)=0x98) r10 = openat$cgroup_procs(r4, &(0x7f0000000040)='tasks\x00', 0x2, 0x0) ioctl$FS_IOC_SETVERSION(r10, 0x40087602, &(0x7f0000000140)=0xb42c) 08:14:40 executing program 5: syslog(0x4, &(0x7f0000000140)=""/80, 0xfffffffffffffe37) r0 = add_key$keyring(&(0x7f0000000400)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$restrict_keyring(0x1d, r0, &(0x7f0000000480)='asymmetric\x00', 0x0) add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)="36365bc5022e99c116124a24af2618c5ddb0dbbe6e22e6e1881a28b6ec58ff60e6ec4656fbce", 0x26, r0) 08:14:40 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = syz_open_dev$sndpcmc(&(0x7f0000000000)='/dev/snd/pcmC#D#c\x00', 0x40, 0x0) ioctl$PPPIOCGDEBUG(r0, 0x80047441, &(0x7f0000000040)) 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:41 executing program 5: syslog(0x4, &(0x7f0000000140)=""/103, 0x67) mount(&(0x7f0000000000)=@nullb='/dev/nullb0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='hfs\x00', 0x2000000, 0x0) r0 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/policy\x00', 0x0, 0x0) ioctl$BLKPBSZGET(r0, 0x127b, &(0x7f0000000100)) 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 174.337504] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 174.344784] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 174.352061] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 174.398478] BTRFS error (device loop0): superblock checksum mismatch [ 174.454701] XFS (loop4): Invalid superblock magic number [ 174.471798] BTRFS error (device loop0): open_ctree failed 08:14:41 executing program 0 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$uinput_user_dev(r0, &(0x7f0000000400)={'syz1\x00', {}, 0x1f, [], [], [], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1]}, 0x45c) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) r2 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x3, 0x0) dup3(r1, r2, 0x0) 08:14:41 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) sendto$unix(r1, &(0x7f0000000280)=' ', 0x1, 0x80, &(0x7f0000000200)=@file={0x2, './file0\x00'}, 0x6e) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r2 = dup(r1) getsockopt$IP6T_SO_GET_REVISION_TARGET(r2, 0x29, 0x45, &(0x7f0000000140)={'ah\x00'}, &(0x7f0000000180)=0x1e) linkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', r0, &(0x7f0000000040)='./file0\x00', 0x400) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:41 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{0x0, 0x0, 0x200}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:41 executing program 5: syslog(0x9, &(0x7f0000000340)=""/85, 0x55) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/d\x89\xaa\xce\x14\xd7\xa7\xbd\xf9\x00', 0x40000, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000040)=@assoc_value, &(0x7f0000000080)=0x8) [ 174.596850] input: syz1 as /devices/virtual/input/input7 [ 174.630597] FAULT_INJECTION: forcing a failure. [ 174.630597] name failslab, interval 1, probability 0, space 0, times 0 [ 174.667473] CPU: 0 PID: 10196 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 174.667727] XFS (loop4): Invalid superblock magic number [ 174.674559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 174.674565] Call Trace: [ 174.674585] dump_stack+0x138/0x197 [ 174.674603] should_fail.cold+0x10f/0x159 [ 174.674618] should_failslab+0xdb/0x130 [ 174.674631] kmem_cache_alloc_node+0x287/0x780 [ 174.674647] __alloc_skb+0x9c/0x500 [ 174.674656] ? skb_scrub_packet+0x4b0/0x4b0 [ 174.674668] ? netlink_has_listeners+0x20a/0x330 [ 174.674680] kobject_uevent_env+0x781/0xc23 [ 174.674698] kobject_uevent+0x20/0x26 [ 174.674708] lo_ioctl+0x11e7/0x1ce0 [ 174.674726] ? loop_probe+0x160/0x160 [ 174.674738] blkdev_ioctl+0x96b/0x1860 [ 174.674755] ? blkpg_ioctl+0x980/0x980 [ 174.674772] ? __might_sleep+0x93/0xb0 [ 174.674782] ? __fget+0x210/0x370 [ 174.674796] block_ioctl+0xde/0x120 [ 174.674804] ? blkdev_fallocate+0x3b0/0x3b0 [ 174.674812] do_vfs_ioctl+0x7ae/0x1060 [ 174.674823] ? selinux_file_mprotect+0x5d0/0x5d0 [ 174.674831] ? lock_downgrade+0x740/0x740 [ 174.674841] ? ioctl_preallocate+0x1c0/0x1c0 [ 174.674851] ? __fget+0x237/0x370 [ 174.674866] ? security_file_ioctl+0x89/0xb0 [ 174.674876] SyS_ioctl+0x8f/0xc0 [ 174.674884] ? do_vfs_ioctl+0x1060/0x1060 [ 174.674895] do_syscall_64+0x1e8/0x640 [ 174.674903] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 174.674917] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 174.714411] XFS (loop2): Invalid superblock magic number [ 174.716632] RIP: 0033:0x4598c7 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:41 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x1d, &(0x7f0000000000)={0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, &(0x7f0000000040)=0x24) r1 = openat$selinux_policy(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/policy\x00', 0x0, 0x0) name_to_handle_at(r1, &(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)={0xdc, 0x2eef8aa8, "f5516ebbfc4b11b909fe67ac42eddb8e58af7dec4897439857685a2f367388e5c9dbb2aa423440ca289e338ba0ee84f848e78aac52a9214ea6b97acf9f4c0eb2e06771f50f76db479967bc11fe7cb4a754b3998f4042a7e2674640d8265d582cb3fbf979e46be7f089f582076e0a3719248c8ce2753fb96ff59713c3e31087e0ffe07393f3c52b3dd2dacd599d37914044298fca6357ca27bbf6cae769d3b89317238d7bb859b0e65c8a89572c18fd093c21bc316ecff8d3223845a31bc987e0bf0c1a4a0fc8d79cc4d8c45ddbce0046271b5ca3"}, &(0x7f00000002c0), 0x1000) [ 174.716638] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.822355] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 174.829610] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 174.836868] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 174.844118] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 174.851380] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:41 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 174.906236] BTRFS error (device loop0): superblock checksum mismatch [ 174.926503] input: syz1 as /devices/virtual/input/input8 [ 174.960950] BTRFS error (device loop0): open_ctree failed 08:14:41 executing program 0 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:41 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x189881, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$SNDRV_SEQ_IOCTL_DELETE_QUEUE(r0, 0x408c5333, &(0x7f0000000000)={0x1f, 0x5, 0x0, 'queue1\x00', 0x5}) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_CONN_TIMEOUT(r1, 0x10f, 0x82, &(0x7f0000000180), &(0x7f00000001c0)=0x4) 08:14:41 executing program 1: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f000000b000)={0x0, 0x0, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@updsa={0xfc, 0x1a, 0x1, 0x0, 0x0, {{@in6=@dev, @in=@loopback}, {@in6, 0x0, 0x2b}, @in6, {0x0, 0xffffffffffffffff}, {}, {}, 0x0, 0x0, 0xa}, [@mark={0xc}]}, 0xfc}}, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f000000b000)={0x0, 0x0, &(0x7f00005a6ff0)={&(0x7f0000451ccc)=@updsa={0x110, 0x1a, 0x1, 0x0, 0x0, {{@in6=@dev, @in=@loopback, 0x0, 0x0, 0x80}, {@in6, 0x0, 0x2b}, @in6, {0x0, 0x0, 0x0, 0x5}, {}, {}, 0x0, 0x0, 0xa}, [@coaddr={0x14, 0xe, @in=@local}, @mark={0xc}]}, 0x110}}, 0x0) sendfile(0xffffffffffffffff, r0, &(0x7f0000000040), 0x18) r1 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, 0x0, 0x2, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x200000000d, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mount$bpf(0x20000000, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) write$P9_RREMOVE(0xffffffffffffffff, &(0x7f0000000280)={0x7}, 0x7) pivot_root(&(0x7f00000005c0)='./file0\x00', &(0x7f0000000d00)='./file0\x00') add_key$user(0x0, &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0x0) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) syz_genetlink_get_family_id$tipc2(0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={0xffffffffffffffff, r1, 0x0, 0xb, &(0x7f00000002c0)='asymmetric\x00', 0xffffffffffffffff}, 0x30) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8250, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400000000000003, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$FITRIM(0xffffffffffffffff, 0xc0185879, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) ptrace$poke(0xffffffffffffffff, r2, &(0x7f0000000340), 0xfff) ppoll(&(0x7f00000000c0)=[{r3}, {0xffffffffffffffff, 0x2}, {0xffffffffffffffff, 0xb61c61993eae8e64}], 0x3, &(0x7f0000000100)={0x77359400}, &(0x7f0000000280)={0xffffffffffffff38}, 0x8) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) execveat(r4, 0x0, &(0x7f0000000640)=[&(0x7f0000000440)='cpuset*$[.eth1@lowlan0em1^\x00', &(0x7f0000000480)='procproc\x00', &(0x7f0000000540)='}\x13\xbc+vboxnet0\x00', &(0x7f0000000580)='user\x00'], &(0x7f0000000740)=[&(0x7f0000000680)='asymmetric\x00', &(0x7f0000000700)='\x00'], 0x100) accept(r0, 0x0, &(0x7f00000003c0)) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={0x0}}, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="020700001000000000000000000001000800120000000100000000000000000006000000000000000000000800000200e00040e0ff00000000000000000000000000ada800800400004015000000000003000600df120000020000809014ffbbf00000000000000003000500000100000200423b30632bd7b820000000000003"], 0x80}}, 0x0) r5 = socket$key(0xf, 0x3, 0x2) sendmmsg(r5, &(0x7f0000000180), 0x32bc45944b084a6, 0x0) 08:14:41 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 175.067070] XFS (loop4): Invalid superblock magic number [ 175.083360] XFS (loop2): Invalid superblock magic number 08:14:41 executing program 5: syslog(0x0, &(0x7f00000000c0)=""/74, 0x3ed) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vga_arbiter\x00', 0x101801, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r1, 0x5386, &(0x7f0000000040)) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) shmget$private(0x0, 0x400000, 0x80, &(0x7f0000bff000/0x400000)=nil) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000280)={0x0, 0x0, 0xff}) ioctl$SNDRV_TIMER_IOCTL_GINFO(r2, 0xc0f85403, &(0x7f0000000180)={{0xffffffffffffffff, 0x1, 0x7, 0x3, 0x4}, 0x986, 0x40, 'id0\x00', 'timer0\x00', 0x0, 0x8, 0x2, 0xffff, 0x8}) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r4, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r5 = mmap$binder(&(0x7f0000e80000/0x1000)=nil, 0x1000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f0000000400)={0x14, 0x0, &(0x7f00000002c0)=[@free_buffer={0x40086303, r5}, @acquire={0x40046305, 0x1}], 0xfc, 0x0, &(0x7f0000000300)="08adc3f0f84e312102e4e7f517c1006c0e47fad602ace95cfeed11f2d345cdced3d9b54642113c5c50d7331cc7cdbfa265bcd6f0f6cc3830920dfc4fb2679875c9a18d33deb4909d4613ddd4c91bd060425e959c621780f78c8986a327c6c854a481f9f760ea2f0f84c53e4098dad417bb4d6e82aac108c30f1c8145a418663a541391021309d31634f4e95c6be56413d2ba10beb096209ca049816b7c9adfe4bcf6f68b1306fd869c84491e8d5c3dbe77ed914292907fe079e45d034660117267903eab3d96d1bfc996d32c9b1696fc8744d871eaa1a90da6e879098d14e201b3062690d0ab7444a3bc39731ffc44739c8d9a8d15c0919e40a4b7d1"}) setsockopt$bt_hci_HCI_FILTER(r3, 0x0, 0x2, &(0x7f0000000000)={0x3, 0x10000, 0x9be}, 0x10) ioctl$KVM_SET_TSC_KHZ(r0, 0xaea2, 0x1) [ 175.148272] FAULT_INJECTION: forcing a failure. [ 175.148272] name failslab, interval 1, probability 0, space 0, times 0 [ 175.167962] CPU: 0 PID: 10268 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 175.175146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.184506] Call Trace: [ 175.184525] dump_stack+0x138/0x197 [ 175.184547] should_fail.cold+0x10f/0x159 08:14:41 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 175.184561] should_failslab+0xdb/0x130 [ 175.190773] kmem_cache_alloc_node_trace+0x280/0x770 [ 175.190789] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 175.190805] __kmalloc_node_track_caller+0x3d/0x80 [ 175.190816] __kmalloc_reserve.isra.0+0x40/0xe0 [ 175.190825] __alloc_skb+0xcf/0x500 [ 175.190835] ? skb_scrub_packet+0x4b0/0x4b0 [ 175.190845] ? netlink_has_listeners+0x20a/0x330 [ 175.190859] kobject_uevent_env+0x781/0xc23 [ 175.190877] kobject_uevent+0x20/0x26 [ 175.190888] lo_ioctl+0x11e7/0x1ce0 [ 175.243968] ? loop_probe+0x160/0x160 [ 175.247791] blkdev_ioctl+0x96b/0x1860 [ 175.251706] ? blkpg_ioctl+0x980/0x980 [ 175.255619] ? __might_sleep+0x93/0xb0 [ 175.255631] ? __fget+0x210/0x370 [ 175.255645] block_ioctl+0xde/0x120 [ 175.255655] ? blkdev_fallocate+0x3b0/0x3b0 [ 175.255669] do_vfs_ioctl+0x7ae/0x1060 [ 175.263017] ? selinux_file_mprotect+0x5d0/0x5d0 [ 175.263029] ? lock_downgrade+0x740/0x740 [ 175.263040] ? ioctl_preallocate+0x1c0/0x1c0 [ 175.263052] ? __fget+0x237/0x370 [ 175.263069] ? security_file_ioctl+0x89/0xb0 08:14:41 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 175.263082] SyS_ioctl+0x8f/0xc0 [ 175.263092] ? do_vfs_ioctl+0x1060/0x1060 [ 175.263106] do_syscall_64+0x1e8/0x640 [ 175.263114] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 175.263129] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 175.263137] RIP: 0033:0x4598c7 [ 175.263143] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.263160] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004598c7 [ 175.263169] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 175.277722] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 175.279908] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 175.279915] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 175.279921] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 175.292596] audit: type=1400 audit(1570781681.974:50): avc: denied { map } for pid=10279 comm="syz-executor.5" path="/dev/vga_arbiter" dev="devtmpfs" ino=1038 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:xserver_misc_device_t:s0 tclass=chr_file permissive=1 08:14:42 executing program 5: r0 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x0, 0x400000) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$sock_FIOGETOWN(r1, 0x8903, &(0x7f0000000180)=0x0) syz_open_procfs(r2, &(0x7f00000001c0)='limits\x00') ioctl$TCSETXF(r0, 0x5434, &(0x7f0000000040)={0x8000, 0xb672, [0x8, 0x7, 0x41, 0x7, 0x7], 0x3f}) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$KVM_GET_PIT2(r3, 0x8070ae9f, &(0x7f0000000200)) ioctl$SG_GET_SCSI_ID(r0, 0x2276, &(0x7f0000000080)) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) ioctl$TCSETXW(r0, 0x5435, &(0x7f0000000140)={0x260e, 0xff, [0x20, 0x7ff, 0xfff7, 0x7ff, 0x7]}) 08:14:42 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) sysinfo(&(0x7f0000000000)=""/43) [ 175.442142] BTRFS error (device loop0): superblock checksum mismatch 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:42 executing program 0 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 175.500286] BTRFS error (device loop0): open_ctree failed [ 175.537467] XFS (loop2): Invalid superblock magic number 08:14:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:42 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000000140)="af", 0x1}], 0x1) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ubi_ctrl\x00', 0x204101, 0x0) write$sndseq(r1, &(0x7f0000000240)=[{0x1, 0x7, 0x7a, 0x1, @tick=0xffffffff, {0x81, 0x3}, {0x7, 0x6}, @quote={{0x74, 0x20}, 0x7}}, {0x5, 0x80, 0x3, 0x7, @tick, {0x0, 0x7}, {0x1, 0x3f}, @quote={{0x40, 0x3}, 0x27d, &(0x7f0000000200)={0x1, 0xfe, 0x1, 0x6, @tick=0x2, {0x6, 0x6}, {0x7, 0x6}, @addr={0x3, 0x81}}}}], 0x60) ioctl$VIDIOC_G_AUDOUT(r0, 0x80345631, &(0x7f0000000000)) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000380)='/dev/dsp\x00', 0x400000, 0x0) r4 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r4, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$PPPIOCSFLAGS(r4, 0x40047459, &(0x7f0000000180)=0x2010e44) bind$inet6(r3, &(0x7f00000003c0)={0xa, 0x4e21, 0x0, @mcast2, 0x3f}, 0x1c) setsockopt$IP_VS_SO_SET_STARTDAEMON(r2, 0x0, 0x48b, &(0x7f0000000040)={0x3, 'bridge_slave_1\x00', 0x1}, 0x18) [ 175.639195] FAULT_INJECTION: forcing a failure. [ 175.639195] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 175.651547] CPU: 1 PID: 10330 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 175.658581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 175.668047] Call Trace: [ 175.670662] dump_stack+0x138/0x197 [ 175.674315] should_fail.cold+0x10f/0x159 [ 175.678647] __alloc_pages_nodemask+0x1d6/0x7a0 [ 175.683334] ? fs_reclaim_acquire+0x20/0x20 [ 175.683350] ? __alloc_pages_slowpath+0x2930/0x2930 [ 175.683373] cache_grow_begin+0x80/0x400 [ 175.692732] kmem_cache_alloc+0x6a6/0x780 [ 175.692745] ? selinux_file_mprotect+0x5d0/0x5d0 [ 175.692756] ? lock_downgrade+0x740/0x740 [ 175.692769] getname_flags+0xcb/0x580 [ 175.692780] SyS_mkdir+0x7e/0x200 [ 175.692789] ? SyS_mkdirat+0x210/0x210 [ 175.692799] ? do_syscall_64+0x53/0x640 [ 175.692808] ? SyS_mkdirat+0x210/0x210 [ 175.721461] do_syscall_64+0x1e8/0x640 [ 175.721471] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 175.721489] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 175.721496] RIP: 0033:0x458e77 [ 175.721501] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 175.721513] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 175.729824] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 175.729830] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 175.729835] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 175.729840] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 175.763570] XFS (loop4): Invalid superblock magic number [ 175.816981] BTRFS error (device loop0): superblock checksum mismatch [ 175.868507] XFS (loop2): Invalid superblock magic number [ 175.883577] BTRFS error (device loop0): open_ctree failed 08:14:42 executing program 1: clone(0x7fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @rand_addr="93993974d566da0e3578d082d7ae73b9"}, 0x1c) 08:14:42 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$KDSIGACCEPT(r0, 0x4b4e, 0x24) 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:42 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {0x0, 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:42 executing program 0 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:42 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 176.138377] FAULT_INJECTION: forcing a failure. [ 176.138377] name failslab, interval 1, probability 0, space 0, times 0 [ 176.176547] CPU: 0 PID: 10412 Comm: syz-executor.0 Not tainted 4.14.148 #0 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) setresuid(0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 176.183628] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.192990] Call Trace: [ 176.193023] dump_stack+0x138/0x197 [ 176.193040] should_fail.cold+0x10f/0x159 [ 176.193054] should_failslab+0xdb/0x130 [ 176.193065] kmem_cache_alloc+0x2d7/0x780 [ 176.193077] ? __d_lookup+0x3a2/0x670 [ 176.193088] ? mark_held_locks+0xb1/0x100 [ 176.193097] ? d_lookup+0xe5/0x240 [ 176.193110] __d_alloc+0x2d/0x9f0 [ 176.207718] d_alloc+0x4d/0x270 [ 176.207735] __lookup_hash+0x58/0x180 [ 176.207745] filename_create+0x16c/0x430 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) setresuid(0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 176.238339] ? kern_path_mountpoint+0x40/0x40 [ 176.242858] SyS_mkdir+0x92/0x200 [ 176.246337] ? SyS_mkdirat+0x210/0x210 [ 176.250256] ? do_syscall_64+0x53/0x640 [ 176.254259] ? SyS_mkdirat+0x210/0x210 [ 176.258271] do_syscall_64+0x1e8/0x640 [ 176.262177] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 176.267479] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 176.272684] RIP: 0033:0x458e77 [ 176.275882] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 08:14:42 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) setresuid(0x0, 0x0, 0x0) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r0, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:43 executing program 1: openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) openat$vhci(0xffffffffffffff9c, 0x0, 0x0) 08:14:43 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) sendto$unix(r0, &(0x7f0000000140)="62bbd9f0e551ab79349b03b02080610554a69b516810da473f8f6ac8c5b4242cd28a98d48b1ae0078c59317f7a96286dc766bf02940d0e9be7b8fd355e2eea149b344a5bdb02f642a9fd12add1867ac9fca6be8bcd8a490e407a99f8ecd6de5da55bced36a3946e0e8384be26f7b2d3ffd0ae51824bf777d960db538ecd1922c21ee67ee470d197c2031c1fe0d42a47c2866832e678b2152a0506543585bc3f430a2052584ba8ea71976b6af0d402f19891b754f0179ca898104facb6363e6e477b3bfc21f8131c785277e6c0540baef32ec1a9f53c10420ae33fb8ed427946c087232e724eff1cfe7f3c004009b028cad6cd5b88a813fbb9e875b4d063d159d6d81d99fffbca9ef5a8ae94453ed677d81a096385708d90a78b1d9091ad8db4c188d60a14fef18f3ad3dbe7ff83cbe8dff79bfd6153c7ed1cd389e9f7b9c7a6e26400ce4987e3a284614ddac2f145d3c296c40fab3c3d4d71985b92f93f07ade5696bf494fd62b337e1bcfdc04123db74b51255868162e6614d0ea0313b5ee576e993d13bb0773f9b782f492b7739380525275fcce71c73644a3e780e000821bce0874880e6a48c259705c352abc867769d7f4e9d9224ea8fb083ced6288e5531e3df8cbfdde4ec54f92e335fe58b13ee42779f50a152b59e5647bb60b5a2cff17bf178cb4d794e6dfe96ddc334e07df48df5103f074f09b9c1e51edf8becfd750b362ef05068cfdeac312ec94c08d3fcd958401a39fa3b6829f5c5385af733c1f46aa755f6a6cf74212de8f0017b633bd9add04cfde9b5851532c677af658a06b84561292d93c0779f3fae58bfa37e83bf13b668c0896d5940ed40c625368c0f8035c264c5e3c09721d35dab0f4f6ce85f2e8285a2a1e6ac2e9e39490293e0f42e425b172481dbabf464f659a3c23b6be2e9bd221c9a25bb2b5b853c0a2882eb59dae51ffc4b370335650b8065aca7ec28d9342125878883df368490b09192bd338ab5e221f0236e146ebab6890c7e35d03551d8a745ce4d204cacf069185d32d4b16c10324924c8ba76388f9b0d655669bed7e17d6293537452dc538f64238824d04d5be7e1b0a1153cd5e2d27d859f3c5026369cf900e01e48f764f7aa505f38d57a383d56728de000b62933f9ea62939e6fe36648a1a2a3da1b2b79583bea6f08201f4c0ae834b11582d027c83050c403ce193d295db8fd4400023a198a46a15913b2336f7f05f7e5327f9cad1e9608e3bb42f2569b5ba4c264fb28c410e5ce5933717721dcca78068dbd04fb63d8801ba3aeef019ebf35de5cb0114aa49f7ca1234515cf2e86f8f61e7681ddeb29bf6986114d49bcdf6ec86e4a98139201581d6e3193e8bf7a40ccf6d5b48c0657cf990137451851707cc4aff6057e8357d9a171024fd6e1467c79681439a11d725a248e432ca5ad6ef722743897bcba55ddb23fce95f9883a5937a5781be6eab0f7637ddf70c2716134e4030e7137af696ec900041b894dfa0e51a8dcf01b8892c6c8262b9ae2f4d8d59b717bcc03eb66540c69bd6cb4a6a03981ad400bf74cc9df7f37275e45c4ba19dff50ecd254d4b96e3041e820cf7f9fa1c1d4c1b0e16539ef1735dac6ec798fbcd1d8d66c06f0300a039a1f9b1cabc799db276769c0fea939ea6316b3ca6e20d4e7e2d228ef21c2df144d142af792deed4371c538fde63a32319e3ce73187f7449bc43bd0ddd6b5f71ce4c051dd0eea2bc636d89f50be12feaa310d37a84de087a05f9699580249a2aa025b920b445d5631e43b830da663196c39d9c75920c9201b5723ccc9c675d3f348a9e63a8d2c3f2a2e9e53fa8d32f11d365462e8d5760edc86609bea42e4bbd559fdfa43095dfff9a9c1aef7d8faeb091b749e9c67e46ab4201e54d4e6d5432e85864bfabaf4f1e2b1c79316a55153bfdd71000081af305d53cb43f7f61aa2cdb2f191ef6e9e6ffb2d78c42b4799bbd29911782ed1642e17104f66b6d4f291929a0a41efcb7a9b1e65177513302a16093afea9b647e9684b93bceb2766ee2b3bde24c53616807902ea5f562efc62fec0a71fa90686671fee66135edd68fccc6d54d534d890054a6c958e0cb93d65f0ac4b0a2906975b117b79c319aeaca3a636c2a32a0450ce486371af4dd7e10403dd98f2757effa2432133f9e5cc0470754dbe95ccb0c9af2b088374027e64bc0d35081c45b4317ab323d4b0d7730f0f09d43674e0598ce2467b38ce2001673c74ce4aaa82114bd5a7fe5900a9e4747211fc2e19e3b2042f7becf8bb302cf9881d276150e021e92c1b346b2c93387380744fa93d0983a6152988df1139ee076d5180c5bf18a803bcdfa0e240f3bbc2332abb1351a657cfb67ebbe71107f0e34175f34c493a8e7d2431b2db26562b7871f0b1df054814badf033d4c5230b8c55ee29eb1c38010d7b47fc9eebdb32ae76b933fa8c7ef29a52828f4b017f4c317571301471ac1ad684dd722430295fde948698acbe727d5ce303638e3e2831857e68e0a4c756e992525b62b369a9e6f99c01851f2c3ea085dede5b5e76cf6cc0736a1148aa5c653a70d4bef435352d8335cd9f2f659f9539e5d41eafc730095860db93ae26e1c2e3a1483a512d127234a0ae7772addb6c76ea2078c39dd0d4f478edf4ad6f572037c244bd210c484f6a1cd7c66d0488b6e4e29574ad3be27206b659daaa40b25dffab4f1afe87bfc7cd2c242ab7dbf02210502b588619138cbb5ae3d4630b1ee0e3b396b9fda3be5eec52670fb799743f4836e07e27a6e3cfb7ccb31ce22e006cac3eb3d56088f4a27d2682c948f42b3eeaf47b0ac42b2e9fbc4a33d2d5121f6c18dd340384317cdc9b6a8eaae0c89098d27036b3d3ab815c6270052a389759d6ebe377ccaf5cf0ae90782216d2e11ab851a9e27a18b8cc99bd19881c0709bca71707ddb4cc846495fc9d4a4f5e9be7e5759f279e07e4f0d903e230925fc1f6091aeb0d9baad1621ad392c447bde0c736dfc8377f4555fa908284de7806aa05bb669b2c33a851faa12c0bddb9ee0a2a63bb3a72cce471243e9b3af02848215fcbce9024d2bfaaa323730743ad41e8465b2c140302a7e097c64b847908c5600d04df7ad010f880a75ac3ec7aa6b601364f33eb626645a0a67df76e34dd14b5ab92d219fa2720f0da6af7bf11bda0b2c64acdfed731d68427e519424e9f153a7ebb7aa8ee793ed356dab2fef5f517ff778c5770c8f274a4b07b00a2c9c36f7471886b159b6466391e38d3718b132a9d28a584ec174c81c2687d048e920d230ae2283399968155e3fb7b10664d8298860c56f9998718c63bc0a61b6ddd6eb10ab6ce6a53015bce3144df7d9a7aed50d23f52ec1e5e9bc9d302f7893c83690f14da69892b3afae8ff3ce43c8409eda4454a8b9a34f67aba77cecb24962d26643a7f64e49fe97702299eb76458da1f9de7c699b192aec4a9efa40b845e9ae1c433bb29fc644e642fba52cc76e9fbebb6a0dc73ff0ff393aec965abd3a1e128061d317e01789893628df0109adf3491e1ad6c9085778e97631372e1115199bbfe5310b5e61d19d5b9964be5013d7cf66b156c9f0ba5f164924250122596c358f026d06b4ffe3ab69623039ccd77a2715cd3b3c9bf5b93c31b59f8c605968e6d412b09c4e438b187d57674d5938747eb015e49dd1cae946aac7483a7b544391294a7e225342d9d1b4a33185c009a08be3751a3893ea116d4f75f8da74f72c4b374aab92b3653eb0de8ba81a36fbb43565a29cd2c036b9543a3b588f9fdb4a010f760ec518367f9b2ff1f0dbb586ed57bb24c1fe4f40c2df15c02f2a2a994eb29e193e0d184bf2e59961c0a77ae589658d28b6a8af223e393ba1a5ad5415561f285bc5c331f2b33abf5a97a81b7b16bcf223070fcb874457d0496cc8b4b8b078cc341693b20aa4a4e320636e5e864feeba444ae3cd9e91fb1c6416c97698a463256782a4c19ebb6f9f549ad240ea03d795a36760446b25470674ca0fb0b0244c727087685d3a972c4c3f5c4f08517442f100765d7c3bb6a980bfd5b8e17d2166d257009b475fb27c34e035f36a6bb4941021c344995fd2001c00aae290eca6d6832a8da0eaeda157d0e15886118ca95ef50ad503e075da06cd04127862201b876513c4200c5a9eceb37af2099504b37389703b7d5fb1a70bffebfc5192925cd9686790a8a37f567fc2290d2703d14823bfc20e6ccffe34af82c990383b421c1957dacf4f3b63d1ecc82f6fe97695b430637d037f6681595fe13b4649f27d4d7c0099195658ca1fb5796935e20d425aa957489eb2acdcf6ef42de611cb348346b31f6f7eaaa1185d3f7c191dd3716565fce322fc294c0d8f65c35af570d5efc843868bb4778cdf45c70e576d3bca3f9436649398fbfd6230d5d836d6d6422ed3328220bd5be4dd91142e57e26ccb84c88172821f155a776fba15ae1584cd6a043977e2777437d0b3c634c3977b90a14bba4be662895a32ad20d706db9df79737d71a5a723466c8d575e34526cb1d79ecb9d49b096eaf6a14996fbb56e5ed996dcbe08928ec038835cae3171bc5b321e3f4e82a02492b4eda6f4bb03821e2f1d806e6a54c2d20dae133a2ae3c633ef7781bcf4ac8f86f4b70c2720be0fc4c197c3a671421cb5e51c8851d217fccfdfd509a1c29868971ba93475a9945f7c5cf4f8c29555b7fd9fc18f500286db013caec294e89fa60ce84bc0759c6fe6f28d367fba93f560b448fa9750f3decad2231beea8407786cfbd24c4a6dcae2b8c6c1cc6787ddceb99647a072ec1f1ccf4b310a8787306d9745048f57658aef5bf701c72ef99cde2901016154f3b2c214250ae36e7fedf6be268c412b02e5be928de57872c2b26c3632dd0761269bf760b53bc647de802235efd150e1634ec34e9d23d71239de5f8f59c73d529cbef1fd9126ea7fe824c2cee92399f5c591301a90209a16adc238a12340cbd874d41150fc78e128a436e3537ac147b184da345e74f77dd958114b9e925c36b861a2a531478342134e1efa2cd5df11c744d23a98f2cb83d70326a3ce7ed9a6c5e83d09831c480b4bbd00224b5324e4458e03bc11e1d56059c6337da0aded513efe586e67ba6bd9afcbe135ce10da8dcd3973cd0471fa01b88c197d050ee729e2ddbbfbb6de616730e162f89c88f53bce690dea514291f429e6f5db0ebf92440b70736e50b15cfeaa41f5b61a26806724bfe9339803ed5e79fa2465838d6c435f72601188d2221bed065bae69a863b2efa7fd72498f887e48789bdc170380e58f3945bb8ed365b5499448f3aa06b98142f0a243cf57a56052625fa8fa9f9ce9deb96d1cd0cbebdad5fd104b92e3d071a2ef407208f8245ffb83166b4a1c50373b06ab9541c851b14274617feaf8a6e59673b89892daa55f329c76fafda50b99f4de60a7fdcad6c07bf1157fdf1d5938f276205efc84e44ef1f0f92d5326445896f3ca76fb1959f13f948f2bdcec2eafd34adf44aa7136a630c3fdac842fe96faaeeb940cb01d2942de20292eebfa23e847c23b3b1861dfd80863ce2d28891fa4bf6c6cdfe2c2ebb32a3d166a9936b999dd27ed287341958a7e9a7f0faa9d00576529c8655d9b2d7d28172916155d9a6b11a5518e85a9e89a3bad51544b148e6aefec4bcbd8a9a0ff588e623111b92e85b1a2891a290aa94bee67271f4ab681e7505c2c668ca4b13d040591dcf86e0b7ecb4780f9ab6445ead8869568e6ffb31983ee6b12744be7c2e7ba54c5b1b7d31aa79d9ea3275af73fb20c3e0d9b22609725565a639c9b", 0x85, 0x40050, &(0x7f0000000000)=@abs={0x1, 0x0, 0x4e20}, 0x6e) [ 176.283691] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 176.291107] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 176.291113] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 176.291119] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 176.291123] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:43 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0xffe4) 08:14:43 executing program 0 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:43 executing program 1: r0 = socket$inet6(0xa, 0x8000000000001, 0x8010000000000084) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x4e21, 0x0, @loopback}, 0x1c) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r1, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e21, @loopback}}}, 0x84) 08:14:43 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 176.349604] XFS (loop2): Invalid superblock magic number [ 176.386066] XFS (loop4): Invalid superblock magic number [ 176.460933] FAULT_INJECTION: forcing a failure. [ 176.460933] name failslab, interval 1, probability 0, space 0, times 0 [ 176.519444] CPU: 0 PID: 10461 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 176.526683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 176.536311] Call Trace: [ 176.539084] dump_stack+0x138/0x197 [ 176.543056] should_fail.cold+0x10f/0x159 [ 176.547228] should_failslab+0xdb/0x130 [ 176.551226] kmem_cache_alloc+0x2d7/0x780 [ 176.555394] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 176.561202] ? ext4_sync_fs+0x800/0x800 [ 176.565345] ext4_alloc_inode+0x1d/0x610 [ 176.569679] alloc_inode+0x64/0x180 [ 176.573471] new_inode_pseudo+0x19/0xf0 [ 176.577465] new_inode+0x1f/0x40 [ 176.580852] __ext4_new_inode+0x32c/0x4860 [ 176.585195] ? avc_has_perm+0x2df/0x4b0 [ 176.589187] ? ext4_free_inode+0x1210/0x1210 [ 176.593622] ? dquot_get_next_dqblk+0x160/0x160 [ 176.598313] ext4_mkdir+0x331/0xc20 [ 176.601965] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 176.606744] ? security_inode_mkdir+0xd0/0x110 [ 