0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  255.388669] FAULT_INJECTION: forcing a failure.
[  255.388669] name failslab, interval 1, probability 0, space 0, times 0
[  255.388682] CPU: 0 PID: 15966 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  255.388688] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  255.388692] Call Trace:
[  255.388707]  dump_stack+0x1b2/0x283
[  255.388724]  should_fail.cold+0x10a/0x154
[  255.388739]  should_failslab+0xd6/0x130
[  255.388749]  kmem_cache_alloc+0x28e/0x3c0
[  255.388831]  __d_alloc+0x2a/0xa20
[  255.388908]  ? lock_downgrade+0x740/0x740
[  255.388926]  __shmem_file_setup.part.0+0xcb/0x3c0
[  255.388937]  ? shmem_create+0x30/0x30
[  255.388946]  ? __alloc_fd+0x1be/0x490
[  255.388963]  SyS_memfd_create+0x1fc/0x3c0
[  255.388974]  ? shmem_fcntl+0x120/0x120
[  255.388984]  ? SyS_clock_settime+0x1a0/0x1a0
[  255.388994]  ? do_syscall_64+0x4c/0x640
[  255.389002]  ? shmem_fcntl+0x120/0x120
[  255.389013]  do_syscall_64+0x1d5/0x640
[  255.389027]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  255.389035] RIP: 0033:0x45e179
[  255.389040] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  255.389049] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e179
[  255.389054] RDX: 0000000020000260 RSI: 0000000000000000 RDI: 00000000004c29e3
[  255.389059] RBP: 0000000000021640 R08: 0000000020000260 R09: 0000000000000000
[  255.389064] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000004
[  255.389069] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  255.637651] device hsr_slave_1 left promiscuous mode
[  255.644356] device hsr_slave_0 left promiscuous mode
[  255.681209] team0 (unregistering): Port device team_slave_1 removed
[  255.685693] team0 (unregistering): Port device team_slave_0 removed
[  255.698753] bond0 (unregistering): Releasing backup interface bond_slave_1
[  255.846389] bond0 (unregistering): Releasing backup interface bond_slave_0
[  255.895507] bond0 (unregistering): Released all slaves
[  258.124379] IPVS: ftp: loaded support on port[0] = 21
[  258.240479] chnl_net:caif_netlink_parms(): no params data found
[  258.295796] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.303928] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.311430] device bridge_slave_0 entered promiscuous mode
[  258.318914] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.325331] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.333275] device bridge_slave_1 entered promiscuous mode
[  258.355391] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  258.364669] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  258.386290] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  258.395331] team0: Port device team_slave_0 added
[  258.401950] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  258.412252] team0: Port device team_slave_1 added
[  258.431958] batman_adv: batadv0: Adding interface: batadv_slave_0
[  258.446341] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.493315] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  258.514110] batman_adv: batadv0: Adding interface: batadv_slave_1
[  258.524276] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  258.566834] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  258.578317] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  258.586274] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  258.611195] device hsr_slave_0 entered promiscuous mode
[  258.617993] device hsr_slave_1 entered promiscuous mode
[  258.625397] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  258.634550] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  258.716779] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.723420] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.730089] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.736480] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.766739] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  258.773784] 8021q: adding VLAN 0 to HW filter on device bond0
[  258.782631] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  258.792434] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  258.799975] bridge0: port 1(bridge_slave_0) entered disabled state
[  258.806589] bridge0: port 2(bridge_slave_1) entered disabled state
[  258.818527] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  258.824871] 8021q: adding VLAN 0 to HW filter on device team0
[  258.833974] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  258.842215] bridge0: port 1(bridge_slave_0) entered blocking state
[  258.850287] bridge0: port 1(bridge_slave_0) entered forwarding state
[  258.867988] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  258.875851] bridge0: port 2(bridge_slave_1) entered blocking state
[  258.882233] bridge0: port 2(bridge_slave_1) entered forwarding state
[  258.890475] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  258.898928] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  258.907273] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  258.923707] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  258.935269] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  258.948152] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  258.954761] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  258.962710] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  258.970455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  258.983249] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[  258.996221] 8021q: adding VLAN 0 to HW filter on device batadv0
[  259.002932] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  259.012364] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  259.058752] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[  259.069653] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  259.101069] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[  259.108918] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[  259.115546] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[  259.126146] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  259.134734] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  259.143232] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  259.152895] device veth0_vlan entered promiscuous mode
[  259.162016] device veth1_vlan entered promiscuous mode
[  259.168112] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[  259.178567] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[  259.190956] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[  259.200316] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  259.208802] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  259.218348] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  259.225999] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  259.235140] device veth0_macvtap entered promiscuous mode
[  259.245150] device veth1_macvtap entered promiscuous mode
[  259.254182] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[  259.263555] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[  259.272965] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  259.283397] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.292578] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  259.302347] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.311625] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  259.329791] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.338970] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  259.348861] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.358197] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  259.368030] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.378608] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_0: link is not ready
[  259.385979] batman_adv: batadv0: Interface activated: batadv_slave_0
[  259.393651] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  259.403783] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  259.413279] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  259.423707] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.433247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  259.443149] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.452380] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  259.462299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.471562] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  259.485100] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.495145] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  259.504979] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  259.515653] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[  259.522693] batman_adv: batadv0: Interface activated: batadv_slave_1
[  259.530653] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  259.539058] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  259.640912] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[  259.661707] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.688741] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.695908] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[  259.703215] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  259.713624] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  259.722886] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.733396] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  259.780337] sd 0:0:1:0: [sg0] tag#1164 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
[  259.789494] sd 0:0:1:0: [sg0] tag#1164 CDB: Test Unit Ready
[  259.795405] sd 0:0:1:0: [sg0] tag#1164 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.811756] sd 0:0:1:0: [sg0] tag#1164 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.820769] sd 0:0:1:0: [sg0] tag#1164 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.820829] sd 0:0:1:0: [sg0] tag#1164 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.841302] sd 0:0:1:0: [sg0] tag#1164 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.850284] sd 0:0:1:0: [sg0] tag#1164 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.853630] hub 9-0:1.0: USB hub found
[  259.859242] sd 0:0:1:0: [sg0] tag#1164 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.872076] sd 0:0:1:0: [sg0] tag#1164 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.876621] hub 9-0:1.0: 8 ports detected
[  259.881030] sd 0:0:1:0: [sg0] tag#1164 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.895135] sd 0:0:1:0: [sg0] tag#1164 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.904109] sd 0:0:1:0: [sg0] tag#1164 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.913105] sd 0:0:1:0: [sg0] tag#1164 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.922239] sd 0:0:1:0: [sg0] tag#1164 CDB[c0]: 00 00 00 00 00 00 00 00
[  259.934522] sd 0:0:1:0: [sg0] tag#1164 FAILED Result: hostbyte=DID_ABORT driverbyte=DRIVER_OK
[  259.934708] hub 9-0:1.0: USB hub found
[  259.945418] sd 0:0:1:0: [sg0] tag#1164 CDB: Test Unit Ready
[  259.953342] sd 0:0:1:0: [sg0] tag#1164 CDB[00]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.956249] hub 9-0:1.0: 8 ports detected
[  259.962274] sd 0:0:1:0: [sg0] tag#1164 CDB[10]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.962336] sd 0:0:1:0: [sg0] tag#1164 CDB[20]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.984252] sd 0:0:1:0: [sg0] tag#1164 CDB[30]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  259.993167] sd 0:0:1:0: [sg0] tag#1164 CDB[40]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.002086] sd 0:0:1:0: [sg0] tag#1164 CDB[50]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.010988] sd 0:0:1:0: [sg0] tag#1164 CDB[60]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.019907] sd 0:0:1:0: [sg0] tag#1164 CDB[70]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
02:52:56 executing program 3:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
wait4(0x0, 0x0, 0x8, &(0x7f0000000080))
r0 = memfd_create(&(0x7f0000000040)='4\xacXrcO\b\xc4ut/eve\x94\xa1m\x1e\x12\x8ai,\xbeTnt#\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000600)=ANY=[@ANYBLOB="7f454c46000000d2000000000001000003"], 0x44)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000140)='ns/pid\x00')
execveat(r0, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1100)