176.611349] vfs_mkdir+0x3ca/0x610 [ 176.614907] SyS_mkdir+0x1b7/0x200 08:14:43 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:43 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:43 executing program 5: syslog(0x2, &(0x7f0000000180)=""/87, 0xfffffffffffffd9e) ioctl$VIDIOC_G_SLICED_VBI_CAP(0xffffffffffffffff, 0xc0745645, &(0x7f0000000000)={0x81, [0x1, 0x6, 0x2, 0xfff, 0x2, 0xa508, 0x891, 0x1, 0xabaf, 0x200, 0x7, 0x9, 0x3ff, 0x5, 0x7ff, 0x8, 0xfffb, 0xe31, 0x1, 0x1, 0x8001, 0xffff, 0x0, 0xc514, 0x6, 0x8, 0x81, 0x7, 0x800, 0x1a5, 0x8000, 0xcf4, 0x2, 0x9, 0x8, 0x4, 0x80, 0x100, 0x1000, 0x101, 0x2, 0x9, 0x8001, 0x6, 0x3, 0x7, 0x7ff, 0x8], 0xb}) [ 176.618465] ? SyS_mkdirat+0x210/0x210 [ 176.622372] ? do_syscall_64+0x53/0x640 [ 176.626369] ? SyS_mkdirat+0x210/0x210 [ 176.630275] do_syscall_64+0x1e8/0x640 [ 176.634184] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 176.639170] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 176.644462] RIP: 0033:0x458e77 [ 176.647671] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 176.655392] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 176.662681] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 08:14:43 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:43 executing program 1: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgctl$MSG_STAT(0x0, 0xd, &(0x7f0000000080)=""/63) [ 176.669970] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 176.677712] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 176.677720] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:43 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:43 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205648, &(0x7f0000000080)={0x0, 0x1, 0xffff, [], &(0x7f0000000040)={0x990a7e, 0x2, [], @p_u32=&(0x7f0000000000)=0x2}}) syslog(0xa, &(0x7f0000000180)=""/102, 0x66) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VFIO_IOMMU_UNMAP_DMA(r1, 0x3b72, &(0x7f0000000140)={0x20, 0x0, 0xffff, 0xff, 0x40}) 08:14:43 executing program 1: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x5, &(0x7f0000000100), 0x4) 08:14:43 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 176.772410] XFS (loop4): Invalid superblock magic number [ 176.797990] XFS (loop2): Invalid superblock magic number 08:14:43 executing program 0 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:43 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:43 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:43 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:43 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_S_HW_FREQ_SEEK(r0, 0x40305652, &(0x7f0000000000)={0x5, 0x3, 0x6, 0x27a0, 0x5, 0x3, 0x4}) 08:14:43 executing program 1: fanotify_mark(0xffffffffffffffff, 0x18ccd6d3afa539a2, 0x0, 0xffffffffffffffff, 0x0) [ 176.941209] FAULT_INJECTION: forcing a failure. [ 176.941209] name failslab, interval 1, probability 0, space 0, times 0 08:14:43 executing program 5: ioctl$VIDIOC_S_AUDOUT(0xffffffffffffffff, 0x40345632, &(0x7f0000000000)={0x1, "cc090aecfef2607ea882781fde01ebf996cf273f405c0ec9f6f1eddc20eb36fa"}) r0 = syz_open_dev$evdev(&(0x7f0000000140)='/dev/input/event#\x00', 0xbb, 0x0) ioctl$EVIOCSABS0(r0, 0x401845c0, &(0x7f0000000180)={0x9, 0x4, 0x9, 0x7f, 0x4, 0xfffffffd}) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f00000001c0), 0x0) ioctl$BINDER_GET_NODE_DEBUG_INFO(r1, 0xc018620b, &(0x7f0000000040)={0x2}) syslog(0x0, &(0x7f00000000c0)=""/81, 0xfffffffffffffdb7) ioctl$EVIOCREVOKE(r0, 0x40044591, &(0x7f00000001c0)=0xf36c) [ 177.033517] CPU: 1 PID: 10525 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 177.040709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.050082] Call Trace: [ 177.052696] dump_stack+0x138/0x197 [ 177.056349] should_fail.cold+0x10f/0x159 [ 177.058178] XFS (loop4): Invalid superblock magic number [ 177.060604] should_failslab+0xdb/0x130 [ 177.060624] kmem_cache_alloc+0x2d7/0x780 [ 177.060636] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 177.079927] ? ext4_sync_fs+0x800/0x800 [ 177.084008] ext4_alloc_inode+0x1d/0x610 [ 177.088085] alloc_inode+0x64/0x180 [ 177.091860] new_inode_pseudo+0x19/0xf0 [ 177.091869] new_inode+0x1f/0x40 [ 177.091879] __ext4_new_inode+0x32c/0x4860 [ 177.091895] ? avc_has_perm+0x2df/0x4b0 [ 177.091905] ? ext4_free_inode+0x1210/0x1210 [ 177.091920] ? dquot_get_next_dqblk+0x160/0x160 [ 177.116814] ext4_mkdir+0x331/0xc20 [ 177.119554] XFS (loop2): Invalid superblock magic number [ 177.120473] ? ext4_init_dot_dotdot+0x4c0/0x4c0 08:14:43 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_ENUMAUDIO(r0, 0xc0345641, &(0x7f0000000000)={0x973, "2762663f0716ee68b5f80b26eafdf08576ffe6abd2b12d1a106b90851be86efa", 0x7ee4aa003042aa49}) 08:14:43 executing program 5: syz_emit_ethernet(0x5eb, &(0x7f0000000080)={@broadcast, @broadcast, [], {@ipv6={0x86dd, {0x0, 0x6, "02290f", 0x5b5, 0x3a, 0x0, @dev, @mcast2, {[], @icmpv6=@echo_request={0x80, 0x0, 0x0, 0x0, 0x0, "3890e5469eaab83147ee4bec19a1bd33eeac5aef69cf33ee20602792fc7eaffa8c2441b7d78194a324a12c03dd3a7e64fe5bc3185b285e281531ed3fc8b574c25ece21dc18266d4b8a6f81e041c1e561da7a8bb2d0ec9dc7055a54b5c8a0d06107c27ef2792670ad212aaf49408bf59cac096048bb35a8880a35ffdb27747fe00881760449d184456103184429474233c09ab853cd6839340b86c37523c87dbda583d09010d04173015d605ca90a8d8d6f73e37e49132ab7e967bfa65f3addaf093a3b53cea4efa02b6bd43bee7117d074bcb26041760406910d15840dc20257fcf3a486a8d1af6bf9074881245e4bc3c1cc56b6486ee2b4434f7ecb04aed76fd4e4baa026bfd8758c7ddc3c97cafc135ae75fbdb1bfa1b3e18962e5b547e30e62534c77ab07751b065664d896a1af9563c31e9014948390f6387c3107454e90b9ead2b0c30f3911cf3fe87603ad0ac6aacd9b735e38f35740defd3559856088912efb27fca512d1c3a1c9b9f61b74b265639e8b149485a2db5fb4d72a4fa7b2c72c3b20968f29af0899ace32c3f7740bf1221a31555257121b929a3ff0029bf3abec290a4fea162d7b6c62ef22132bcb955e3b79827a27847029543a331aa6ee885311b2dff1b105f9760ecf6b3d8f5298eb5f25bed898877e0597b2e490776e5d7ab1a1b45111d89b546c161fd914057e2d34940035383a59f5d66fa07c3380969df284d4ff0937cb04004a0cf019400268e671ab78f32456eece4e5866e3d1e862ab3f9168367ffc4afe3102b25709c8c29f682876c27d091c2ad8efb742b3600d781afa79f27e601df63c1678152dc296e310ac4d4817dd6601ed4260943568f14391d17693b458bcb16d717b94e34ec1e65f72f933331eb33c638a61501d6a61a750ca838aa4407639212a9b3a50e8a449648f5b73fe1f5d87498a101d50ee0ee3ac983a0b0e0a29a6a64e4610339c570937d41c5a6bd2b6b8ecec282397e37485dde08d4c3a3f64bd6cf98ce567748ceed50d58826465f7387607694e1779f92fec4e033ea8b8f2483c3707dc7119d2a7983547a1ca44d2b6a89deba36c32873e31a817754e006fc0671879533abece8283b7707d9fa3b57a03f7e7f0acf3b7a5d0c0958bb9e1aaada55fc56e2fad0e76b2afd1c14751548bca6138222644012d2c731f2662f1913e70cdabe36f78db61ff0925be27765cde41198d6563796c995f1e33961fe5a13f7e8d039642ab54dc5f9becb4bc4a870815ebb251ca28163ca6c6c4b998a96c3ca67e73b79c4f5362f0a90382ee2c1396ad760396d90e03a07a68206867eca6cdc21a267aca3aa544d72bddae08fddd8f3f0c56cf23235ed6d389012894886e562a94375e89c1dc35cf264abb02358ce7526764b9582b369647d798590bff2429fc6d7b754f39943a853ea5154a4b5332383ec30b785d32ece7724b751d26a7c1d8cbb9a748ca7df0b0bbcfabe56764a9f381cf57db8dd071528578766715b274e531773a898842ed64b9592cf9cf896d8245d733cbaa6eb02b13b1ba6c9bcd7aaba3753da05378a52d51bb498068c7f0deecf12c7a0d6b5036fe025d793b7696eb3122dd77cc6fde44d80157fd0eb3ff87e560e57eb556846dc7c26ca10738c81ac832bc1a8cc77e551d9941b2b4c4452c5dc1371799c77e6d6a9b81f30c224fbd158b31597fe1245cb7b03845cdfe840022be5be3bb8e47265dcf9206b5af4af0ba914a1de509ae49ccbc344757c4c1d09bf444c8eb793d0042a0eefb887eae01eda1b591fc749b15934b967869866da41c8adc634e2d30d2bf39a32f73e209808e4ef697df667ab103dca747c3ef84ae00ff519acd404be14df809db4a24d193806726cc687ca58ebb07dcdc5e4e387c4e8f8eb482a82f3b67e801e5fc07b5949a12484dae41f6e572b58bff3f5276088756d1702781ba4d44c70959f0292f1948303beb488fff07b77ba2013ea57a8ec331cfc13f7230aeea53cb49a7ac694f5d4390928d2c19244f8909ce0593032942ea68f01bb9e3f16443fc3353e33502c"}}}}}}, 0x0) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) syz_open_dev$video(&(0x7f0000000000)='/dev/video#\x00', 0xffffffffffffff90, 0x1b1b03) syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xfff, 0x40) fstat(0xffffffffffffffff, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0}) setuid(r0) 08:14:43 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000380)) r2 = syz_open_pts(r1, 0x0) dup2(r0, r2) [ 177.120490] ? security_inode_mkdir+0xd0/0x110 [ 177.120508] vfs_mkdir+0x3ca/0x610 [ 177.139106] SyS_mkdir+0x1b7/0x200 [ 177.142669] ? SyS_mkdirat+0x210/0x210 [ 177.146770] ? do_syscall_64+0x53/0x640 [ 177.150832] ? SyS_mkdirat+0x210/0x210 [ 177.150842] do_syscall_64+0x1e8/0x640 [ 177.150851] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 177.150866] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 177.150873] RIP: 0033:0x458e77 [ 177.150878] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 08:14:43 executing program 3: socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 177.180788] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 177.180793] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 177.180797] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 177.180802] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 177.180806] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:43 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500), 0x0, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 177.266412] syz-executor.5 (10569) used greatest stack depth: 23648 bytes left 08:14:44 executing program 0 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:44 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x0, 0x0, 0x3}, 0x0) rmdir(&(0x7f0000000140)='./bus\x00') ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) getpgrp(0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) getpgrp(0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = getpgrp(0x0) r5 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, r4, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000025c000)={0x400000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, r5, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) 08:14:44 executing program 5: syslog(0x4, &(0x7f0000000140)=""/83, 0x53) ioctl$VIDIOC_QUERYSTD(0xffffffffffffffff, 0x8008563f, &(0x7f0000000100)) r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x101000, 0x0) ioctl$DRM_IOCTL_MARK_BUFS(r0, 0x40206417, &(0x7f0000000080)={0x0, 0x101, 0x8, 0x621, 0x8, 0x5e4}) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f00000000c0)=0x4, 0x4) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f0000000040)={0x0, {0x0, 0x5}}) 08:14:44 executing program 3: socketpair$unix(0x1, 0x3, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:44 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 177.370559] XFS (loop4): Invalid superblock magic number 08:14:44 executing program 3: socketpair$unix(0x1, 0x3, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 177.465249] FAULT_INJECTION: forcing a failure. [ 177.465249] name failslab, interval 1, probability 0, space 0, times 0 [ 177.477157] CPU: 1 PID: 10609 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 177.484197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 177.494012] Call Trace: [ 177.494050] dump_stack+0x138/0x197 [ 177.494071] should_fail.cold+0x10f/0x159 [ 177.494084] should_failslab+0xdb/0x130 [ 177.494096] __kmalloc+0x71/0x7a0 [ 177.512480] ? mls_compute_context_len+0x3f6/0x5e0 [ 177.517448] ? context_struct_to_string+0x33a/0x630 [ 177.522494] context_struct_to_string+0x33a/0x630 [ 177.527376] ? security_load_policycaps+0x320/0x320 [ 177.527390] security_sid_to_context_core+0x18a/0x200 [ 177.527405] security_sid_to_context_force+0x2b/0x40 [ 177.527419] selinux_inode_init_security+0x493/0x700 [ 177.527431] ? selinux_inode_create+0x30/0x30 [ 177.527441] ? kfree+0x20a/0x270 [ 177.556271] security_inode_init_security+0x18d/0x360 [ 177.561596] ? ext4_init_acl+0x1f0/0x1f0 08:14:44 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000017c0)='/selinux/mls\x00', 0x0, 0x0) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x7a, &(0x7f00000001c0)={r5}, &(0x7f00000009c0)=0x14) getsockopt$inet_sctp_SCTP_MAXSEG(r2, 0x84, 0xd, &(0x7f0000001800)=@assoc_id=r5, &(0x7f00000028c0)=0x4) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000002900)={r6, 0x6}, 0x8) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$bt_l2cap_L2CAP_OPTIONS(r0, 0x6, 0x1, &(0x7f0000000000), &(0x7f0000000040)=0xc) [ 177.565969] ? security_kernel_post_read_file+0xd0/0xd0 [ 177.565981] ? posix_acl_create+0xf5/0x3a0 [ 177.565999] ? ext4_set_acl+0x400/0x400 [ 177.566009] ? lock_downgrade+0x740/0x740 [ 177.566021] ext4_init_security+0x34/0x40 [ 177.588582] __ext4_new_inode+0x3385/0x4860 [ 177.592943] ? ext4_free_inode+0x1210/0x1210 [ 177.597381] ? dquot_get_next_dqblk+0x160/0x160 [ 177.602081] ext4_mkdir+0x331/0xc20 [ 177.605866] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 177.610582] ? security_inode_mkdir+0xd0/0x110 08:14:44 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xac4495371bdc3f03}, 0xc, &(0x7f0000000080)={&(0x7f0000000140)={0x128, r1, 0xae995f7d67365447, 0x70bd29, 0x25dfdbfd, {}, [@TIPC_NLA_LINK={0x5c, 0x4, [@TIPC_NLA_LINK_PROP={0x2c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1d}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x17}, @TIPC_NLA_PROP_MTU={0x8}]}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x100}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz1\x00'}]}, @TIPC_NLA_BEARER={0xa4, 0x1, [@TIPC_NLA_BEARER_PROP={0x1c, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1f}]}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x2}, @TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @empty}}, {0x20, 0x2, @in6={0xa, 0x4e21, 0x400, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x200}}}}, @TIPC_NLA_BEARER_NAME={0x10, 0x1, @l2={'eth', 0x3a, 'bcsh0\x00'}}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xfffff752}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e22, @remote}}, {0x14, 0x2, @in={0x2, 0x4e24, @multicast2}}}}]}, @TIPC_NLA_MON={0x14, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x5db6ee8c}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x200}]}]}, 0x128}, 0x1, 0x0, 0x0, 0x40020}, 0x200088c4) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r2 = syz_open_dev$amidi(&(0x7f00000002c0)='/dev/amidi#\x00', 0x50, 0x200) sendmsg$TIPC_NL_BEARER_ENABLE(r2, &(0x7f0000000400)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x11002000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x70, r1, 0x0, 0x70bd2a, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x24, 0x6, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x80000001}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x3}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_SOCK={0x38, 0x2, [@TIPC_NLA_SOCK_REF={0x8, 0x2, 0xffff}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x8}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x15a70fbd}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x4}]}]}, 0x70}, 0x1, 0x0, 0x0, 0x20000c00}, 0xc800) [ 177.615183] vfs_mkdir+0x3ca/0x610 [ 177.618867] SyS_mkdir+0x1b7/0x200 [ 177.622417] ? SyS_mkdirat+0x210/0x210 [ 177.626355] ? do_syscall_64+0x53/0x640 [ 177.630335] ? SyS_mkdirat+0x210/0x210 [ 177.630349] do_syscall_64+0x1e8/0x640 [ 177.630358] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 177.630373] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 177.638315] RIP: 0033:0x458e77 [ 177.651529] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 177.659253] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 08:14:44 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000000)) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) setsockopt$inet6_tcp_buf(r0, 0x6, 0xd, &(0x7f0000000040)="88071ce0a81e09562d58f71cc702b80f2e841627", 0x14) [ 177.666535] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 177.673839] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 177.681256] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 177.681262] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:44 executing program 3: socketpair$unix(0x1, 0x3, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 177.732573] XFS (loop4): Invalid superblock magic number 08:14:44 executing program 5: syslog(0x1, &(0x7f00000000c0)=""/92, 0x5c) [ 177.796981] XFS (loop2): Invalid superblock magic number 08:14:44 executing program 0 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:44 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 177.986038] FAULT_INJECTION: forcing a failure. [ 177.986038] name failslab, interval 1, probability 0, space 0, times 0 [ 177.997845] CPU: 1 PID: 10657 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 178.005355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.014907] Call Trace: [ 178.017505] dump_stack+0x138/0x197 [ 178.021136] should_fail.cold+0x10f/0x159 [ 178.025280] should_failslab+0xdb/0x130 [ 178.029271] __kmalloc+0x71/0x7a0 [ 178.032717] ? mls_compute_context_len+0x3f6/0x5e0 [ 178.037776] ? context_struct_to_string+0x33a/0x630 [ 178.042802] context_struct_to_string+0x33a/0x630 [ 178.047639] ? security_load_policycaps+0x320/0x320 [ 178.052653] security_sid_to_context_core+0x18a/0x200 [ 178.058083] security_sid_to_context_force+0x2b/0x40 [ 178.063182] selinux_inode_init_security+0x493/0x700 [ 178.068389] ? selinux_inode_create+0x30/0x30 [ 178.072880] ? kfree+0x20a/0x270 [ 178.076253] security_inode_init_security+0x18d/0x360 [ 178.081455] ? ext4_init_acl+0x1f0/0x1f0 [ 178.085565] ? security_kernel_post_read_file+0xd0/0xd0 [ 178.090941] ? posix_acl_create+0xf5/0x3a0 [ 178.095173] ? ext4_set_acl+0x400/0x400 [ 178.099200] ? lock_downgrade+0x740/0x740 [ 178.103443] ext4_init_security+0x34/0x40 [ 178.107761] __ext4_new_inode+0x3385/0x4860 [ 178.112084] ? ext4_free_inode+0x1210/0x1210 [ 178.116492] ? dquot_get_next_dqblk+0x160/0x160 [ 178.121422] ext4_mkdir+0x331/0xc20 [ 178.125081] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 178.129747] ? security_inode_mkdir+0xd0/0x110 [ 178.134358] vfs_mkdir+0x3ca/0x610 [ 178.137893] SyS_mkdir+0x1b7/0x200 [ 178.141462] ? SyS_mkdirat+0x210/0x210 [ 178.145393] ? do_syscall_64+0x53/0x640 [ 178.149376] ? SyS_mkdirat+0x210/0x210 [ 178.153254] do_syscall_64+0x1e8/0x640 [ 178.157134] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 178.161974] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 178.167156] RIP: 0033:0x458e77 [ 178.170337] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 178.178040] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 178.185301] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 178.192604] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 178.199867] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 178.207127] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:44 executing program 1: r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0xee67, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_opts(r1, 0x29, 0x36, &(0x7f0000000340), 0x8) dup2(r0, r1) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) ioctl$PERF_EVENT_IOC_SET_OUTPUT(0xffffffffffffffff, 0x2405, 0xffffffffffffffff) 08:14:44 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:44 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:44 executing program 5: syz_genetlink_get_family_id$SEG6(&(0x7f0000000000)='SEG6\x00') syslog(0xd, &(0x7f0000000040)=""/101, 0x65) syz_open_dev$media(&(0x7f0000000200)='/dev/media#\x00', 0x80, 0x24000) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000240)='/proc/sys/net/ipv4/vs/amemthresh\x00', 0x2, 0x0) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$LOOP_GET_STATUS(r0, 0x4c03, &(0x7f0000000280)) syz_open_dev$midi(&(0x7f00000000c0)='/dev/midi#\x00', 0x3f, 0x2204) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='\xc6QO\x00\x00\x00\x00\xf6\x00\b\x00\xc5\x00', 0x101c01, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000100)='/proc/capi/capi20ncci\x00', 0x101401, 0x0) socket$caif_seqpacket(0x25, 0x5, 0x1) mmap$perf(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1000000, 0x10eca648cedbdd99, r2, 0x0) 08:14:45 executing program 0 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:45 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 178.370457] XFS (loop4): Invalid superblock magic number 08:14:45 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 178.461581] FAULT_INJECTION: forcing a failure. [ 178.461581] name failslab, interval 1, probability 0, space 0, times 0 [ 178.465285] audit: type=1400 audit(1570781685.144:51): avc: denied { map } for pid=10680 comm="syz-executor.5" path="/proc/capi/capi20ncci" dev="proc" ino=4026532262 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:proc_t:s0 tclass=file permissive=1 [ 178.473255] CPU: 1 PID: 10687 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 178.505899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.515479] Call Trace: [ 178.515497] dump_stack+0x138/0x197 [ 178.515514] should_fail.cold+0x10f/0x159 [ 178.527449] should_failslab+0xdb/0x130 [ 178.531446] __kmalloc+0x71/0x7a0 [ 178.535081] ? mls_compute_context_len+0x3f6/0x5e0 [ 178.540303] ? context_struct_to_string+0x33a/0x630 [ 178.540315] context_struct_to_string+0x33a/0x630 [ 178.540328] ? security_load_policycaps+0x320/0x320 [ 178.540341] security_sid_to_context_core+0x18a/0x200 [ 178.550860] security_sid_to_context_force+0x2b/0x40 [ 178.550874] selinux_inode_init_security+0x493/0x700 [ 178.550887] ? selinux_inode_create+0x30/0x30 [ 178.550895] ? kfree+0x20a/0x270 [ 178.550910] security_inode_init_security+0x18d/0x360 [ 178.550925] ? ext4_init_acl+0x1f0/0x1f0 [ 178.561437] ? security_kernel_post_read_file+0xd0/0xd0 [ 178.561449] ? posix_acl_create+0xf5/0x3a0 [ 178.561464] ? ext4_set_acl+0x400/0x400 [ 178.561473] ? lock_downgrade+0x740/0x740 [ 178.561486] ext4_init_security+0x34/0x40 [ 178.571708] __ext4_new_inode+0x3385/0x4860 [ 178.571728] ? ext4_free_inode+0x1210/0x1210 [ 178.571745] ? dquot_get_next_dqblk+0x160/0x160 [ 178.571761] ext4_mkdir+0x331/0xc20 [ 178.628867] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 178.633539] ? security_inode_mkdir+0xd0/0x110 [ 178.638254] vfs_mkdir+0x3ca/0x610 [ 178.641952] SyS_mkdir+0x1b7/0x200 [ 178.645618] ? SyS_mkdirat+0x210/0x210 [ 178.649624] ? do_syscall_64+0x53/0x640 [ 178.654512] ? SyS_mkdirat+0x210/0x210 [ 178.658405] do_syscall_64+0x1e8/0x640 [ 178.662521] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 178.667376] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 178.672579] RIP: 0033:0x458e77 [ 178.675801] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 178.683710] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 178.691043] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 178.698310] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 08:14:45 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 178.705780] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 178.713143] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:45 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:45 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:14:45 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) prctl$PR_SET_SECCOMP(0x16, 0x4, &(0x7f0000000040)={0x5, &(0x7f0000000000)=[{0x5, 0x8, 0x8, 0x7}, {0x0, 0x7f, 0x6, 0x76}, {0x401, 0x50, 0xf5, 0x6}, {0x1ff, 0x4, 0x20, 0x101}, {0x800, 0x0, 0x1f, 0xffffffff}]}) [ 178.757434] XFS (loop2): Invalid superblock magic number 08:14:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:45 executing program 0 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:45 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:45 executing program 5: syslog(0x4, &(0x7f0000000280)=""/113, 0xfffffffffffffeff) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000040)='/selinux/mls\x00', 0x0, 0x0) ioctl$VIDIOC_SUBDEV_S_FRAME_INTERVAL(r0, 0xc0305616, &(0x7f00000000c0)={0x0, {0x8, 0x4}}) r1 = socket$alg(0x26, 0x5, 0x0) dup(r1) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$TCSETS(r3, 0x5402, &(0x7f0000000000)={0x6, 0x6f91, 0x4, 0x401, 0xc, 0xa1, 0x0, 0x6, 0xffff, 0x96, 0x1, 0x800000}) [ 178.886570] XFS (loop4): Invalid superblock magic number [ 178.894780] FAULT_INJECTION: forcing a failure. [ 178.894780] name failslab, interval 1, probability 0, space 0, times 0 08:14:45 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 178.935031] CPU: 1 PID: 10729 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 178.942224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 178.951762] Call Trace: [ 178.954478] dump_stack+0x138/0x197 [ 178.958269] should_fail.cold+0x10f/0x159 [ 178.962446] should_failslab+0xdb/0x130 [ 178.966448] __kmalloc+0x2f0/0x7a0 [ 178.970008] ? check_preemption_disabled+0x3c/0x250 [ 178.975049] ? ext4_find_extent+0x709/0x960 [ 178.981925] ext4_find_extent+0x709/0x960 [ 178.986086] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 178.991583] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 178.996234] ? save_trace+0x290/0x290 [ 179.000061] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 179.005188] ? __lock_is_held+0xb6/0x140 [ 179.009574] ? lock_acquire+0x16f/0x430 [ 179.013701] ? ext4_map_blocks+0x829/0x17c0 [ 179.018335] ext4_map_blocks+0x881/0x17c0 [ 179.022520] ? ext4_issue_zeroout+0x160/0x160 [ 179.027153] ? __brelse+0x50/0x60 [ 179.030722] ext4_getblk+0xac/0x450 [ 179.034372] ? ext4_iomap_begin+0x8a0/0x8a0 [ 179.038821] ? ext4_free_inode+0x1210/0x1210 [ 179.043258] ext4_bread+0x6e/0x1a0 [ 179.046933] ? ext4_getblk+0x450/0x450 [ 179.056676] ext4_append+0x14b/0x360 [ 179.060600] ext4_mkdir+0x531/0xc20 [ 179.064230] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 179.068920] ? security_inode_mkdir+0xd0/0x110 [ 179.073876] vfs_mkdir+0x3ca/0x610 [ 179.077631] SyS_mkdir+0x1b7/0x200 [ 179.081168] ? SyS_mkdirat+0x210/0x210 [ 179.085305] ? do_syscall_64+0x53/0x640 [ 179.085863] XFS (loop4): Invalid superblock magic number [ 179.089276] ? SyS_mkdirat+0x210/0x210 [ 179.089291] do_syscall_64+0x1e8/0x640 [ 179.089301] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.089318] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 179.089326] RIP: 0033:0x458e77 [ 179.089334] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 179.124441] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 08:14:45 executing program 5: perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0xfd, 0x0, 0x0, 0x4, 0x0, 0x41c1, 0x210, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffff81, 0x0, @perf_config_ext, 0x13ac1, 0x0, 0x0, 0x0, 0xfffffffffffffffd}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fsetxattr$security_ima(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'aead\x00', 0x0, 0x0, 'gcm(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000080)="ab553fec94248c32e27d04000000288a", 0x10) sendmsg$alg(0xffffffffffffffff, 0x0, 0x0) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:45 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, 0x0, &(0x7f0000cab000)) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 179.131718] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 179.139177] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 179.146964] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 179.154842] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:45 executing program 0 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 179.181299] XFS (loop2): Invalid superblock magic number 08:14:45 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:45 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 179.300272] FAULT_INJECTION: forcing a failure. [ 179.300272] name failslab, interval 1, probability 0, space 0, times 0 [ 179.323635] CPU: 1 PID: 10779 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 179.330709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 179.340190] Call Trace: [ 179.342808] dump_stack+0x138/0x197 [ 179.346462] should_fail.cold+0x10f/0x159 [ 179.350638] should_failslab+0xdb/0x130 [ 179.354637] kmem_cache_alloc+0x2d7/0x780 [ 179.358920] ? rcu_read_lock_sched_held+0x110/0x130 [ 179.363957] ? __mark_inode_dirty+0x2b7/0x1040 [ 179.368559] ext4_mb_new_blocks+0x509/0x3990 [ 179.372990] ? ext4_find_extent+0x709/0x960 [ 179.377512] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 179.382126] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 179.387389] ? __lock_is_held+0xb6/0x140 [ 179.387408] ? lock_acquire+0x16f/0x430 [ 179.387430] ext4_map_blocks+0x881/0x17c0 [ 179.387445] ? ext4_issue_zeroout+0x160/0x160 [ 179.396596] ? __brelse+0x50/0x60 [ 179.396615] ext4_getblk+0xac/0x450 [ 179.396628] ? ext4_iomap_begin+0x8a0/0x8a0 [ 179.396640] ? ext4_free_inode+0x1210/0x1210 [ 179.396651] ext4_bread+0x6e/0x1a0 [ 179.396662] ? ext4_getblk+0x450/0x450 [ 179.429590] ext4_append+0x14b/0x360 [ 179.433378] ext4_mkdir+0x531/0xc20 [ 179.437014] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 179.441684] ? security_inode_mkdir+0xd0/0x110 [ 179.446434] vfs_mkdir+0x3ca/0x610 [ 179.450001] SyS_mkdir+0x1b7/0x200 [ 179.453544] ? SyS_mkdirat+0x210/0x210 [ 179.457526] ? do_syscall_64+0x53/0x640 [ 179.461729] ? SyS_mkdirat+0x210/0x210 [ 179.465672] do_syscall_64+0x1e8/0x640 [ 179.469608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 179.474453] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 179.479636] RIP: 0033:0x458e77 [ 179.482968] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 179.490777] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 179.498352] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 179.505705] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 179.517640] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 179.525038] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 179.536267] XFS (loop2): Invalid superblock magic number [ 179.563142] XFS (loop4): Invalid superblock magic number 08:14:48 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:14:48 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:48 executing program 5: syslog(0x3, &(0x7f0000000180)=""/99, 0xffa5) r0 = socket$inet_sctp(0x2, 0x5, 0x84) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x5, 0x40) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='+io -i\x00\x00\x00\x00pu +mem\a\x00\x00\x00-mry \x00\x00\x00'], 0x1d) ioctl$FIDEDUPERANGE(r1, 0xc0189436, &(0x7f0000000080)={0x0, 0xec15, 0x3, 0x0, 0x0, [{r0, 0x0, 0x9}, {r1, 0x0, 0x1}, {r1, 0x0, 0x98}]}) r2 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r2, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r3 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r3, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r3, 0x84, 0x70, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e23, 0x6f2, @ipv4, 0xe137}}, [0x7, 0x3, 0x6, 0xfa, 0x0, 0x1, 0x7, 0x3, 0x6, 0x3, 0x10000, 0x0, 0x8000, 0x9, 0x8]}, &(0x7f0000000100)=0x100) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000140)={r4, 0x401, 0x5, [0x6, 0x1, 0x7, 0x9, 0x6]}, &(0x7f0000000300)=0x12) 08:14:48 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:48 executing program 0 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:48 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:48 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:48 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/80, 0x50) [ 181.888154] FAULT_INJECTION: forcing a failure. [ 181.888154] name failslab, interval 1, probability 0, space 0, times 0 [ 181.925626] CPU: 1 PID: 10834 Comm: syz-executor.0 Not tainted 4.14.148 #0 08:14:48 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, 0x0) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:48 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 181.932699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 181.942068] Call Trace: [ 181.944669] dump_stack+0x138/0x197 [ 181.948317] should_fail.cold+0x10f/0x159 [ 181.952479] should_failslab+0xdb/0x130 [ 181.956465] kmem_cache_alloc+0x2d7/0x780 [ 181.960648] ? rcu_read_lock_sched_held+0x110/0x130 [ 181.965692] ? __mark_inode_dirty+0x2b7/0x1040 [ 181.970489] ext4_mb_new_blocks+0x509/0x3990 [ 181.974913] ? ext4_find_extent+0x709/0x960 [ 181.979271] ext4_ext_map_blocks+0x26cd/0x4fa0 08:14:48 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 181.983881] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 181.988919] ? __lock_is_held+0xb6/0x140 [ 181.993002] ? lock_acquire+0x16f/0x430 [ 181.997008] ext4_map_blocks+0x881/0x17c0 [ 182.001175] ? ext4_issue_zeroout+0x160/0x160 [ 182.005677] ? __brelse+0x50/0x60 [ 182.009148] ext4_getblk+0xac/0x450 [ 182.010423] XFS (loop2): Invalid superblock magic number [ 182.012780] ? ext4_iomap_begin+0x8a0/0x8a0 [ 182.022547] ? ext4_free_inode+0x1210/0x1210 [ 182.026972] ext4_bread+0x6e/0x1a0 [ 182.030519] ? ext4_getblk+0x450/0x450 [ 182.034420] ext4_append+0x14b/0x360 08:14:48 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000240)={0x1, 0x1, 0x1000, 0x4e, &(0x7f00000001c0)="6875adbfa4626c39dc8de5ddf924c74eee4440c9929a2ebd22a58d814d735ee840336ffddd9567b2c7d4697c4b996cb1a9ae5c7c062d780da14443342daf15a149ae6e4a5d1a1b1f95555371dcd1", 0x32, 0x0, &(0x7f0000000040)="7cb8686603136e19d4288a094db15e84e552e99595b01b0eb86785a6e98ad326174e482ebf78788c4fbde00869f33732d938"}) r2 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/capi/capi20ncci\x00', 0x200000, 0x0) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f00000000c0)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r3, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r3, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r5, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$VIDIOC_SUBDEV_ENUM_FRAME_SIZE(r5, 0xc040564a, &(0x7f0000000340)={0xffffffff, 0x0, 0x201c, 0x8, 0x4, 0x80000000, 0xf0d, 0x1}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)=ANY=[@ANYBLOB="009c1eced3e138a68ddd0428691f232d4d4937a358613cb9a2b50bcd248ac7", @ANYRES32=0x0], &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r3, 0x84, 0x7a, &(0x7f00000001c0)={r6}, &(0x7f00000009c0)=0x14) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r2, 0x84, 0x77, &(0x7f0000000100)={r6, 0x80, 0x6, [0x5, 0x0, 0x9, 0x51f, 0x0, 0x4ad]}, 0x14) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f0000000000)=0x7, 0xffffffffffffffd9) syslog(0x4, &(0x7f00000002c0)=""/94, 0x14) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000180)={r0, 0xe, 0x1, 0x0, &(0x7f0000000140)}, 0x20) [ 182.038236] ext4_mkdir+0x531/0xc20 [ 182.041882] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 182.046601] ? security_inode_mkdir+0xd0/0x110 [ 182.051203] vfs_mkdir+0x3ca/0x610 [ 182.054854] SyS_mkdir+0x1b7/0x200 [ 182.058404] ? SyS_mkdirat+0x210/0x210 [ 182.062385] ? do_syscall_64+0x53/0x640 [ 182.066370] ? SyS_mkdirat+0x210/0x210 [ 182.070265] do_syscall_64+0x1e8/0x640 [ 182.074160] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 182.079018] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 182.084214] RIP: 0033:0x458e77 [ 182.087423] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 182.096360] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 182.103691] XFS (loop4): Invalid superblock magic number [ 182.103807] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 182.116799] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 182.124081] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 182.131358] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:51 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/77, 0x4d) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x129, 0x3}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r0, &(0x7f0000000140)={0x8, 0x120, 0xfa00, {0x1, {0xa6, 0x2, "301d3d2c7f20372330218805579ce1ae549c14763def0971ba9a05d84fb4b076ef796633b3d845ec224c96702cc1d2538e8eef2eb9fd08e30a96a6182cefd9b8f0f891a7f62653d80e81e27f62326e5ca80d913e507cf54172e1bef30084ff89714955deb68e731c52fb02a0127c7a2b1b2efa3cb85329914652bf98b199f247b257f567b6c2dea19e41b1d33cf6307216e0f0c2c3b06475d6506524b0180c1549e3ef26193165a863c57721554005cbf76b193aeeee70e851f4ee94f21b15c02ec2b24feb87f650cd5d29fc4a67458a22c5eba72eb0a411a3d586c21e6cf956dde5caafa36ffc6e96869374bac8f73940b84a4ebe357a7e8c65d265f453d7e3", 0xae, 0xff, 0x7, 0x1, 0x40, 0xc5, 0x1}, r1}}, 0x128) 08:14:51 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:14:51 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) setresuid(0x0, 0x0, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r1, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:51 executing program 0 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:51 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:51 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 184.895574] FAULT_INJECTION: forcing a failure. [ 184.895574] name failslab, interval 1, probability 0, space 0, times 0 [ 184.933019] CPU: 0 PID: 10890 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 184.940099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 184.949456] Call Trace: [ 184.952035] dump_stack+0x138/0x197 [ 184.955731] should_fail.cold+0x10f/0x159 [ 184.959871] should_failslab+0xdb/0x130 [ 184.963857] kmem_cache_alloc+0x2d7/0x780 [ 184.968086] ? rcu_read_lock_sched_held+0x110/0x130 [ 184.973097] ? __mark_inode_dirty+0x2b7/0x1040 [ 184.977758] ext4_mb_new_blocks+0x509/0x3990 [ 184.981206] ptrace attach of "/root/syz-executor.1"[10907] was attempted by "/root/syz-executor.1"[10908] [ 184.982164] ? ext4_find_extent+0x709/0x960 [ 184.982189] ext4_ext_map_blocks+0x26cd/0x4fa0 [ 184.982206] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 184.982217] ? __lock_is_held+0xb6/0x140 [ 185.009825] ? lock_acquire+0x16f/0x430 [ 185.013791] ext4_map_blocks+0x881/0x17c0 [ 185.017927] ? ext4_issue_zeroout+0x160/0x160 [ 185.022402] ? __brelse+0x50/0x60 [ 185.025841] ext4_getblk+0xac/0x450 [ 185.029475] ? ext4_iomap_begin+0x8a0/0x8a0 [ 185.033800] ? ext4_free_inode+0x1210/0x1210 [ 185.038216] ext4_bread+0x6e/0x1a0 [ 185.041924] ? ext4_getblk+0x450/0x450 [ 185.045795] ext4_append+0x14b/0x360 [ 185.049492] ext4_mkdir+0x531/0xc20 [ 185.053104] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 185.057758] ? security_inode_mkdir+0xd0/0x110 [ 185.062326] vfs_mkdir+0x3ca/0x610 [ 185.065852] SyS_mkdir+0x1b7/0x200 [ 185.069377] ? SyS_mkdirat+0x210/0x210 [ 185.073248] ? do_syscall_64+0x53/0x640 [ 185.077205] ? SyS_mkdirat+0x210/0x210 [ 185.081075] do_syscall_64+0x1e8/0x640 [ 185.084942] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 185.089777] entry_SYSCALL_64_after_hwframe+0x42/0xb7 08:14:51 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:51 executing program 5: eventfd2(0x1, 0xc0000) syslog(0x3, &(0x7f0000000140)=""/101, 0x30) 08:14:51 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 185.095383] RIP: 0033:0x458e77 [ 185.098558] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 185.106273] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 [ 185.113540] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 185.120796] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 185.128059] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 185.135322] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:51 executing program 5: getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.redirect\x00', &(0x7f0000000140)=""/88, 0x58) r0 = socket(0x42000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2716, &(0x7f0000af0fe7)=""/13, &(0x7f0000000000)=0x390) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x4, 0x4) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:14:51 executing program 0 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 185.193181] XFS (loop2): Invalid superblock magic number 08:14:51 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 185.252916] XFS (loop4): Invalid superblock magic number [ 185.280682] FAULT_INJECTION: forcing a failure. [ 185.280682] name failslab, interval 1, probability 0, space 0, times 0 [ 185.292380] CPU: 0 PID: 10934 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 185.300184] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 185.309648] Call Trace: [ 185.312241] dump_stack+0x138/0x197 [ 185.315877] should_fail.cold+0x10f/0x159 [ 185.320012] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 185.324952] should_failslab+0xdb/0x130 [ 185.328941] kmem_cache_alloc+0x47/0x780 [ 185.333009] ? ext4_es_can_be_merged+0x16e/0x230 [ 185.337775] __es_insert_extent+0x26c/0xe60 [ 185.342104] ext4_es_insert_extent+0x1f0/0x590 [ 185.342166] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 185.342183] ext4_map_blocks+0xab1/0x17c0 [ 185.352549] ? ext4_issue_zeroout+0x160/0x160 [ 185.352562] ? __brelse+0x50/0x60 [ 185.352579] ext4_getblk+0xac/0x450 [ 185.352604] ? ext4_iomap_begin+0x8a0/0x8a0 [ 185.352614] ? ext4_free_inode+0x1210/0x1210 [ 185.352626] ext4_bread+0x6e/0x1a0 [ 185.352636] ? ext4_getblk+0x450/0x450 [ 185.384695] ext4_append+0x14b/0x360 [ 185.388420] ext4_mkdir+0x531/0xc20 [ 185.392763] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 185.397451] ? security_inode_mkdir+0xd0/0x110 [ 185.402047] vfs_mkdir+0x3ca/0x610 [ 185.405606] SyS_mkdir+0x1b7/0x200 [ 185.409160] ? SyS_mkdirat+0x210/0x210 [ 185.413055] ? do_syscall_64+0x53/0x640 [ 185.417034] ? SyS_mkdirat+0x210/0x210 [ 185.420931] do_syscall_64+0x1e8/0x640 [ 185.424824] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 185.429681] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 185.435573] RIP: 0033:0x458e77 [ 185.438763] RSP: 002b:00007f5bea504a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 185.446480] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000458e77 08:14:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:52 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 185.453758] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000080 [ 185.461046] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 185.468328] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 185.475625] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:52 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:52 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:52 executing program 5: syslog(0x1, &(0x7f00000000c0)=""/84, 0x54) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0xf574, 0x2000) bind$isdn(r0, &(0x7f0000000040)={0x22, 0x8, 0x6, 0x7, 0x6}, 0x6) [ 185.501131] BTRFS error (device loop0): superblock checksum mismatch [ 185.550538] BTRFS error (device loop0): open_ctree failed [ 185.607603] XFS (loop2): Invalid superblock magic number [ 185.679172] XFS (loop4): Invalid superblock magic number 08:14:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:14:54 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:54 executing program 5: r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) syslog(0xa, &(0x7f00000001c0)=""/92, 0x288) 08:14:54 executing program 0 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:54 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:54 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a7", 0x98, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:54 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f0000000040)={{0xa, 0x4e21, 0x3ff, @mcast1, 0x1466}, {0xa, 0x4e24, 0x6, @mcast1, 0xfffffe01}, 0x91d, [0x6, 0x8001, 0x5, 0xfffffffc, 0xffffff01, 0x100, 0xffff, 0x100]}, 0x5c) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000001c0)={r1, &(0x7f0000000140)="74cd5a0cb8c449295824eb8029a0dbe168d3a5ce156c0f8792d2275a779dd0fbe58978dcb01e4a6930a41ebe01ab57919be2ff1f2b3923e3a5d5c7223acc14f19b33bc968d1eac4a8e3e8d7992d2a3cfcfb705e3f2fc992545d1be61a11654d85e97f32d1f5b0323c81e9949640a8d"}, 0x20) sysfs$1(0x1, &(0x7f0000000000)=':+\x00') 08:14:54 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 188.221387] FAULT_INJECTION: forcing a failure. [ 188.221387] name failslab, interval 1, probability 0, space 0, times 0 [ 188.282530] CPU: 0 PID: 10997 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 188.289721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 188.299090] Call Trace: [ 188.301700] dump_stack+0x138/0x197 [ 188.305516] should_fail.cold+0x10f/0x159 [ 188.309685] should_failslab+0xdb/0x130 [ 188.313676] kmem_cache_alloc_trace+0x2e9/0x790 [ 188.318358] ? kasan_check_write+0x14/0x20 [ 188.322602] ? _copy_from_user+0x99/0x110 [ 188.326761] copy_mount_options+0x5c/0x2f0 08:14:55 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) write$input_event(r0, &(0x7f0000000000)={{}, 0x9f256d432959a85c, 0x280}, 0x18) 08:14:55 executing program 5: syslog(0x0, &(0x7f0000000140)=""/78, 0xfffffedb) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r0, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) signalfd(r0, &(0x7f0000000000)={0x4}, 0x8) [ 188.331007] SyS_mount+0x87/0x120 [ 188.334467] ? copy_mnt_ns+0x8c0/0x8c0 [ 188.338359] do_syscall_64+0x1e8/0x640 [ 188.342250] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 188.347100] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 188.352380] RIP: 0033:0x45c4aa [ 188.355572] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 188.363286] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 188.370564] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:14:55 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:55 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 188.378372] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 188.385652] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 188.392941] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 188.413543] XFS (loop2): Invalid superblock magic number [ 188.531814] XFS (loop4): Invalid superblock magic number 08:14:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:14:57 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:57 executing program 0 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:57 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:14:57 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:14:57 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x37) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r5 = getpid() ptrace(0x4206, r5) ptrace$getregset(0x4205, r5, 0x2, &(0x7f0000000000)={0x0, 0x10}) r6 = getpid() r7 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r7, 0x84, 0x1f, &(0x7f0000000480)={0x0, @in6={{0xa, 0x0, 0x7, @rand_addr="2b0775416dc1f2d7bdc477a3fed7c0bd"}}, 0x9}, 0x90) r8 = syz_open_dev$sndpcmp(&(0x7f0000000300)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) r9 = getpgrp(0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=0x81, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x3}, 0x0, 0x0, &(0x7f00000002c0)={0x0, 0x7, 0x7}, &(0x7f0000000340)=0x8d, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=0x4}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000004c0)={r9, r8, 0x0, 0x7, &(0x7f0000000100)='#wlan1\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xb, &(0x7f00000002c0)='em0@em0%.#\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r6, r7, 0x0, 0x8, &(0x7f0000000000)='GPLeth0\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r5, r4, 0x0, 0xc, &(0x7f0000000180)='/dev/uinput\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000003c0)={r1, 0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000380)='$$trustedlo\x00', r10}, 0x30) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000400)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@broadcast}, 0x0, @in=@loopback}}, &(0x7f0000000500)=0xe8) r13 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) fchown(r13, 0x0, 0x0) r14 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r14) r15 = socket$inet6_udplite(0xa, 0x2, 0x88) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$sock_cred(r15, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r16, @ANYBLOB=',wfdno=', @ANYRESHEX=r17, @ANYBLOB=',Qccess=', @ANYRESDEC=r18, @ANYBLOB=',\x00']) r19 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) lstat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r19, 0x0, r20) r21 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) lstat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r21, 0x0, r22) getgroups(0x9, &(0x7f0000000540)=[0x0, r20, 0xee00, 0xffffffffffffffff, 0xee00, 0x0, 0xee00, r22, 0x0]) r24 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r24, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r25 = openat$full(0xffffffffffffff9c, &(0x7f0000000580)='/dev/full\x00', 0x3450c1, 0x0) r26 = syz_init_net_socket$x25(0x9, 0x5, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000005c0)={0x0, 0x0}) r28 = getuid() r29 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r29, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$sock_cred(r29, 0x1, 0x11, &(0x7f0000000600)={0x0, 0x0, 0x0}, &(0x7f0000000640)=0xc) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000680)={0x0}, &(0x7f00000006c0)=0xc) getresgid(&(0x7f0000000700), &(0x7f0000000740), &(0x7f0000000780)=0x0) r33 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r33, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r34 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f00000007c0)='/selinux/mls\x00', 0x0, 0x0) r35 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r35, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r36 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r36, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r37 = bpf$OBJ_GET_MAP(0x7, &(0x7f0000000840)={&(0x7f0000000800)='./file0\x00', 0x0, 0x38}, 0x10) r38 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r38, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) getsockopt$inet6_IPV6_XFRM_POLICY(r38, 0x29, 0x23, &(0x7f0000000880)={{{@in=@local, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@initdev}}}, &(0x7f0000000980)=0xe8) r40 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) lstat(&(0x7f0000001800)='./file0\x00', &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r40, 0x0, r41) r42 = gettid() ptrace$setopts(0x4206, r42, 0x0, 0x0) tkill(r42, 0x37) ptrace$cont(0x18, r42, 0x0, 0x0) ptrace$setregs(0xd, r42, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r42, 0x0, 0x0) r43 = socket$inet6_udplite(0xa, 0x2, 0x88) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$sock_cred(r43, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f0000001980)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r44, @ANYBLOB=',wfdno=', @ANYRESHEX=r45, @ANYBLOB="2c6163636573733d141225031c568c084175dcaffc7a2432a2df96206bb29bec09121981a7a22cc594e448255d856f07e277bc21b95f07acdb03fdf24c7a4c1c5149c65ef8e4a442df4448ee171c735131578424e94d77402165d480d5569e1e6c7e2ef09995e737506bc551e1e02b7edf34b005d7908ec8f594d3c82c4f12cb3f5143a16e5289f779f6b5139092e9e5f115804bea680fa57da348a8d7dc015ac7e06a0e658e2f5fe36bd933196a5d068b3fa97f16c573482b08fcc0a29e7345cd303cf1", @ANYRESDEC=r46, @ANYBLOB=',\x00']) r47 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) lstat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r47, 0x0, r48) r49 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r49, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r50 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r50, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r51 = dup(r50) r52 = openat$selinux_access(0xffffffffffffff9c, &(0x7f00000009c0)='/selinux/access\x00', 0x2, 0x0) r53 = epoll_create(0x2) r54 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r54, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000a00)=0x0) r56 = socket$inet6_udplite(0xa, 0x2, 0x88) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$sock_cred(r56, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000015c0)=ANY=[@ANYBLOB="4cf84efd11c39f5900000000000000", @ANYRESHEX=r57, @ANYBLOB="2c7766646e6f3dcd8b57e1a660705a31d6f6a878982bab34ffcd6be153402bba572a067a3426feee1dbb11d2ab7cf1f1deb4bf4e2b50cfefc938a3fa3e3297bf56b9dd828af80787e52767f5444cb90ea2a2b42e96b2bcaca4e9bcb4d285b5b77848df80e97cae7ee102c5d7ccc0fd140aa0e36c1ec8738fb456fe2beb2265b1dc82fdda2837a3dfb09deea71846366fe1ff8313c31d4efa677c7eba88af50b75fc259786f3e01952d8291229f05d3c87ceadc83e383163ec0c7c7b295d2d8675ad4057085b83415701927d84a95c835aed73aed81027e74993135088694f467720d29ffd53dc65a8c402595dce86901a3cc011811b1e0a241e974bf14a1e038f62e2d4e7cfbcbf4170e6163bb4aa0240d1ecae264ef8b89d96fcf9b7011d47b7c2431af62e970d396d00540f7c936cefdd7bb93218324e6253f969929de95e652135dffdc1be56d6b07a17c8b2f812b74335941aa6c998dd7efb70a44ad07c6e1f0615b75a435eb6d589eea85640a04aa52036a9afe1d331b6500f0de91a7a97bb0c250e94f430aec409d785d07119e2b021316bd527d45504146a89190687fc311a6809cc5c1f6c89a6f361aae796596860fdfad94d3029d60f12100a0f3815cc83fbc12ea5d2834217230433dd7c7ed7995f6910ab4317684cec4d39311b6a1f3ea0e8f30ee21c83ca3529053", @ANYRESHEX=r58, @ANYBLOB=',access=', @ANYRESDEC=r59, @ANYBLOB]) fstat(0xffffffffffffffff, &(0x7f0000000a40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f00000010c0)=0x0) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, &(0x7f0000001100)={{{@in=@initdev, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@dev}, 0x0, @in6=@dev}}, &(0x7f0000001200)=0xe8) r63 = open(&(0x7f0000000080)='./file0\x00', 0x222c3, 0x0) lstat(&(0x7f00000011c0)='./file0\x00', &(0x7f0000001200)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) fchown(r63, 0x0, r64) r65 = gettid() ptrace$setopts(0x4206, r65, 0x0, 0x0) tkill(r65, 0x37) ptrace$cont(0x18, r65, 0x0, 0x0) ptrace$setregs(0xd, r65, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r65, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000001280)={r65, 0xffffffffffffffff, 0x0, 0x11, &(0x7f0000001240)='em1cpusetcpuset@\x00'}, 0x30) r67 = getgid() r68 = openat$cachefiles(0xffffffffffffff9c, &(0x7f00000012c0)='/dev/cachefiles\x00', 0x80, 0x0) r69 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r69, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r70 = timerfd_create(0x8, 0x800) r71 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r71, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r72 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r72, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r73 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000001300)='/dev/video0\x00', 0x2, 0x0) r74 = gettid() ptrace$setopts(0x4206, r74, 0x0, 0x0) tkill(r74, 0x37) ptrace$cont(0x18, r74, 0x0, 0x0) ptrace$setregs(0xd, r74, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r74, 0x0, 0x0) r75 = socket$inet6_udplite(0xa, 0x2, 0x88) pipe2$9p(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) getsockopt$sock_cred(r75, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000001c0)=0xc) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100)='9p\x00', 0x0, &(0x7f00000018c0)={'trans=fd,', {'rfdno', 0x3d, r76}, 0x2c, {'wfdno', 0x3d, r77}, 0x2c, {[{@access_uid={'access', 0x3d, r78}}], [{@obj_user={'obj_user', 0x3d, '^\x00\t'}}, {@fsname={'fsname', 0x3d, '/dev/uinput\x00'}}, {@smackfshat={'smackfshat', 0x3d, '/dev/video0\x00'}}]}}) stat(&(0x7f0000001340)='./file0\x00', &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r80 = syz_open_dev$rtc(&(0x7f0000001400)='/dev/rtc#\x00', 0x7, 0x40000) sendmmsg$unix(r0, &(0x7f0000001500)=[{&(0x7f0000000040)=@file={0x5d62aa1e7661f836, './file0\x00'}, 0x6e, &(0x7f0000000340)=[{&(0x7f0000000140)="37be66b664a00eb064e114105742deecded2b2a7bc6a4f4e42528bcb91ec4e41b35d47976c28135024b429e7e1693e120c0e5854cdc08dc32a3bea9e917ac67e61689a9838f6cc77dbc15fcb497fa1290561c2e867af43b2f99b38dc10b43628800c3dd2cb481f5ae90a1be6a23c16e497cb2bd702acee409cb62fd412caf2ad83b8c6a2a6d2a405551a42fcd0f2698c35b2932e5eaa6eca8631e6bd58c92f82ab62ca2e37c693764371b659da2b", 0xae}, {&(0x7f0000000200)="e02235c8112f7ace4ff2e96bd87d60c8f62d200d8abaa669133a1fe9c6a8b9aefc0fac35cdde1167b2f8cac4bd0a0c859b4deb75794f", 0x36}, {&(0x7f0000000240)="d6be5b850ee33eeafe659c478e9a8d2e837d47319f5cef6dc013beb7661c959dadb8bfcb029345c1d8e3c4460bb768292034368d8bdc83c8c7bb60c8042e122506356336fb325631e5081e9641779aa8aeec22fa909f7c53132416c60b53b5e8e8b3ac0d8fa6411d71be5144e9979dd843f47fdccd9f2818b94053c401e3edcca7a518e05784ee3394a6219f127f7a393a39803d1799af267b6ce2141dc41cd3a6b15a44e89675668f1c6928b19109e438ad52c17631bf9c65c7f5643d8114dc1ed017e06ba260dc05a8b199e8bafba985a3099ca6a8b2490682e369", 0xdc}], 0x3, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r11, @ANYRES32=r12, @ANYRES32=0x0, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r14, @ANYRES32=r18, @ANYRES32=r23, @ANYBLOB="000000001c000000000000000100000001548efa", @ANYRES32=r24, @ANYRES32=r25, @ANYRES32=r26, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r27, @ANYRES32=r28, @ANYRES32=r30, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r31, @ANYRES32, @ANYRES32=r32, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r33, @ANYRES32=r34, @ANYRES32=r35, @ANYRES32=r36, @ANYRES32=r37, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32, @ANYRES32=r39, @ANYRES32=r41, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r42, @ANYRES32=r46, @ANYRES32=r48, @ANYBLOB="0000000024000000000000000100000001000000", @ANYRES32=r49, @ANYRES32=r51, @ANYRES32=r52, @ANYRES32=r53, @ANYRES32=r54, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r55, @ANYRES32=r59, @ANYRES32=r60, @ANYBLOB='\x00\x00\x00\x00'], 0x150, 0x40}, {&(0x7f0000000c40)=@abs={0xb5a29e864038e111, 0x0, 0x4e22}, 0x6e, &(0x7f0000000e40)=[{&(0x7f0000000cc0)="f888835d6ccc005be99fc0236da956ac6726d3eb21de3eace2e7788adc6a8214f81b0b810b2f62fadc0264bbc840d0a6f299255d5ba8f42e648a1ad7a2d28495f35d4c37ff79f639cdae96d567091b31f5cce6f1f2de6331033bc4e67185e5847769c888bef99eb2499725d8ad67ef4cfc62b6337c180a89312c1bcbde27a32be03b409b5515eac800594d443e66228c369c86419c439c20f0bf4e697d98b6dcdc05b9e524ebb638a6d5b1cbfa9b922b", 0xb0}, {&(0x7f0000000d80)="adcf59ba5608482fa280a29aece4b3657959f26e48dfaefa6eaec9efe85d89d6898e6923bae4d02a3fff190d9fbca4a2a8a04088f5de95cb9897268bbce93b5ddea451df7dab1e2d54204cf47ee274b10db01ee6b84358198e8b8011adb04f6e29eee6971ac9486f78a75d8720dfa8fb490471320853630504cb10a69c098a279cbbbf103cbf927a4bb174563088eeecff10844c9ca9a9a7d518cefdc7f6561b14e3d3fed2034da2708a881f80d8ba15015e", 0xb2}], 0x2, 0x0, 0x0, 0x10}, {&(0x7f0000000e80)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000001080)=[{&(0x7f0000000f00)="02bae171ca757db91054d5467bebca72109a2a2959b1a71c93a633634ce8b8978e331a9a616f8c2a9800e7ea2b9dab17edf11f", 0x33}, {&(0x7f0000000f40)="cf22ce89d7820bf234a9cdb3318a035a449c826338c26d25db90d49431e68ba8fc2b0e34d6a917d579ff9201268b67f656e4332e2ea18e9f5ed02d5e90a2a41091864e6fa55c27ae41fc860dcbf44877a0ed219dd679e4881cae6b62467e866a0298ace1cb525eeba1ab19571603a8508f2765eea9f0a92d45b7c960a7349ea946d5b8ef5f74edda28d148ab14759829247ef64f7ab488e0e32ee771c471101ae03587a7aba536e09da95ed2", 0xac}, {&(0x7f0000001000)="422dc7fbbb118abc6e7eeb62d2b77c4670138799f1b5f1bc633b6fdf1ce6e8e893759d7d5a2161affeb6b300b051b6d8d490aeafdc3bc6385a4efb764c5f119ade962c93fc6fbb2145866be12558f347", 0x50}], 0x3, &(0x7f0000001440)=[@cred={{0x1c, 0x1, 0x2, {r61, r62, r64}}}, @cred={{0x1c, 0x1, 0x2, {r66, 0xee00, r67}}}, @rights={{0x28, 0x1, 0x1, [r68, r69, r70, r71, r72, r73]}}, @cred={{0x1c, 0x1, 0x2, {r74, r78, r79}}}, @rights={{0x14, 0x1, 0x1, [r80]}}], 0xa0, 0x4000000}], 0x3, 0x8056) 08:14:57 executing program 5: syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0x80, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000140)={@remote, 0x34, r1}) [ 191.288006] FAULT_INJECTION: forcing a failure. [ 191.288006] name failslab, interval 1, probability 0, space 0, times 0 [ 191.311908] CPU: 1 PID: 11062 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 191.319064] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.319070] Call Trace: [ 191.319086] dump_stack+0x138/0x197 08:14:58 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 191.319103] should_fail.cold+0x10f/0x159 [ 191.338832] should_failslab+0xdb/0x130 [ 191.338846] kmem_cache_alloc_trace+0x2e9/0x790 [ 191.338858] ? kasan_check_write+0x14/0x20 [ 191.338869] ? _copy_from_user+0x99/0x110 [ 191.338886] copy_mount_options+0x5c/0x2f0 [ 191.357288] XFS (loop4): Invalid superblock magic number [ 191.360126] SyS_mount+0x87/0x120 [ 191.360137] ? copy_mnt_ns+0x8c0/0x8c0 [ 191.360152] do_syscall_64+0x1e8/0x640 [ 191.360161] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.360177] entry_SYSCALL_64_after_hwframe+0x42/0xb7 08:14:58 executing program 5: r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) dup3(r0, r0, 0x80000) ioctl$VIDIOC_QUERYCTRL(r0, 0xc0445624, &(0x7f0000000040)={0xffffffdb, 0x1, "930d42a054402e0cb3a43c022ecf119a7d2fce5221211da435c11f23078093a5", 