02:52:56 executing program 0:
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/autofs\x00', 0x4000, 0x0)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000100)=""/172, 0xac}], 0x1, 0x0, 0x0)
fsetxattr$security_ima(r1, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@v2={0x5, 0x1, 0x1, 0x6, 0x86, "3fef8f057ad9006dbd56b57ba3220a6731d7784f602e204f8937ac55220b4558a21afcee365d09915e0c7a4bf096247d61d09128593e8a0e051fd6caf71a582269ff17c9dd3daffbcb88025cc711f91f8003fdf360716fca4b76e5c0fddafcab560a50fcbd83f0399ff6dd3dd2eebe982335b955b649a33a302fa68452a72fc3089fc6a3087c"}, 0x8f, 0x1)
sendmsg$NFNL_MSG_ACCT_DEL(r0, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x58, 0x3, 0x7, 0x5, 0x0, 0x0, {0xc, 0x0, 0x4}, [@NFACCT_QUOTA={0xc, 0x6, 0x1, 0x0, 0x9}, @NFACCT_PKTS={0xc, 0x2, 0x1, 0x0, 0x4}, @NFACCT_FILTER={0x2c, 0x7, 0x0, 0x1, [@NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x6}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x10001}, @NFACCT_FILTER_VALUE={0x8, 0x2, 0x1, 0x0, 0x80000000}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0xffffffff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x3f}]}]}, 0x58}, 0x1, 0x0, 0x0, 0x10}, 0x20000805)
r2 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000040)=0x72, 0x4)
bind$inet(r2, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @loopback}, 0x10)
setsockopt$SO_TIMESTAMPING(r2, 0x1, 0x25, &(0x7f0000000080)=0x2661, 0x4)
sendmmsg(r2, &(0x7f0000000e00)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000000)="9c649879dc46d7995d68ac857a15e4f8ad34999abdaaec42c508e3", 0x1b}, {&(0x7f00000004c0)="3bda3e87719ae9abaa419cef5a264284efbb84d654c3c2eb633c3f15b567e010b5d8bd7785af3f1dca7604d17be5cb49b8c729c9016f1bc8c921d62b76e7f745c243a07f147e66672a304447d88cacabab40ae631939f5ac085dfee24fa2f419b09d731f6ea8904dc360a69a5ab6303ab8513ade167825202541353d117cd9e60f7d5ef486ae9c1247336aa91fbd965cb79463955c55c22baf4b4e2fe721320576965127425d8a32bd0b3fe63bbadecd346b62487751055079368a6f028e1146cbf89676890bf507664a565de1974fd8f6b505e598bc57c87424d7d99fa486d38edb7cdc112c6e461fad0d24e3a68bbe1ff4235cbea278d87f2e673dda27f0fd793dc582904176f2ed7a9037bb982d9bc6f31c53699348cc890a0d2dee1bfc27ae974420f6b422451eb962afcee535bd5e9ac64469ef4c5fc6356d29c085db6bf013edff578c0c5cd6e854a939ca961b1095041659e0061c1bc33ca5c9d23ec91b3432f8f23becaf19faa11316f8909dbd8d30541f03eb21ec6c4fd849caa23cc87418b8d4507b01d71fd5d76cea8404b31abd19077552816b2a3b306fea2c023330b0d68d9a285031e50c15b0f5c6777dda36095524154f73bfac659477ac74571d82eded4b0ce4b37e8e3c7a366aff6197ca11a96d971070ce37fec4a4f53aabfcbc644b1b8100c7455f147723a2db2680c35905672bd90d79d3cfe16faf6006bf9007af1a8f74093b7b718fb29e505409ec64a5f14f94b07b59d52f3755d0e7436e5cebee098b1875f7eb4bafad046bc52125e3dc4b05383971dd5f6f8d5159c2333f21afc6e5bd2fe1f2a4d569d41825ad88bd02794e22dfcbf7aab0a4d1f64f1c76b0438bb15eb8b397cb0b572d84a00a86bbb4264feb580f567af60854767b05b6035e21b598f13ecabe15145b04f23d1928f0184422ad4b4cbf63304747539ad2986ddc7cb1b07214bd1c95d843e194ca10144631ad2fc85bb7a40f7714f1f9a4b1e571d9af195a071cc5b164c591fc9965126b3126e8bba0b8541c7a7cbf8b51bf457fdf43da7856bb5a00adce0e9219b90e47314c16744635a929187278a805b6909ae8e44d600f8abf3ce4cc68080858b56b08ab94ab7effa1f96948eb7f756f9af9b6de06d93a6d7f0f4c85ed28071943b67dafef4f9699d2833bdfe7a2325252236bb2aeccd14cea2ead457d1ff1e299884514246cbc1994d3e311dea73dca33f566c9b2168690d84c6bc412a28609f90f15bb6ce5a1b3c73306c5c9c0013bdefa44084d08dd3cb0b466ee3dc06ea550bee7ea051bfe509980046ff1f195a6344def2c77578417557e41dc4c69f4b29f89f73fee553be6fbe6b10c75da8605fc325f2b4f43de545541cd05454519a79d075ee0144251fbc0288a3d58d0943ad993c712c7ea0a7e0be841e85d34dd7fe520b4e15e7916582b243cfc20a7f3a882fe29ccdf0ea890b2f587363493014f56f55365991e8639d026b469a05b0113fc29e307aa698415049edf62b9ba49425174229a447ec8b8e59cec923e5694133c26649cb49231a80e7252b7401bf910b4e669adc5f84aae1378079d9bd3f8ba0514cd1d3eff9dceaf0157d743e9835e107423f83279149166ba9c7d", 0x481}], 0x2}}], 0x1, 0x0)
sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588", 0x81e3, 0x52, 0x0, 0x0)

02:52:56 executing program 1 (fault-call:0 fault-nth:2):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:52:56 executing program 2:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00'})
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r4, r3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
ioctl$SG_SET_DEBUG(r3, 0x227e, &(0x7f00000000c0)=0x1)
getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000000240)={<r5=>0x0, <r6=>0x0}, &(0x7f0000000280)=0x5)
setuid(r6)
r7 = socket(0x10, 0x2, 0x0)
getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, <r8=>0x0}, &(0x7f0000cab000)=0xc)
chown(&(0x7f0000000140)='./file0\x00', 0x0, r8)
setsockopt$inet_msfilter(r2, 0x0, 0x29, &(0x7f0000000180)={@initdev={0xac, 0x1e, 0x1, 0x0}, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x0, 0x7, [@multicast2, @local, @empty, @loopback, @remote, @rand_addr=0x64010101, @broadcast]}, 0x2c)
fchown(r0, r6, r8)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, &(0x7f00000003c0)={&(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000002c0)=[{}, {}, {}, {}, {}, {}], 0x7, 0x0, [], 0x9, 0x6})
r9 = dup3(r1, r0, 0x0)
sendmsg$TIPC_NL_MEDIA_GET(r9, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000040)={&(0x7f0000000980)=ANY=[@ANYBLOB="f405e9ffcf93919fa6b9", @ANYBLOB="924fe937d3b59eb5b6f07e45aab0cc3cb4b55a76ea04510b2b199e8d2f96a05de7b2230ba7fbb5fb37c3e5f616a9b1551622428b6310fc913fa76b42ea8ea947a13a516e89b5adaf26c609528d12b6ac35733b56ad396792eeaa2c897de9fc9ec693c5fb79ce1cd72ca4920df19a219e9eead7ac3f4dcab3d3d1ae707c660accb8", @ANYRESHEX=r5], 0x5f4}, 0x1, 0x0, 0x0, 0x4008012}, 0x20040000)

02:52:56 executing program 4:
r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r0, &(0x7f0000000380)=[{&(0x7f0000001000)=""/181, 0xb5}], 0x1, 0x1, 0x0)
ioctl$BTRFS_IOC_SNAP_DESTROY(r0, 0x5000940f, &(0x7f0000000000)={{}, "568ce9be413550107f2c09bbf2a12576296f2040831efd74b8cb81606f3290bfbba89ae0154328aa95d3901113d1eb61b343f7eb5ad6ccdd6da2a1dc346532028fbe2950c4db851accb59091c3353a96dc2c093564bd7f14f941c7edc597099fee1b12fbacfdf658915c885dfb03186b9bd0582ec8bed42b2ac82e3f27c6a1d1b081271e65f87540e16e56ee127ca86c12ddf5c95ddc74b68d78b467ae88c0d7997e5318a938c8b0cc0ca97a722a37d8480ba51333cf12a0850d5345f909a2a14423f685b1d4dc315b1728a8c72b12dc9072d48bcaefaa8cb7a4352e469bbba7d6a21730f67f0f2b7b5c9aab1962fb75ba324d5b63edfc0023f5a572bfd439de4b0f6201b157461d6fe31bb512587ea7bae5b21900bb57bc0a3bb3b9d9092d3c5ae6b8ecd8a4baccddd12dc0c66b47fe9513c53fea6adaf44367644fdac162cfa7d71fe5fc659504d0c26691ee38c5b0b4d41f73ce3594f803818f107b22dcb3d7f474164b962a65ed1f9788834d386b2ec48096c1f97eed81777c9d97ea66d60ab00f60df7facedaabfb3fff6af3d674723a204eb74f214a0f35a20fa636c252604aad237368da2e32392585404dd45b1a3ec520d17fac6f01867d227e9a3072e23a692692043c065de54408ed710c96a244b82b9f6c2d4107ce35e3817264b0550e03c5aea2c59aa7ec90d93105baa15426b0554c46412eb09ebc859bd08c34392ad25c438713d0a10cbb4eb03dfe7ff14218ac3e040dfbedb0e1e3fbeb36b4235fa9033c9b8ac2b41b7cc1f36959f1e4fd8e5a892489c8f8abd80d693c01ed590832999e3d4d080d815845aba853c0fad8e24d264728be637d9e8641b981b3c9d9260a91f4514240d3d82b2a0980622f834f835480be2316f7f07ba140df414c9a595d9e9a314c012898f6f834b1919029c6a36ab5d1a904c9ce86428b2cd26707366e0708fbeca30851e5635fa495130390f90b74a87e3ab1058f05ea4cb61c49e984f036f8b22787663d53f553ed787526e513d4c6d89931d7b062fa9c04b9143b17b2e36a342676bf5dae1843829fa1a3d18cea1bad25fe5789654e7f428695b143d1c74311f94845ef2919551cee8a5e1f5d7d9f74a5d56c5be8ea5240bf699d25f9f119bf6e783d64a519a43de17c1c57fde5670516070fd67dbde6c423580cf65b8bec3f92a35d7e2d1097a5023ece61695e4f8c5264bd5599498d04b72ae407c1882e26e02edec41e3c25301eeb6931c01dc5050d7c7168bdfddf2ecdae40d9cef14e8b45f2f46720213a207da088f00b4dee77c25616351d252f2f139e798cfccaf2dddf6de8b202ad966a145e4429c7569933f5940004032e8d23dc64684a6ba1d37a67b3394a528cad390e15a6092cef1f1039e160d4d3b1560efe7e831eefe2bf72d3c93132a4497f0e4ed962e266d43d6979d8866594706aa3cd4cd5174a57185dd65b73a7d7399999714bb682c37e2654a8666ab479598c474757b0f0138973ed59e9ee49dce570f48567953c921742217da45bcee709da093be541bb0ac3701ee1b6d030ec286f3afad3ad493cacaa9cde4f28f94eb954d0cfe49b01f88d2ee0991da36d9387b98e46dfd7220bcf840bd7d202caaf44f0589fb7eea5dd5ad079207a3e74d217efb42c5c08da0e48ca47371df05da3321e9338b03a273d5845fbf92a9bc1ed70e629f805dbafd42579665b7de42a7b945150333a58d62e2898da07ddbf2a1d9390aca72be7ccdb19d4ea72682eea8b31ddf9d3577344a36e2b1038d2e869098542f628b511edd4b18bb43c925f83bdd11bd615853769fb62c0e071cbbde9b549058da76e45e08be2c5530eebda798213ffa5d36ad0b6c9bc305dec0e93ceb9cd3704cc7e4cd4d4da621d2f21aa513468ea2a18b08f581ffc5b78983d0209d72a9c79baefc6dea52660960d4930357f6b7ae5d0ac278f108fcea3e5142e521293c6336b2df3e87f8801d4c5f5798c57f5c878f7e405c113257ee2741536a7e45372d1d4ac1fec8b345ff6702050bc22c8dc130c39425455ea885cfa948c2d7e4ad720c1f721a3758cd4a860a670250b7a85ad44ec1d9d37f24c69952a32026690d4704bac7c28e3e32d965689467d27ecc25e5af805a6ce29a51add76cf5f0bc5624b9a6c577e9281d5fd765f08058e38a46694a2321eb8d79f5b2215546221443b302469aefeb08496c67471cfb118426ce1e21fb8b1826f6d3d0638363d063f5d0dcb89640d95d8cc7a3f5ce367701fcc25734f9d2cb7844d45e660645eaaa37728f37ba2f63c5d65c5412e92968a41de69c680070125bd7446e180f1177f18f4fc31973eeafd36e4670a5fd8a7ab9eeb1d9b1c2e0771f3756bceb43f4671c8ea5de09d1097d86546fc96dfe41db1ce5cbec716571aa00b4341ad50613ce48203c6e6b9728ef1008766ac238ddad6d31ba7056cf92a30a46d6dc6041403bcc4f8dc7d1c0e196cbc0e243b97f4e14756f964283a424973c46c4e1094fe28951790eeba53d203ff9870dc28cdd472812a589b0bd48394c6e88ddf180210f5766462ac6c70421644224deac9164fc00682a47e6a8d3fdd27595eae9433abdd54a8ff141dc9ec83db6749df953522b16ed42920654ede076bc0f8f54d27b5fcfcc315f4da952d61de434889e835e4222fb6798cbe3ad59e58fd3de780ff1857df9fcf85c80c7092f3fb107322bc0a833b7eced857024df8973d94c065ae1e9264e2a3a78bd7f0f2d1e410a49d690573bf6bf3031e6fe5309423ddef2998e9cb484e3807ae8de50c311091509aed95e0985f77d4730e38930ebfb46c8ada75a06ead1686d4f95578a2328923633f906bf9853df0b072ed214edbae8239623fe944ca28de004826dd7dd3baec7e614120e1612aad17fca837fe77f56b60b4fb52bd584b2a822d780911ab80ee8598371c6ffc01b7987a1d8a18809bd3150b18a660daf2f01ad6a623b044ffb527dab0c3ca17074a0c1360aabd7072275664843e76c12fb38ccccd609941be6f54552d4425a129aa971cb3d6396d9e6a9f3c9805765ae6ade65d399612ffb3b26950b0209a4c71b1a570ce02f2513816bb58e900b2887c9a51cb0fd3d163a7d42d49159ea2310826e72904a8772f29f704f1b7b0173694e68eb166218e09f91f0dcc3f740d26b7fe97a59f1ac9b55782e18c0505098d5ba96ba1e935d9e326becc5372113f59caa1a2f2f0c77c279e47e792860234e3d31e8dc10ac58695d835622d8fe1a79188efe45762c6d8c125683cdf9e25b2e53801569a7ba93875de919efe8fc225d90f40878b47b8ad8f1956f2a99be3e168d87ec3a6937a4616a4c76b19ec5ffd5a3f2b2a6d2029f82c93004a15f345eb5af5c19dde1760433e4caaf52ad70558df5c2b88005194491720d671654aa3a8984d961ae922f80877586770eefc9e881ac9512b263a50ef719e47f6052e04d989508f7b8204996a3c30dd4bde1a57e4dbb8d1d93fc27b94da68f4fbd3360251c835e2bc148ad2ebcfa9022cf913d76690b34321645fcf1ecbe17a0e16140f03dcbc700b08388315da388a4eec1f3083d855b2aba9aa80636eb39c6cdae5e6f3e301568993f5d2bb8ccc2ba0fd16456e27f6e18e72f1aef9547501de5be8d83fefa9277dc963a3e77a21b055c2c036852ab9ab1f9f2d8a68ece2697c049efe7f3c5fe439dd03f9eb36b27c96831595791f5988f1b0c7e255e4a8ee39aaf3211a26383f63413aadfdb30901619b46e4b705f81dbe460615d83899ad5fe07d946d93f9ee490019733fda05a66ea881aaafba4fe60028733b88944a6d6289855d797b1ae437c159fa95df26c622a6d8f81be0c35c92ec3cc209dc538731d01c9119049f459ea6906bbd5339bd4a29176ba38b62cd0f7feac4408a2a483ec4fe8a325d4ea9a05afa72bec28e4acabe46ae5b758e51f0d91b2ae44df0e3e337fcc1b8f062b77dbb8d8be41b32d0d5727998280c09e87f8e3c7cf1d573d11d68ad3d7bf31e75a2e4948fa8e27382ce0dcfe5fee7ee40cd1ce42d594efd034c5ad7c9b3e0c4255d08c5076d8fabbebcee25de5839ddf2d73aa47011897e9a1f1c954a894c3de75a0c764e782e2a0b0bc99caac293061c96c618137f232b35e10fc0f9c9ef075eb839ef4e9bb6ca38abefb2a36d6cd4816990b8c6f25920f8500a9c73137839138ca3a2b9523d6bb5874ed982b7a896354157fb421738df70ec25fcb44311a2613aba4c7ff0567748b218d5657075302755f03ae982de29bb2294dccff3f1118db63267f33b98e19b372b6386950bbe69dfdabbd9e45d1a845ff8b32037ac0509e405627557151b4cc20d8fd1ad71d24be7402722564d002eb41b84cb505dfeb5fcfa51283caae7a0ca313003ce3f363fda02a3b35b9a5c81a8d21cc3c2ab67f958f59ff9f781d94bff5b9b5b9219937fdef7893866211c1899a2d529b159805796dd0d600cedb52f872561f372703dcc5a5bab7fa2fd2ff856f491cc8a7bba83e5fa6a0f8d90d38108b1365614839a26ede5b4583b7e10363d3aee21dfcd411e6e6d8aa3fdb4c5b78b65a005826d012ac44485f8adfb1b95507a7ff3a8efe809868bf5e905104a310c230aa3ba4b2f50a740c024a89a03d7293fad32f96a5389376f637ac388849863b44f7c7a33d721b6397df09786064414bc88dd01bfefe63b39c541a91b134d3b28e0df00fb08a7e620c77c41ba9c5d1cdeaea8e63cb760e287abd475800a4a57cb872856c32afe35e7bea1a256f32675c8bb72611ce8d69ad4756285d9d5273fff706849510d58c264108447e875cc73ec2d445c04d1012b5c737d43a8f1f19b034afd25bb31ffd5d34a0f3570bec2882452ddf690f5e0a0fedb5452268fee0616ea80b468bc8790ca17b34e8aa42fdbd07aea36e8a8e72fb2ed21d7e73cdd245309366bbdc0284902ed9c2d6c4ee4d410b02951c0445b274a92fe16c806276eed154296bf0c7ecfae9f650c20462b30dd1cc482c199e79a969f5bdb72c2afc6ebd31aafddebcd19f02665c3f480e493002752f4a34753d558e2c02df33b8d92fe4f3085a7e5214e268bdc8a788c0f6327ed33e0a36c435222a0b7d2c9034e75e2441f1e16640d612d712eb2af4b2cdf249b8b197850e130adeafa3a93e22a51d94f507e1f76c8a146ae59bf906e352ff31fa8044e5ae16e34e97799633537c9f3bdcac62e40b841427ec9ba43d7a61d1fdeab5b24713efa36fb76ba2d2178f3c838211d3cd0dfe354a236eebea828c012daad3c2c62157d30c41f3527c6938b673c1d03ca6887eea8eb5342f40fc680097cba9fec1556f55662ea89d28bd61a361432a98f8caea6d2ba45fb36c05d2bf0b9afbe4132e27939ae2d05efa14edc672331582cf887cd4eeedad9fbb8ffdaa50db2e7e0fc4a2a9494141a99bc0c5a4315a9bff5de1ba85b4180cb49988c0812f1e8206da17bad441f80ecc4b988226dcba77f1004038422475941d6903c8e13254d79719f9b6cd49834b74747aed11ea105cef09a171aae9e727040e806e6dab651005e05a1f276985764d2dd996e00c220a31ce6311225a12b2235b04216689ca4077d9f333ffd26f459b49e2f719448257e7622a726b8d8adddad439731bf3aa93df6136ba458c72810c3d5e828407b23fe398524798db50c07aae43a7fb8bb8811d4db83d462162efc44e59ac9cb06a275d1ebfb2a4f55a86b38a513fa6d141ac3af603d9d82270c6c7b24c67406816e187ac8c3bc90ecfca7aa1f8d2f57515a19f114183aaa60b6b206d8e"})