0x7, 0xffffffff, 0x1, 0x3, 0x10}) syslog(0x1b, &(0x7f0000000140)=""/102, 0xf1) 08:14:58 executing program 0 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:14:58 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 191.360185] RIP: 0033:0x45c4aa [ 191.360189] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 191.360200] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 191.360205] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 191.360211] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 191.360216] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 191.360222] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:14:58 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 191.366441] XFS (loop2): Invalid superblock magic number [ 191.548475] FAULT_INJECTION: forcing a failure. [ 191.548475] name failslab, interval 1, probability 0, space 0, times 0 [ 191.589699] CPU: 0 PID: 11104 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 191.596773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 191.606138] Call Trace: [ 191.608728] dump_stack+0x138/0x197 [ 191.612359] should_fail.cold+0x10f/0x159 [ 191.616503] should_failslab+0xdb/0x130 [ 191.620483] kmem_cache_alloc_trace+0x2e9/0x790 [ 191.625149] ? kasan_check_write+0x14/0x20 [ 191.629370] ? _copy_from_user+0x99/0x110 [ 191.633541] copy_mount_options+0x5c/0x2f0 [ 191.637780] SyS_mount+0x87/0x120 [ 191.641226] ? copy_mnt_ns+0x8c0/0x8c0 [ 191.645119] do_syscall_64+0x1e8/0x640 [ 191.648993] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 191.653826] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 191.658997] RIP: 0033:0x45c4aa [ 191.662170] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 191.669882] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 191.677137] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 191.684405] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 191.691749] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 191.699023] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:00 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:00 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:00 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:00 executing program 5: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/mixer\x00', 0x341000, 0x0) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r1, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) r2 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0xc764, 0x20800) ioctl$KVM_IRQFD(r0, 0x4020ae76, &(0x7f0000000080)={r1, 0x4, 0xce, r2}) r3 = socket$key(0xf, 0x3, 0x2) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x40}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r4, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f00000013c0)={{{@in6=@remote, @in6=@ipv4={[], [], @local}, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xff}, {0x0, 0x0, 0x0, 0x5}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@loopback, 0x0, 0x32}, 0x0, @in6=@remote, 0x0, 0x0, 0x0, 0x5}}, 0xe8) connect$inet6(r4, &(0x7f0000000140)={0xa, 0xffffffffffffffff, 0x0, @ipv4={[], [], @dev={0xac, 0x14, 0x14, 0x18}}}, 0x1c) sendmmsg(r4, &(0x7f0000000240), 0x5c3, 0x0) sendmsg$key(r3, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="0207000900160000a8a9897bbb73ec91"], 0x10}}, 0x0) socket$inet6(0xa, 0x3, 0x6) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x101801, 0x0) writev(r5, &(0x7f0000001880)=[{&(0x7f0000001840)="af", 0x1}], 0x1) ioctl$sock_inet_SIOCSARP(r5, 0x8955, &(0x7f0000000140)={{0x2, 0x4e23, @multicast2}, {0x6, @broadcast}, 0x28, {0x2, 0x4e23, @rand_addr=0x2}, 'hsr0\x00'}) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) sendmsg$nl_route_sched(r5, &(0x7f0000000240)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f00000018c0)=@newtaction={0x2218, 0x30, 0x4, 0x70bd26, 0x25dfdbfe, {}, [{0x1f94, 0x1, @m_pedit={0x1f90, 0x3, {{0xc, 0x1, 'pedit\x00'}, {0x1ea8, 0x2, [@TCA_PEDIT_KEYS_EX={0xfc, 0x5, [@TCA_PEDIT_KEY_EX={0x14, 0x6, [@TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x3}]}, @TCA_PEDIT_KEY_EX={0x54, 0x6, [@TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x5}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0xc424e8088432a03d}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x8}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x3}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x2}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x1ffda43b64aa82f0}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x2}]}, @TCA_PEDIT_KEY_EX={0x14, 0x6, [@TCA_PEDIT_KEY_EX_CMD={0x8}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x2}]}, @TCA_PEDIT_KEY_EX={0x14, 0x6, [@TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x1}]}, @TCA_PEDIT_KEY_EX={0x54, 0x6, [@TCA_PEDIT_KEY_EX_HTYPE={0x8}, @TCA_PEDIT_KEY_EX_HTYPE={0x8}, @TCA_PEDIT_KEY_EX_CMD={0x8}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x2}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0x1}, @TCA_PEDIT_KEY_EX_HTYPE={0x8}, @TCA_PEDIT_KEY_EX_CMD={0x8}, @TCA_PEDIT_KEY_EX_CMD={0x8}, @TCA_PEDIT_KEY_EX_HTYPE={0x8, 0x1, 0xcd086acade4b67c7}]}, @TCA_PEDIT_KEY_EX={0x14, 0x6, [@TCA_PEDIT_KEY_EX_CMD={0x8, 0x2, 0x1}, @TCA_PEDIT_KEY_EX_CMD={0x8}]}]}, @TCA_PEDIT_PARMS={0xee0, 0x2, {{{0x0, 0x0, 0x2, 0x2, 0x4}, 0xff, 0x6, [{0x401, 0x1ff, 0xb7c4, 0x8000, 0x0, 0x5}, {0x0, 0x4, 0x100, 0x8, 0x3, 0x10001}, {0x4, 0x0, 0x8, 0x0, 0x80000000, 0xe9}, {0x0, 0x4, 0x8, 0x2, 0x4, 0x719c6851}, {0x101, 0x3, 0xe9, 0xffffffff, 0x2, 0x7}, {0x4, 0x5, 0x0, 0x4, 0x3, 0x4}, {0x20, 0x6dbf4285, 0x20, 0xffff, 0x2b, 0x8}, {0x0, 0x6, 0x0, 0x7, 0x3, 0xfffffffb}]}, [{0x2, 0x8001, 0xff, 0x800, 0x9f, 0x6}, {0x4, 0x0, 0x232, 0x6, 0x401}, {0x5, 0x1, 0x2, 0x7f, 0x2, 0x2}, {0x7, 0xa9, 0x2, 0x7, 0xfffffff9, 0x8}, {0x6, 0xfffffffa, 0xfff, 0xf, 0x8, 0x3}, {0xfff, 0x1000, 0x800, 0x6, 0x0, 0x47}, {0xa1de, 0x4, 0x6, 0xc00, 0x1, 0x3ac}, {0xfff, 0x100, 0x400, 0x4, 0xffff, 0x401}, {0x624, 0x6, 0xf75e, 0x4, 0xfffffffe, 0x7}, {0x7, 0x2, 0x0, 0x7, 0x7fff, 0x3e}, {0xffff, 0x3, 0x20, 0xc47, 0x3, 0x4}, {0x100, 0x80, 0x7f, 0x4, 0x6}, {0x44b, 0x6, 0x101, 0x9, 0x8, 0x9}, {0x3, 0x7f, 0x2, 0xfd, 0x9, 0x80000000}, {0x10001, 0x1, 0x0, 0xfffffc00, 0x9c, 0x7fffffff}, {0x800, 0xcd, 0x1, 0x6f17, 0x3, 0x80000001}, {0x6, 0x7ff, 0x20, 0x0, 0xbc4, 0x4}, {0x7, 0x8, 0x81dd, 0x7fffffff, 0x82a, 0x80000001}, {0x2, 0x51a00000, 0x7, 0x7fff, 0x10001, 0x80}, {0x8, 0xdc, 0x5a76, 0x30, 0x6, 0x7}, {0x3, 0x93c1, 0x8, 0x3, 0x20, 0xfffffffc}, {0x81, 0xffffffff, 0xffffff8e, 0x0, 0x3, 0x3}, {0x1, 0x1, 0x1, 0x1, 0x8000, 0xffff844a}, {0x10000, 0x9, 0x1, 0xb39, 0x800, 0x7}, {0x500, 0x1000, 0x2800, 0x5, 0x81, 0x93}, {0x5cc, 0x7, 0x9, 0x400, 0xffffffc8, 0x5}, {0x9, 0x1ae087d, 0x8, 0x7fff, 0x0, 0x7}, {0x7, 0xe76, 0x3, 0x6, 0x2, 0x3}, {0x6, 0xd1, 0x7, 0x9, 0x8}, {0x3f, 0xfff, 0x1, 0x7ff, 0x401, 0x7}, {0x8, 0x1, 0x2, 0x8, 0x6, 0x2}, {0x9, 0x2f2, 0x5, 0x8, 0x1f, 0x1f}, {0x6, 0x9, 0x0, 0x4c6, 0x7, 0x1}, {0x3, 0x1, 0x2, 0x4, 0xc506, 0xffffffac}, {0x80000001, 0x7f, 0x1, 0x1, 0x0, 0x80}, {0x800, 0x6be, 0x6548, 0x40, 0x1f, 0x6}, {0x4, 0x8, 0x2, 0x10000, 0x800, 0x7ff}, {0x0, 0x0, 0x5, 0x0, 0xb078, 0xc0}, {0x7, 0xffffffff, 0x6, 0x6, 0x80000000, 0xe4}, {0x2, 0x7ff, 0xa52, 0x100, 0x4, 0x20}, {0xca64438e, 0x3, 0x403a, 0xffffff5f, 0x40}, {0x6, 0x3, 0xffff, 0x3, 0x5, 0x3}, {0x80000000, 0x101, 0xd8, 0x1ff, 0x1f, 0x2}, {0x80, 0x4f4, 0x3, 0x10001, 0x6, 0x2}, {0x0, 0x8, 0x5, 0x0, 0x7, 0x8}, {0x4, 0xfffffffc, 0x0, 0x0, 0x20, 0x40}, {0x7, 0x54e1, 0x1, 0x1f, 0x2, 0x4}, {0xe47, 0xffff, 0x3, 0x80000000, 0x1, 0x1}, {0x8, 0x1c00000, 0xffff1870, 0x6, 0x80000000, 0x5}, {0x7, 0x0, 0x1, 0x3, 0x3, 0xf7a}, {0x3, 0x7, 0x4, 0x0, 0x3, 0x2}, {0x3, 0x6, 0xcf9d, 0x2, 0x4, 0x1}, {0xfffffff8, 0x8, 0x1ff, 0x5, 0x0, 0x6}, {0xfffffffd, 0x3bb, 0x4, 0xad4f, 0xff, 0xba77}, {0x9c7e, 0x9, 0x81, 0x911, 0x72, 0x3}, {0x2, 0x0, 0x5, 0x3, 0xd03e, 0x7fff}, {0x4, 0xffffdc3e, 0x8, 0xa91, 0x0, 0x6}, {0x9, 0x1, 0xfffffffa, 0x1, 0x1, 0x7}, {0x1, 0x2, 0xc1c, 0x3, 0xdd, 0x2075}, {0x200000, 0x2, 0x8, 0xffff, 0x1, 0x7}, {0x5, 0x101, 0x7ff, 0x0, 0x4, 0x7e000000}, {0x6, 0x81, 0x400000, 0x1, 0x8, 0x9}, {0x6, 0x10000, 0x2, 0xfffffffa, 0x0, 0x2}, {0x2, 0xf715e8d2, 0x7, 0x55, 0x80, 0x900d}, {0x100, 0xffff, 0x2, 0x9, 0x2, 0xfffffff7}, {0x2, 0x6, 0xfffffeff, 0x9, 0xfff, 0x7f}, {0x7fffffff, 0x47b2, 0xfff, 0xfffffffd, 0x4, 0x5}, {0x7, 0x7f, 0x10000, 0x5, 0x1ff, 0x1fd}, {0x74, 0x20, 0xffffffff, 0x6, 0x9, 0x101}, {0x8000, 0x2, 0x0, 0x8, 0x200, 0xba}, {0x3ff, 0x982ec55, 0xffff, 0x7fff, 0x3f, 0x9}, {0x7b3, 0x3, 0x40, 0x7fffffff, 0x6, 0x1}, {0x0, 0x3, 0x401, 0x1, 0x5, 0x6}, {0x9, 0x2, 0xffff0000, 0x10000, 0x75b21d97}, {0xcc, 0x5, 0x895e, 0x101, 0x5, 0x400}, {0x4, 0x8, 0x0, 0xfffeffff, 0x1, 0x10000}, {0x1e0, 0x5, 0x9, 0xfb, 0x996e, 0x7ff}, {0x0, 0x3, 0x0, 0x4, 0x1, 0x5}, {0x9, 0x400, 0x401, 0x9, 0x5, 0xffffff7f}, {0x7f, 0x101, 0xffffff56, 0xffffffff, 0x4, 0x2bdf}, {0x9, 0x201f6567, 0x4, 0xffff, 0x1, 0x6}, {0x1ff, 0x8, 0x1, 0x3ff, 0x100, 0x5}, {0x10000, 0x6, 0x0, 0x3ae, 0xffffffff, 0x7}, {0x4, 0xaf, 0x45, 0x7, 0x4, 0x9}, {0x1, 0x0, 0x7fffffff, 0xd95, 0x2, 0x80f}, {0x1, 0x4424, 0x3, 0x7, 0xfffffff9, 0x2897}, {0x5, 0x1, 0x3ff, 0xde, 0x2, 0x101}, {0x8, 0x7, 0x3dc, 0x29, 0x2, 0x401}, {0xe96, 0x80000001, 0x6, 0x7, 0x9, 0x20}, {0xffffffff, 0x3, 0x7fff, 0x80, 0x10001}, {0x80000000, 0x1, 0x5, 0x1000, 0x191, 0x9}, {0x3f, 0x400, 0xa0, 0x80, 0x3d, 0x1000}, {0x3, 0x6, 0x21de, 0x80, 0x3, 0x2}, {0xffff8000, 0x1, 0x401, 0x80000001, 0x1, 0x9}, {0x3, 0xfffffff7, 0x0, 0x3f, 0x4, 0x4}, {0xeee5, 0x80000000, 0x401, 0x4, 0xffffff01, 0x1ff}, {0x6, 0x4c1, 0xa0c, 0x3e, 0x5, 0xe3c}, {0x1, 0x7fff, 0x1, 0x10001, 0x80000000, 0x5}, {0x7, 0xffff, 0x8001, 0x10001, 0x3, 0xfffffc0a}, {0xfff, 0x8, 0x4, 0x6, 0x2, 0x96b8}, {0x4, 0x0, 0xffff7fff, 0x8, 0x10, 0x6efea836}, {0x0, 0xbb, 0x3ffc, 0x1, 0x4, 0x10000}, {0x8, 0x7ff, 0x7ff, 0x6, 0x2, 0xf}, {0x3, 0x7, 0x3, 0x3f, 0x9, 0x1}, {0x0, 0x8, 0x101, 0x6, 0x3, 0x20}, {0x2, 0xcc2, 0x7f, 0x6, 0x4, 0xa9}, {0x6, 0x7, 0x7, 0x6, 0x2, 0x9}, {0x9, 0x5d7e, 0x9, 0xead3, 0x8, 0x6}, {0x6, 0x3, 0x3, 0x3, 0xffffffff, 0x2}, {0x5f5b, 0x4000, 0x8, 0x4060, 0x7, 0x9}, {0xca, 0x2, 0x0, 0x8, 0x800, 0x3d55aaf0}, {0xc61, 0x1f, 0x7, 0x101, 0xfffffff8, 0x1}, {0xc6, 0x9, 0x1000, 0x8, 0x5, 0x79}, {0x1, 0x5c, 0x0, 0xffff0000, 0x8}, {0x3, 0x1, 0x81, 0x1ff, 0x2, 0x5}, {0x0, 0x8, 0xb6c8, 0x7, 0x59, 0x8}, {0xffff, 0x1, 0x3, 0x1, 0x451, 0x2ea3}, {0x200, 0x7, 0x7, 0x9, 0x6, 0xfffeffff}, {0x8, 0x2, 0x800, 0xf2, 0x9}, {0x4, 0x1, 0x400, 0x400000, 0x10, 0x2}, {0x10000, 0x72, 0xffffffff, 0x3, 0x1, 0x7}, {0xbe02, 0x1e, 0x5, 0x8, 0x80000001, 0xa53d}, {0x1, 0x5, 0x2, 0xdb5, 0x9, 0x1}, {0x101, 0x7f, 0x31d3, 0x1772, 0xffff, 0x8}, {0x14000, 0x3, 0xf8000000, 0x800, 0x9, 0x401}, {0x6, 0x8000, 0x1, 0x3f, 0x9, 0x3}, {0x8d0, 0x7, 0x7ff, 0x1, 0xfffffffc, 0x934}, {0x4, 0x1, 0x6, 0xfff, 0x1, 0x5}], [{0x2, 0x1}, {0x1, 0x1}, {0x2, 0x3}, {0x3}, {0x4, 0x1}, {}, {0x2}, {0x4, 0x1}, {}, {0x2}, {0x4, 0x1}, {0x1, 0x5ec646f6ad1d39c}, {0x0, 0x1}, {0x9}, {0x5}, {0x3}, {0x0, 0x1}, {}, {0x2, 0x2}, {0x1}, {0x4}, {0x5, 0x1}, {0x3}, {0x0, 0x1}, {0x0, 0x2}, {0x4, 0x1}, {0x4, 0x1}, {0x4}, {0x0, 0x1}, {0x1, 0x1}, {}, {0x1, 0x1}, {0x2, 0x1}, {0x4, 0x1}, {0x2}, {0x5, 0x1}, {0x3}, {0x3}, {0x3}, {0x1, 0x1}, {}, {0x5}, {0x0, 0x1}, {0x1}, {0x5}, {0x1}, {0x3}, {0x3, 0xaf9eebc8420cd2cc}, {0x4}, {0x3, 0x1}, {0x2}, {0x6, 0x1}, {}, {0x0, 0x1}, {0x2, 0x2}, {0x1}, {0x4, 0x36e0f555503121ce}, {0x2, 0x1}, {0x5, 0x1}, {0x3}, {0x2, 0x58cfcf88e3e2ca83}, {0x0, 0x418c746df1804910}, {0x5, 0x1}, {0x3, 0x1}, {0x2, 0x1}, {0x1, 0x2}, {}, {0x3}, {0x0, 0x1}, {0x4, 0x1}, {0x2f462db8935ca5c9, 0x1}, {0x1}, {0x9e1eda2d841eafa2}, {0x3, 0x1}, {0x4, 0x1}, {0x4, 0x1}, {0x3}, {0x0, 0x1}, {0x5, 0x1}, {0x0, 0x2}, {0x5}, {0x0, 0xcdaeabecf3ec49be}, {0x4}, {0x7, 0x1}, {0x4, 0x1}, {0x0, 0x1}, {}, {0x5}, {0x3}, {0x3, 0x1}, {0x5}, {0x0, 0x1}, {0x8, 0x1}, {0x2, 0x1}, {0x4}, {0x2}, {0x4}, {0x1}, {0x5, 0x2}, {0x4}, {0x4, 0x2}, {0x3}, {0x2, 0x1}, {0x4, 0x2}, {0x2}, {}, {}, {0x8, 0x1}, {0x2}, {0x3, 0x1}, {0x5}, {0x1, 0x3}, {0x5, 0xc8167fa00f2d05be}, {0x3, 0x1}, {0x0, 0x1}, {0x4, 0x1}, {}, {0x4}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x5}, {0x3}, {0x5}, {0x0, 0x1}, {0x1}, {0x0, 0x1}, {0x3}], 0x1}}, @TCA_PEDIT_PARMS={0xec8, 0x2, {{{0x36e1, 0x3, 0x10000008, 0xfff, 0x9}, 0x8, 0x7, [{0x1, 0x0, 0x0, 0x7f, 0x3, 0x8}, {0xfffffc01, 0x8, 0x400, 0x2, 0x1, 0x7}, {0x7, 0x0, 0x2, 0xd73, 0x8, 0x43}, {0x655bddb7, 0x100, 0x3ff, 0x8, 0x7, 0x1020}, {0x0, 0x1, 0xedc5, 0x16, 0x0, 0x81}, {0x40, 0x200, 0x3, 0x3, 0x8001, 0x3a06}, {0x4804, 0x2, 0xff, 0x10000, 0x7, 0x1}]}, [{0x8000, 0x7fffffff, 0xe49, 0x6, 0x7, 0x40}, {0x1e3a, 0x2, 0x7, 0x3ff, 0x400, 0x9}, {0x0, 0x3, 0x200, 0x4, 0x2, 0x7}, {0x200, 0xd1, 0x4, 0x4, 0x9, 0x9}, {0xfffff800, 0x7, 0x100, 0x0, 0x800, 0x10000}, {0x7fff, 0x8, 0x800, 0x6, 0x5, 0x9}, {0x4, 0x7, 0x20, 0x4, 0x7, 0x7f}, {0x8, 0x10001, 0x3, 0xb0, 0x1f, 0x5}, {0x3, 0x9, 0x8, 0x8, 0x7, 0x2}, {0x400, 0xe72, 0x0, 0x5, 0x8, 0x5}, {0x1000, 0x6, 0x6, 0x7, 0x0, 0x4}, {0xa611, 0x62e, 0x8, 0x401, 0x8000, 0x5}, {0x800, 0x8, 0x7ff, 0x7, 0xf7}, {0x6, 0x80000001, 0x2, 0x7, 0x6, 0x3}, {0x4, 0x0, 0x9, 0xae, 0x100, 0x8f00}, {0x5, 0xfffffffb, 0x4, 0x6, 0x0, 0x84}, {0x9, 0x5b1, 0x6, 0x9, 0x9, 0x5a}, {0x256, 0x0, 0x9, 0x5, 0xd366, 0x3}, {0x8, 0x4, 0x0, 0x77e952b3, 0x6, 0xfe}, {0x5, 0x80000000, 0x0, 0xfffffffd, 0x6, 0x7}, {0x9, 0x0, 0x1, 0x400, 0x1, 0x6}, {0x6, 0x7, 0x445, 0x2, 0xb1, 0x7bf}, {0x8, 0x3f, 0x7, 0x8, 0xac, 0x2209400}, {0x9, 0x1, 0x7, 0x2, 0x3, 0x2}, {0x40, 0xad, 0xbe8e, 0x4, 0x5, 0x800}, {0x3, 0x5, 0x8, 0xa1, 0x2, 0x6}, {0x8, 0xf8, 0x9, 0x7, 0xf28, 0x1}, {0x80000000, 0x101, 0x3, 0x1911fe79, 0xf180, 0x9}, {0x81, 0x8, 0xdb3, 0x20, 0x8, 0x8}, {0x2, 0x1000, 0xffffffff, 0x7ff, 0x8, 0x5}, {0x3f, 0x4545, 0xffffffff, 0x3, 0x7, 0xb5}, {0x7ff, 0x2, 0x2, 0x8, 0x4, 0x5}, {0x10000, 0x3, 0x66d, 0x9, 0x66a877b7, 0x6}, {0x6, 0xff, 0x1, 0x800, 0x1bc}, {0x1f, 0xa4e7, 0x3, 0x5, 0x0, 0x20}, {0x40, 0x1, 0x3, 0x4a, 0x401, 0x7}, {0xcaab, 0x400, 0x7fff, 0x11c, 0x1000, 0x8}, {0x32db, 0x8001, 0x9, 0x6553c861}, {0x4ebf, 0x3, 0xfffffff9, 0x15, 0x4, 0x7fffffff}, {0xffffffe0, 0x5, 0xfffff800, 0x1, 0x0, 0x9}, {0x9, 0x9, 0x7, 0x1, 0x200, 0xff}, {0x9, 0x1000, 0x22, 0x8, 0x7, 0x36}, {0x2, 0x400, 0x80000001, 0x72, 0x8, 0xffffffff}, {0xfffffffc, 0x7f, 0x7, 0x7, 0x3, 0x4}, {0x4b, 0x8, 0x4, 0xffffffff, 0x5, 0xfffff70c}, {0x20, 0x8, 0x6, 0x0, 0xb566, 0x2}, {0xffff0000, 0x633f, 0x5, 0x1f, 0xff, 0x6}, {0x9c, 0x0, 0x8d53, 0x3, 0xebfd}, {0x100, 0x2, 0x8, 0x3f, 0x6, 0x5}, {0xfffffb51, 0x6, 0x8, 0x0, 0x200000, 0x5}, {0xb2a7, 0x7, 0x8, 0x9, 0x3, 0x7}, {0xaa, 0x72, 0x7, 0x0, 0x73, 0x3}, {0x6, 0x2, 0x4, 0x97, 0x0, 0x6}, {0x6, 0x5, 0x5, 0x5, 0x1f, 0x2}, {0x101, 0x4, 0x7, 0x20, 0x0, 0x1}, {0x3, 0x800, 0x9, 0xa1, 0x9, 0x3f}, {0x200, 0xcd8, 0xf38, 0x7ff, 0x9, 0x6}, {0x6, 0x5, 0x3, 0x5, 0x3, 0x93eb}, {0x1873, 0xffff404e, 0x2, 0x7fff, 0x8, 0x5}, {0x6, 0x1, 0x9, 0x58, 0x8, 0x20}, {0xfffffc00, 0x9, 0x6, 0x6, 0x6, 0x8}, {0x8, 0x1, 0x0, 0x7, 0x20, 0x8000}, {0x40, 0x0, 0x3, 0x2, 0xbb2, 0x1}, {0x1ea, 0x8, 0x3f, 0x3, 0x3, 0x4}, {0x1, 0x7ff, 0x3, 0x10001, 0x7, 0x6}, {0x4, 0x0, 0xa11c, 0x8, 0x1f, 0xfffffffa}, {0x1ff, 0x1f, 0x101, 0x4, 0x8001, 0x81}, {0x400, 0x0, 0x4, 0xfffffffd, 0x8000, 0x6c}, {0x7, 0x401, 0x3, 0x6, 0x6, 0x2}, {0x5, 0x8, 0x2, 0x5, 0x0, 0x8}, {0x3, 0x1, 0x4, 0x10001, 0x6, 0xfa}, {0x9, 0x401, 0x3, 0x9, 0x9, 0xcf5}, {0xe24, 0x19fc7288, 0x9, 0x3f, 0x5, 0x2b1c6a54}, {0x1b6, 0x7, 0xfff, 0x80, 0xffff, 0x7}, {0x101, 0x1, 0x800, 0x7, 0x20, 0x9}, {0x0, 0x0, 0x1, 0x4b, 0x92, 0x8001}, {0x4, 0x7ff, 0x3, 0x8, 0x280, 0x2}, {0x6, 0x283, 0x1, 0xffffffff, 0xd5}, {0x1800000, 0xfffffffa, 0xf1e2, 0x3, 0x5, 0x6}, {0x2e4, 0xa4, 0xff, 0x1, 0x7fffffff, 0x401}, {0x3, 0x10001, 0xf81, 0xae, 0x81, 0x7}, {0x9, 0xffffffe1, 0x3d6, 0xce, 0x5, 0x7}, {0x7, 0x1, 0x3, 0x2, 0x4, 0x100}, {0x1, 0x39, 0xffff1761, 0x70, 0x80000001, 0x9}, {0x7, 0x93a, 0x7fffffff, 0x7fff, 0x8, 0x6}, {0x2, 0x6, 0x0, 0x5, 0x80000001, 0x9}, {0xffff, 0xff, 0x53, 0x101, 0x0, 0x200}, {0x3ff, 0xfffffff9, 0xeb87, 0x1, 0x4, 0x5}, {0x401, 0x1, 0x5, 0x6, 0x5, 0x1}, {0x9, 0xfffffbff, 0x2, 0x1acc81e0, 0x1, 0x40}, {0x20, 0x5, 0xc97d, 0x800, 0x80, 0x1}, {0x8, 0x7b9fa95b, 0x2, 0xb179, 0x400, 0x6}, {0x3, 0x1, 0x200, 0x4, 0x4, 0xffffff00}, {0x1, 0x10000, 0x2, 0x800, 0x0, 0xffffff6e}, {0x9, 0x8, 0xd2, 0xff, 0x9, 0x9}, {0x0, 0x80, 0x9, 0x8, 0x5, 0xfffff691}, {0x1, 0x2, 0x7, 0x200, 0x6, 0xf78}, {0x3d7, 0x2, 0x3f, 0x8, 0x0, 0x3}, {0x7, 0x81, 0x2, 0x4, 0x7ff, 0x5}, {0x2, 0x450ac40, 0x11, 0x4, 0x3, 0xffff}, {0x3, 0xffff, 0x8, 0x4, 0x2, 0x9}, {0xa540, 0x9, 0x20, 0x101, 0xaa8c, 0x1}, {0x6, 0x7, 0x2000, 0x1000, 0xd4, 0x4}, {0x200, 0xdc1, 0x20, 0x9, 0x101, 0x3f}, {0x9, 0x0, 0x6, 0x80000001, 0x8000, 0x404}, {0x81, 0x800, 0x4, 0x7fffffff, 0x7, 0x3}, {0x3, 0x7, 0x4, 0x6d7c, 0x5, 0x9}, {0x80000000, 0xbd, 0x81, 0x101, 0x3093, 0x1ff}, {0x4, 0x6, 0x5, 0x0, 0xfff, 0x9}, {0x81, 0x1, 0x3, 0x5, 0x7fffffff, 0x4}, {0x7fff, 0xf2, 0x0, 0x7, 0x80000000, 0xdc4}, {0x9, 0x7, 0x6, 0x0, 0x50, 0x2}, {0x1, 0x4, 0x80000001, 0x8, 0x6, 0x8000}, {0x1, 0x9, 0x8, 0x9, 0x14, 0xc9}, {0x9, 0x1, 0x1, 0x7, 0xe, 0x8}, {0x9, 0x401, 0x1, 0x5, 0xffff263e, 0xe48}, {0x4, 0x8, 0xf0, 0x7, 0x3, 0x9}, {0x1, 0x3, 0x4, 0x7, 0x8, 0x46}, {0x7fffffff, 0x1674200, 0x2, 0x4, 0x5, 0x1ff}, {0x84d, 0xf904000, 0x8, 0x8, 0x5, 0x6}, {0x81, 0x4, 0x1, 0x6, 0x8, 0x1}, {0x9, 0xfffffffa, 0x6fc9dc63, 0x8, 0xfffffe9c, 0x2}, {0x0, 0x8fe, 0xffff, 0x79e387b0, 0x5d, 0x6}, {0x80000000, 0x84, 0x1ff, 0xc66, 0xff, 0x400}, {0x1, 0x10001, 0x1ff, 0xffffffff, 0x26afef09, 0x80000000}, {0xfffffffd, 0x6afae6bf, 0x101, 0xfffffffd, 0x4, 0x7}, {0x101, 0x0, 0x60000000, 0xfffffff9, 0x5, 0x81}, {0x8000, 0x3f, 0x8000, 0x3, 0xffffffe1, 0x5}], [{0x3, 0x1}, {0x4}, {0x4, 0x1}, {0x1, 0x1}, {}, {0x4}, {0x1}, {0x2, 0x2}, {}, {0x0, 0x2d3ed5f4287ae97b}, {0x0, 0x3754250ef1f1189b}, {0x8b0eee5b0f31968e}, {0x3}, {0x4, 0x7c4bd1e87cc2bf9}, {0x2}, {}, {0x1, 0x1}, {0x5}, {0x2, 0x1}, {0x1, 0x2}, {0x4, 0x1}, {0x3}, {0x2}, {0x2, 0x2}, {0x0, 0x1}, {0x1, 0xb50fdd46616de90c}, {0x3, 0x1}, {0x2}, {0x3, 0x2}, {0x4}, {0x0, 0x1}, {0x2}, {}, {0x1}, {0x1, 0x1}, {0x1, 0x2}, {0x2}, {}, {0x2}, {0x0, 0x4232a562ed8e1bd9}, {0x4}, {0x5}, {}, {}, {0x1, 0x1}, {0x1}, {0x0, 0x1}, {}, {0x4}, {0x2, 0x2}, {0x2, 0x2}, {0x3}, {0x5, 0xa8ae596c86f0d978}, {0x4, 0x3}, {0x2}, {0x2, 0x1}, {0x81695a9f07f78d24}, {0x4, 0x1}, {0x3, 0x3}, {0x1}, {}, {0x0, 0x1}, {0xe}, {0x3}, {0x2, 0x1}, {0x2}, {0x5}, {0x3}, {0x5}, {0x2, 0x1}, {0x2}, {0x0, 0x1}, {0x2, 0x1}, {0x3, 0x1}, {0x1}, {0x0, 0x1}, {0x0, 0x1}, {0x3, 0x3}, {}, {0x2}, {0x3, 0x1}, {}, {0x0, 0xb02fb10e5e3796f7}, {0x5, 0x1}, {0x2, 0x2}, {0x3}, {0x3, 0x3}, {0x2}, {0x5, 0x2}, {0x0, 0x1}, {0x5}, {0x1, 0x3}, {0x0, 0x3}, {0x2}, {}, {0x1, 0x1}, {0xb503f973952dcbbb, 0x1}, {0x3, 0x1}, {0x4}, {0x3, 0x1}, {0x1}, {0x3, 0x1}, {0x5}, {0x0, 0x4ffbcec08b4b30e6}, {0x5}, {0x6}, {0x3}, {0xc}, {0x4}, {0x5, 0x1}, {0x5, 0x3d398ff0967e09f0}, {0x7aa8930ade273a3, 0x1}, {0x4}, {0x5}, {0x2a22f662a2d511cb}, {0x4, 0x15886f0bc633fbf}, {0x5}, {0x5, 0x1}, {0x1, 0x3}, {0x0, 0x1}, {0x1, 0x2}, {0x3, 0x1}, {0x0, 0x1}, {0x3}, {0x4, 0x1}, {0x0, 0x2}, {0xab48d18b6786c47f}, {0x1}]}}]}, {0xd4, 0x6, "a74fd85e3f9c5921c73eecb0eba445a3c3ae5073455f091c9c77396bc31100cd7447f8f03baf4f1affea819a77a7b6ee90da0a52946b852cd0da5e8d4ea6eca425b32e2cf48b4254e1bc6f179731033aee34541f12ac0a37e4a5701ec4dabc754e7d508aa42dbbcf35300fae462d8e353e9a007d1d66877efe27160e910c10601563c7dab0e9dd909dfcb67871e668ce53c4ac18277db8b507fb1159f90a9ebc582ef254fced1b32d4d5f97b044561c07dd7eb922597da2973f304ef9735997f55676657566a3da87ed112de353748ec"}}}}, {0xd8, 0x1, @m_sample={0xd4, 0x6, {{0xc, 0x1, 'sample\x00'}, {0x84, 0x2, [@TCA_SAMPLE_RATE={0x8, 0x3, 0xb71f}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x9}, @TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x1000}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1ff, 0xf8000000, 0x10000000, 0x1f, 0x9}}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x60ea}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x1}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0xffff}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x101}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x1, 0x0, 0x3, 0xa0a8, 0x54b}}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x4, 0xffffffffffffffff, 0xcaf4, 0x1}}]}, {0x3c, 0x6, "e03a0a8410d632c7e3416df69cc45af8ad8bbfa32503091dc98d622783de619f23c55af8bb47aec8d97624ea5c5a9142cf518382e174"}}}}, {0xd4, 0x1, @m_skbedit={0xd0, 0x9, {{0xc, 0x1, 'skbedit\x00'}, {0x1c, 0x2, [@TCA_SKBEDIT_QUEUE_MAPPING={0x8, 0x4, 0x2}, @TCA_SKBEDIT_QUEUE_MAPPING={0x8, 0x4, 0x1}, @TCA_SKBEDIT_PTYPE={0x8, 0x7, 0x2}]}, {0xa0, 0x6, "bd894cb26be936e685bad7fa7cc388c31457eebcdb19b82d59e8d4b2f25e5a70c3f9df8a77b0fe9269e9eae473d8676b50978d51d7dca0373bd02a641f86810185832513c0e349b36279c80839a992e46fd24f6915ccf3af30404a6b0521ae7ff998c6215946408fac24a4fa378121a1dee1a2179a54488d49b21b4da97ba1acd10d61fc3ac3e659945863e61922519bcf8c59c309c831725c39"}}}}, {0xc4, 0x1, @m_sample={0xc0, 0x20, {{0xc, 0x1, 'sample\x00'}, {0x2c, 0x2, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8, 0x5, 0x1000}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x7fff}, @TCA_SAMPLE_RATE={0x8, 0x3, 0x9}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x7f}, @TCA_SAMPLE_TRUNC_SIZE={0x8, 0x4, 0x8}]}, {0x80, 0x6, "d9baaec5276cf484afdfd453241db30ffd9e2a955030fed0ad8c27cddb99b3d5b138024635678280af766cb6a1965f6c16920c0bdf141b94c9d2c70110192cd31c5753290abbd143f83fea451be89bf9e42db2480c3816c406e07bde6dbb0330c7be66f835c755253421acd77027746676045052b93737848092cd"}}}}]}, 0x2218}, 0x1, 0x0, 0x0, 0x800}, 0x0) 08:15:00 executing program 0 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 194.293627] FAULT_INJECTION: forcing a failure. [ 194.293627] name failslab, interval 1, probability 0, space 0, times 0 [ 194.315910] CPU: 1 PID: 11119 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 194.322979] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 194.332342] Call Trace: [ 194.334944] dump_stack+0x138/0x197 [ 194.338593] should_fail.cold+0x10f/0x159 [ 194.342753] should_failslab+0xdb/0x130 [ 194.346739] kmem_cache_alloc+0x2d7/0x780 [ 194.350896] ? lock_downgrade+0x740/0x740 [ 194.355287] alloc_vfsmnt+0x28/0x7d0 [ 194.359010] vfs_kern_mount.part.0+0x2a/0x3d0 [ 194.363520] do_mount+0x417/0x27d0 [ 194.367062] ? copy_mount_options+0x5c/0x2f0 [ 194.371476] ? rcu_read_lock_sched_held+0x110/0x130 [ 194.376499] ? copy_mount_string+0x40/0x40 [ 194.380749] ? copy_mount_options+0x1fe/0x2f0 [ 194.385256] SyS_mount+0xab/0x120 [ 194.388733] ? copy_mnt_ns+0x8c0/0x8c0 08:15:01 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 194.392650] do_syscall_64+0x1e8/0x640 [ 194.396537] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 194.401390] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 194.406605] RIP: 0033:0x45c4aa [ 194.406611] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 194.406623] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 194.406629] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 194.406635] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 08:15:01 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 194.406641] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 194.406647] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:01 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 194.507020] XFS (loop2): Invalid superblock magic number 08:15:01 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:01 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:01 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca", 0xa3, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 194.617105] XFS (loop4): Invalid superblock magic number [ 194.749624] XFS (loop4): Invalid superblock magic number [ 194.803786] XFS (loop2): Invalid superblock magic number 08:15:04 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:04 executing program 0 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:04 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:04 executing program 5: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x5, 0x0) r1 = getpid() ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) socket$kcm(0x2b, 0x5, 0x0) r2 = socket$kcm(0xa, 0x2, 0x73) ioctl$TUNGETSNDBUF(0xffffffffffffffff, 0x800454d3, &(0x7f0000000140)) sendmsg$kcm(r2, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='pids.events\x00', 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0) ioctl$TUNSETVNETBE(0xffffffffffffffff, 0x400454de, &(0x7f0000000380)) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$BPF_PROG_ATTACH(0x8, 0x0, 0xfffffffffffffdca) socketpair(0x0, 0x0, 0x100000000000, 0x0) perf_event_open(0x0, r1, 0x0, r0, 0x0) socketpair(0x1f, 0x0, 0xfffffffffffffffd, &(0x7f0000000200)) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000440)='lo\x00\x96o\xd6Q\xb9Y\xa9dJ,\x00\xd2\x97\x04\x03\xdc\r') ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000a00)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ') 08:15:04 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:04 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 197.362300] FAULT_INJECTION: forcing a failure. [ 197.362300] name failslab, interval 1, probability 0, space 0, times 0 [ 197.416812] CPU: 1 PID: 11201 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 197.423883] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.433249] Call Trace: [ 197.435832] dump_stack+0x138/0x197 [ 197.439464] should_fail.cold+0x10f/0x159 [ 197.443614] should_failslab+0xdb/0x130 [ 197.447575] kmem_cache_alloc_trace+0x2e9/0x790 [ 197.451828] XFS (loop4): Invalid superblock magic number [ 197.452240] ? kasan_check_write+0x14/0x20 [ 197.462439] ? _copy_from_user+0x99/0x110 [ 197.466580] copy_mount_options+0x5c/0x2f0 [ 197.470831] SyS_mount+0x87/0x120 [ 197.474269] ? copy_mnt_ns+0x8c0/0x8c0 [ 197.478142] do_syscall_64+0x1e8/0x640 [ 197.482097] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.486926] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 197.492099] RIP: 0033:0x45c4aa [ 197.495269] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 197.503090] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 197.510353] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:15:04 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 197.517613] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 197.524872] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 197.532267] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 197.539907] device lo entered promiscuous mode 08:15:04 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:04 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:04 executing program 0 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 197.608501] XFS (loop2): Invalid superblock magic number 08:15:04 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 197.674246] FAULT_INJECTION: forcing a failure. [ 197.674246] name failslab, interval 1, probability 0, space 0, times 0 [ 197.685760] CPU: 1 PID: 11248 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 197.692784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 197.692789] Call Trace: [ 197.692805] dump_stack+0x138/0x197 [ 197.692822] should_fail.cold+0x10f/0x159 [ 197.692836] should_failslab+0xdb/0x130 [ 197.692848] kmem_cache_alloc+0x2d7/0x780 08:15:04 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0xc, 0x2, [@IFLA_BOND_ARP_ALL_TARGETS={0x8}]}}}]}, 0x3c}}, 0x0) [ 197.692862] ? lock_downgrade+0x740/0x740 [ 197.692875] alloc_vfsmnt+0x28/0x7d0 [ 197.692887] vfs_kern_mount.part.0+0x2a/0x3d0 [ 197.692900] do_mount+0x417/0x27d0 [ 197.692909] ? copy_mount_options+0x5c/0x2f0 [ 197.692919] ? rcu_read_lock_sched_held+0x110/0x130 [ 197.692931] ? copy_mount_string+0x40/0x40 [ 197.692944] ? copy_mount_options+0x1fe/0x2f0 [ 197.692956] SyS_mount+0xab/0x120 [ 197.692964] ? copy_mnt_ns+0x8c0/0x8c0 [ 197.692975] do_syscall_64+0x1e8/0x640 [ 197.692983] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 197.692997] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 197.693004] RIP: 0033:0x45c4aa [ 197.693009] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 197.693019] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 197.693024] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 197.693030] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 197.693035] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 197.693040] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 197.772714] XFS (loop4): Invalid superblock magic number 08:15:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:07 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, 0x0) 08:15:07 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:07 executing program 0 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:07 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca", 0xa8, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:07 executing program 5: syz_mount_image$vfat(&(0x7f0000000100)='vfat\x00', &(0x7f0000000240)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={[{@fat=@errors_continue='errors=continue'}]}) [ 200.405047] FAT-fs (loop5): bogus number of reserved sectors [ 200.414214] FAT-fs (loop5): Can't find a valid FAT filesystem [ 200.431557] FAULT_INJECTION: forcing a failure. [ 200.431557] name failslab, interval 1, probability 0, space 0, times 0 [ 200.443313] CPU: 0 PID: 11289 Comm: syz-executor.0 Not tainted 4.14.148 #0 08:15:07 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, 0x0) [ 200.450387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.459748] Call Trace: [ 200.462341] dump_stack+0x138/0x197 [ 200.462360] should_fail.cold+0x10f/0x159 [ 200.462377] should_failslab+0xdb/0x130 [ 200.462389] __kmalloc+0x2f0/0x7a0 [ 200.470149] ? find_held_lock+0x35/0x130 [ 200.470161] ? pcpu_alloc+0xcf0/0x1050 [ 200.470174] ? btrfs_mount+0x19a/0x2b28 [ 200.470187] btrfs_mount+0x19a/0x2b28 [ 200.470196] ? lock_downgrade+0x740/0x740 [ 200.470204] ? find_held_lock+0x35/0x130 08:15:07 executing program 3: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, 0x0) [ 200.470212] ? pcpu_alloc+0x3af/0x1050 [ 200.470227] ? btrfs_remount+0x11f0/0x11f0 [ 200.470243] ? rcu_read_lock_sched_held+0x110/0x130 [ 200.516140] ? __lockdep_init_map+0x10c/0x570 [ 200.520650] ? __lockdep_init_map+0x10c/0x570 [ 200.525152] mount_fs+0x97/0x2a1 [ 200.528515] vfs_kern_mount.part.0+0x5e/0x3d0 [ 200.533033] do_mount+0x417/0x27d0 [ 200.536582] ? copy_mount_options+0x5c/0x2f0 [ 200.541000] ? rcu_read_lock_sched_held+0x110/0x130 [ 200.546025] ? copy_mount_string+0x40/0x40 [ 200.550275] ? copy_mount_options+0x1fe/0x2f0 [ 200.554790] SyS_mount+0xab/0x120 [ 200.558346] ? copy_mnt_ns+0x8c0/0x8c0 [ 200.562263] do_syscall_64+0x1e8/0x640 [ 200.566168] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.571026] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 200.576214] RIP: 0033:0x45c4aa [ 200.576226] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 200.576238] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 200.576243] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:15:07 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:07 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 200.576249] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 200.576255] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 200.576260] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:07 executing program 0 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 200.658706] XFS (loop2): Invalid superblock magic number [ 200.669530] FAT-fs (loop5): bogus number of reserved sectors [ 200.675777] XFS (loop4): Invalid superblock magic number [ 200.677067] FAULT_INJECTION: forcing a failure. [ 200.677067] name failslab, interval 1, probability 0, space 0, times 0 [ 200.693139] FAT-fs (loop5): Can't find a valid FAT filesystem [ 200.693737] CPU: 1 PID: 11326 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 200.706061] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.715415] Call Trace: [ 200.718015] dump_stack+0x138/0x197 [ 200.721656] should_fail.cold+0x10f/0x159 [ 200.725818] should_failslab+0xdb/0x130 [ 200.729806] kmem_cache_alloc+0x2d7/0x780 [ 200.733965] ? lock_downgrade+0x740/0x740 [ 200.738111] alloc_vfsmnt+0x28/0x7d0 [ 200.741847] vfs_kern_mount.part.0+0x2a/0x3d0 [ 200.746341] do_mount+0x417/0x27d0 [ 200.749863] ? copy_mount_options+0x5c/0x2f0 [ 200.754266] ? rcu_read_lock_sched_held+0x110/0x130 [ 200.759278] ? copy_mount_string+0x40/0x40 [ 200.763530] ? copy_mount_options+0x1fe/0x2f0 [ 200.768019] SyS_mount+0xab/0x120 [ 200.771461] ? copy_mnt_ns+0x8c0/0x8c0 [ 200.775353] do_syscall_64+0x1e8/0x640 [ 200.779231] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 200.784078] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 200.789256] RIP: 0033:0x45c4aa [ 200.792459] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 200.800169] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa 08:15:07 executing program 0 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 200.807430] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 200.814779] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 200.822040] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 200.829302] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 200.941496] FAULT_INJECTION: forcing a failure. [ 200.941496] name failslab, interval 1, probability 0, space 0, times 0 [ 200.954591] CPU: 1 PID: 11334 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 200.961637] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 200.971000] Call Trace: [ 200.973602] dump_stack+0x138/0x197 [ 200.977241] should_fail.cold+0x10f/0x159 [ 200.981403] should_failslab+0xdb/0x130 [ 200.985383] __kmalloc_track_caller+0x2ec/0x790 [ 200.990059] ? unwind_get_return_address+0x61/0xa0 [ 200.994992] ? __save_stack_trace+0x7b/0xd0 [ 200.999323] ? btrfs_parse_early_options+0xa3/0x310 [ 201.004348] kstrdup+0x3a/0x70 [ 201.007547] btrfs_parse_early_options+0xa3/0x310 [ 201.012402] ? btrfs_freeze+0xc0/0xc0 [ 201.016206] ? pcpu_alloc+0xcf0/0x1050 [ 201.020196] ? find_held_lock+0x35/0x130 [ 201.024257] ? pcpu_alloc+0xcf0/0x1050 [ 201.028149] btrfs_mount+0x11d/0x2b28 [ 201.031960] ? lock_downgrade+0x740/0x740 [ 201.036107] ? find_held_lock+0x35/0x130 [ 201.040172] ? pcpu_alloc+0x3af/0x1050 [ 201.044065] ? _find_next_bit+0xee/0x120 [ 201.048127] ? check_preemption_disabled+0x3c/0x250 [ 201.053150] ? btrfs_remount+0x11f0/0x11f0 [ 201.057394] ? rcu_read_lock_sched_held+0x110/0x130 [ 201.062419] ? __lockdep_init_map+0x10c/0x570 [ 201.066919] ? __lockdep_init_map+0x10c/0x570 [ 201.071419] mount_fs+0x97/0x2a1 [ 201.074789] vfs_kern_mount.part.0+0x5e/0x3d0 [ 201.079298] do_mount+0x417/0x27d0 [ 201.082837] ? copy_mount_options+0x5c/0x2f0 [ 201.087250] ? rcu_read_lock_sched_held+0x110/0x130 [ 201.092273] ? copy_mount_string+0x40/0x40 [ 201.096497] ? copy_mount_options+0x1fe/0x2f0 [ 201.100985] SyS_mount+0xab/0x120 [ 201.104426] ? copy_mnt_ns+0x8c0/0x8c0 [ 201.108295] do_syscall_64+0x1e8/0x640 [ 201.112164] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 201.116993] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 201.122170] RIP: 0033:0x45c4aa [ 201.125349] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 201.133138] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 201.140416] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 201.147674] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 201.154937] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 201.162200] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:10 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:10 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0xa) bind$rxrpc(r0, &(0x7f00000000c0)=@in6={0x21, 0x3, 0x2, 0x1c, {0xa, 0x0, 0x0, @loopback}}, 0x24) 08:15:10 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:10 executing program 0 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 203.410350] FAULT_INJECTION: forcing a failure. [ 203.410350] name failslab, interval 1, probability 0, space 0, times 0 [ 203.425852] CPU: 0 PID: 11352 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 203.432918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.432925] Call Trace: [ 203.432943] dump_stack+0x138/0x197 [ 203.432961] should_fail.cold+0x10f/0x159 [ 203.432974] should_failslab+0xdb/0x130 08:15:10 executing program 5: recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, 0x0}, 0x4}], 0x1, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x3}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='comm\x00') preadv(r0, &(0x7f00000017c0), 0x3a8, 0x0) [ 203.432984] __kmalloc_track_caller+0x2ec/0x790 [ 203.432997] ? kstrdup_const+0x48/0x60 [ 203.461339] kstrdup+0x3a/0x70 [ 203.468397] kstrdup_const+0x48/0x60 [ 203.468411] alloc_vfsmnt+0xe5/0x7d0 [ 203.468424] vfs_kern_mount.part.0+0x2a/0x3d0 [ 203.468433] ? find_held_lock+0x35/0x130 [ 203.468445] vfs_kern_mount+0x40/0x60 [ 203.480336] btrfs_mount+0x3ce/0x2b28 [ 203.480349] ? lock_downgrade+0x740/0x740 [ 203.480356] ? find_held_lock+0x35/0x130 [ 203.480366] ? pcpu_alloc+0x3af/0x1050 [ 203.480380] ? btrfs_remount+0x11f0/0x11f0 08:15:10 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') fchmod(r0, 0x0) [ 203.480395] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.513339] ? __lockdep_init_map+0x10c/0x570 [ 203.517845] ? __lockdep_init_map+0x10c/0x570 [ 203.522361] mount_fs+0x97/0x2a1 [ 203.525742] vfs_kern_mount.part.0+0x5e/0x3d0 [ 203.530246] do_mount+0x417/0x27d0 [ 203.533795] ? copy_mount_options+0x5c/0x2f0 [ 203.538206] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.538221] ? copy_mount_string+0x40/0x40 [ 203.547464] ? copy_mount_options+0x1fe/0x2f0 [ 203.551967] SyS_mount+0xab/0x120 [ 203.551980] ? copy_mnt_ns+0x8c0/0x8c0 08:15:10 executing program 5: getpid() perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) syz_emit_ethernet(0x300502, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60b4090000022b0000000000000000000000ffffe06f0002ff020000000000000000000000000001880090780009040060b680fa0000000000000000000000000000ffffffffffff00000000000000000000ffffac14ffbb"], 0x0) [ 203.551994] do_syscall_64+0x1e8/0x640 [ 203.552005] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.568054] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 203.573308] RIP: 0033:0x45c4aa [ 203.576503] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 203.584219] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 203.591502] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 203.598766] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 08:15:10 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 203.598772] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 203.598777] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 203.627285] XFS (loop4): Invalid superblock magic number 08:15:10 executing program 0 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 203.646099] audit: type=1400 audit(1570781710.324:52): avc: denied { map } for pid=11384 comm="syz-executor.5" path="/dev/nullb0" dev="devtmpfs" ino=13996 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:device_t:s0 tclass=blk_file permissive=1 [ 203.700323] XFS (loop2): Invalid superblock magic number 08:15:10 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:10 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 203.717572] FAULT_INJECTION: forcing a failure. [ 203.717572] name failslab, interval 1, probability 0, space 0, times 0 [ 203.744001] CPU: 1 PID: 11396 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 203.751074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 203.751082] Call Trace: [ 203.763049] dump_stack+0x138/0x197 [ 203.766690] ? vprintk_func+0x65/0x159 [ 203.770592] should_fail.cold+0x10f/0x159 [ 203.774753] should_failslab+0xdb/0x130 [ 203.778731] __kmalloc_track_caller+0x2ec/0x790 [ 203.783395] ? unwind_get_return_address+0x61/0xa0 [ 203.788317] ? __save_stack_trace+0x7b/0xd0 [ 203.792624] ? btrfs_parse_early_options+0xa3/0x310 [ 203.797647] kstrdup+0x3a/0x70 [ 203.800824] btrfs_parse_early_options+0xa3/0x310 [ 203.805650] ? save_trace+0x290/0x290 [ 203.809439] ? btrfs_freeze+0xc0/0xc0 [ 203.813221] ? pcpu_alloc+0xcf0/0x1050 [ 203.817095] ? find_held_lock+0x35/0x130 [ 203.821136] ? pcpu_alloc+0xcf0/0x1050 [ 203.825006] btrfs_mount+0x11d/0x2b28 [ 203.828791] ? lock_downgrade+0x740/0x740 [ 203.832920] ? find_held_lock+0x35/0x130 [ 203.836964] ? pcpu_alloc+0x3af/0x1050 [ 203.840834] ? _find_next_bit+0xee/0x120 [ 203.844879] ? check_preemption_disabled+0x3c/0x250 [ 203.849876] ? btrfs_remount+0x11f0/0x11f0 [ 203.854111] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.859117] ? __lockdep_init_map+0x10c/0x570 [ 203.863610] ? __lockdep_init_map+0x10c/0x570 [ 203.868098] mount_fs+0x97/0x2a1 [ 203.871458] vfs_kern_mount.part.0+0x5e/0x3d0 [ 203.875944] ? find_held_lock+0x35/0x130 [ 203.879999] vfs_kern_mount+0x40/0x60 [ 203.883791] btrfs_mount+0x3ce/0x2b28 [ 203.887583] ? lock_downgrade+0x740/0x740 [ 203.891715] ? find_held_lock+0x35/0x130 [ 203.895767] ? pcpu_alloc+0x3af/0x1050 [ 203.899638] ? btrfs_remount+0x11f0/0x11f0 [ 203.903862] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.908868] ? __lockdep_init_map+0x10c/0x570 [ 203.913356] ? __lockdep_init_map+0x10c/0x570 [ 203.917836] mount_fs+0x97/0x2a1 [ 203.921189] vfs_kern_mount.part.0+0x5e/0x3d0 [ 203.925668] do_mount+0x417/0x27d0 [ 203.929199] ? copy_mount_options+0x5c/0x2f0 [ 203.933589] ? rcu_read_lock_sched_held+0x110/0x130 [ 203.938598] ? copy_mount_string+0x40/0x40 [ 203.942996] ? copy_mount_options+0x1fe/0x2f0 [ 203.947477] SyS_mount+0xab/0x120 [ 203.950920] ? copy_mnt_ns+0x8c0/0x8c0 [ 203.954791] do_syscall_64+0x1e8/0x640 [ 203.958659] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 203.963490] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 203.968660] RIP: 0033:0x45c4aa [ 203.971927] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 203.979704] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 203.986955] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 203.994241] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 204.001498] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 204.008747] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 204.089517] XFS (loop5): Invalid superblock magic number [ 204.119038] XFS (loop4): Invalid superblock magic number 08:15:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:13 executing program 0 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:13 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef", 0xab, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 206.469604] FAULT_INJECTION: forcing a failure. [ 206.469604] name failslab, interval 1, probability 0, space 0, times 0 [ 206.493634] CPU: 1 PID: 11445 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 206.500700] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.510060] Call Trace: [ 206.512664] dump_stack+0x138/0x197 [ 206.516316] should_fail.cold+0x10f/0x159 [ 206.520489] should_failslab+0xdb/0x130 [ 206.524472] __kmalloc_track_caller+0x2ec/0x790 [ 206.529144] ? unwind_get_return_address+0x61/0xa0 [ 206.534078] ? __save_stack_trace+0x7b/0xd0 [ 206.538411] ? btrfs_parse_early_options+0xa3/0x310 [ 206.543426] kstrdup+0x3a/0x70 [ 206.546623] btrfs_parse_early_options+0xa3/0x310 [ 206.551475] ? save_trace+0x290/0x290 [ 206.555289] ? btrfs_freeze+0xc0/0xc0 [ 206.559073] ? find_next_bit+0x28/0x30 [ 206.562942] ? pcpu_alloc+0xcf0/0x1050 [ 206.566819] ? find_held_lock+0x35/0x130 [ 206.570879] ? pcpu_alloc+0xcf0/0x1050 [ 206.574780] btrfs_mount+0x11d/0x2b28 [ 206.578573] ? lock_downgrade+0x740/0x740 [ 206.582712] ? find_held_lock+0x35/0x130 [ 206.586766] ? pcpu_alloc+0x3af/0x1050 [ 206.590754] ? _find_next_bit+0xee/0x120 [ 206.594804] ? check_preemption_disabled+0x3c/0x250 [ 206.599812] ? btrfs_remount+0x11f0/0x11f0 [ 206.604044] ? rcu_read_lock_sched_held+0x110/0x130 [ 206.609066] ? __lockdep_init_map+0x10c/0x570 [ 206.613645] ? __lockdep_init_map+0x10c/0x570 08:15:13 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 206.618124] mount_fs+0x97/0x2a1 [ 206.621539] vfs_kern_mount.part.0+0x5e/0x3d0 [ 206.626022] ? find_held_lock+0x35/0x130 [ 206.630074] vfs_kern_mount+0x40/0x60 [ 206.633856] btrfs_mount+0x3ce/0x2b28 [ 206.637649] ? lock_downgrade+0x740/0x740 [ 206.641787] ? find_held_lock+0x35/0x130 [ 206.646110] ? pcpu_alloc+0x3af/0x1050 [ 206.649980] ? btrfs_remount+0x11f0/0x11f0 [ 206.654286] ? rcu_read_lock_sched_held+0x110/0x130 [ 206.660390] ? __lockdep_init_map+0x10c/0x570 [ 206.665320] ? __lockdep_init_map+0x10c/0x570 [ 206.669838] mount_fs+0x97/0x2a1 [ 206.673210] vfs_kern_mount.part.0+0x5e/0x3d0 [ 206.673223] do_mount+0x417/0x27d0 [ 206.681248] ? copy_mount_options+0x5c/0x2f0 [ 206.681259] ? rcu_read_lock_sched_held+0x110/0x130 [ 206.681273] ? copy_mount_string+0x40/0x40 [ 206.681286] ? copy_mount_options+0x1fe/0x2f0 [ 206.681298] SyS_mount+0xab/0x120 [ 206.681306] ? copy_mnt_ns+0x8c0/0x8c0 [ 206.681317] do_syscall_64+0x1e8/0x640 [ 206.681330] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 206.715703] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 206.720679] XFS (loop2): Invalid superblock magic number [ 206.720895] RIP: 0033:0x45c4aa [ 206.727922] XFS (loop4): Invalid superblock magic number [ 206.729511] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 206.729523] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 206.729529] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 206.729535] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 08:15:13 executing program 0 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 206.729541] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 206.729547] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:13 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 206.846752] FAULT_INJECTION: forcing a failure. [ 206.846752] name failslab, interval 1, probability 0, space 0, times 0 [ 206.858489] CPU: 1 PID: 11479 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 206.865527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 206.874917] Call Trace: [ 206.877521] dump_stack+0x138/0x197 [ 206.881169] should_fail.cold+0x10f/0x159 [ 206.885333] should_failslab+0xdb/0x130 [ 206.889317] __kmalloc+0x2f0/0x7a0 [ 206.892862] ? match_token+0x22b/0x480 [ 206.896753] ? match_strdup+0x5f/0xa0 [ 206.900551] match_strdup+0x5f/0xa0 [ 206.904177] btrfs_parse_early_options+0x241/0x310 [ 206.909109] ? btrfs_freeze+0xc0/0xc0 [ 206.912903] ? find_next_bit+0x28/0x30 [ 206.916785] ? pcpu_alloc+0xcf0/0x1050 [ 206.920674] ? pcpu_alloc+0xcf0/0x1050 [ 206.924564] btrfs_mount+0x11d/0x2b28 [ 206.928364] ? lock_downgrade+0x740/0x740 [ 206.932509] ? find_held_lock+0x35/0x130 [ 206.936573] ? pcpu_alloc+0x3af/0x1050 [ 206.940466] ? _find_next_bit+0xee/0x120 [ 206.944613] ? check_preemption_disabled+0x3c/0x250 [ 206.949631] ? btrfs_remount+0x11f0/0x11f0 [ 206.953870] ? rcu_read_lock_sched_held+0x110/0x130 [ 206.958895] ? __lockdep_init_map+0x10c/0x570 [ 206.963390] ? __lockdep_init_map+0x10c/0x570 [ 206.967888] mount_fs+0x97/0x2a1 [ 206.971260] vfs_kern_mount.part.0+0x5e/0x3d0 [ 206.975753] ? find_held_lock+0x35/0x130 [ 206.979819] vfs_kern_mount+0x40/0x60 [ 206.983633] btrfs_mount+0x3ce/0x2b28 [ 206.987456] ? lock_downgrade+0x740/0x740 [ 206.991602] ? find_held_lock+0x35/0x130 [ 206.995678] ? pcpu_alloc+0x3af/0x1050 [ 206.999576] ? btrfs_remount+0x11f0/0x11f0 [ 207.003825] ? rcu_read_lock_sched_held+0x110/0x130 [ 207.008854] ? __lockdep_init_map+0x10c/0x570 [ 207.013351] ? __lockdep_init_map+0x10c/0x570 [ 207.017852] mount_fs+0x97/0x2a1 [ 207.021230] vfs_kern_mount.part.0+0x5e/0x3d0 [ 207.027207] do_mount+0x417/0x27d0 [ 207.030750] ? copy_mount_options+0x5c/0x2f0 [ 207.035161] ? rcu_read_lock_sched_held+0x110/0x130 [ 207.040181] ? copy_mount_string+0x40/0x40 [ 207.044423] ? copy_mount_options+0x1fe/0x2f0 [ 207.048939] SyS_mount+0xab/0x120 [ 207.052393] ? copy_mnt_ns+0x8c0/0x8c0 [ 207.056284] do_syscall_64+0x1e8/0x640 [ 207.060173] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.065024] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 207.070210] RIP: 0033:0x45c4aa [ 207.073397] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 207.081102] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 207.088366] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:15:13 executing program 0 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 207.095656] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 207.102930] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 207.110203] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 207.213104] XFS (loop2): Invalid superblock magic number [ 207.236361] XFS (loop4): Invalid superblock magic number [ 207.246304] FAULT_INJECTION: forcing a failure. [ 207.246304] name failslab, interval 1, probability 0, space 0, times 0 08:15:13 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 207.299431] CPU: 0 PID: 11489 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 207.306495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 207.315850] Call Trace: [ 207.318449] dump_stack+0x138/0x197 [ 207.322089] should_fail.cold+0x10f/0x159 [ 207.326247] should_failslab+0xdb/0x130 [ 207.330231] __kmalloc+0x2f0/0x7a0 [ 207.333772] ? match_token+0x22b/0x480 [ 207.337663] ? match_strdup+0x5f/0xa0 [ 207.341549] match_strdup+0x5f/0xa0 [ 207.345262] btrfs_parse_early_options+0x241/0x310 [ 207.350195] ? btrfs_freeze+0xc0/0xc0 [ 207.353995] ? find_next_bit+0x28/0x30 [ 207.357879] ? pcpu_alloc+0xcf0/0x1050 [ 207.361765] ? pcpu_alloc+0xcf0/0x1050 [ 207.365660] btrfs_mount+0x11d/0x2b28 [ 207.369459] ? lock_downgrade+0x740/0x740 [ 207.373606] ? find_held_lock+0x35/0x130 [ 207.377658] ? pcpu_alloc+0x3af/0x1050 [ 207.381537] ? _find_next_bit+0xee/0x120 [ 207.385586] ? check_preemption_disabled+0x3c/0x250 [ 207.390597] ? btrfs_remount+0x11f0/0x11f0 [ 207.394922] ? rcu_read_lock_sched_held+0x110/0x130 [ 207.399949] ? __lockdep_init_map+0x10c/0x570 [ 207.404440] ? __lockdep_init_map+0x10c/0x570 [ 207.408939] mount_fs+0x97/0x2a1 [ 207.412313] vfs_kern_mount.part.0+0x5e/0x3d0 [ 207.416810] ? find_held_lock+0x35/0x130 [ 207.420875] vfs_kern_mount+0x40/0x60 [ 207.424667] btrfs_mount+0x3ce/0x2b28 [ 207.428446] ? lock_downgrade+0x740/0x740 [ 207.432584] ? find_held_lock+0x35/0x130 [ 207.436635] ? pcpu_alloc+0x3af/0x1050 [ 207.440523] ? btrfs_remount+0x11f0/0x11f0 [ 207.444751] ? rcu_read_lock_sched_held+0x110/0x130 [ 207.449756] ? __lockdep_init_map+0x10c/0x570 [ 207.454250] ? __lockdep_init_map+0x10c/0x570 [ 207.458727] mount_fs+0x97/0x2a1 [ 207.462084] vfs_kern_mount.part.0+0x5e/0x3d0 [ 207.466560] do_mount+0x417/0x27d0 [ 207.470087] ? copy_mount_options+0x5c/0x2f0 [ 207.474483] ? rcu_read_lock_sched_held+0x110/0x130 [ 207.479485] ? copy_mount_string+0x40/0x40 [ 207.483714] ? copy_mount_options+0x1fe/0x2f0 [ 207.488202] SyS_mount+0xab/0x120 [ 207.491643] ? copy_mnt_ns+0x8c0/0x8c0 [ 207.495522] do_syscall_64+0x1e8/0x640 [ 207.499390] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 207.504220] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 207.509391] RIP: 0033:0x45c4aa [ 207.512567] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 207.520272] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 207.527530] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 207.534782] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 207.542040] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 207.549375] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 207.655208] XFS (loop2): Invalid superblock magic number 08:15:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:16 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:16 executing program 0 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:16 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 209.496799] FAULT_INJECTION: forcing a failure. [ 209.496799] name failslab, interval 1, probability 0, space 0, times 0 [ 209.518252] CPU: 1 PID: 11531 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 209.525312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.534673] Call Trace: [ 209.537275] dump_stack+0x138/0x197 [ 209.540924] should_fail.cold+0x10f/0x159 [ 209.545174] should_failslab+0xdb/0x130 [ 209.549168] __kmalloc+0x2f0/0x7a0 [ 209.552710] ? match_token+0x22b/0x480 [ 209.556586] ? match_strdup+0x5f/0xa0 [ 209.560410] match_strdup+0x5f/0xa0 [ 209.564029] btrfs_parse_early_options+0x241/0x310 [ 209.568959] ? btrfs_freeze+0xc0/0xc0 [ 209.571154] ptrace attach of "/root/syz-executor.1"[11545] was attempted by "/root/syz-executor.1"[11546] [ 209.572757] ? pcpu_alloc+0xcf0/0x1050 [ 209.572769] ? pcpu_alloc+0xcf0/0x1050 [ 209.572786] btrfs_mount+0x11d/0x2b28 [ 209.572798] ? lock_downgrade+0x740/0x740 [ 209.572807] ? find_held_lock+0x35/0x130 [ 209.602206] ? pcpu_alloc+0x3af/0x1050 [ 209.606083] ? _find_next_bit+0xee/0x120 [ 209.610126] ? check_preemption_disabled+0x3c/0x250 [ 209.615153] ? btrfs_remount+0x11f0/0x11f0 [ 209.619389] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.624397] ? __lockdep_init_map+0x10c/0x570 [ 209.628877] ? __lockdep_init_map+0x10c/0x570 [ 209.633374] mount_fs+0x97/0x2a1 [ 209.636755] vfs_kern_mount.part.0+0x5e/0x3d0 [ 209.641236] ? find_held_lock+0x35/0x130 [ 209.645279] vfs_kern_mount+0x40/0x60 [ 209.649065] btrfs_mount+0x3ce/0x2b28 [ 209.652859] ? lock_downgrade+0x740/0x740 [ 209.656998] ? find_held_lock+0x35/0x130 [ 209.661044] ? pcpu_alloc+0x3af/0x1050 [ 209.664934] ? btrfs_remount+0x11f0/0x11f0 [ 209.669173] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.674202] ? __lockdep_init_map+0x10c/0x570 [ 209.678846] ? __lockdep_init_map+0x10c/0x570 [ 209.683345] mount_fs+0x97/0x2a1 [ 209.686701] vfs_kern_mount.part.0+0x5e/0x3d0 [ 209.691201] do_mount+0x417/0x27d0 [ 209.694729] ? copy_mount_options+0x5c/0x2f0 [ 209.699131] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.704131] ? copy_mount_string+0x40/0x40 [ 209.708352] ? copy_mount_options+0x1fe/0x2f0 [ 209.712834] SyS_mount+0xab/0x120 [ 209.716293] ? copy_mnt_ns+0x8c0/0x8c0 [ 209.720179] do_syscall_64+0x1e8/0x640 [ 209.724062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 209.728901] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 209.734075] RIP: 0033:0x45c4aa [ 209.737251] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 08:15:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:16 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 209.744956] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 209.752211] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 209.759466] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 209.766806] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 209.774059] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:16 executing program 0 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 209.853159] XFS (loop2): Invalid superblock magic number [ 209.861098] XFS (loop4): Invalid superblock magic number [ 209.889066] FAULT_INJECTION: forcing a failure. [ 209.889066] name failslab, interval 1, probability 0, space 0, times 0 [ 209.902828] CPU: 0 PID: 11573 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 209.909872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 209.919219] Call Trace: [ 209.919238] dump_stack+0x138/0x197 [ 209.919255] should_fail.cold+0x10f/0x159 [ 209.919270] should_failslab+0xdb/0x130 [ 209.919280] kmem_cache_alloc_trace+0x2e9/0x790 [ 209.919297] selinux_parse_opts_str+0x42c/0xa30 [ 209.919311] ? selinux_sb_show_options+0xd50/0xd50 [ 209.919324] ? free_pages+0x46/0x50 [ 209.919333] ? selinux_sb_copy_data+0x21e/0x390 [ 209.919346] security_sb_parse_opts_str+0x75/0xb0 [ 209.919358] parse_security_options+0x4e/0xa0 [ 209.919368] btrfs_mount+0x2bb/0x2b28 [ 209.919378] ? lock_downgrade+0x740/0x740 [ 209.919386] ? find_held_lock+0x35/0x130 [ 209.919395] ? pcpu_alloc+0x3af/0x1050 [ 209.919411] ? btrfs_remount+0x11f0/0x11f0 [ 209.919427] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.919445] ? __lockdep_init_map+0x10c/0x570 [ 209.919461] mount_fs+0x97/0x2a1 [ 209.919475] vfs_kern_mount.part.0+0x5e/0x3d0 [ 209.933869] ? find_held_lock+0x35/0x130 [ 209.933884] vfs_kern_mount+0x40/0x60 [ 209.933898] btrfs_mount+0x3ce/0x2b28 [ 209.943463] ? lock_downgrade+0x740/0x740 [ 209.943471] ? find_held_lock+0x35/0x130 [ 209.943480] ? pcpu_alloc+0x3af/0x1050 [ 209.943495] ? btrfs_remount+0x11f0/0x11f0 [ 209.943511] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.943529] ? __lockdep_init_map+0x10c/0x570 [ 209.943540] ? __lockdep_init_map+0x10c/0x570 [ 209.943559] mount_fs+0x97/0x2a1 [ 209.943573] vfs_kern_mount.part.0+0x5e/0x3d0 [ 209.943585] do_mount+0x417/0x27d0 [ 209.943594] ? copy_mount_options+0x5c/0x2f0 [ 209.943602] ? rcu_read_lock_sched_held+0x110/0x130 [ 209.943614] ? copy_mount_string+0x40/0x40 [ 210.072748] ? copy_mount_options+0x1fe/0x2f0 [ 210.077235] SyS_mount+0xab/0x120 [ 210.080689] ? copy_mnt_ns+0x8c0/0x8c0 [ 210.084572] do_syscall_64+0x1e8/0x640 [ 210.088455] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.093308] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.098500] RIP: 0033:0x45c4aa 08:15:16 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef19", 0xac, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:16 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, 0x0) [ 210.101693] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 210.109397] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 210.116748] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 210.124019] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 210.131279] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 210.138544] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:16 executing program 0 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 210.226692] FAULT_INJECTION: forcing a failure. [ 210.226692] name failslab, interval 1, probability 0, space 0, times 0 [ 210.238865] CPU: 0 PID: 11601 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 210.245907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.255268] Call Trace: [ 210.257877] dump_stack+0x138/0x197 [ 210.261524] should_fail.cold+0x10f/0x159 [ 210.265690] should_failslab+0xdb/0x130 [ 210.269679] kmem_cache_alloc_trace+0x2e9/0x790 [ 210.274089] XFS (loop4): Invalid superblock magic number [ 210.274361] selinux_parse_opts_str+0x3c1/0xa30 [ 210.282091] XFS (loop2): Invalid superblock magic number [ 210.284476] ? selinux_sb_show_options+0xd50/0xd50 [ 210.284493] ? free_pages+0x46/0x50 [ 210.284504] ? selinux_sb_copy_data+0x21e/0x390 [ 210.284520] security_sb_parse_opts_str+0x75/0xb0 [ 210.284534] parse_security_options+0x4e/0xa0 [ 210.312518] btrfs_mount+0x2bb/0x2b28 [ 210.316322] ? lock_downgrade+0x740/0x740 [ 210.320463] ? find_held_lock+0x35/0x130 [ 210.324508] ? pcpu_alloc+0x3af/0x1050 [ 210.328393] ? btrfs_remount+0x11f0/0x11f0 [ 210.332630] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.337652] ? __lockdep_init_map+0x10c/0x570 [ 210.342161] mount_fs+0x97/0x2a1 [ 210.345514] vfs_kern_mount.part.0+0x5e/0x3d0 [ 210.349992] ? find_held_lock+0x35/0x130 [ 210.354055] vfs_kern_mount+0x40/0x60 [ 210.357852] btrfs_mount+0x3ce/0x2b28 [ 210.361636] ? lock_downgrade+0x740/0x740 [ 210.365762] ? find_held_lock+0x35/0x130 [ 210.369801] ? pcpu_alloc+0x3af/0x1050 [ 210.373690] ? btrfs_remount+0x11f0/0x11f0 [ 210.377929] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.382953] ? __lockdep_init_map+0x10c/0x570 [ 210.387442] ? __lockdep_init_map+0x10c/0x570 [ 210.391938] mount_fs+0x97/0x2a1 [ 210.395306] vfs_kern_mount.part.0+0x5e/0x3d0 [ 210.399787] do_mount+0x417/0x27d0 [ 210.403307] ? copy_mount_options+0x5c/0x2f0 [ 210.407697] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.413167] ? copy_mount_string+0x40/0x40 [ 210.417402] ? copy_mount_options+0x1fe/0x2f0 [ 210.421881] SyS_mount+0xab/0x120 [ 210.425316] ? copy_mnt_ns+0x8c0/0x8c0 [ 210.429191] do_syscall_64+0x1e8/0x640 [ 210.433079] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.437917] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.443088] RIP: 0033:0x45c4aa [ 210.446263] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 210.453968] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 210.461241] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 210.468503] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 