02:52:56 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080)='/dev/fuse\x00', 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002340)=ANY=[@ANYBLOB="663d000000000000004c5c811346e852ae7c4be36c577e7fee933b8984b040646ad98656e5e076000000f7000000000000f419a86e46818499368aa4bf9ffd2f21e0e4034b13ffcd4696cdc6bc9b257089a0685febce4f05a71e12c9f73a27f712517d652505206ed43a5db1c6949afe35e5873a860300000000000000bb07ab155f473a9bb183b15ce32c29ab1de1c4414e817baa300808a240b625cd209492daad34c60115ebeff788d669a05f8cd246480671c84b1762d3a2712dfaa97fa74b49ebabbd8cf300fdc7a6faf6", @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000id=\x00\x00\x00\x00\x00\x00', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0, @ANYBLOB=',\x00'])
read$FUSE(r0, 0x0, 0x0)
write$FUSE_INIT(r0, 0x0, 0x0)
syz_fuse_handle_req(r0, &(0x7f0000000000)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b70242df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050258b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf15d6db48ea9ce183515f4a208d010f7c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970cc3a8e4d1bbe6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313cc63913f17412fa00d98b379b80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9077337cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798e70111fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b469df97da28aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df68021aaf4627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd", 0x2000, &(0x7f00000069c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000066c0)={0x90, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000}}}, 0x0, 0x0, 0x0, 0x0})
write(0xffffffffffffffff, &(0x7f0000004200)="74efc4c419fdb8d66b12a7bbf371d056ad6f01e9762d70401d009d331b48b925ffe6a7759abb206b9b18bfc3f3f96adb2b37c2121ef21e91bac768dd33df29649da1d82e826a55c4d60ab6f510daee26004b741c951d528d806efb0e0c439f2df46d3adf8be24e280b948a49afd17d56437c6e752d84f99bf37a88f0c54488dd13b848f2381d7d2aecb68ed16762e4a3c1a847565364b9f1af92c9c89e06e89fe6179cb7078a742cb968a9f09cc690dc473df29d6ad9af5879e9a2618c63702117a3a63d3a4236baee86f5f452e9663a795306dabb97db884348ab437bdc13b7cfb03eff1cf216f09d21078e1852fc7c96413d9d65c52ce9baa6bc26de7f028738a17120de30a433c9c3c8e276f3ae5e18a1f95767fffe8e98b0c3f134f12263b01c36866d4e0e856cc14ecf50279adb9438c6219c49cae973d8e7faf33dcdeb96d7ef7e89ae828cb91df22939307bb1f7fb7392e1e24f6b63166b89937c00eb8fea0245cd93e4aa803160bd71c1a0bbb6b8285d8ab654485ab985f1dd2eb9abf53131a9680dcafe4000d3ea528dd52aba3e4ff6a3883ec614253d5627bd91522d881128328ed1e00907fa6cc48cec52", 0x1b0)

[  260.030220] sd 0:0:1:0: [sg0] tag#1164 CDB[80]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.039123] sd 0:0:1:0: [sg0] tag#1164 CDB[90]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.050436] sd 0:0:1:0: [sg0] tag#1164 CDB[a0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.059834] sd 0:0:1:0: [sg0] tag#1164 CDB[b0]: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
[  260.068755] sd 0:0:1:0: [sg0] tag#1164 CDB[c0]: 00 00 00 00 00 00 00 00
02:52:56 executing program 3:
prctl$PR_GET_TIMERSLACK(0x1e)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_udplite(0xa, 0x2, 0x88)
setsockopt$sock_linger(0xffffffffffffffff, 0x1, 0xd, &(0x7f00000000c0)={0x1, 0x9}, 0x8)
getrusage(0xffffffffffffffff, 0x0)
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000180)=0x2)
ioctl$TCFLSH(r0, 0x40087101, 0x74e000)
setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, &(0x7f0000000040)={0x4, 0x0, 0x0, 0x9}, 0xc)
mount(&(0x7f0000000380)=ANY=[], 0x0, 0x0, 0x0, 0x0)
syz_emit_ethernet(0x97, &(0x7f0000000140)={@dev={[], 0x15}, @empty, @val={@void, {0x8100, 0x4}}, {@ipv4={0x800, @tipc={{0x1b, 0x4, 0x1, 0x3, 0x85, 0x67, 0x0, 0x3, 0x6, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x3e}, {[@end, @timestamp_addr={0x44, 0x14, 0x0, 0x1, 0x0, [{@broadcast}, {@multicast1, 0x7}]}, @timestamp={0x44, 0x1c, 0x63, 0x0, 0x0, [0x0, 0x5, 0x0, 0x6, 0x7f, 0x2]}, @timestamp_addr={0x44, 0x24, 0xbe, 0x1, 0x0, [{@local}, {@multicast1, 0x7fff}, {@empty}, {@loopback}]}]}}, @payload_conn={{{0x19, 0x0, 0x0, 0x1, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x4e23, 0x4e24}}, [0x0]}}}}}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000011c0)=@newlink={0x30, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x13}, [@IFLA_LINKINFO={0x10, 0x12, 0x0, 0x1, @sit={{0x8, 0x1, 'sit\x00'}, {0x4}}}]}, 0x30}}, 0x0)

02:52:56 executing program 4:
mkdir(&(0x7f0000000140)='./file0\x00', 0x0)
syz_open_dev$ndb(&(0x7f0000000180)='/dev/nbd#\x00', 0x0, 0x101000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
clone(0x4007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
mount(&(0x7f0000000180)=ANY=[], &(0x7f00000000c0)='./file0\x00', &(0x7f0000000040)='ceph\x00', 0x0, 0x0)
open$dir(&(0x7f0000000000)='./file0\x00', 0x8400, 0x10d)
ioctl$TIOCL_PASTESEL(r2, 0x541c, &(0x7f0000000200))
r3 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vcs\x00', 0x800, 0x0)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r3, 0x84, 0x75, &(0x7f0000000100)={0x0, 0x2}, 0x8)
ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f00000001c0))

[  260.166265] FAULT_INJECTION: forcing a failure.
[  260.166265] name failslab, interval 1, probability 0, space 0, times 0
[  260.199317] Bluetooth: hci5 command 0x0409 tx timeout
[  260.252904] CPU: 0 PID: 16257 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  260.260817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.270176] Call Trace:
[  260.272773]  dump_stack+0x1b2/0x283
[  260.276409]  should_fail.cold+0x10a/0x154
[  260.281010]  should_failslab+0xd6/0x130
[  260.284989]  kmem_cache_alloc+0x28e/0x3c0
[  260.289750]  ? shmem_destroy_callback+0xa0/0xa0
[  260.294418]  shmem_alloc_inode+0x18/0x40
[  260.298478]  ? shmem_destroy_callback+0xa0/0xa0
[  260.303151]  alloc_inode+0x5d/0x170
[  260.306778]  new_inode+0x1d/0xf0
[  260.310142]  shmem_get_inode+0x8b/0x890
[  260.314117]  __shmem_file_setup.part.0+0x104/0x3c0
[  260.319051]  ? shmem_create+0x30/0x30
[  260.322848]  ? __alloc_fd+0x1be/0x490
[  260.326653]  SyS_memfd_create+0x1fc/0x3c0
[  260.331494]  ? shmem_fcntl+0x120/0x120
[  260.335389]  ? SyS_clock_settime+0x1a0/0x1a0
[  260.339804]  ? do_syscall_64+0x4c/0x640
[  260.343785]  ? shmem_fcntl+0x120/0x120
02:52:56 executing program 5:
ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_REGS(r3, 0x4090ae82, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r5, r4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r4, 0x0)
setsockopt$TIPC_MCAST_BROADCAST(r4, 0x10f, 0x85)
write$binfmt_script(r0, &(0x7f0000000440)=ANY=[], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000012000/0xc00000)=nil, 0xc00007, 0x0, 0x0, 0x0, 0x10000000002)

02:52:56 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xb7ffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4a06b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a3287c84ccc727d6ef3834293812e927c01c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df9858837458a4ca03767c69cee1b6be484e4c9507af216bd8ed42f7dd5adb8e49f4a94615e49c08c9a20819e02cc22e6be4557cd4ed88b37ab81a674c644dca2f1b4d745fd95c41f9d441d42f49db6d4a4762e5cc23dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43ea118e1407a601dae4b8b99bffffb1ac006c67767b03b95151aeb89e6d4a43c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a0e3ed34258b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db15d792e604a4f279b3bd6621bdf2c17bc0400000000000000ff8dc4006200607a9a76e5d9656a7154c75773902a1bdf399df3925130312d095e9c1f973d091c198c1a11a755761fe46169b2b5b8cdedb695cc425fe203d2f2655a76865c2cb4e2470fcfb1248c0add5431a7fbcb0ef4f66a09af93a09fab1daae4b518d7a5d95a017864487366d6d7ee7bb0749cacf56cf27409c60fca2e2981b22d08f874e0a9cb6fca7844f9dab530388eb1f43d4abbfc59d6f1b18fe380df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7003af92d11de48e8b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2278a03bf7700b06fa191ebd3a0c2ef0058ffebd7ccde2480ae40d6156edc4ef81f74a7cdac01d998c24f34a5ba9a4a2039d0416e3f83074192c48c63384f52b8eeb70571e5bbb3e6d2b5eba52bee6f81968981811f832d064048c0e0bbe46984b2f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8d0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc349ab96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c84892c97c80987e5c7954e9f3694d116b01ce0b8ef953de70e7ce0311c8b018956f8a42ca26ab295f1ecf617a8dc38e525f415a1bd46b38845ebca04061bacbf627f798c7f520078fee48f83b5989543729e57a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b1aa5264cb4a82cf080de1f87808d002000000359573431379dadd6cf62f8ea0b90173aceac716158311a41054b56d472bdc504763f4927e0890262595c573dd87d53fcae47df851c1ebd4e7038b7495"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48)
socket(0x0, 0x0, 0x0)
sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0x1f, 0x0, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff0e000000630677fbac14140cee", 0x0, 0x2f, 0x0, 0x0, 0x42, &(0x7f0000000000), &(0x7f0000000100)="7f692d9965d8486f61e5aab513397a0b8df80bfd06ef5abc3851d7b7d9a9e7f3b59019fcdd6ebcbdd9f5ad36c0b8e7724870cb74f317fb979f3eeefa701b00000000"}, 0x40)