210.475776] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 210.483043] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, 0x0) 08:15:17 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:17 executing program 0 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 210.584842] FAULT_INJECTION: forcing a failure. [ 210.584842] name failslab, interval 1, probability 0, space 0, times 0 [ 210.601010] CPU: 0 PID: 11622 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 210.608171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 210.617515] Call Trace: [ 210.620115] dump_stack+0x138/0x197 [ 210.623762] should_fail.cold+0x10f/0x159 [ 210.627926] ? __lock_is_held+0xb6/0x140 [ 210.632129] ? mempool_free+0x1d0/0x1d0 [ 210.636129] should_failslab+0xdb/0x130 [ 210.640111] kmem_cache_alloc+0x47/0x780 [ 210.644193] ? mempool_free+0x1d0/0x1d0 [ 210.648182] mempool_alloc_slab+0x47/0x60 [ 210.652339] mempool_alloc+0x138/0x300 [ 210.656240] ? remove_element.isra.0+0x1b0/0x1b0 [ 210.661008] ? find_held_lock+0x35/0x130 [ 210.665090] ? create_empty_buffers+0x2d3/0x480 [ 210.669774] ? save_trace+0x290/0x290 [ 210.673604] bio_alloc_bioset+0x368/0x680 [ 210.677785] ? bvec_alloc+0x2e0/0x2e0 [ 210.681581] submit_bh_wbc+0xf6/0x720 [ 210.683008] XFS (loop2): Invalid superblock magic number [ 210.685373] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 210.685402] block_read_full_page+0x7a2/0x960 [ 210.685414] ? set_init_blocksize+0x220/0x220 [ 210.685426] ? __bread_gfp+0x290/0x290 [ 210.708057] XFS (loop4): Invalid superblock magic number [ 210.709130] ? add_to_page_cache_lru+0x159/0x310 [ 210.709144] ? add_to_page_cache_locked+0x40/0x40 [ 210.709158] blkdev_readpage+0x1d/0x30 [ 210.709168] do_read_cache_page+0x671/0xfc0 [ 210.732326] ? blkdev_writepages+0xd0/0xd0 [ 210.736583] ? find_get_pages_contig+0xaa0/0xaa0 [ 210.741324] ? blkdev_get+0xb0/0x8e0 [ 210.745028] ? dput.part.0+0x170/0x750 [ 210.748898] ? bd_may_claim+0xd0/0xd0 [ 210.752688] ? path_put+0x50/0x70 [ 210.756144] ? lookup_bdev.part.0+0xe1/0x160 [ 210.760534] read_cache_page_gfp+0x6e/0x90 [ 210.764787] btrfs_read_disk_super+0xdd/0x440 [ 210.769269] btrfs_scan_one_device+0xc6/0x400 [ 210.773748] ? device_list_add+0x8d0/0x8d0 [ 210.777974] ? __free_pages+0x54/0x90 [ 210.781757] ? free_pages+0x46/0x50 [ 210.785384] btrfs_mount+0x2e3/0x2b28 [ 210.789172] ? lock_downgrade+0x740/0x740 [ 210.793415] ? find_held_lock+0x35/0x130 [ 210.797458] ? pcpu_alloc+0x3af/0x1050 [ 210.801337] ? btrfs_remount+0x11f0/0x11f0 [ 210.805566] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.810587] ? __lockdep_init_map+0x10c/0x570 [ 210.815074] mount_fs+0x97/0x2a1 [ 210.818426] vfs_kern_mount.part.0+0x5e/0x3d0 [ 210.823021] ? find_held_lock+0x35/0x130 [ 210.827081] vfs_kern_mount+0x40/0x60 [ 210.830885] btrfs_mount+0x3ce/0x2b28 [ 210.834687] ? lock_downgrade+0x740/0x740 [ 210.838821] ? find_held_lock+0x35/0x130 [ 210.842867] ? pcpu_alloc+0x3af/0x1050 [ 210.846847] ? btrfs_remount+0x11f0/0x11f0 [ 210.851071] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.856076] ? __lockdep_init_map+0x10c/0x570 [ 210.860554] ? __lockdep_init_map+0x10c/0x570 [ 210.865034] mount_fs+0x97/0x2a1 [ 210.868385] vfs_kern_mount.part.0+0x5e/0x3d0 [ 210.872865] do_mount+0x417/0x27d0 [ 210.876390] ? copy_mount_options+0x5c/0x2f0 [ 210.880794] ? rcu_read_lock_sched_held+0x110/0x130 [ 210.885794] ? copy_mount_string+0x40/0x40 [ 210.890035] ? copy_mount_options+0x1fe/0x2f0 [ 210.894552] SyS_mount+0xab/0x120 [ 210.898002] ? copy_mnt_ns+0x8c0/0x8c0 [ 210.901884] do_syscall_64+0x1e8/0x640 [ 210.905757] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 210.910605] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 210.915776] RIP: 0033:0x45c4aa [ 210.918958] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 210.926648] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa 08:15:17 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 210.933899] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 210.941151] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 210.948403] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 210.955684] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 210.972989] BTRFS error (device loop0): superblock checksum mismatch 08:15:17 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, 0x0) [ 211.030497] BTRFS error (device loop0): open_ctree failed [ 211.091738] XFS (loop4): Invalid superblock magic number [ 211.099606] XFS (loop2): Invalid superblock magic number 08:15:19 executing program 0 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 212.806731] FAULT_INJECTION: forcing a failure. [ 212.806731] name failslab, interval 1, probability 0, space 0, times 0 [ 212.826761] CPU: 1 PID: 11673 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 212.833833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 212.843266] Call Trace: [ 212.843285] dump_stack+0x138/0x197 [ 212.843301] should_fail.cold+0x10f/0x159 08:15:19 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:19 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}]}) 08:15:19 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 212.843316] should_failslab+0xdb/0x130 [ 212.843328] kmem_cache_alloc+0x2d7/0x780 [ 212.843341] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 212.843352] ? btrfs_scan_one_device+0x89/0x400 [ 212.871635] ? trace_hardirqs_on_caller+0x400/0x590 [ 212.876660] getname_kernel+0x53/0x350 [ 212.880562] kern_path+0x20/0x40 [ 212.883925] lookup_bdev.part.0+0x63/0x160 [ 212.888151] ? blkdev_open+0x260/0x260 [ 212.892037] ? free_hot_cold_page+0x763/0xca0 [ 212.896530] blkdev_get_by_path+0x76/0xf0 [ 212.900670] btrfs_scan_one_device+0x97/0x400 [ 212.900681] ? device_list_add+0x8d0/0x8d0 [ 212.900692] ? __free_pages+0x54/0x90 [ 212.900702] ? free_pages+0x46/0x50 [ 212.900716] btrfs_mount+0x2e3/0x2b28 [ 212.900726] ? lock_downgrade+0x740/0x740 [ 212.900735] ? find_held_lock+0x35/0x130 [ 212.900744] ? pcpu_alloc+0x3af/0x1050 [ 212.900765] ? btrfs_remount+0x11f0/0x11f0 [ 212.900784] ? rcu_read_lock_sched_held+0x110/0x130 [ 212.942076] ? __lockdep_init_map+0x10c/0x570 [ 212.942096] mount_fs+0x97/0x2a1 [ 212.942109] vfs_kern_mount.part.0+0x5e/0x3d0 [ 212.942117] ? find_held_lock+0x35/0x130 [ 212.942128] vfs_kern_mount+0x40/0x60 [ 212.942142] btrfs_mount+0x3ce/0x2b28 [ 212.942150] ? lock_downgrade+0x740/0x740 [ 212.942157] ? find_held_lock+0x35/0x130 [ 212.942167] ? pcpu_alloc+0x3af/0x1050 [ 212.942183] ? btrfs_remount+0x11f0/0x11f0 [ 212.942198] ? rcu_read_lock_sched_held+0x110/0x130 [ 212.942215] ? __lockdep_init_map+0x10c/0x570 [ 212.942224] ? __lockdep_init_map+0x10c/0x570 [ 212.942235] mount_fs+0x97/0x2a1 [ 212.942248] vfs_kern_mount.part.0+0x5e/0x3d0 [ 212.942260] do_mount+0x417/0x27d0 [ 212.942268] ? copy_mount_options+0x5c/0x2f0 [ 212.942277] ? rcu_read_lock_sched_held+0x110/0x130 [ 212.942288] ? copy_mount_string+0x40/0x40 [ 212.942301] ? copy_mount_options+0x1fe/0x2f0 [ 212.942315] SyS_mount+0xab/0x120 [ 212.950344] ? copy_mnt_ns+0x8c0/0x8c0 [ 212.950360] do_syscall_64+0x1e8/0x640 [ 212.950370] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 212.950385] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 212.950392] RIP: 0033:0x45c4aa [ 212.950397] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 212.950407] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 212.950413] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 212.950417] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 212.950422] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 212.950428] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:19 executing program 0 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 213.106510] XFS (loop2): Invalid superblock magic number [ 213.148639] FAULT_INJECTION: forcing a failure. [ 213.148639] name failslab, interval 1, probability 0, space 0, times 0 [ 213.160174] CPU: 1 PID: 11710 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 213.160296] XFS (loop4): Invalid superblock magic number [ 213.167192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.182052] Call Trace: [ 213.184633] dump_stack+0x138/0x197 [ 213.188249] should_fail.cold+0x10f/0x159 [ 213.192383] should_failslab+0xdb/0x130 [ 213.196341] kmem_cache_alloc+0x47/0x780 [ 213.200399] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 213.206017] __radix_tree_create+0x337/0x4d0 [ 213.210418] page_cache_tree_insert+0xa7/0x2d0 [ 213.214993] ? file_check_and_advance_wb_err+0x380/0x380 [ 213.220426] ? debug_smp_processor_id+0x1c/0x20 [ 213.225340] __add_to_page_cache_locked+0x2ab/0x7e0 [ 213.230344] ? find_lock_entry+0x3f0/0x3f0 [ 213.234666] add_to_page_cache_lru+0xf4/0x310 [ 213.239142] ? add_to_page_cache_locked+0x40/0x40 [ 213.243965] ? __page_cache_alloc+0xdd/0x3e0 [ 213.248356] do_read_cache_page+0x64e/0xfc0 [ 213.252659] ? blkdev_writepages+0xd0/0xd0 [ 213.256878] ? find_get_pages_contig+0xaa0/0xaa0 [ 213.261615] ? blkdev_get+0xb0/0x8e0 [ 213.265314] ? dput.part.0+0x170/0x750 [ 213.269196] ? bd_may_claim+0xd0/0xd0 [ 213.272983] ? path_put+0x50/0x70 [ 213.276419] ? lookup_bdev.part.0+0xe1/0x160 [ 213.280813] read_cache_page_gfp+0x6e/0x90 [ 213.285035] btrfs_read_disk_super+0xdd/0x440 [ 213.289517] btrfs_scan_one_device+0xc6/0x400 [ 213.294001] ? device_list_add+0x8d0/0x8d0 [ 213.298217] ? __free_pages+0x54/0x90 [ 213.302004] ? free_pages+0x46/0x50 [ 213.305619] btrfs_mount+0x2e3/0x2b28 [ 213.309417] ? lock_downgrade+0x740/0x740 [ 213.313544] ? find_held_lock+0x35/0x130 [ 213.317586] ? pcpu_alloc+0x3af/0x1050 [ 213.321466] ? btrfs_remount+0x11f0/0x11f0 [ 213.325694] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.330698] ? __lockdep_init_map+0x10c/0x570 [ 213.335265] mount_fs+0x97/0x2a1 [ 213.338615] vfs_kern_mount.part.0+0x5e/0x3d0 [ 213.343090] ? find_held_lock+0x35/0x130 [ 213.347136] vfs_kern_mount+0x40/0x60 [ 213.350932] btrfs_mount+0x3ce/0x2b28 [ 213.354721] ? lock_downgrade+0x740/0x740 [ 213.358851] ? find_held_lock+0x35/0x130 [ 213.362894] ? pcpu_alloc+0x3af/0x1050 [ 213.366768] ? btrfs_remount+0x11f0/0x11f0 [ 213.370989] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.376690] ? __lockdep_init_map+0x10c/0x570 [ 213.381171] ? __lockdep_init_map+0x10c/0x570 [ 213.385652] mount_fs+0x97/0x2a1 [ 213.389004] vfs_kern_mount.part.0+0x5e/0x3d0 [ 213.393485] do_mount+0x417/0x27d0 [ 213.397005] ? copy_mount_options+0x5c/0x2f0 [ 213.401395] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.406482] ? copy_mount_string+0x40/0x40 [ 213.411406] ? copy_mount_options+0x1fe/0x2f0 [ 213.415893] SyS_mount+0xab/0x120 [ 213.419327] ? copy_mnt_ns+0x8c0/0x8c0 [ 213.423197] do_syscall_64+0x1e8/0x640 [ 213.427067] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.432288] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 213.437459] RIP: 0033:0x45c4aa [ 213.440630] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 213.448321] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 213.455572] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 213.462826] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 213.470084] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 213.481849] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}]}) [ 213.505826] BTRFS error (device loop0): superblock checksum mismatch 08:15:20 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:20 executing program 0 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 213.550244] BTRFS error (device loop0): open_ctree failed [ 213.585560] XFS (loop2): Invalid superblock magic number 08:15:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}]}) [ 213.658113] XFS (loop4): Invalid superblock magic number [ 213.665574] FAULT_INJECTION: forcing a failure. [ 213.665574] name failslab, interval 1, probability 0, space 0, times 0 [ 213.689472] CPU: 0 PID: 11741 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 213.696538] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 213.696545] Call Trace: [ 213.696564] dump_stack+0x138/0x197 [ 213.696583] should_fail.cold+0x10f/0x159 [ 213.696599] should_failslab+0xdb/0x130 [ 213.708558] kmem_cache_alloc+0x2d7/0x780 [ 213.708572] ? radix_tree_extend+0x388/0x430 [ 213.708582] ? delete_node+0x1fb/0x690 [ 213.708594] ? save_trace+0x290/0x290 [ 213.708607] alloc_buffer_head+0x24/0xe0 [ 213.740912] alloc_page_buffers+0xb7/0x200 [ 213.745154] create_empty_buffers+0x39/0x480 [ 213.749692] ? __lock_is_held+0xb6/0x140 [ 213.753749] ? check_preemption_disabled+0x3c/0x250 [ 213.758759] create_page_buffers+0x153/0x1c0 [ 213.763161] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 213.768608] block_read_full_page+0xcd/0x960 [ 213.773006] ? set_init_blocksize+0x220/0x220 [ 213.777485] ? __lru_cache_add+0x18a/0x250 [ 213.781719] ? __bread_gfp+0x290/0x290 [ 213.785597] ? add_to_page_cache_lru+0x159/0x310 [ 213.790337] ? add_to_page_cache_locked+0x40/0x40 [ 213.795169] blkdev_readpage+0x1d/0x30 [ 213.799051] do_read_cache_page+0x671/0xfc0 [ 213.803355] ? blkdev_writepages+0xd0/0xd0 [ 213.807577] ? find_get_pages_contig+0xaa0/0xaa0 [ 213.812434] ? blkdev_get+0xb0/0x8e0 [ 213.816138] ? dput.part.0+0x170/0x750 [ 213.820013] ? bd_may_claim+0xd0/0xd0 [ 213.823820] ? path_put+0x50/0x70 [ 213.827260] ? lookup_bdev.part.0+0xe1/0x160 [ 213.831655] read_cache_page_gfp+0x6e/0x90 [ 213.835878] btrfs_read_disk_super+0xdd/0x440 [ 213.840542] btrfs_scan_one_device+0xc6/0x400 [ 213.845022] ? device_list_add+0x8d0/0x8d0 [ 213.849241] ? __free_pages+0x54/0x90 [ 213.853037] ? free_pages+0x46/0x50 [ 213.856658] btrfs_mount+0x2e3/0x2b28 [ 213.860452] ? lock_downgrade+0x740/0x740 [ 213.864580] ? find_held_lock+0x35/0x130 [ 213.868708] ? pcpu_alloc+0x3af/0x1050 [ 213.872579] ? btrfs_remount+0x11f0/0x11f0 [ 213.876803] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.881895] ? __lockdep_init_map+0x10c/0x570 [ 213.886383] mount_fs+0x97/0x2a1 [ 213.889744] vfs_kern_mount.part.0+0x5e/0x3d0 [ 213.894229] ? find_held_lock+0x35/0x130 [ 213.898282] vfs_kern_mount+0x40/0x60 [ 213.902079] btrfs_mount+0x3ce/0x2b28 [ 213.905947] ? lock_downgrade+0x740/0x740 [ 213.910077] ? find_held_lock+0x35/0x130 [ 213.914120] ? pcpu_alloc+0x3af/0x1050 [ 213.917995] ? btrfs_remount+0x11f0/0x11f0 [ 213.922221] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.927227] ? __lockdep_init_map+0x10c/0x570 [ 213.931744] ? __lockdep_init_map+0x10c/0x570 [ 213.936248] mount_fs+0x97/0x2a1 [ 213.939623] vfs_kern_mount.part.0+0x5e/0x3d0 [ 213.944112] do_mount+0x417/0x27d0 [ 213.947669] ? copy_mount_options+0x5c/0x2f0 [ 213.952079] ? rcu_read_lock_sched_held+0x110/0x130 [ 213.957096] ? copy_mount_string+0x40/0x40 [ 213.961330] ? copy_mount_options+0x1fe/0x2f0 [ 213.965822] SyS_mount+0xab/0x120 [ 213.969273] ? copy_mnt_ns+0x8c0/0x8c0 [ 213.973145] do_syscall_64+0x1e8/0x640 [ 213.977022] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 213.982114] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 213.987299] RIP: 0033:0x45c4aa [ 213.990470] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 213.998164] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 214.005421] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 214.012677] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 214.019948] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 214.027202] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 214.048556] BTRFS error (device loop0): superblock checksum mismatch 08:15:20 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 214.057199] XFS (loop2): Invalid superblock magic number 08:15:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@nodiscard='nodiscard'}]}) [ 214.080527] BTRFS error (device loop0): open_ctree failed [ 214.118833] XFS (loop4): Invalid superblock magic number [ 214.205367] XFS (loop2): Invalid superblock magic number 08:15:22 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:22 executing program 0 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:22 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x1, &(0x7f0000000400)=[{&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:22 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 215.994509] FAULT_INJECTION: forcing a failure. [ 215.994509] name failslab, interval 1, probability 0, space 0, times 0 [ 216.020856] XFS (loop4): Invalid superblock magic number [ 216.034057] CPU: 0 PID: 11800 Comm: syz-executor.0 Not tainted 4.14.148 #0 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 216.041144] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 216.050504] Call Trace: [ 216.053108] dump_stack+0x138/0x197 [ 216.053131] should_fail.cold+0x10f/0x159 [ 216.053146] ? __lock_is_held+0xb6/0x140 [ 216.060906] ? mempool_free+0x1d0/0x1d0 [ 216.060920] should_failslab+0xdb/0x130 [ 216.060932] kmem_cache_alloc+0x47/0x780 [ 216.060948] ? mempool_free+0x1d0/0x1d0 [ 216.060958] mempool_alloc_slab+0x47/0x60 [ 216.060966] mempool_alloc+0x138/0x300 [ 216.060979] ? remove_element.isra.0+0x1b0/0x1b0 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 216.060990] ? find_held_lock+0x35/0x130 [ 216.061001] ? create_empty_buffers+0x2d3/0x480 [ 216.061010] ? save_trace+0x290/0x290 [ 216.061024] bio_alloc_bioset+0x368/0x680 [ 216.061037] ? bvec_alloc+0x2e0/0x2e0 [ 216.115356] submit_bh_wbc+0xf6/0x720 [ 216.119173] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 216.124632] block_read_full_page+0x7a2/0x960 [ 216.129145] ? set_init_blocksize+0x220/0x220 [ 216.133648] ? __bread_gfp+0x290/0x290 [ 216.133663] ? add_to_page_cache_lru+0x159/0x310 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(r2, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 216.133675] ? add_to_page_cache_locked+0x40/0x40 [ 216.142301] blkdev_readpage+0x1d/0x30 [ 216.142314] do_read_cache_page+0x671/0xfc0 [ 216.142323] ? blkdev_writepages+0xd0/0xd0 [ 216.142340] ? find_get_pages_contig+0xaa0/0xaa0 [ 216.142350] ? blkdev_get+0xb0/0x8e0 [ 216.142360] ? dput.part.0+0x170/0x750 [ 216.142370] ? bd_may_claim+0xd0/0xd0 [ 216.142379] ? path_put+0x50/0x70 [ 216.142388] ? lookup_bdev.part.0+0xe1/0x160 [ 216.142398] read_cache_page_gfp+0x6e/0x90 [ 216.142411] btrfs_read_disk_super+0xdd/0x440 08:15:22 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 216.142423] btrfs_scan_one_device+0xc6/0x400 [ 216.142434] ? device_list_add+0x8d0/0x8d0 [ 216.201107] ? __free_pages+0x54/0x90 [ 216.204920] ? free_pages+0x46/0x50 [ 216.208564] btrfs_mount+0x2e3/0x2b28 [ 216.212460] ? lock_downgrade+0x740/0x740 [ 216.216605] ? find_held_lock+0x35/0x130 [ 216.216616] ? pcpu_alloc+0x3af/0x1050 [ 216.216635] ? btrfs_remount+0x11f0/0x11f0 [ 216.224567] ? rcu_read_lock_sched_held+0x110/0x130 [ 216.224590] ? __lockdep_init_map+0x10c/0x570 [ 216.224610] mount_fs+0x97/0x2a1 [ 216.224624] vfs_kern_mount.part.0+0x5e/0x3d0 [ 216.224633] ? find_held_lock+0x35/0x130 [ 216.250268] vfs_kern_mount+0x40/0x60 [ 216.254086] btrfs_mount+0x3ce/0x2b28 [ 216.257894] ? lock_downgrade+0x740/0x740 [ 216.262149] ? find_held_lock+0x35/0x130 [ 216.266212] ? pcpu_alloc+0x3af/0x1050 [ 216.266234] ? btrfs_remount+0x11f0/0x11f0 [ 216.266252] ? rcu_read_lock_sched_held+0x110/0x130 [ 216.266274] ? __lockdep_init_map+0x10c/0x570 [ 216.266284] ? __lockdep_init_map+0x10c/0x570 [ 216.274391] mount_fs+0x97/0x2a1 [ 216.274408] vfs_kern_mount.part.0+0x5e/0x3d0 [ 216.274423] do_mount+0x417/0x27d0 [ 216.274433] ? copy_mount_options+0x5c/0x2f0 [ 216.274445] ? rcu_read_lock_sched_held+0x110/0x130 [ 216.274456] ? copy_mount_string+0x40/0x40 [ 216.313454] ? copy_mount_options+0x1fe/0x2f0 [ 216.317938] SyS_mount+0xab/0x120 [ 216.321371] ? copy_mnt_ns+0x8c0/0x8c0 [ 216.325245] do_syscall_64+0x1e8/0x640 [ 216.329117] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 216.334009] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 216.339195] RIP: 0033:0x45c4aa [ 216.342453] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 216.350199] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 216.357590] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 216.364876] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 216.372183] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 216.379471] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 216.389545] BTRFS error (device loop0): superblock checksum mismatch [ 216.430608] BTRFS error (device loop0): open_ctree failed 08:15:25 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:25 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:25 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:25 executing program 0 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:25 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r1, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:25 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r1 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r1, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 219.047702] FAULT_INJECTION: forcing a failure. [ 219.047702] name failslab, interval 1, probability 0, space 0, times 0 [ 219.079706] CPU: 0 PID: 11846 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 219.086788] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 219.096151] Call Trace: [ 219.098753] dump_stack+0x138/0x197 [ 219.102390] should_fail.cold+0x10f/0x159 [ 219.102402] ? __lock_is_held+0xb6/0x140 [ 219.102415] ? mempool_free+0x1d0/0x1d0 [ 219.102425] should_failslab+0xdb/0x130 [ 219.102436] kmem_cache_alloc+0x47/0x780 [ 219.110640] ? mempool_free+0x1d0/0x1d0 [ 219.110651] mempool_alloc_slab+0x47/0x60 [ 219.110660] mempool_alloc+0x138/0x300 [ 219.110674] ? remove_element.isra.0+0x1b0/0x1b0 [ 219.110683] ? find_held_lock+0x35/0x130 [ 219.110695] ? create_empty_buffers+0x2d3/0x480 08:15:25 executing program 2: socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000016c0)) r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 219.148172] ? save_trace+0x290/0x290 [ 219.148190] bio_alloc_bioset+0x368/0x680 [ 219.156156] ? bvec_alloc+0x2e0/0x2e0 [ 219.156173] submit_bh_wbc+0xf6/0x720 [ 219.163842] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 219.169304] block_read_full_page+0x7a2/0x960 [ 219.173812] ? set_init_blocksize+0x220/0x220 [ 219.176987] XFS (loop4): Invalid superblock magic number [ 219.178311] ? __bread_gfp+0x290/0x290 [ 219.178323] ? add_to_page_cache_lru+0x159/0x310 [ 219.178334] ? add_to_page_cache_locked+0x40/0x40 08:15:25 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 219.197253] blkdev_readpage+0x1d/0x30 [ 219.201145] do_read_cache_page+0x671/0xfc0 [ 219.201157] ? blkdev_writepages+0xd0/0xd0 [ 219.209701] ? find_get_pages_contig+0xaa0/0xaa0 [ 219.214462] ? blkdev_get+0xb0/0x8e0 [ 219.218182] ? dput.part.0+0x170/0x750 [ 219.223295] ? bd_may_claim+0xd0/0xd0 [ 219.227107] ? path_put+0x50/0x70 [ 219.230587] ? lookup_bdev.part.0+0xe1/0x160 [ 219.235015] read_cache_page_gfp+0x6e/0x90 [ 219.239261] btrfs_read_disk_super+0xdd/0x440 [ 219.243792] btrfs_scan_one_device+0xc6/0x400 08:15:25 executing program 2: r0 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:25 executing program 2: r0 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 219.248291] ? device_list_add+0x8d0/0x8d0 [ 219.252532] ? __free_pages+0x54/0x90 [ 219.256346] ? free_pages+0x46/0x50 [ 219.259994] btrfs_mount+0x2e3/0x2b28 [ 219.263801] ? lock_downgrade+0x740/0x740 [ 219.267957] ? find_held_lock+0x35/0x130 [ 219.272025] ? pcpu_alloc+0x3af/0x1050 [ 219.275931] ? btrfs_remount+0x11f0/0x11f0 [ 219.281444] ? rcu_read_lock_sched_held+0x110/0x130 [ 219.286513] ? __lockdep_init_map+0x10c/0x570 [ 219.291036] mount_fs+0x97/0x2a1 [ 219.291052] vfs_kern_mount.part.0+0x5e/0x3d0 [ 219.291062] ? find_held_lock+0x35/0x130 [ 219.291073] vfs_kern_mount+0x40/0x60 [ 219.298951] btrfs_mount+0x3ce/0x2b28 [ 219.298961] ? lock_downgrade+0x740/0x740 [ 219.298979] ? btrfs_remount+0x11f0/0x11f0 [ 219.298994] ? rcu_read_lock_sched_held+0x110/0x130 [ 219.299013] ? __lockdep_init_map+0x10c/0x570 [ 219.299023] ? __lockdep_init_map+0x10c/0x570 [ 219.299035] mount_fs+0x97/0x2a1 [ 219.299048] vfs_kern_mount.part.0+0x5e/0x3d0 [ 219.299060] do_mount+0x417/0x27d0 [ 219.299074] ? copy_mount_string+0x40/0x40 [ 219.341556] ? copy_mount_options+0x18f/0x2f0 [ 219.349298] ? __sanitizer_cov_trace_pc+0x4a/0x60 [ 219.358618] ? copy_mount_options+0x1fe/0x2f0 [ 219.363131] SyS_mount+0xab/0x120 [ 219.366597] ? copy_mnt_ns+0x8c0/0x8c0 [ 219.370489] do_syscall_64+0x1e8/0x640 [ 219.374374] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 219.379218] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 219.384396] RIP: 0033:0x45c4aa [ 219.387584] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 219.395276] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 219.402530] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 219.409783] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 219.417063] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 219.424315] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 219.435197] BTRFS error (device loop0): superblock checksum mismatch [ 219.470662] BTRFS error (device loop0): open_ctree failed 08:15:28 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:28 executing program 2: r0 = socket(0x0, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:28 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:28 executing program 0 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 222.012467] FAULT_INJECTION: forcing a failure. [ 222.012467] name failslab, interval 1, probability 0, space 0, times 0 08:15:28 executing program 2: r0 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:28 executing program 2: r0 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 222.055031] CPU: 0 PID: 11901 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 222.062098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 222.071464] Call Trace: [ 222.074066] dump_stack+0x138/0x197 [ 222.077714] should_fail.cold+0x10f/0x159 [ 222.081878] should_failslab+0xdb/0x130 [ 222.085954] kmem_cache_alloc_node_trace+0x280/0x770 [ 222.091075] ? mutex_unlock+0xd/0x10 [ 222.094797] ? btrfs_scan_one_device+0xeb/0x400 [ 222.099483] __kmalloc_node+0x3d/0x80 08:15:28 executing program 2: r0 = socket(0x10, 0x0, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:28 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 222.103298] kvmalloc_node+0x93/0xe0 [ 222.107030] btrfs_mount+0xf88/0x2b28 [ 222.110842] ? lock_downgrade+0x740/0x740 [ 222.114995] ? find_held_lock+0x35/0x130 [ 222.119065] ? pcpu_alloc+0x3af/0x1050 [ 222.122985] ? btrfs_remount+0x11f0/0x11f0 [ 222.127240] ? rcu_read_lock_sched_held+0x110/0x130 [ 222.132634] ? __lockdep_init_map+0x10c/0x570 [ 222.137153] mount_fs+0x97/0x2a1 [ 222.140535] vfs_kern_mount.part.0+0x5e/0x3d0 [ 222.145039] ? find_held_lock+0x35/0x130 [ 222.149113] vfs_kern_mount+0x40/0x60 08:15:28 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:28 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 222.152927] btrfs_mount+0x3ce/0x2b28 [ 222.156731] ? lock_downgrade+0x740/0x740 [ 222.160884] ? find_held_lock+0x35/0x130 [ 222.164953] ? pcpu_alloc+0x3af/0x1050 [ 222.168854] ? btrfs_remount+0x11f0/0x11f0 [ 222.173111] ? rcu_read_lock_sched_held+0x110/0x130 [ 222.178178] ? __lockdep_init_map+0x10c/0x570 [ 222.182689] ? __lockdep_init_map+0x10c/0x570 [ 222.187193] mount_fs+0x97/0x2a1 [ 222.190567] vfs_kern_mount.part.0+0x5e/0x3d0 [ 222.195063] do_mount+0x417/0x27d0 [ 222.198602] ? copy_mount_options+0x5c/0x2f0 [ 222.203090] ? rcu_read_lock_sched_held+0x110/0x130 [ 222.208118] ? copy_mount_string+0x40/0x40 [ 222.212370] ? copy_mount_options+0x1fe/0x2f0 [ 222.216878] SyS_mount+0xab/0x120 [ 222.220344] ? copy_mnt_ns+0x8c0/0x8c0 [ 222.224247] do_syscall_64+0x1e8/0x640 [ 222.228149] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 222.233003] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 222.233014] RIP: 0033:0x45c4aa [ 222.233019] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 222.233031] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 222.242361] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 222.242368] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 222.242373] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 222.242379] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 222.288972] BTRFS error (device loop0): superblock checksum mismatch [ 222.296436] XFS (loop4): Invalid superblock magic number [ 222.330224] BTRFS error (device loop0): open_ctree failed 08:15:31 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:31 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, 0x0) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:31 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:31 executing program 0 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:31 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 225.036163] FAULT_INJECTION: forcing a failure. [ 225.036163] name failslab, interval 1, probability 0, space 0, times 0 08:15:31 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 225.096547] CPU: 0 PID: 11947 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 225.103616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 225.112983] Call Trace: [ 225.115599] dump_stack+0x138/0x197 [ 225.119241] should_fail.cold+0x10f/0x159 [ 225.123390] ? __lock_is_held+0xb6/0x140 [ 225.127449] ? mempool_free+0x1d0/0x1d0 [ 225.131432] should_failslab+0xdb/0x130 [ 225.135420] kmem_cache_alloc+0x47/0x780 [ 225.139495] ? mempool_free+0x1d0/0x1d0 08:15:31 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=0x0}) ioctl$sock_ifreq(r0, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 225.143479] mempool_alloc_slab+0x47/0x60 [ 225.147631] mempool_alloc+0x138/0x300 [ 225.151529] ? remove_element.isra.0+0x1b0/0x1b0 [ 225.156290] ? find_held_lock+0x35/0x130 [ 225.160351] ? create_empty_buffers+0x2d3/0x480 [ 225.160363] ? save_trace+0x290/0x290 [ 225.160381] bio_alloc_bioset+0x368/0x680 [ 225.160395] ? bvec_alloc+0x2e0/0x2e0 [ 225.160408] submit_bh_wbc+0xf6/0x720 [ 225.160419] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 225.160431] block_read_full_page+0x7a2/0x960 [ 225.160443] ? set_init_blocksize+0x220/0x220 08:15:31 executing program 2: socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:31 executing program 2: socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 225.168893] ? __bread_gfp+0x290/0x290 [ 225.168907] ? add_to_page_cache_lru+0x159/0x310 [ 225.168919] ? add_to_page_cache_locked+0x40/0x40 [ 225.168931] blkdev_readpage+0x1d/0x30 [ 225.168941] do_read_cache_page+0x671/0xfc0 [ 225.168950] ? blkdev_writepages+0xd0/0xd0 [ 225.199059] ? find_get_pages_contig+0xaa0/0xaa0 [ 225.208634] ? blkdev_get+0xb0/0x8e0 [ 225.208647] ? dput.part.0+0x170/0x750 [ 225.208660] ? bd_may_claim+0xd0/0xd0 [ 225.208671] ? path_put+0x50/0x70 [ 225.208679] ? lookup_bdev.part.0+0xe1/0x160 08:15:31 executing program 2: socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(0xffffffffffffffff, 0x89f1, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 225.208693] read_cache_page_gfp+0x6e/0x90 [ 225.233511] btrfs_read_disk_super+0xdd/0x440 [ 225.233526] btrfs_scan_one_device+0xc6/0x400 [ 225.233541] ? device_list_add+0x8d0/0x8d0 [ 225.233552] ? __free_pages+0x54/0x90 [ 225.233562] ? free_pages+0x46/0x50 [ 225.258400] btrfs_mount+0x2e3/0x2b28 [ 225.258413] ? lock_downgrade+0x740/0x740 [ 225.258422] ? find_held_lock+0x35/0x130 [ 225.258434] ? pcpu_alloc+0x3af/0x1050 [ 225.258449] ? btrfs_remount+0x11f0/0x11f0 [ 225.290191] ? rcu_read_lock_sched_held+0x110/0x130 [ 225.295234] ? __lockdep_init_map+0x10c/0x570 [ 225.299747] mount_fs+0x97/0x2a1 [ 225.303129] vfs_kern_mount.part.0+0x5e/0x3d0 [ 225.307627] ? find_held_lock+0x35/0x130 [ 225.311697] vfs_kern_mount+0x40/0x60 [ 225.315512] btrfs_mount+0x3ce/0x2b28 [ 225.319322] ? lock_downgrade+0x740/0x740 [ 225.323476] ? find_held_lock+0x35/0x130 [ 225.327545] ? pcpu_alloc+0x3af/0x1050 [ 225.331452] ? btrfs_remount+0x11f0/0x11f0 [ 225.335784] ? rcu_read_lock_sched_held+0x110/0x130 [ 225.340826] ? __lockdep_init_map+0x10c/0x570 [ 225.345335] ? __lockdep_init_map+0x10c/0x570 [ 225.349840] mount_fs+0x97/0x2a1 [ 225.353217] vfs_kern_mount.part.0+0x5e/0x3d0 [ 225.357721] do_mount+0x417/0x27d0 [ 225.361272] ? copy_mount_options+0x5c/0x2f0 [ 225.365689] ? rcu_read_lock_sched_held+0x110/0x130 [ 225.370216] XFS (loop4): Invalid superblock magic number [ 225.370711] ? copy_mount_string+0x40/0x40 [ 225.380390] ? copy_mount_options+0x1fe/0x2f0 [ 225.384961] SyS_mount+0xab/0x120 [ 225.388399] ? copy_mnt_ns+0x8c0/0x8c0 [ 225.392307] do_syscall_64+0x1e8/0x640 [ 225.397443] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 225.402288] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 225.407470] RIP: 0033:0x45c4aa [ 225.410642] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 225.418344] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 225.425611] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 225.432864] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 225.440116] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 225.447366] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 225.466016] BTRFS error (device loop0): superblock checksum mismatch [ 225.502781] BTRFS error (device loop0): open_ctree failed 08:15:34 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:34 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, 0x0) 08:15:34 executing program 0 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 228.070357] FAULT_INJECTION: forcing a failure. [ 228.070357] name failslab, interval 1, probability 0, space 0, times 0 [ 228.093937] CPU: 1 PID: 11993 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 228.101011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.110381] Call Trace: [ 228.112992] dump_stack+0x138/0x197 [ 228.116663] should_fail.cold+0x10f/0x159 [ 228.120833] should_failslab+0xdb/0x130 [ 228.124817] kmem_cache_alloc_trace+0x2e9/0x790 [ 228.129496] ? __kmalloc_node+0x51/0x80 [ 228.133487] btrfs_mount+0x1001/0x2b28 [ 228.137399] ? lock_downgrade+0x740/0x740 [ 228.137409] ? find_held_lock+0x35/0x130 [ 228.137420] ? pcpu_alloc+0x3af/0x1050 [ 228.137438] ? btrfs_remount+0x11f0/0x11f0 [ 228.137454] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.158761] ? __lockdep_init_map+0x10c/0x570 [ 228.158784] mount_fs+0x97/0x2a1 [ 228.166635] vfs_kern_mount.part.0+0x5e/0x3d0 [ 228.171138] ? find_held_lock+0x35/0x130 [ 228.175210] vfs_kern_mount+0x40/0x60 [ 228.179010] btrfs_mount+0x3ce/0x2b28 [ 228.179023] ? lock_downgrade+0x740/0x740 [ 228.179032] ? find_held_lock+0x35/0x130 [ 228.179043] ? pcpu_alloc+0x3af/0x1050 [ 228.179061] ? btrfs_remount+0x11f0/0x11f0 [ 228.186997] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.187021] ? __lockdep_init_map+0x10c/0x570 [ 228.187032] ? __lockdep_init_map+0x10c/0x570 [ 228.187046] mount_fs+0x97/0x2a1 [ 228.216534] vfs_kern_mount.part.0+0x5e/0x3d0 08:15:34 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) 08:15:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x0, &(0x7f0000000080)={'tunl0\x00', @ifru_flags}) [ 228.221052] do_mount+0x417/0x27d0 [ 228.224607] ? copy_mount_options+0x5c/0x2f0 [ 228.229030] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.234064] ? copy_mount_string+0x40/0x40 [ 228.238310] ? copy_mount_options+0x1fe/0x2f0 [ 228.238326] SyS_mount+0xab/0x120 [ 228.238335] ? copy_mnt_ns+0x8c0/0x8c0 [ 228.238352] do_syscall_64+0x1e8/0x640 [ 228.238362] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 228.246317] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 228.264109] RIP: 0033:0x45c4aa 08:15:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, 0x0) 08:15:34 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, 0x0) 08:15:35 executing program 2: r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ifreq(0xffffffffffffffff, 0x0, &(0x7f0000000080)={'ip_vti0\x00', @ifru_data=&(0x7f0000000000)="b06f31673d3da2b793d4f9a507e3c9133ba7ce8f5e6e538ecf8829b08f7f4aae"}) ioctl$sock_ifreq(r0, 0x89f1, 0x0) [ 228.267304] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 228.275026] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 228.282321] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 228.289611] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 228.296894] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 228.304175] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:35 executing program 0 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 228.345165] XFS (loop4): Invalid superblock magic number [ 228.430923] FAULT_INJECTION: forcing a failure. [ 228.430923] name failslab, interval 1, probability 0, space 0, times 0 [ 228.447723] CPU: 0 PID: 12037 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 228.454793] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 228.464154] Call Trace: [ 228.466753] dump_stack+0x138/0x197 [ 228.470405] should_fail.cold+0x10f/0x159 [ 228.474576] should_failslab+0xdb/0x130 [ 228.478553] kmem_cache_alloc_trace+0x2e9/0x790 [ 228.483209] ? __kmalloc_node+0x51/0x80 [ 228.487169] btrfs_mount+0x1069/0x2b28 [ 228.491042] ? lock_downgrade+0x740/0x740 [ 228.495172] ? find_held_lock+0x35/0x130 [ 228.499215] ? pcpu_alloc+0x3af/0x1050 [ 228.503092] ? btrfs_remount+0x11f0/0x11f0 [ 228.507334] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.512351] ? __lockdep_init_map+0x10c/0x570 [ 228.516962] mount_fs+0x97/0x2a1 [ 228.520320] vfs_kern_mount.part.0+0x5e/0x3d0 [ 228.524840] ? find_held_lock+0x35/0x130 [ 228.528894] vfs_kern_mount+0x40/0x60 [ 228.532689] btrfs_mount+0x3ce/0x2b28 [ 228.536472] ? lock_downgrade+0x740/0x740 [ 228.540599] ? find_held_lock+0x35/0x130 [ 228.544639] ? pcpu_alloc+0x3af/0x1050 [ 228.548514] ? btrfs_remount+0x11f0/0x11f0 [ 228.552756] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.557767] ? __lockdep_init_map+0x10c/0x570 [ 228.562258] ? __lockdep_init_map+0x10c/0x570 [ 228.566773] mount_fs+0x97/0x2a1 [ 228.570149] vfs_kern_mount.part.0+0x5e/0x3d0 [ 228.574767] do_mount+0x417/0x27d0 [ 228.578301] ? copy_mount_options+0x5c/0x2f0 [ 228.582739] ? rcu_read_lock_sched_held+0x110/0x130 [ 228.587761] ? copy_mount_string+0x40/0x40 [ 228.591983] ? copy_mount_options+0x1fe/0x2f0 [ 228.596466] SyS_mount+0xab/0x120 [ 228.599900] ? copy_mnt_ns+0x8c0/0x8c0 [ 228.603788] do_syscall_64+0x1e8/0x640 [ 228.607656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 228.612497] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 228.617668] RIP: 0033:0x45c4aa [ 228.620849] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 228.628536] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 228.635872] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 228.643124] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 228.650394] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 228.657652] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:37 executing program 2: getxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='trusted.overlay.redirect\x00', &(0x7f0000000140)=""/88, 0x58) r0 = socket(0x42000000015, 0x805, 0x0) getsockopt(r0, 0x114, 0x2716, &(0x7f0000af0fe7)=""/13, &(0x7f0000000000)=0x390) munlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) setsockopt$l2tp_PPPOL2TP_SO_DEBUG(r0, 0x111, 0x1, 0x4, 0x4) syslog(0x4, &(0x7f00000000c0)=""/92, 0x5c) 08:15:37 executing program 4: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d98", 0x82, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:37 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:37 executing program 0 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) [ 231.092718] FAULT_INJECTION: forcing a failure. [ 231.092718] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 231.105621] CPU: 0 PID: 12048 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 231.113355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.122827] Call Trace: [ 231.125436] dump_stack+0x138/0x197 [ 231.129090] should_fail.cold+0x10f/0x159 [ 231.133250] __alloc_pages_nodemask+0x1d6/0x7a0 [ 231.137941] ? fs_reclaim_acquire+0x20/0x20 08:15:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) [ 231.142280] ? __alloc_pages_slowpath+0x2930/0x2930 [ 231.147401] cache_grow_begin+0x80/0x400 [ 231.151484] kmem_cache_alloc_trace+0x6b2/0x790 [ 231.156168] btrfs_mount+0x1001/0x2b28 [ 231.160063] ? lock_downgrade+0x740/0x740 [ 231.164214] ? find_held_lock+0x35/0x130 [ 231.168276] ? pcpu_alloc+0x3af/0x1050 [ 231.172177] ? btrfs_remount+0x11f0/0x11f0 [ 231.176421] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.181443] ? __lockdep_init_map+0x10c/0x570 [ 231.181462] mount_fs+0x97/0x2a1 [ 231.181477] vfs_kern_mount.part.0+0x5e/0x3d0 [ 231.181487] ? find_held_lock+0x35/0x130 [ 231.189431] vfs_kern_mount+0x40/0x60 [ 231.189447] btrfs_mount+0x3ce/0x2b28 [ 231.189458] ? lock_downgrade+0x740/0x740 [ 231.189467] ? find_held_lock+0x35/0x130 [ 231.214806] ? pcpu_alloc+0x3af/0x1050 [ 231.218712] ? btrfs_remount+0x11f0/0x11f0 [ 231.222967] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.228010] ? __lockdep_init_map+0x10c/0x570 [ 231.232517] ? __lockdep_init_map+0x10c/0x570 [ 231.237025] mount_fs+0x97/0x2a1 [ 231.240404] vfs_kern_mount.part.0+0x5e/0x3d0 [ 231.244901] do_mount+0x417/0x27d0 [ 231.248424] ? copy_mount_options+0x5c/0x2f0 [ 231.252822] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.257850] ? copy_mount_string+0x40/0x40 [ 231.262147] ? copy_mount_options+0x1fe/0x2f0 [ 231.266715] SyS_mount+0xab/0x120 [ 231.270167] ? copy_mnt_ns+0x8c0/0x8c0 [ 231.274054] do_syscall_64+0x1e8/0x640 [ 231.277933] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 231.282769] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 231.287943] RIP: 0033:0x45c4aa 08:15:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:38 executing program 2: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f6", 0x57, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) [ 231.291120] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 231.295555] XFS (loop4): Invalid superblock magic number [ 231.298824] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 231.298831] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 231.298837] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 231.298842] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 231.298848] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:38 executing program 4: syslog(0x4, &(0x7f00000000c0)=""/92, 0xffe4) [ 231.359823] BTRFS error (device loop0): superblock checksum mismatch 08:15:38 executing program 4: syslog(0x4, &(0x7f00000000c0)=""/92, 0xffe4) 08:15:38 executing program 4: syslog(0x4, &(0x7f00000000c0)=""/92, 0xffe4) [ 231.404943] XFS (loop2): Invalid superblock magic number [ 231.410806] BTRFS error (device loop0): open_ctree failed 08:15:38 executing program 0 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:38 executing program 2: syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:38 executing program 4: syslog(0x0, &(0x7f00000000c0)=""/92, 0xffe4) [ 231.525133] FAULT_INJECTION: forcing a failure. [ 231.525133] name failslab, interval 1, probability 0, space 0, times 0 [ 231.536392] CPU: 0 PID: 12098 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 231.543400] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 231.543406] Call Trace: [ 231.543422] dump_stack+0x138/0x197 [ 231.543440] should_fail.cold+0x10f/0x159 [ 231.543454] should_failslab+0xdb/0x130 [ 231.543465] kmem_cache_alloc+0x47/0x780 08:15:38 executing program 4: syslog(0x0, &(0x7f00000000c0)=""/92, 0xffe4) [ 231.543485] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 231.543499] __radix_tree_create+0x337/0x4d0 [ 231.543513] page_cache_tree_insert+0xa7/0x2d0 [ 231.581594] ? file_check_and_advance_wb_err+0x380/0x380 [ 231.581608] ? debug_smp_processor_id+0x1c/0x20 [ 231.581625] __add_to_page_cache_locked+0x2ab/0x7e0 [ 231.581635] ? find_lock_entry+0x3f0/0x3f0 [ 231.581647] ? lock_downgrade+0x740/0x740 [ 231.581657] add_to_page_cache_lru+0xf4/0x310 [ 231.581667] ? add_to_page_cache_locked+0x40/0x40 [ 231.581675] ? __page_cache_alloc+0xdd/0x3e0 [ 231.581687] pagecache_get_page+0x1f5/0x750 [ 231.581701] __getblk_gfp+0x24b/0x710 [ 231.581712] ? lru_add_drain_all+0x18/0x20 [ 231.635915] __bread_gfp+0x2e/0x290 [ 231.639554] btrfs_read_dev_one_super+0x9f/0x270 [ 231.644499] btrfs_read_dev_super+0x5d/0xb0 [ 231.648813] ? btrfs_read_dev_one_super+0x270/0x270 [ 231.653838] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 231.658339] __btrfs_open_devices+0x194/0xab0 [ 231.662963] ? check_preemption_disabled+0x3c/0x250 [ 231.668113] ? find_device+0x100/0x100 [ 231.672020] ? btrfs_mount+0x1069/0x2b28 [ 231.676118] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.681128] btrfs_open_devices+0xa4/0xb0 [ 231.685379] btrfs_mount+0x11b4/0x2b28 [ 231.689258] ? lock_downgrade+0x740/0x740 [ 231.693403] ? find_held_lock+0x35/0x130 [ 231.697458] ? pcpu_alloc+0x3af/0x1050 [ 231.701338] ? btrfs_remount+0x11f0/0x11f0 [ 231.705582] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.710608] ? __lockdep_init_map+0x10c/0x570 [ 231.715122] mount_fs+0x97/0x2a1 [ 231.718488] vfs_kern_mount.part.0+0x5e/0x3d0 [ 231.722975] ? find_held_lock+0x35/0x130 [ 231.727020] vfs_kern_mount+0x40/0x60 [ 231.730806] btrfs_mount+0x3ce/0x2b28 [ 231.734596] ? lock_downgrade+0x740/0x740 [ 231.738724] ? find_held_lock+0x35/0x130 [ 231.742773] ? pcpu_alloc+0x3af/0x1050 [ 231.746655] ? btrfs_remount+0x11f0/0x11f0 [ 231.750876] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.755886] ? __lockdep_init_map+0x10c/0x570 [ 231.760363] ? __lockdep_init_map+0x10c/0x570 [ 231.764844] mount_fs+0x97/0x2a1 [ 231.768197] vfs_kern_mount.part.0+0x5e/0x3d0 [ 231.772686] do_mount+0x417/0x27d0 [ 231.776208] ? copy_mount_options+0x5c/0x2f0 [ 231.780623] ? rcu_read_lock_sched_held+0x110/0x130 [ 231.785622] ? copy_mount_string+0x40/0x40 [ 231.789860] ? copy_mount_options+0x1fe/0x2f0 [ 231.794340] SyS_mount+0xab/0x120 [ 231.797862] ? copy_mnt_ns+0x8c0/0x8c0 [ 231.801732] do_syscall_64+0x1e8/0x640 [ 231.805601] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 231.811124] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 231.816297] RIP: 0033:0x45c4aa [ 231.819470] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 231.827163] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 231.834412] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 231.841662] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 231.848912] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 231.856162] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 231.872102] BTRFS error (device loop0): superblock checksum mismatch [ 231.903289] XFS (loop2): Invalid superblock magic number [ 231.921169] BTRFS error (device loop0): open_ctree failed 08:15:40 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:40 executing program 4: syslog(0x0, &(0x7f00000000c0)=""/92, 0xffe4) 08:15:40 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:41 executing program 2: syslog(0x3, &(0x7f00000000c0)=""/92, 0x5c) 08:15:41 executing program 0 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:41 executing program 4: syslog(0x4, 0x0, 0x0) 08:15:41 executing program 4: syslog(0x4, 0x0, 0x0) 08:15:41 executing program 2: syslog(0x3, &(0x7f00000000c0)=""/92, 0x5c) [ 234.367440] FAULT_INJECTION: forcing a failure. [ 234.367440] name failslab, interval 1, probability 0, space 0, times 0 [ 234.389761] CPU: 1 PID: 12135 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 234.396829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 234.406449] Call Trace: [ 234.409055] dump_stack+0x138/0x197 [ 234.412699] should_fail.cold+0x10f/0x159 08:15:41 executing program 2: syslog(0x3, &(0x7f00000000c0)=""/92, 0x5c) 08:15:41 executing program 2: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) [ 234.416962] should_failslab+0xdb/0x130 [ 234.420945] kmem_cache_alloc+0x2d7/0x780 [ 234.425098] ? save_stack_trace+0x16/0x20 [ 234.429251] ? save_stack+0x45/0xd0 [ 234.432889] ? kasan_kmalloc+0xce/0xf0 [ 234.436795] ? kmem_cache_alloc_trace+0x152/0x790 [ 234.441644] ? btrfs_mount+0x1069/0x2b28 [ 234.445709] ? mount_fs+0x97/0x2a1 [ 234.449263] getname_kernel+0x53/0x350 [ 234.453152] kern_path+0x20/0x40 [ 234.456607] lookup_bdev.part.0+0x63/0x160 [ 234.460842] ? blkdev_open+0x260/0x260 08:15:41 executing program 2: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) [ 234.464743] ? btrfs_open_devices+0x27/0xb0 [ 234.469066] blkdev_get_by_path+0x76/0xf0 [ 234.473223] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 234.477731] __btrfs_open_devices+0x194/0xab0 [ 234.482265] ? check_preemption_disabled+0x3c/0x250 [ 234.487292] ? find_device+0x100/0x100 [ 234.491183] ? btrfs_mount+0x1069/0x2b28 [ 234.495256] ? rcu_read_lock_sched_held+0x110/0x130 [ 234.500294] btrfs_open_devices+0xa4/0xb0 [ 234.504445] btrfs_mount+0x11b4/0x2b28 [ 234.508333] ? lock_downgrade+0x740/0x740 [ 234.512561] ? find_held_lock+0x35/0x130 [ 234.516789] ? pcpu_alloc+0x3af/0x1050 [ 234.520669] ? btrfs_remount+0x11f0/0x11f0 [ 234.524949] ? rcu_read_lock_sched_held+0x110/0x130 [ 234.529966] ? __lockdep_init_map+0x10c/0x570 [ 234.534451] mount_fs+0x97/0x2a1 [ 234.537801] vfs_kern_mount.part.0+0x5e/0x3d0 [ 234.542275] ? find_held_lock+0x35/0x130 [ 234.546315] vfs_kern_mount+0x40/0x60 [ 234.550109] btrfs_mount+0x3ce/0x2b28 [ 234.553892] ? lock_downgrade+0x740/0x740 [ 234.558031] ? find_held_lock+0x35/0x130 [ 234.562087] ? pcpu_alloc+0x3af/0x1050 [ 234.565970] ? btrfs_remount+0x11f0/0x11f0 [ 234.570212] ? rcu_read_lock_sched_held+0x110/0x130 [ 234.575217] ? __lockdep_init_map+0x10c/0x570 [ 234.579696] ? __lockdep_init_map+0x10c/0x570 [ 234.584177] mount_fs+0x97/0x2a1 [ 234.587528] vfs_kern_mount.part.0+0x5e/0x3d0 [ 234.592021] do_mount+0x417/0x27d0 [ 234.595554] ? copy_mount_options+0x5c/0x2f0 [ 234.599949] ? rcu_read_lock_sched_held+0x110/0x130 [ 234.604953] ? copy_mount_string+0x40/0x40 [ 234.609169] ? copy_mount_options+0x1fe/0x2f0 [ 234.613648] SyS_mount+0xab/0x120 [ 234.617081] ? copy_mnt_ns+0x8c0/0x8c0 [ 234.620955] do_syscall_64+0x1e8/0x640 [ 234.624833] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 234.629671] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 234.634850] RIP: 0033:0x45c4aa [ 234.638021] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 234.646058] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 234.653374] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 234.660655] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 234.667906] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 234.675168] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:43 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:43 executing program 2: syslog(0x0, &(0x7f00000000c0)=""/92, 0x5c) 08:15:43 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:44 executing program 4: syslog(0x4, 0x0, 0x0) 08:15:44 executing program 0 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:44 executing program 2: syslog(0x3, 0x0, 0x0) [ 237.382893] FAULT_INJECTION: forcing a failure. [ 237.382893] name failslab, interval 1, probability 0, space 0, times 0 [ 237.414462] CPU: 1 PID: 12176 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 237.421535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 08:15:44 executing program 4: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x18}}, 0x10) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000140)='sit0\x00\x01\x00\x00\x00\x00\x00@\x00', 0xc2) sendmmsg$inet(r0, &(0x7f0000003b40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000001940)="a5", 0x1}], 0x1}}], 0x1, 0x0) 08:15:44 executing program 4: socket$inet(0x2, 0x4000000000000001, 0x0) r0 = socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_generic(r0, &(0x7f0000005000)={&(0x7f0000000540)={0x10, 0xf0ffffff00000f00}, 0xc, &(0x7f0000000240)={&(0x7f0000000180)={0x48, 0x14, 0x207, 0x0, 0x0, {0x2, 0xf0ffff, 0x600}}, 0xfd79}}, 0x0) [ 237.430903] Call Trace: [ 237.433499] dump_stack+0x138/0x197 [ 237.437139] should_fail.cold+0x10f/0x159 [ 237.441296] should_failslab+0xdb/0x130 [ 237.445288] kmem_cache_alloc+0x2d7/0x780 [ 237.449445] ? add_to_page_cache_lru+0x159/0x310 [ 237.454213] ? add_to_page_cache_locked+0x40/0x40 [ 237.459070] alloc_buffer_head+0x24/0xe0 [ 237.463148] alloc_page_buffers+0xb7/0x200 [ 237.467393] __getblk_gfp+0x342/0x710 [ 237.471202] ? lru_add_drain_all+0x18/0x20 [ 237.475475] __bread_gfp+0x2e/0x290 08:15:44 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x907, 0x1) ioctl$USBDEVFS_SETINTERFACE(r0, 0x4004550c, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) tkill(r1, 0x3000000000016) [ 237.479116] btrfs_read_dev_one_super+0x9f/0x270 [ 237.483882] btrfs_read_dev_super+0x5d/0xb0 [ 237.488222] ? btrfs_read_dev_one_super+0x270/0x270 [ 237.493251] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 237.497756] __btrfs_open_devices+0x194/0xab0 [ 237.502264] ? check_preemption_disabled+0x3c/0x250 [ 237.507290] ? find_device+0x100/0x100 [ 237.511195] ? btrfs_mount+0x1069/0x2b28 [ 237.515261] ? rcu_read_lock_sched_held+0x110/0x130 [ 237.520273] btrfs_open_devices+0xa4/0xb0 [ 237.524421] btrfs_mount+0x11b4/0x2b28 [ 237.528290] ? lock_downgrade+0x740/0x740 [ 237.532641] ? find_held_lock+0x35/0x130 [ 237.536701] ? pcpu_alloc+0x3af/0x1050 [ 237.540579] ? btrfs_remount+0x11f0/0x11f0 [ 237.544801] ? rcu_read_lock_sched_held+0x110/0x130 [ 237.549803] ? __lockdep_init_map+0x10c/0x570 [ 237.554304] mount_fs+0x97/0x2a1 [ 237.557668] vfs_kern_mount.part.0+0x5e/0x3d0 [ 237.562277] ? find_held_lock+0x35/0x130 [ 237.566341] vfs_kern_mount+0x40/0x60 [ 237.570147] btrfs_mount+0x3ce/0x2b28 [ 237.573949] ? lock_downgrade+0x740/0x740 [ 237.578105] ? find_held_lock+0x35/0x130 08:15:44 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x907, 0x1) ioctl$USBDEVFS_SETINTERFACE(r0, 0x4004550c, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) tkill(r1, 0x3000000000016) [ 237.582169] ? pcpu_alloc+0x3af/0x1050 [ 237.586061] ? btrfs_remount+0x11f0/0x11f0 [ 237.590290] ? rcu_read_lock_sched_held+0x110/0x130 [ 237.590309] ? __lockdep_init_map+0x10c/0x570 [ 237.590320] ? __lockdep_init_map+0x10c/0x570 [ 237.590335] mount_fs+0x97/0x2a1 [ 237.590349] vfs_kern_mount.part.0+0x5e/0x3d0 [ 237.590362] do_mount+0x417/0x27d0 [ 237.590372] ? copy_mount_options+0x5c/0x2f0 [ 237.590381] ? rcu_read_lock_sched_held+0x110/0x130 [ 237.590392] ? copy_mount_string+0x40/0x40 [ 237.590405] ? copy_mount_options+0x1fe/0x2f0 [ 237.637694] SyS_mount+0xab/0x120 [ 237.641138] ? copy_mnt_ns+0x8c0/0x8c0 [ 237.645029] do_syscall_64+0x1e8/0x640 [ 237.648896] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 237.653736] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 237.658925] RIP: 0033:0x45c4aa [ 237.662112] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 237.669813] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 237.677086] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:15:44 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x907, 0x1) ioctl$USBDEVFS_SETINTERFACE(r0, 0x4004550c, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) tkill(r1, 0x3000000000016) [ 237.684533] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 237.691807] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 237.691812] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 237.715324] BTRFS error (device loop0): superblock checksum mismatch [ 237.770282] BTRFS error (device loop0): open_ctree failed 08:15:46 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:46 executing program 2: syslog(0x3, 0x0, 0x0) 08:15:46 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:46 executing program 4: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x907, 0x1) ioctl$USBDEVFS_SETINTERFACE(r0, 0x4004550c, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) tkill(r1, 0x3000000000016) 08:15:46 executing program 0 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:46 executing program 2: syslog(0x3, 0x0, 0x0) 08:15:46 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:46 executing program 2: r0 = syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x907, 0x1) ioctl$USBDEVFS_SETINTERFACE(r0, 0x4004550c, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000044000)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0) tkill(r1, 0x3000000000016) [ 240.243954] FAULT_INJECTION: forcing a failure. [ 240.243954] name failslab, interval 1, probability 0, space 0, times 0 [ 240.263244] CPU: 0 PID: 12225 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 240.270324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 240.279676] Call Trace: [ 240.279696] dump_stack+0x138/0x197 [ 240.279713] should_fail.cold+0x10f/0x159 08:15:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 240.279730] should_failslab+0xdb/0x130 [ 240.279743] kmem_cache_alloc+0x2d7/0x780 [ 240.279753] ? save_stack_trace+0x16/0x20 [ 240.279760] ? save_stack+0x45/0xd0 [ 240.279767] ? kasan_kmalloc+0xce/0xf0 [ 240.279775] ? kmem_cache_alloc_trace+0x152/0x790 [ 240.279785] ? btrfs_mount+0x1069/0x2b28 [ 240.279792] ? mount_fs+0x97/0x2a1 [ 240.279803] getname_kernel+0x53/0x350 [ 240.279814] kern_path+0x20/0x40 [ 240.279824] lookup_bdev.part.0+0x63/0x160 [ 240.279832] ? blkdev_open+0x260/0x260 [ 240.279841] ? btrfs_open_devices+0x27/0xb0 08:15:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 240.279852] blkdev_get_by_path+0x76/0xf0 [ 240.279863] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 240.279875] __btrfs_open_devices+0x194/0xab0 [ 240.279886] ? check_preemption_disabled+0x3c/0x250 [ 240.279900] ? find_device+0x100/0x100 [ 240.279907] ? btrfs_mount+0x1069/0x2b28 [ 240.279917] ? rcu_read_lock_sched_held+0x110/0x130 [ 240.279932] btrfs_open_devices+0xa4/0xb0 [ 240.279944] btrfs_mount+0x11b4/0x2b28 [ 240.279953] ? lock_downgrade+0x740/0x740 [ 240.279961] ? find_held_lock+0x35/0x130 08:15:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 240.279971] ? pcpu_alloc+0x3af/0x1050 [ 240.279987] ? btrfs_remount+0x11f0/0x11f0 [ 240.280002] ? rcu_read_lock_sched_held+0x110/0x130 [ 240.280019] ? __lockdep_init_map+0x10c/0x570 [ 240.280033] mount_fs+0x97/0x2a1 [ 240.280047] vfs_kern_mount.part.0+0x5e/0x3d0 [ 240.280055] ? find_held_lock+0x35/0x130 [ 240.280067] vfs_kern_mount+0x40/0x60 [ 240.280079] btrfs_mount+0x3ce/0x2b28 [ 240.280089] ? lock_downgrade+0x740/0x740 [ 240.280096] ? find_held_lock+0x35/0x130 [ 240.280105] ? pcpu_alloc+0x3af/0x1050 [ 240.280122] ? btrfs_remount+0x11f0/0x11f0 [ 240.280136] ? rcu_read_lock_sched_held+0x110/0x130 [ 240.280154] ? __lockdep_init_map+0x10c/0x570 [ 240.280164] ? __lockdep_init_map+0x10c/0x570 [ 240.299749] mount_fs+0x97/0x2a1 [ 240.299768] vfs_kern_mount.part.0+0x5e/0x3d0 [ 240.299782] do_mount+0x417/0x27d0 [ 240.327744] ? copy_mount_options+0x5c/0x2f0 [ 240.327758] ? rcu_read_lock_sched_held+0x110/0x130 [ 240.327771] ? copy_mount_string+0x40/0x40 [ 240.327784] ? copy_mount_options+0x1fe/0x2f0 [ 240.356683] SyS_mount+0xab/0x120 [ 240.356694] ? copy_mnt_ns+0x8c0/0x8c0 [ 240.356707] do_syscall_64+0x1e8/0x640 [ 240.356718] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 240.374767] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 240.428241] RIP: 0033:0x45c4aa [ 240.428247] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 240.428259] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 240.449543] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 240.449549] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 240.449555] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 240.449561] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:49 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:49 executing program 2: 08:15:49 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, 0x0, 0x0, 0x0) 08:15:49 executing program 0 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:49 executing program 4: 08:15:49 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:49 executing program 2: 08:15:49 executing program 4: 08:15:49 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, 0x0, 0x0, 0x0) 08:15:49 executing program 2: 08:15:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(0x0, 0x38) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, 0x0, 0x0, 0x0) [ 243.288262] FAULT_INJECTION: forcing a failure. [ 243.288262] name failslab, interval 1, probability 0, space 0, times 0 08:15:50 