[  260.347676]  do_syscall_64+0x1d5/0x640
[  260.354171]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  260.359356] RIP: 0033:0x45e179
[  260.362536] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  260.370422] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e179
[  260.377863] RDX: 0000000020000260 RSI: 0000000000000000 RDI: 00000000004c29e3
[  260.385125] RBP: 0000000000021640 R08: 0000000020000260 R09: 0000000000000000
[  260.392385] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000004
[  260.399665] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:52:57 executing program 4:
ioctl$sock_inet6_tcp_SIOCOUTQNSD(0xffffffffffffffff, 0x894b, &(0x7f0000000000))
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r2=>0x0})
bind$packet(r0, &(0x7f0000000100)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
sendto$inet6(r0, &(0x7f00000000c0)="03042a010932600100000000000000", 0xf, 0x0, 0x0, 0x0)

[  260.424492] ceph: device name is missing path (no : separator in /dev/nbd#)
02:52:57 executing program 1 (fault-call:0 fault-nth:3):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  260.492439] ceph: device name is missing path (no : separator in /dev/nbd#)
02:52:57 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFNL_MSG_ACCT_NEW(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="34000000000785c80000000000000000000000000c0006400000000000000000090001"], 0x34}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = signalfd(r0, &(0x7f0000000180), 0x8)
getsockopt$bt_sco_SCO_OPTIONS(r2, 0x11, 0x1, &(0x7f0000000300)=""/108, &(0x7f0000000200)=0x6c)
openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r3, &(0x7f0000000380)=[{&(0x7f0000000100)=""/172, 0xac}], 0x1, 0x0, 0x0)
dup2(r3, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
connect$pptp(r1, &(0x7f0000000000)={0x18, 0x2, {0x2, @local}}, 0x1e)

[  260.647810] FAULT_INJECTION: forcing a failure.
[  260.647810] name failslab, interval 1, probability 0, space 0, times 0
[  260.677593] CPU: 1 PID: 16301 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  260.685752] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.689840] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.5'.
[  260.695102] Call Trace:
[  260.695125]  dump_stack+0x1b2/0x283
[  260.695142]  should_fail.cold+0x10a/0x154
[  260.714055]  should_failslab+0xd6/0x130
[  260.718048]  kmem_cache_alloc+0x28e/0x3c0
[  260.722263]  selinux_inode_alloc_security+0xb1/0x2a0
[  260.727516]  security_inode_alloc+0x8d/0xd0
[  260.731871]  inode_init_always+0x576/0xb10
[  260.736321]  alloc_inode+0x7a/0x170
[  260.739954]  new_inode+0x1d/0xf0
[  260.743359]  shmem_get_inode+0x8b/0x890
[  260.747337]  __shmem_file_setup.part.0+0x104/0x3c0
[  260.752265]  ? shmem_create+0x30/0x30
[  260.756064]  ? __alloc_fd+0x1be/0x490
[  260.759888]  SyS_memfd_create+0x1fc/0x3c0
[  260.764034]  ? shmem_fcntl+0x120/0x120
[  260.767918]  ? SyS_clock_settime+0x1a0/0x1a0
[  260.772327]  ? do_syscall_64+0x4c/0x640
[  260.776299]  ? shmem_fcntl+0x120/0x120
[  260.780186]  do_syscall_64+0x1d5/0x640
[  260.784074]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  260.789254] RIP: 0033:0x45e179
02:52:57 executing program 0:
r0 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, 0x0, &(0x7f0000000040))
pipe2(&(0x7f0000000000)={<r1=>0xffffffffffffffff}, 0x800)
write$binfmt_script(0xffffffffffffffff, &(0x7f0000000200)=ANY=[@ANYRES32=r0, @ANYRES16=r0, @ANYRESOCT, @ANYRESOCT], 0x80)
setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f0000000240)=ANY=[@ANYBLOB="beb20e7c81a4d9f77813908b6b1f"], 0xc)
close(0xffffffffffffffff)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f0000000100)=0x80, &(0x7f00000001c0)=0x2)
mount$bpf(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x1009, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='task\x00')
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000280)={&(0x7f0000ff6000/0x9000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ff7000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ffe000/0x2000)=nil, &(0x7f0000ff6000/0x4000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000240), 0x0, r1}, 0x68)
ioctl$TIOCCBRK(r2, 0x5428)
pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000140)='./file0\x00')
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000000c0))
getsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, &(0x7f0000000180))
syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)

02:52:57 executing program 1 (fault-call:0 fault-nth:4):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:52:57 executing program 3:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x40, 0x0, 0x0, 0x0, 0x0, 0x40c1, 0x80411, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x41, 0x0, 0x0, 0x0, 0x0, 0x3, 0x7}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r1 = socket$inet(0x2, 0x6, 0x1f)
r2 = memfd_create(&(0x7f0000000100)='\vem1\xc1\xf8\xa6\x8dN\xc0\xa3\\\xe2\xcb\xa2\xba\xe5\xf4\x97\xac#*\xff', 0x0)
write(r2, &(0x7f0000000080)="0600", 0x2)
ioctl$F2FS_IOC_SET_PIN_FILE(0xffffffffffffffff, 0x4004f50d, &(0x7f0000000040))
write$FUSE_NOTIFY_STORE(r2, &(0x7f00000004c0)=ANY=[@ANYBLOB="2c0000000300000000000000810000002d000200000000000000"], 0x2c)
sendfile(r2, r2, &(0x7f0000001000), 0xffff)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x80000000004, 0x80010, r0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
getsockopt$SO_COOKIE(r1, 0x1, 0x39, &(0x7f00000000c0), &(0x7f0000000140)=0x8)
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f000002eff0)={0x85c, &(0x7f0000000000)=[{}]}, 0x10)
r4 = getegid()
r5 = socket$netlink(0x10, 0x3, 0x0)
setsockopt$CAN_RAW_FILTER(r5, 0x65, 0x1, &(0x7f00000001c0)=[{{0x4, 0x0, 0x1, 0x1}, {0x3, 0x0, 0x1, 0x1}}, {{0x1}, {0x0, 0x1, 0x1, 0x1}}], 0x10)
ioctl$VIDIOC_QUERYSTD(r2, 0x8008563f, &(0x7f0000000200))
setresgid(0x0, 0x0, 0x0)
setregid(0x0, 0x0)
fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000780)='system.posix_acl_access\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000010002000000000002000600da04dd0e095df1fb712acdc3e0ff50bcf3ea12b4d19c6277f841c0dd9d98aad450d3e6f6ad37ee727f095577956e1b25bb141f7d1880af000a5530aa7701d700a2a3e872fa291bd6bb29193f222d39d82c6865d1c2503433506f0df83feae213ba03cef895874ec1e65265332b9859e8e08a97cc4a602fa28f571b8854015dc7d6c57c4eaf3eb3e4cdd9000437bdf3d50ba68c374c", @ANYBLOB, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000", @ANYBLOB="c2dcb9c9687b0fe77f65b571462049ab261750a779c0d8fb1df6191dd2a4af4cd7d3032a9ff33a54e54adde518", @ANYRES32=r4, @ANYBLOB="040006", @ANYRES32, @ANYBLOB='\x00'/14], 0x54, 0x0)
r6 = socket$l2tp6(0xa, 0x2, 0x73)
ioctl$sock_SIOCSIFVLAN_SET_VLAN_FLAG_CMD(r6, 0x8983, &(0x7f0000000240)={0x7, 'team_slave_1\x00', {0x4}, 0x6})

02:52:57 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ac, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4e6300, 0x0)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xff}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3f}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048005}, 0x4004014)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xb8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xa1, 0xac, "dd7f30ea97a8448b5b084beb947984dfbc526ba77dba8d7912191244f1bf83c1133e2d85e1d24afc759ef6de1a090266b781bdd8f78bbeece2d0067afb6bbe9db89ec0742fb43333cf6bf09e714560a15de4cbb822112af488d75ea588ddb314062766c760b4be8bec7248606154bbbfef8ab3f1068ea2d157d484f0eabbf6c2b4b23cc908fbdd0d8e0b5b34986ae2a61a89ea3ed031d1ee80d820947a"}]}, 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000000))

02:52:57 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff6000/0x6000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000000280)="0fd69c20161d17f6d43fd8010cec73fedf14052f898cf781e725442f8b8b03ed5e970f8f4634a1719b863e4931669de226691e19a2e28e050ddb7145087fa05150eb326720c0ba8f1102216e5ead8c901224b55abecccbda392f81e3a67c31820815ac3bbc7adf8b01b1c1859303cbfe4f59a556348309b8c6be89891cf2d52ed32bd75683103725b265c2a0a2e83de3b14b1d942d0cead81c5d8a1704b7f97125575e2c9fb544cb24f9f0be346b4ac1deb2cf6140b4eb51940dba8f45205b1d6ea8dfb55c1c1ccfeea11fe5816e", 0xce, r0}, 0x68)
process_vm_readv(0x0, &(0x7f0000000080)=[{&(0x7f0000000440)=""/200, 0xc8}, {&(0x7f0000000540)=""/178, 0xb2}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x3, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000000))
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$IPSET_CMD_HEADER(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000050}, 0x0)
unshare(0x20400)
r2 = creat(&(0x7f00000016c0)='./file0\x00', 0xa2)
getsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f00000017c0)=0xffffffc1, &(0x7f0000001800)=0x4)
writev(r1, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000040)='5G', 0x2}], 0x2)
r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000040)='u', 0x1, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000280)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)="b7", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r3, r4, r5}, &(0x7f0000000180)=""/117, 0x75, &(0x7f0000000100)={&(0x7f0000000140)={'rmd128\x00'}})
r6 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000001600)="4f676220a580aa3a6f5cf13cdf30d4fcac6407de51768db5ff01be35b2ddbb7db7c583d27f4917a83670bd17a6d89a411e9a36851735b74cf4be1583115db0b2ea0381871919c834b322d483f828c9abd2ebd03a676e59d126d6b8421780cbe07212972aa5d19460c7231116c1ad24669434a43280bc7d447636494764f2e8411ba3ba5e47479498b99e1a9877963459acd24a3fab4b8e", 0x97, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000380)={0x0, r5, r6}, &(0x7f00000016c0), 0x0, &(0x7f0000001780)={&(0x7f0000001700)={'hmac(tgr160)\x00'}, &(0x7f0000001740)="4dfb3fa9c5cf7aaeec65cfeb4f91", 0xe})
clone(0xc75e43cfae22dd4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

02:52:57 executing program 5:
perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
times(&(0x7f0000000000))
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x6, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000100), 0x4)
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x218}, 0x1c)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040), 0x800)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)

[  260.794012] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  260.801756] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e179
[  260.809134] RDX: 0000000020000260 RSI: 0000000000000000 RDI: 00000000004c29e3
[  260.816411] RBP: 0000000000021640 R08: 0000000020000260 R09: 0000000000000000
[  260.825246] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000004
[  260.832869] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:52:57 executing program 1 (fault-call:0 fault-nth:5):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:52:57 executing program 1 (fault-call:0 fault-nth:6):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:52:57 executing program 0:
pipe(&(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write(r1, &(0x7f00000001c0), 0x100000110)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x601, 0x0)
dup2(r3, r2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
ioctl$EVIOCSABS3F(r2, 0x401845ff, &(0x7f00000000c0)={0x4, 0x1, 0x3, 0x1f, 0x8000})
r4 = epoll_create(0x2000007)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000040)={0xb0000001})
epoll_wait(r4, &(0x7f0000000240)=[{}, {}], 0x2, 0x2dd)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
ioctl$KDSKBMODE(r2, 0x4b45, &(0x7f0000000140)=0x4)
creat(0x0, 0x0)

[  260.935166] FAULT_INJECTION: forcing a failure.
[  260.935166] name failslab, interval 1, probability 0, space 0, times 0
[  260.935179] CPU: 1 PID: 16328 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
02:52:57 executing program 0:
pipe(&(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="6c000000020605000000000000000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c00028008000140000000000c0001800800014000000002080008400020001005000500020800000500010006"], 0x6c}}, 0x0)
write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0)
ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r1, 0xc034564b, &(0x7f00000000c0)={0x1, 0x55595659, 0x3bed, 0x9, 0x1, @stepwise={{0x7, 0x100}, {0x7, 0x5}, {0x8, 0xfffffffa}}})
r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
splice(r0, 0x0, r2, 0x0, 0x207fff, 0x0)

[  260.935185] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  260.935189] Call Trace:
02:52:57 executing program 1 (fault-call:0 fault-nth:7):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  260.935205]  dump_stack+0x1b2/0x283
[  260.935228]  should_fail.cold+0x10a/0x154
02:52:57 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0xfc, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0xb18}, 0x800}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_open_dev$sndctrl(&(0x7f0000000000)='/dev/snd/controlC#\x00', 0x5, 0x20000)
syz_mount_image$ntfs(&(0x7f0000000040)='ntfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{0x0}], 0x0, &(0x7f0000000340)={[{@uid={'uid'}}, {@show_sys_files_yes='show_sys_files=yes'}, {@case_sensitive_no='case_sensitive=no'}]})

[  260.935246]  should_failslab+0xd6/0x130
[  260.935257]  kmem_cache_alloc+0x28e/0x3c0
[  260.935328]  get_empty_filp+0x86/0x3e0
[  260.935340]  alloc_file+0x23/0x440
[  260.935356]  __shmem_file_setup.part.0+0x198/0x3c0
02:52:58 executing program 1 (fault-call:0 fault-nth:8):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  260.935368]  ? shmem_create+0x30/0x30
[  260.935381]  ? __alloc_fd+0x1be/0x490
[  260.935398]  SyS_memfd_create+0x1fc/0x3c0
02:52:58 executing program 0:
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
ioctl$sock_x25_SIOCDELRT(r0, 0x890b, &(0x7f0000000100)={@remote={[], 0x2}, 0x9, 'veth1\x00'})
read$dsp(0xffffffffffffffff, &(0x7f0000000000)=""/225, 0xe1)
prctl$PR_SET_MM(0x23, 0x3, &(0x7f0000ffa000/0x3000)=nil)

[  260.935409]  ? shmem_fcntl+0x120/0x120
[  260.935419]  ? SyS_clock_settime+0x1a0/0x1a0
[  260.935431]  ? do_syscall_64+0x4c/0x640
[  260.935440]  ? shmem_fcntl+0x120/0x120
[  260.935451]  do_syscall_64+0x1d5/0x640
02:52:58 executing program 4:
r0 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000003c0)={&(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x8000)=nil, &(0x7f0000ff6000/0x6000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x2000)=nil, &(0x7f0000000280)="0fd69c20161d17f6d43fd8010cec73fedf14052f898cf781e725442f8b8b03ed5e970f8f4634a1719b863e4931669de226691e19a2e28e050ddb7145087fa05150eb326720c0ba8f1102216e5ead8c901224b55abecccbda392f81e3a67c31820815ac3bbc7adf8b01b1c1859303cbfe4f59a556348309b8c6be89891cf2d52ed32bd75683103725b265c2a0a2e83de3b14b1d942d0cead81c5d8a1704b7f97125575e2c9fb544cb24f9f0be346b4ac1deb2cf6140b4eb51940dba8f45205b1d6ea8dfb55c1c1ccfeea11fe5816e", 0xce, r0}, 0x68)
process_vm_readv(0x0, &(0x7f0000000080)=[{&(0x7f0000000440)=""/200, 0xc8}, {&(0x7f0000000540)=""/178, 0xb2}, {&(0x7f0000000600)=""/4096, 0x1000}], 0x3, 0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_QUOTA_RESCAN(0xffffffffffffffff, 0x4040942c, &(0x7f0000000000))
r1 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
sendmsg$IPSET_CMD_HEADER(r1, &(0x7f0000000180)={&(0x7f00000000c0), 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x30}, 0x1, 0x0, 0x0, 0x4000050}, 0x0)
unshare(0x20400)
r2 = creat(&(0x7f00000016c0)='./file0\x00', 0xa2)
getsockopt$netrom_NETROM_T2(r2, 0x103, 0x2, &(0x7f00000017c0)=0xffffffc1, &(0x7f0000001800)=0x4)
writev(r1, &(0x7f00000001c0)=[{0x0}, {&(0x7f0000000040)='5G', 0x2}], 0x2)
r3 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000040)='u', 0x1, 0xfffffffffffffffd)
r4 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000280)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r5 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)="b7", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r3, r4, r5}, &(0x7f0000000180)=""/117, 0x75, &(0x7f0000000100)={&(0x7f0000000140)={'rmd128\x00'}})
r6 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000200)={'syz', 0x2}, &(0x7f0000001600)="4f676220a580aa3a6f5cf13cdf30d4fcac6407de51768db5ff01be35b2ddbb7db7c583d27f4917a83670bd17a6d89a411e9a36851735b74cf4be1583115db0b2ea0381871919c834b322d483f828c9abd2ebd03a676e59d126d6b8421780cbe07212972aa5d19460c7231116c1ad24669434a43280bc7d447636494764f2e8411ba3ba5e47479498b99e1a9877963459acd24a3fab4b8e", 0x97, 0xfffffffffffffffc)
keyctl$dh_compute(0x17, &(0x7f0000000380)={0x0, r5, r6}, &(0x7f00000016c0), 0x0, &(0x7f0000001780)={&(0x7f0000001700)={'hmac(tgr160)\x00'}, &(0x7f0000001740)="4dfb3fa9c5cf7aaeec65cfeb4f91", 0xe})
clone(0xc75e43cfae22dd4, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)