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 243.378124] CPU: 0 PID: 12264 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 243.385257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 243.394626] Call Trace: [ 243.397239] dump_stack+0x138/0x197 [ 243.400893] should_fail.cold+0x10f/0x159 [ 243.405066] should_failslab+0xdb/0x130 [ 243.409067] kmem_cache_alloc_trace+0x2e9/0x790 [ 243.413755] ? lock_downgrade+0x740/0x740 [ 243.417931] ? tracefs_initialized+0x20/0x20 [ 243.422350] sget_userns+0xfe/0xc30 [ 243.426040] ? btrfs_parse_early_options+0x310/0x310 [ 243.431130] ? btrfs_parse_early_options+0x310/0x310 [ 243.436257] ? tracefs_initialized+0x20/0x20 [ 243.440650] ? tracefs_initialized+0x20/0x20 [ 243.445066] ? btrfs_parse_early_options+0x310/0x310 [ 243.450150] sget+0xd6/0x120 [ 243.453153] ? mutex_unlock+0xd/0x10 [ 243.456894] btrfs_mount+0x1274/0x2b28 [ 243.460762] ? lock_downgrade+0x740/0x740 [ 243.464934] ? find_held_lock+0x35/0x130 [ 243.468978] ? pcpu_alloc+0x3af/0x1050 [ 243.474604] ? btrfs_remount+0x11f0/0x11f0 [ 243.478823] ? rcu_read_lock_sched_held+0x110/0x130 [ 243.483867] ? __lockdep_init_map+0x10c/0x570 [ 243.488347] mount_fs+0x97/0x2a1 [ 243.491699] vfs_kern_mount.part.0+0x5e/0x3d0 [ 243.496173] ? find_held_lock+0x35/0x130 [ 243.500218] vfs_kern_mount+0x40/0x60 [ 243.504007] btrfs_mount+0x3ce/0x2b28 [ 243.507789] ? lock_downgrade+0x740/0x740 [ 243.511914] ? find_held_lock+0x35/0x130 [ 243.515963] ? pcpu_alloc+0x3af/0x1050 [ 243.519851] ? btrfs_remount+0x11f0/0x11f0 [ 243.524078] ? rcu_read_lock_sched_held+0x110/0x130 [ 243.529085] ? __lockdep_init_map+0x10c/0x570 [ 243.533600] ? __lockdep_init_map+0x10c/0x570 [ 243.538110] mount_fs+0x97/0x2a1 [ 243.541468] vfs_kern_mount.part.0+0x5e/0x3d0 [ 243.545975] do_mount+0x417/0x27d0 [ 243.549505] ? copy_mount_options+0x5c/0x2f0 [ 243.553908] ? rcu_read_lock_sched_held+0x110/0x130 [ 243.558945] ? copy_mount_string+0x40/0x40 [ 243.563167] ? copy_mount_options+0x1fe/0x2f0 [ 243.567661] SyS_mount+0xab/0x120 [ 243.571140] ? copy_mnt_ns+0x8c0/0x8c0 [ 243.575014] do_syscall_64+0x1e8/0x640 [ 243.578927] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 243.583801] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 243.588969] RIP: 0033:0x45c4aa [ 243.592138] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 243.599828] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 243.607086] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 243.614356] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 243.621614] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 243.628875] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:53 executing program 4: 08:15:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:53 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:53 executing program 2: 08:15:53 executing program 0 (fault-call:0 fault-nth:82): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:53 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:53 executing program 4: 08:15:53 executing program 2: 08:15:53 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:53 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:53 executing program 2: [ 246.398338] FAULT_INJECTION: forcing a failure. [ 246.398338] name failslab, interval 1, probability 0, space 0, times 0 [ 246.496100] CPU: 1 PID: 12309 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 246.503166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 246.503172] Call Trace: [ 246.503190] dump_stack+0x138/0x197 [ 246.503207] should_fail.cold+0x10f/0x159 [ 246.503224] should_failslab+0xdb/0x130 [ 246.503235] kmem_cache_alloc_trace+0x2e9/0x790 [ 246.503246] ? lock_downgrade+0x740/0x740 [ 246.503261] ? tracefs_initialized+0x20/0x20 [ 246.503270] sget_userns+0xfe/0xc30 [ 246.503280] ? btrfs_parse_early_options+0x310/0x310 [ 246.503291] ? btrfs_parse_early_options+0x310/0x310 [ 246.503301] ? tracefs_initialized+0x20/0x20 [ 246.503310] ? tracefs_initialized+0x20/0x20 [ 246.503317] ? btrfs_parse_early_options+0x310/0x310 [ 246.503326] sget+0xd6/0x120 [ 246.523035] ? mutex_unlock+0xd/0x10 [ 246.523053] btrfs_mount+0x1274/0x2b28 [ 246.523063] ? lock_downgrade+0x740/0x740 [ 246.523070] ? find_held_lock+0x35/0x130 [ 246.523080] ? pcpu_alloc+0x3af/0x1050 [ 246.523095] ? btrfs_remount+0x11f0/0x11f0 [ 246.523110] ? rcu_read_lock_sched_held+0x110/0x130 [ 246.523126] ? __lockdep_init_map+0x10c/0x570 [ 246.535905] mount_fs+0x97/0x2a1 [ 246.535921] vfs_kern_mount.part.0+0x5e/0x3d0 [ 246.549039] ? find_held_lock+0x35/0x130 [ 246.549055] vfs_kern_mount+0x40/0x60 [ 246.623364] btrfs_mount+0x3ce/0x2b28 [ 246.627161] ? lock_downgrade+0x740/0x740 [ 246.631297] ? find_held_lock+0x35/0x130 [ 246.635372] ? pcpu_alloc+0x3af/0x1050 [ 246.639263] ? btrfs_remount+0x11f0/0x11f0 [ 246.643486] ? rcu_read_lock_sched_held+0x110/0x130 [ 246.648490] ? __lockdep_init_map+0x10c/0x570 [ 246.652975] ? __lockdep_init_map+0x10c/0x570 [ 246.657628] mount_fs+0x97/0x2a1 [ 246.660980] vfs_kern_mount.part.0+0x5e/0x3d0 [ 246.665459] do_mount+0x417/0x27d0 [ 246.668991] ? copy_mount_options+0x5c/0x2f0 [ 246.675046] ? rcu_read_lock_sched_held+0x110/0x130 [ 246.680236] ? copy_mount_string+0x40/0x40 [ 246.684460] ? copy_mount_options+0x1fe/0x2f0 [ 246.688944] SyS_mount+0xab/0x120 [ 246.692381] ? copy_mnt_ns+0x8c0/0x8c0 [ 246.696251] do_syscall_64+0x1e8/0x640 [ 246.700126] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 246.704965] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 246.710144] RIP: 0033:0x45c4aa [ 246.713324] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 246.721026] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 246.728306] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 246.735630] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 246.742896] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 246.750185] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:56 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:56 executing program 4: 08:15:56 executing program 2: 08:15:56 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) 08:15:56 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:56 executing program 0 (fault-call:0 fault-nth:83): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:56 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3f) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 08:15:56 executing program 4: r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x601, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, @gretap={{0xc, 0x1, 'gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_IFLAGS={0x8, 0x3, 0xa8ab}]]}}}]}, 0x3c}}, 0x0) [ 249.387555] FAULT_INJECTION: forcing a failure. [ 249.387555] name failslab, interval 1, probability 0, space 0, times 0 [ 249.410939] CPU: 1 PID: 12343 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 249.418005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 249.427352] Call Trace: [ 249.427369] dump_stack+0x138/0x197 [ 249.427387] should_fail.cold+0x10f/0x159 [ 249.437722] ? __lock_is_held+0xb6/0x140 [ 249.441789] ? mempool_free+0x1d0/0x1d0 [ 249.445763] should_failslab+0xdb/0x130 [ 249.445778] kmem_cache_alloc+0x47/0x780 [ 249.445794] ? mempool_free+0x1d0/0x1d0 [ 249.445805] mempool_alloc_slab+0x47/0x60 [ 249.457786] mempool_alloc+0x138/0x300 [ 249.467809] ? __find_get_block+0x5c4/0xb10 [ 249.472140] ? remove_element.isra.0+0x1b0/0x1b0 [ 249.476896] ? mark_held_locks+0xb1/0x100 [ 249.476908] ? save_trace+0x290/0x290 [ 249.476919] ? trace_hardirqs_on_caller+0x400/0x590 [ 249.476933] bio_alloc_bioset+0x368/0x680 [ 249.489961] ? bvec_alloc+0x2e0/0x2e0 [ 249.497887] ? __getblk_gfp+0x5c/0x710 [ 249.501786] submit_bh_wbc+0xf6/0x720 [ 249.505596] __bread_gfp+0x106/0x290 [ 249.509319] btrfs_read_dev_one_super+0x9f/0x270 [ 249.514085] btrfs_read_dev_super+0x5d/0xb0 [ 249.518420] ? btrfs_read_dev_one_super+0x270/0x270 [ 249.523535] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 249.528036] __btrfs_open_devices+0x194/0xab0 [ 249.532541] ? check_preemption_disabled+0x3c/0x250 [ 249.537564] ? find_device+0x100/0x100 [ 249.541450] ? btrfs_mount+0x1069/0x2b28 [ 249.541464] ? rcu_read_lock_sched_held+0x110/0x130 [ 249.541479] btrfs_open_devices+0xa4/0xb0 [ 249.550563] btrfs_mount+0x11b4/0x2b28 [ 249.550576] ? lock_downgrade+0x740/0x740 [ 249.550584] ? find_held_lock+0x35/0x130 [ 249.550593] ? pcpu_alloc+0x3af/0x1050 [ 249.550611] ? btrfs_remount+0x11f0/0x11f0 [ 249.575017] ? rcu_read_lock_sched_held+0x110/0x130 [ 249.580061] ? __lockdep_init_map+0x10c/0x570 [ 249.584571] mount_fs+0x97/0x2a1 [ 249.587957] vfs_kern_mount.part.0+0x5e/0x3d0 [ 249.592455] ? find_held_lock+0x35/0x130 [ 249.592471] vfs_kern_mount+0x40/0x60 [ 249.592483] btrfs_mount+0x3ce/0x2b28 [ 249.592493] ? lock_downgrade+0x740/0x740 [ 249.592503] ? find_held_lock+0x35/0x130 [ 249.600353] ? pcpu_alloc+0x3af/0x1050 [ 249.600370] ? btrfs_remount+0x11f0/0x11f0 [ 249.600386] ? rcu_read_lock_sched_held+0x110/0x130 [ 249.600407] ? __lockdep_init_map+0x10c/0x570 [ 249.630556] ? __lockdep_init_map+0x10c/0x570 [ 249.635076] mount_fs+0x97/0x2a1 [ 249.638493] vfs_kern_mount.part.0+0x5e/0x3d0 [ 249.643008] do_mount+0x417/0x27d0 [ 249.646565] ? copy_mount_options+0x5c/0x2f0 [ 249.650990] ? rcu_read_lock_sched_held+0x110/0x130 [ 249.656103] ? copy_mount_string+0x40/0x40 [ 249.660354] ? copy_mount_options+0x1fe/0x2f0 [ 249.664865] SyS_mount+0xab/0x120 [ 249.668325] ? copy_mnt_ns+0x8c0/0x8c0 [ 249.672220] do_syscall_64+0x1e8/0x640 [ 249.676115] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 249.680969] entry_SYSCALL_64_after_hwframe+0x42/0xb7 08:15:56 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000001ffc382ebd5e5bc53ab81262c0e6657c9145d1296714af248d32825ef82b6734e5a38b13b2a46b2896069e668e8af31c3e8132551000381668850a81eeb9a2f641de9e0242cef3fe27cf3d66e7e95c0ae2e1d388e12f7a1d12d335f13fb31f86c7f35eba437b058cc620229d7839683afcd80a204fc04a0242b49ff12289013cbf84707dc92051a5b19b1c7aa64501f2ec145d5db86598e85d7ee97c8cc0a2d7bc47c3bb8c96e466d3ba2aedf6639bc5228b0e1b3140c6c0f8cd6dceece8dc3ff9c7927d6b2bcdceb600000000000000000000000000001300"/236], 0x8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 08:15:56 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3f) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 08:15:56 executing program 2: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000140)=0x14) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newqdisc={0x24, 0x24, 0xfed3136079240de5, 0x0, 0x0, {0x0, r2, {0x0, 0xf}, {0x0, 0xf}}}, 0x24}}, 0x0) [ 249.686167] RIP: 0033:0x45c4aa [ 249.689363] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 249.697080] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 249.704390] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 249.711666] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 249.718945] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 249.726220] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:56 executing program 1: clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 249.752775] ptrace attach of "/root/syz-executor.1"[12370] was attempted by "/root/syz-executor.1"[12372] [ 249.779434] BTRFS error (device loop0): superblock checksum mismatch [ 249.830419] BTRFS error (device loop0): open_ctree failed 08:15:59 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:59 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(0x0, 0x3f) ptrace$cont(0x18, 0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, 0x0, 0x0, 0x0) 08:15:59 executing program 1: clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:59 executing program 2: socket$inet6_tcp(0xa, 0x1, 0x0) syz_mount_image$xfs(&(0x7f00000000c0)='xfs\x00', &(0x7f0000000140)='./file0\x00', 0x0, 0x2, &(0x7f0000000400)=[{0x0, 0x0, 0x200}, {&(0x7f0000000500)="7458e3466e5112c7629c22d2763e312268eb22c10619ce93c333a018152dd89c605b7d65fc1bb61d95fdac35db3b52a261b590458fb5615f3a52988ac3381a184e1d3d296ac3ee78d68db545a4f04ce423997c69dc89f67afcb29c9c4d2de2b5dbee32028df69f8c760261947996e92e14ba22a790c02d608ba9bdcb3d2f07f34d9814033fe3de183dd8e700169a8b4f3fde0b26f384c6a79817b1c983fbedf6316bca41bba970ca3552ef1913", 0xad, 0x5}], 0x0, &(0x7f0000000200)={[{@inode32='inode32'}, {@nodiscard='nodiscard'}]}) 08:15:59 executing program 0 (fault-call:0 fault-nth:84): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:15:59 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000001ffc382ebd5e5bc53ab81262c0e6657c9145d1296714af248d32825ef82b6734e5a38b13b2a46b2896069e668e8af31c3e8132551000381668850a81eeb9a2f641de9e0242cef3fe27cf3d66e7e95c0ae2e1d388e12f7a1d12d335f13fb31f86c7f35eba437b058cc620229d7839683afcd80a204fc04a0242b49ff12289013cbf84707dc92051a5b19b1c7aa64501f2ec145d5db86598e85d7ee97c8cc0a2d7bc47c3bb8c96e466d3ba2aedf6639bc5228b0e1b3140c6c0f8cd6dceece8dc3ff9c7927d6b2bcdceb600000000000000000000000000001300"/236], 0x8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 08:15:59 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 252.498505] ptrace attach of "/root/syz-executor.1"[12389] was attempted by "/root/syz-executor.1"[12393] [ 252.515889] FAULT_INJECTION: forcing a failure. [ 252.515889] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 252.527745] CPU: 0 PID: 12394 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 252.534773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 252.544140] Call Trace: [ 252.546747] dump_stack+0x138/0x197 [ 252.550397] should_fail.cold+0x10f/0x159 [ 252.554563] __alloc_pages_nodemask+0x1d6/0x7a0 [ 252.559245] ? fs_reclaim_acquire+0x20/0x20 [ 252.563589] ? __alloc_pages_slowpath+0x2930/0x2930 [ 252.568628] cache_grow_begin+0x80/0x400 [ 252.572706] kmem_cache_alloc_trace+0x6b2/0x790 [ 252.577397] ? lock_downgrade+0x740/0x740 [ 252.581659] ? tracefs_initialized+0x20/0x20 [ 252.586080] sget_userns+0xfe/0xc30 [ 252.589717] ? btrfs_parse_early_options+0x310/0x310 [ 252.594847] ? btrfs_parse_early_options+0x310/0x310 [ 252.600658] ? tracefs_initialized+0x20/0x20 [ 252.605085] ? tracefs_initialized+0x20/0x20 [ 252.609505] ? btrfs_parse_early_options+0x310/0x310 [ 252.614615] sget+0xd6/0x120 [ 252.617643] ? mutex_unlock+0xd/0x10 [ 252.621403] btrfs_mount+0x1274/0x2b28 [ 252.625302] ? lock_downgrade+0x740/0x740 [ 252.629458] ? find_held_lock+0x35/0x130 [ 252.630197] ptrace attach of "/root/syz-executor.1"[12408] was attempted by "/root/syz-executor.1"[12409] [ 252.635426] ? pcpu_alloc+0x3af/0x1050 [ 252.635451] ? btrfs_remount+0x11f0/0x11f0 [ 252.635467] ? rcu_read_lock_sched_held+0x110/0x130 [ 252.635484] ? __lockdep_init_map+0x10c/0x570 [ 252.669482] mount_fs+0x97/0x2a1 [ 252.672866] vfs_kern_mount.part.0+0x5e/0x3d0 [ 252.677400] ? find_held_lock+0x35/0x130 [ 252.681497] vfs_kern_mount+0x40/0x60 [ 252.685304] btrfs_mount+0x3ce/0x2b28 [ 252.689112] ? lock_downgrade+0x740/0x740 [ 252.693300] ? find_held_lock+0x35/0x130 [ 252.697371] ? pcpu_alloc+0x3af/0x1050 [ 252.701273] ? btrfs_remount+0x11f0/0x11f0 [ 252.705522] ? rcu_read_lock_sched_held+0x110/0x130 [ 252.710566] ? __lockdep_init_map+0x10c/0x570 [ 252.715075] ? __lockdep_init_map+0x10c/0x570 [ 252.719586] mount_fs+0x97/0x2a1 [ 252.722978] vfs_kern_mount.part.0+0x5e/0x3d0 [ 252.727488] do_mount+0x417/0x27d0 [ 252.731037] ? copy_mount_options+0x5c/0x2f0 [ 252.735454] ? rcu_read_lock_sched_held+0x110/0x130 [ 252.741030] ? copy_mount_string+0x40/0x40 [ 252.745278] ? copy_mount_options+0x1fe/0x2f0 [ 252.749819] SyS_mount+0xab/0x120 [ 252.753277] ? copy_mnt_ns+0x8c0/0x8c0 [ 252.757173] do_syscall_64+0x1e8/0x640 [ 252.761065] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 252.766201] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 252.771660] RIP: 0033:0x45c4aa [ 252.774851] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 252.782567] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 252.789842] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:15:59 executing program 1: clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:59 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:59 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 252.797117] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 252.804430] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 252.811797] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 08:15:59 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:15:59 executing program 3: r0 = getpgid(0x0) prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3f) ptrace$cont(0x18, r1, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r1, 0x0, 0x0) [ 252.900457] XFS (loop2): Invalid superblock magic number [ 252.906308] BTRFS error (device loop0): superblock checksum mismatch [ 252.975020] BTRFS error (device loop0): open_ctree failed 08:16:02 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 08:16:02 executing program 3: getpgid(0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) 08:16:02 executing program 2: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 08:16:02 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) 08:16:02 executing program 0 (fault-call:0 fault-nth:85): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x9, 0x0) 08:16:02 executing program 4: r0 = socket$inet6(0xa, 0x3, 0x3) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_opts(r0, 0x29, 0x36, &(0x7f0000000300)=ANY=[@ANYBLOB="00000000000000001ffc382ebd5e5bc53ab81262c0e6657c9145d1296714af248d32825ef82b6734e5a38b13b2a46b2896069e668e8af31c3e8132551000381668850a81eeb9a2f641de9e0242cef3fe27cf3d66e7e95c0ae2e1d388e12f7a1d12d335f13fb31f86c7f35eba437b058cc620229d7839683afcd80a204fc04a0242b49ff12289013cbf84707dc92051a5b19b1c7aa64501f2ec145d5db86598e85d7ee97c8cc0a2d7bc47c3bb8c96e466d3ba2aedf6639bc5228b0e1b3140c6c0f8cd6dceece8dc3ff9c7927d6b2bcdceb600000000000000000000000000001300"/236], 0x8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 08:16:02 executing program 3: getpgid(0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 255.517853] ptrace attach of "/root/syz-executor.3"[12442] was attempted by "/root/syz-executor.3"[12445] [ 255.543135] FAULT_INJECTION: forcing a failure. [ 255.543135] name failslab, interval 1, probability 0, space 0, times 0 [ 255.591232] CPU: 1 PID: 12447 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 255.598658] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.608027] Call Trace: [ 255.610719] dump_stack+0x138/0x197 [ 255.614387] should_fail.cold+0x10f/0x159 [ 255.625500] should_failslab+0xdb/0x130 [ 255.629488] __kmalloc+0x2f0/0x7a0 [ 255.633044] ? lock_downgrade+0x740/0x740 [ 255.637207] ? register_shrinker+0xbd/0x220 [ 255.641540] register_shrinker+0xbd/0x220 [ 255.646128] sget_userns+0x9bf/0xc30 [ 255.649846] ? btrfs_parse_early_options+0x310/0x310 [ 255.654969] ? tracefs_initialized+0x20/0x20 [ 255.659502] ? tracefs_initialized+0x20/0x20 [ 255.663919] ? btrfs_parse_early_options+0x310/0x310 [ 255.669031] sget+0xd6/0x120 [ 255.672053] ? mutex_unlock+0xd/0x10 [ 255.675785] btrfs_mount+0x1274/0x2b28 [ 255.679684] ? lock_downgrade+0x740/0x740 [ 255.683856] ? find_held_lock+0x35/0x130 [ 255.688097] ? pcpu_alloc+0x3af/0x1050 08:16:02 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 255.692012] ? btrfs_remount+0x11f0/0x11f0 [ 255.696262] ? rcu_read_lock_sched_held+0x110/0x130 [ 255.701297] ? __lockdep_init_map+0x10c/0x570 [ 255.706767] mount_fs+0x97/0x2a1 [ 255.710149] vfs_kern_mount.part.0+0x5e/0x3d0 [ 255.715553] ? find_held_lock+0x35/0x130 [ 255.719636] vfs_kern_mount+0x40/0x60 [ 255.723472] btrfs_mount+0x3ce/0x2b28 [ 255.727285] ? lock_downgrade+0x740/0x740 [ 255.731444] ? find_held_lock+0x35/0x130 [ 255.735510] ? pcpu_alloc+0x3af/0x1050 08:16:02 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x802102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) shmctl$IPC_INFO(0x0, 0x3, &(0x7f00000000c0)=""/99) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0x0, 0x1, 0x13d}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) prlimit64(0x0, 0x0, &(0x7f0000000000)={0xf37, 0x3}, 0x0) ptrace$cont(0x9, r0, 0x0, 0x0) [ 255.739437] ? btrfs_remount+0x11f0/0x11f0 [ 255.743733] ? rcu_read_lock_sched_held+0x110/0x130 [ 255.748768] ? __lockdep_init_map+0x10c/0x570 [ 255.753276] ? __lockdep_init_map+0x10c/0x570 [ 255.757787] mount_fs+0x97/0x2a1 [ 255.761177] vfs_kern_mount.part.0+0x5e/0x3d0 [ 255.765678] do_mount+0x417/0x27d0 [ 255.769220] ? copy_mount_options+0x5c/0x2f0 [ 255.773640] ? rcu_read_lock_sched_held+0x110/0x130 [ 255.778665] ? copy_mount_string+0x40/0x40 [ 255.783030] ? copy_mount_options+0x1fe/0x2f0 [ 255.783044] SyS_mount+0xab/0x120 [ 255.790977] ? copy_mnt_ns+0x8c0/0x8c0 [ 255.790992] do_syscall_64+0x1e8/0x640 [ 255.791002] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 255.791019] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 255.791028] RIP: 0033:0x45c4aa [ 255.791033] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 255.791042] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 255.791048] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 08:16:02 executing program 3: getpgid(0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 255.791053] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 255.791058] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 255.791063] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 255.802507] ptrace attach of "/root/syz-executor.3"[12465] was attempted by "/root/syz-executor.3"[12466] 08:16:02 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0x0) clone(0x802102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3f) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f00000000c0)={[], 0x0, 0x0, 0xc, 0x0, 0x7}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x1f, r0, 0x0, 0x0) [ 255.894463] ptrace attach of "/root/syz-executor.3"[12471] was attempted by "/root/syz-executor.3"[12472] [ 255.917873] ================================================================== [ 255.925566] BUG: KASAN: use-after-free in btrfs_mount+0x2a45/0x2b28 [ 255.931983] Read of size 8 at addr ffff88805696ac90 by task syz-executor.0/12447 [ 255.946027] [ 255.947661] CPU: 1 PID: 12447 Comm: syz-executor.0 Not tainted 4.14.148 #0 [ 255.954668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 255.954677] Call Trace: [ 255.954692] dump_stack+0x138/0x197 [ 255.954709] ? btrfs_mount+0x2a45/0x2b28 [ 255.954721] print_address_description.cold+0x7c/0x1dc [ 255.954731] ? btrfs_mount+0x2a45/0x2b28 [ 255.954739] kasan_report.cold+0xa9/0x2af [ 255.954752] __asan_report_load8_noabort+0x14/0x20 [ 255.954761] btrfs_mount+0x2a45/0x2b28 [ 255.954772] ? lock_downgrade+0x740/0x740 [ 255.954781] ? find_held_lock+0x35/0x130 [ 256.004804] ? pcpu_alloc+0x3af/0x1050 [ 256.008704] ? btrfs_remount+0x11f0/0x11f0 [ 256.012950] ? rcu_read_lock_sched_held+0x110/0x130 [ 256.017978] ? __lockdep_init_map+0x10c/0x570 [ 256.022483] mount_fs+0x97/0x2a1 [ 256.026219] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.030734] ? find_held_lock+0x35/0x130 [ 256.034804] vfs_kern_mount+0x40/0x60 [ 256.034820] btrfs_mount+0x3ce/0x2b28 [ 256.034830] ? lock_downgrade+0x740/0x740 [ 256.046554] ? find_held_lock+0x35/0x130 [ 256.050619] ? pcpu_alloc+0x3af/0x1050 [ 256.054558] ? btrfs_remount+0x11f0/0x11f0 [ 256.058811] ? rcu_read_lock_sched_held+0x110/0x130 [ 256.063848] ? __lockdep_init_map+0x10c/0x570 [ 256.068351] ? __lockdep_init_map+0x10c/0x570 [ 256.072856] mount_fs+0x97/0x2a1 [ 256.076243] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.080750] do_mount+0x417/0x27d0 [ 256.084297] ? copy_mount_options+0x5c/0x2f0 [ 256.084311] ? rcu_read_lock_sched_held+0x110/0x130 08:16:02 executing program 2: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000001c0)="8da43649c0ed0200000000000001003e010000000000000000007a0000000000fff6f2a2299748aeb81e1b00920efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 256.084325] ? copy_mount_string+0x40/0x40 [ 256.084340] ? copy_mount_options+0x1fe/0x2f0 [ 256.102489] SyS_mount+0xab/0x120 [ 256.105944] ? copy_mnt_ns+0x8c0/0x8c0 [ 256.109839] do_syscall_64+0x1e8/0x640 [ 256.113755] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 256.118714] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 256.123904] RIP: 0033:0x45c4aa [ 256.127095] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 256.134807] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 256.142165] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 256.149449] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 256.156725] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 256.164007] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 256.171293] [ 256.172923] Allocated by task 12447: [ 256.176640] save_stack_trace+0x16/0x20 [ 256.180616] save_stack+0x45/0xd0 [ 256.184075] kasan_kmalloc+0xce/0xf0 [ 256.187786] __kmalloc_node+0x51/0x80 [ 256.191586] kvmalloc_node+0x93/0xe0 [ 256.195303] btrfs_mount+0xf88/0x2b28 [ 256.199104] mount_fs+0x97/0x2a1 [ 256.202472] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.206970] vfs_kern_mount+0x40/0x60 [ 256.210774] btrfs_mount+0x3ce/0x2b28 [ 256.214572] mount_fs+0x97/0x2a1 [ 256.217939] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.222438] do_mount+0x417/0x27d0 [ 256.225980] SyS_mount+0xab/0x120 [ 256.229433] do_syscall_64+0x1e8/0x640 [ 256.233324] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 256.238508] [ 256.240133] Freed by task 12447: [ 256.243498] save_stack_trace+0x16/0x20 [ 256.247468] save_stack+0x45/0xd0 [ 256.250919] kasan_slab_free+0x75/0xc0 [ 256.254803] kfree+0xcc/0x270 [ 256.257908] kvfree+0x4d/0x60 [ 256.261008] btrfs_kill_super+0x421/0x540 [ 256.261018] deactivate_locked_super+0x74/0xe0 [ 256.261026] sget_userns+0x9d9/0xc30 [ 256.261032] sget+0xd6/0x120 [ 256.261041] btrfs_mount+0x1274/0x2b28 [ 256.261048] mount_fs+0x97/0x2a1 [ 256.261057] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.261068] vfs_kern_mount+0x40/0x60 [ 256.269782] btrfs_mount+0x3ce/0x2b28 [ 256.269791] mount_fs+0x97/0x2a1 [ 256.269802] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.269810] do_mount+0x417/0x27d0 [ 256.269819] SyS_mount+0xab/0x120 [ 256.269829] do_syscall_64+0x1e8/0x640 [ 256.269843] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 256.319644] [ 256.321258] The buggy address belongs to the object at ffff8880569693c0 [ 256.321258] which belongs to the cache kmalloc-16384 of size 16384 [ 256.334246] The buggy address is located 6352 bytes inside of [ 256.334246] 16384-byte region [ffff8880569693c0, ffff88805696d3c0) [ 256.346375] The buggy address belongs to the page: [ 256.351312] page:ffffea00015a5a00 count:1 mapcount:0 mapping:ffff8880569693c0 index:0x0 compound_mapcount: 0 [ 256.361354] flags: 0x1fffc0000008100(slab|head) [ 256.366035] raw: 01fffc0000008100 ffff8880569693c0 0000000000000000 0000000100000001 [ 256.374248] raw: ffffea00018cc020 ffffea00016bce20 ffff8880aa802200 0000000000000000 [ 256.382116] page dumped because: kasan: bad access detected [ 256.387806] [ 256.389412] Memory state around the buggy address: [ 256.394337] ffff88805696ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.401891] ffff88805696ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.409232] >ffff88805696ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.416765] ^ [ 256.420635] ffff88805696ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.427988] ffff88805696ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 256.435339] ================================================================== [ 256.442690] Disabling lock debugging due to kernel taint [ 256.475644] ptrace attach of "/root/syz-executor.3"[12484] was attempted by "/root/syz-executor.3"[12485] [ 256.486662] Kernel panic - not syncing: panic_on_warn set ... [ 256.486662] [ 256.494061] CPU: 1 PID: 12447 Comm: syz-executor.0 Tainted: G B 4.14.148 #0 [ 256.502293] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 256.511765] Call Trace: [ 256.514339] dump_stack+0x138/0x197 [ 256.517953] ? btrfs_mount+0x2a45/0x2b28 [ 256.521994] panic+0x1f2/0x426 [ 256.525166] ? add_taint.cold+0x16/0x16 [ 256.529124] ? ___preempt_schedule+0x16/0x18 [ 256.533518] kasan_end_report+0x47/0x4f [ 256.537475] kasan_report.cold+0x130/0x2af [ 256.541692] __asan_report_load8_noabort+0x14/0x20 [ 256.546623] btrfs_mount+0x2a45/0x2b28 [ 256.550502] ? lock_downgrade+0x740/0x740 [ 256.554638] ? find_held_lock+0x35/0x130 [ 256.558691] ? pcpu_alloc+0x3af/0x1050 [ 256.562568] ? btrfs_remount+0x11f0/0x11f0 [ 256.567244] ? rcu_read_lock_sched_held+0x110/0x130 [ 256.572273] ? __lockdep_init_map+0x10c/0x570 [ 256.576864] mount_fs+0x97/0x2a1 [ 256.580216] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.584693] ? find_held_lock+0x35/0x130 [ 256.588752] vfs_kern_mount+0x40/0x60 [ 256.592546] btrfs_mount+0x3ce/0x2b28 [ 256.597022] ? lock_downgrade+0x740/0x740 [ 256.601148] ? find_held_lock+0x35/0x130 [ 256.605188] ? pcpu_alloc+0x3af/0x1050 [ 256.609059] ? btrfs_remount+0x11f0/0x11f0 [ 256.613293] ? rcu_read_lock_sched_held+0x110/0x130 [ 256.618295] ? __lockdep_init_map+0x10c/0x570 [ 256.622770] ? __lockdep_init_map+0x10c/0x570 [ 256.627245] mount_fs+0x97/0x2a1 [ 256.630596] vfs_kern_mount.part.0+0x5e/0x3d0 [ 256.635072] do_mount+0x417/0x27d0 [ 256.638596] ? copy_mount_options+0x5c/0x2f0 [ 256.642985] ? rcu_read_lock_sched_held+0x110/0x130 [ 256.647984] ? copy_mount_string+0x40/0x40 [ 256.652199] ? copy_mount_options+0x1fe/0x2f0 [ 256.656677] SyS_mount+0xab/0x120 [ 256.660112] ? copy_mnt_ns+0x8c0/0x8c0 [ 256.663980] do_syscall_64+0x1e8/0x640 [ 256.667847] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 256.672674] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 256.677843] RIP: 0033:0x45c4aa [ 256.681016] RSP: 002b:00007f5bea504a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 256.688705] RAX: ffffffffffffffda RBX: 00007f5bea504b40 RCX: 000000000045c4aa [ 256.695987] RDX: 00007f5bea504ae0 RSI: 0000000020000080 RDI: 00007f5bea504b00 [ 256.703247] RBP: 0000000000000001 R08: 00007f5bea504b40 R09: 00007f5bea504ae0 [ 256.710505] R10: 0000000000000009 R11: 0000000000000206 R12: 0000000000000004 [ 256.717762] R13: 00000000004c8da6 R14: 00000000004e0200 R15: 0000000000000003 [ 256.726379] Kernel Offset: disabled [ 256.730010] Rebooting in 86400 seconds..