[  260.935465]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  260.935473] RIP: 0033:0x45e179
[  260.935478] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  260.935489] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e179
[  260.935494] RDX: 0000000020000260 RSI: 0000000000000000 RDI: 00000000004c29e3
[  260.935499] RBP: 0000000000021640 R08: 0000000020000260 R09: 0000000000000000
[  260.935505] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000004
[  260.935511] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  261.067477] Bluetooth: hci0 command 0x0406 tx timeout
[  261.075752] FAULT_INJECTION: forcing a failure.
[  261.075752] name failslab, interval 1, probability 0, space 0, times 0
[  261.075764] CPU: 0 PID: 16338 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  261.075770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.075774] Call Trace:
[  261.075789]  dump_stack+0x1b2/0x283
[  261.075806]  should_fail.cold+0x10a/0x154
[  261.075823]  should_failslab+0xd6/0x130
[  261.075834]  kmem_cache_alloc+0x28e/0x3c0
[  261.075850]  selinux_file_alloc_security+0xaf/0x190
[  261.075862]  security_file_alloc+0x66/0xa0
[  261.075933]  ? selinux_is_enabled+0x5/0x50
[  261.075945]  get_empty_filp+0x15c/0x3e0
[  261.075957]  alloc_file+0x23/0x440
[  261.075974]  __shmem_file_setup.part.0+0x198/0x3c0
[  261.075984]  ? shmem_create+0x30/0x30
[  261.075993]  ? __alloc_fd+0x1be/0x490
[  261.076010]  SyS_memfd_create+0x1fc/0x3c0
[  261.076020]  ? shmem_fcntl+0x120/0x120
[  261.076030]  ? SyS_clock_settime+0x1a0/0x1a0
[  261.076041]  ? do_syscall_64+0x4c/0x640
[  261.076050]  ? shmem_fcntl+0x120/0x120
[  261.076061]  do_syscall_64+0x1d5/0x640
[  261.076074]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  261.076082] RIP: 0033:0x45e179
[  261.076088] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  261.076098] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e179
[  261.076106] RDX: 0000000020000260 RSI: 0000000000000000 RDI: 00000000004c29e3
[  261.076111] RBP: 0000000000021640 R08: 0000000020000260 R09: 0000000000000000
[  261.076117] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000004
[  261.076122] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  261.123174] IPVS: ftp: loaded support on port[0] = 21
[  261.175191] FAULT_INJECTION: forcing a failure.
[  261.175191] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  261.175228] CPU: 0 PID: 16348 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  261.175235] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.175238] Call Trace:
[  261.175255]  dump_stack+0x1b2/0x283
[  261.175273]  should_fail.cold+0x10a/0x154
[  261.175289]  __alloc_pages_nodemask+0x22c/0x2720
[  261.175302]  ? __lock_acquire+0x5fc/0x3f20
[  261.175319]  ? security_inode_alloc+0x8d/0xd0
[  261.175332]  ? static_obj+0x50/0x50
[  261.175344]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  261.175361]  ? __lock_acquire+0x5fc/0x3f20
[  261.175391]  ? avc_has_perm_noaudit+0x157/0x2a0
[  261.175412]  alloc_pages_vma+0xd2/0x6d0
[  261.175428]  shmem_alloc_page+0xe0/0x180
[  261.175439]  ? shmem_swapin+0x180/0x180
[  261.175448]  ? avc_has_extended_perms+0xbf0/0xbf0
[  261.175460]  ? __radix_tree_lookup+0x1b5/0x2e0
[  261.175521]  ? find_get_entry+0x312/0x630
[  261.175593]  ? check_preemption_disabled+0x35/0x240
[  261.175610]  ? __vm_enough_memory+0x261/0x520
[  261.175625]  shmem_alloc_and_acct_page+0x126/0x620
[  261.175665]  ? simple_xattr_get+0xe5/0x160
[  261.175678]  shmem_getpage_gfp+0x302/0x2810
[  261.175703]  ? simple_xattr_get+0xe5/0x160
[  261.175715]  ? shmem_alloc_and_acct_page+0x620/0x620
[  261.175733]  shmem_write_begin+0xeb/0x190
[  261.175746]  generic_perform_write+0x1c9/0x420
[  261.175762]  ? filemap_page_mkwrite+0x2d0/0x2d0
[  261.175774]  ? current_time+0xb0/0xb0
[  261.175786]  ? lock_acquire+0x170/0x3f0
[  261.175796]  __generic_file_write_iter+0x227/0x590
[  261.175810]  generic_file_write_iter+0x36f/0x650
[  261.175824]  __vfs_write+0x44c/0x630
[  261.175835]  ? kernel_read+0x110/0x110
[  261.175895]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  261.175907]  ? rcu_sync_lockdep_assert+0x69/0xa0
[  261.175919]  vfs_write+0x17f/0x4d0
[  261.175932]  SyS_pwrite64+0x116/0x140
[  261.175941]  ? SyS_pread64+0x140/0x140
[  261.175950]  ? fput+0xb/0x140
[  261.175962]  ? do_syscall_64+0x4c/0x640
[  261.175971]  ? SyS_pread64+0x140/0x140
[  261.175983]  do_syscall_64+0x1d5/0x640
[  261.175999]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  261.176006] RIP: 0033:0x417b07
[  261.176012] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  261.176022] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417b07
[  261.176028] RDX: 000000000000012b RSI: 0000000020010000 RDI: 0000000000000004
[  261.176033] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  261.176038] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004
[  261.176044] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210
[  261.345357] FAULT_INJECTION: forcing a failure.
[  261.345357] name failslab, interval 1, probability 0, space 0, times 0
[  261.345441] CPU: 0 PID: 16373 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  261.345448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.345451] Call Trace:
[  261.345468]  dump_stack+0x1b2/0x283
[  261.345485]  should_fail.cold+0x10a/0x154
[  261.345500]  should_failslab+0xd6/0x130
[  261.345510]  kmem_cache_alloc+0x40/0x3c0
[  261.345523]  radix_tree_node_alloc.constprop.0+0x1b0/0x2f0
[  261.345535]  __radix_tree_create+0x323/0x4b0
[  261.345567]  __radix_tree_insert+0x98/0x4f0
[  261.345579]  ? __radix_tree_create+0x4b0/0x4b0
[  261.345591]  ? shmem_add_to_page_cache+0x1e7/0x730
[  261.345608]  shmem_add_to_page_cache+0x503/0x730
[  261.345620]  ? shmem_recalc_inode+0x2f0/0x2f0
[  261.345631]  ? __radix_tree_preload+0x1c3/0x250
[  261.345646]  shmem_getpage_gfp+0x115b/0x2810
[  261.345664]  ? simple_xattr_get+0xe5/0x160
[  261.345674]  ? shmem_alloc_and_acct_page+0x620/0x620
[  261.345695]  shmem_write_begin+0xeb/0x190
[  261.345707]  generic_perform_write+0x1c9/0x420
[  261.345722]  ? filemap_page_mkwrite+0x2d0/0x2d0
[  261.345733]  ? current_time+0xb0/0xb0
[  261.345744]  ? lock_acquire+0x170/0x3f0
[  261.345756]  __generic_file_write_iter+0x227/0x590
[  261.345769]  generic_file_write_iter+0x36f/0x650
[  261.345783]  __vfs_write+0x44c/0x630
[  261.345793]  ? kernel_read+0x110/0x110
[  261.345814]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  261.345825]  ? rcu_sync_lockdep_assert+0x69/0xa0
[  261.345836]  vfs_write+0x17f/0x4d0
[  261.345848]  SyS_pwrite64+0x116/0x140
[  261.345857]  ? SyS_pread64+0x140/0x140
[  261.345864]  ? fput+0xb/0x140
[  261.345874]  ? do_syscall_64+0x4c/0x640
[  261.345882]  ? SyS_pread64+0x140/0x140
[  261.345893]  do_syscall_64+0x1d5/0x640
[  261.345908]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  261.345916] RIP: 0033:0x417b07
[  261.345921] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  261.345931] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417b07
[  261.345937] RDX: 000000000000012b RSI: 0000000020010000 RDI: 0000000000000004
[  261.345942] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  261.345947] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004
[  261.345952] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210
[  261.422574] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  261.464014] BTRFS error (device loop1): open_ctree failed
[  261.504611] ntfs: (device loop3): parse_options(): Unrecognized mount option .
[  261.557777] ntfs: (device loop3): parse_options(): Unrecognized mount option .
[  261.643555] FAULT_INJECTION: forcing a failure.
[  261.643555] name failslab, interval 1, probability 0, space 0, times 0
[  261.643567] CPU: 1 PID: 16407 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  261.643573] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.643576] Call Trace:
[  261.643593]  dump_stack+0x1b2/0x283
[  261.643609]  should_fail.cold+0x10a/0x154
[  261.643625]  should_failslab+0xd6/0x130
[  261.643635]  kmem_cache_alloc+0x28e/0x3c0
[  261.643646]  getname_flags+0xc8/0x550
[  261.643658]  do_sys_open+0x1ce/0x410
[  261.643666]  ? filp_open+0x60/0x60
[  261.643672]  ? SyS_pwrite64+0xca/0x140
[  261.643681]  ? fput+0xb/0x140
[  261.643691]  ? do_syscall_64+0x4c/0x640
[  261.643698]  ? do_sys_open+0x410/0x410
[  261.643708]  do_syscall_64+0x1d5/0x640
[  261.643722]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  261.643729] RIP: 0033:0x417aa1
[  261.643733] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  261.643743] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000417aa1
[  261.643749] RDX: 0000000000000274 RSI: 0000000000000002 RDI: 00007fc7fa8cfae0
[  261.643754] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  261.643759] R10: 0000000000010b20 R11: 0000000000000293 R12: 0000000000000004
02:52:59 executing program 2:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4ac, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x4e6300, 0x0)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, 0x0, 0x4, 0x70bd2d, 0x25dfdbfc, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8, 0x3b, 0xff}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3f}, @BATADV_ATTR_AGGREGATED_OGMS_ENABLED={0x5, 0x29, 0x1}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048005}, 0x4004014)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x2400, 0x1)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$NL80211_CMD_SET_STATION(r0, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f00000002c0)={&(0x7f0000000200)={0xb8, 0x0, 0x200, 0x70bd2b, 0x25dfdbfe, {}, [@NL80211_ATTR_STA_EXT_CAPABILITY={0xa1, 0xac, "dd7f30ea97a8448b5b084beb947984dfbc526ba77dba8d7912191244f1bf83c1133e2d85e1d24afc759ef6de1a090266b781bdd8f78bbeece2d0067afb6bbe9db89ec0742fb43333cf6bf09e714560a15de4cbb822112af488d75ea588ddb314062766c760b4be8bec7248606154bbbfef8ab3f1068ea2d157d484f0eabbf6c2b4b23cc908fbdd0d8e0b5b34986ae2a61a89ea3ed031d1ee80d820947a"}]}, 0xb8}, 0x1, 0x0, 0x0, 0x10}, 0x20000000)
ioctl$PIO_FONT(r1, 0x4b61, &(0x7f0000000000))

02:52:59 executing program 1 (fault-call:0 fault-nth:9):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:52:59 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7ff, 0x1fb}, 0x0, 0x0, 0x0, 0x6}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300), 0x4)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000001c0)={0xffffffffffffffff, 0x28, &(0x7f0000000000)={0x0, <r4=>0x0}}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f0000000200)={r4, 0x7}, 0xc)
lstat(&(0x7f00000000c0)='./file0\x00', &(0x7f00000006c0)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
setfsuid(0x0)
ptrace$poke(0xffffffffffffffff, r0, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000940)=@newqdisc={0x64, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x1, 'tbf\x00'}, {0x50, 0x2, [@TCA_TBF_PARMS={0x28}, @TCA_TBF_RATE64={0xc}]}}]}, 0x64}}, 0x0)
sendmsg$GTP_CMD_NEWPDP(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0x2c, 0x0, 0x100, 0x70bd25, 0x25dfdbfd, {}, [@GTPA_NET_NS_FD={0x8}, @GTPA_O_TEI={0x8, 0x9, 0x2}, @GTPA_LINK={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x10)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@textreal={0x8, &(0x7f0000000040)="f30f09dd467366b9800000c00f326635000100000f30f0812700000f013d0f20a6660f154c00f4baf80c66b8345a5a8866efbafc0c66edbaf80c66b8d2174f8066efbafc0cb87000ef", 0x49}], 0x1, 0x64, 0x0, 0x0)
ioprio_get$uid(0x0, r5)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmmsg$sock(0xffffffffffffffff, 0x0, 0x0, 0x0)
readv(0xffffffffffffffff, 0x0, 0x0)

02:52:59 executing program 5:
perf_event_open(&(0x7f00000005c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0xffffffff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
times(&(0x7f0000000000))
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000000080)=0x6, 0x4)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
setsockopt$inet6_IPV6_ADDRFORM(r1, 0x29, 0x1, &(0x7f0000000100), 0x4)
ioctl$RTC_PIE_OFF(0xffffffffffffffff, 0x7006)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000180)='dctcp\x00', 0x6)
sendto$inet6(r0, &(0x7f0000f6f000), 0xfffffffffffffea7, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @rand_addr, 0x218}, 0x1c)
perf_event_open(&(0x7f0000000080)={0x0, 0x70, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
pipe2(&(0x7f0000000040), 0x800)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(0xffffffffffffffff, 0xf504, 0x0)

02:52:59 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4003000010003904000000000000e0ff00000000", @ANYRES32, @ANYBLOB="03000000000000002000128008000100736974001400028008000100", @ANYRES32], 0x40}}, 0x0)

[  261.643764] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  262.274681] Bluetooth: hci5 command 0x041b tx timeout
[  263.065374] FAULT_INJECTION: forcing a failure.
[  263.065374] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  263.077219] CPU: 1 PID: 16429 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  263.085097] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.094452] Call Trace:
[  263.097045]  dump_stack+0x1b2/0x283
[  263.100668]  should_fail.cold+0x10a/0x154
[  263.104979]  __alloc_pages_nodemask+0x22c/0x2720
[  263.109730]  ? __lock_acquire+0x5fc/0x3f20
[  263.113965]  ? generic_file_write_iter+0x37a/0x650
[  263.118926]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  263.123753]  ? trace_hardirqs_on+0x10/0x10
[  263.127994]  ? lock_downgrade+0x740/0x740
[  263.132130]  ? up_write+0x17/0x60
[  263.135588]  ? generic_file_write_iter+0x2f8/0x650
[  263.140522]  cache_grow_begin+0x8f/0x420
[  263.144568]  cache_alloc_refill+0x273/0x350
[  263.148873]  kmem_cache_alloc+0x333/0x3c0
[  263.153003]  getname_flags+0xc8/0x550
[  263.156793]  do_sys_open+0x1ce/0x410
[  263.160488]  ? filp_open+0x60/0x60
02:52:59 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb, 0x1, 'ipvlan\x00'}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x5, @empty=[0x4]}]}, 0x40}}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
ioctl$TIOCMBIC(r1, 0x5417, &(0x7f0000000000)=0x8)

[  263.164004]  ? SyS_pwrite64+0xca/0x140
[  263.167882]  ? fput+0xb/0x140
[  263.170974]  ? do_syscall_64+0x4c/0x640
[  263.174923]  ? do_sys_open+0x410/0x410
[  263.178789]  do_syscall_64+0x1d5/0x640
[  263.182656]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  263.187826] RIP: 0033:0x417aa1
[  263.190993] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  263.198676] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000417aa1
[  263.205933] RDX: 0000000000000274 RSI: 0000000000000002 RDI: 00007fc7fa8cfae0
02:52:59 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xc}}, 0x10)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, 0x10)
r1 = openat$cgroup_netprio_ifpriomap(0xffffffffffffffff, &(0x7f0000000000)='net_prio.ifpriomap\x00', 0x2, 0x0)
sendfile(r0, r1, &(0x7f0000000040)=0x8, 0x100000001)
sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0)

[  263.213181] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  263.220431] R10: 0000000000010b20 R11: 0000000000000293 R12: 0000000000000004
[  263.227678] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  263.276888] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:52:59 executing program 1 (fault-call:0 fault-nth:10):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  263.327425] BTRFS error (device loop1): open_ctree failed
02:53:00 executing program 4:
r0 = socket(0x10, 0x803, 0x0)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40004, 0x0, &(0x7f0000000200), 0x804422, &(0x7f0000000040))
ioctl$SIOCGETLINKNAME(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={0x3, 0x2})

[  263.459988] FAULT_INJECTION: forcing a failure.
[  263.459988] name failslab, interval 1, probability 0, space 0, times 0
[  263.517814] CPU: 0 PID: 16465 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  263.525728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.535111] Call Trace:
[  263.537718]  dump_stack+0x1b2/0x283
[  263.541362]  should_fail.cold+0x10a/0x154
[  263.545608]  should_failslab+0xd6/0x130
[  263.549589]  kmem_cache_alloc+0x28e/0x3c0
[  263.553834]  get_empty_filp+0x86/0x3e0
[  263.557729]  path_openat+0x84/0x2970
[  263.561450]  ? generic_file_write_iter+0x37a/0x650
[  263.567112]  ? path_lookupat+0x780/0x780
[  263.571250]  ? trace_hardirqs_on+0x10/0x10
[  263.575503]  do_filp_open+0x179/0x3c0
[  263.579320]  ? may_open_dev+0xe0/0xe0
[  263.583141]  ? __alloc_fd+0x1be/0x490
[  263.586956]  ? lock_downgrade+0x740/0x740
[  263.591108]  ? do_raw_spin_unlock+0x164/0x220
[  263.595643]  ? _raw_spin_unlock+0x29/0x40
[  263.599883]  ? __alloc_fd+0x1be/0x490
[  263.603690]  do_sys_open+0x296/0x410
[  263.607504]  ? filp_open+0x60/0x60
[  263.611039]  ? SyS_pwrite64+0xca/0x140
[  263.614929]  ? fput+0xb/0x140
02:53:00 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r2 = socket$kcm(0x2, 0x200000000000001, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0)
sendmsg$inet(r2, 0x0, 0x24000844)
sendmsg(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000080)}], 0x1, 0x0, 0x0, 0xf00}, 0x7ffff)
socketpair(0x0, 0x0, 0x0, &(0x7f0000000100))
close(0xffffffffffffffff)
ioctl$SIOCRSSL2CALL(r0, 0x89e2, &(0x7f0000000000)=@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0})
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x34f, &(0x7f0000000440)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xee\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A'}, 0xffffffffffffffc0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000100), 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_type(r0, &(0x7f0000000080)='cgroup.type\x00', 0x2, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040))

[  263.618035]  ? do_syscall_64+0x4c/0x640
[  263.622005]  ? do_sys_open+0x410/0x410
[  263.625897]  do_syscall_64+0x1d5/0x640
[  263.629791]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  263.634978] RIP: 0033:0x417aa1
[  263.638166] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  263.645870] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000417aa1
[  263.653484] RDX: 0000000000000274 RSI: 0000000000000002 RDI: 00007fc7fa8cfae0
[  263.660750] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  263.668454] R10: 0000000000010b20 R11: 0000000000000293 R12: 0000000000000004
[  263.675720] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  263.768608] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  263.791486] batman_adv: batadv0: Removing interface: batadv_slave_0
[  263.867677] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  263.920154] batman_adv: batadv0: Removing interface: batadv_slave_1
[  264.007607] device bridge_slave_1 left promiscuous mode
[  264.013246] bridge0: port 2(bridge_slave_1) entered disabled state
[  264.110261] device bridge_slave_0 left promiscuous mode
[  264.130153] bridge0: port 1(bridge_slave_0) entered disabled state
[  264.176030] device veth1_macvtap left promiscuous mode
[  264.189793] device veth0_macvtap left promiscuous mode
[  264.211984] device veth1_vlan left promiscuous mode
[  264.218776] device veth0_vlan left promiscuous mode
[  264.358250] Bluetooth: hci5 command 0x040f tx timeout
[  264.412024] device hsr_slave_1 left promiscuous mode
[  264.420718] device hsr_slave_0 left promiscuous mode
[  264.436634] team0 (unregistering): Port device team_slave_1 removed
[  264.448098] team0 (unregistering): Port device team_slave_0 removed
[  264.457726] bond0 (unregistering): Releasing backup interface bond_slave_1
[  264.467816] bond0 (unregistering): Releasing backup interface bond_slave_0
[  264.493711] bond0 (unregistering): Released all slaves
[  265.905237] IPVS: ftp: loaded support on port[0] = 21
[  265.997933] chnl_net:caif_netlink_parms(): no params data found
[  266.049140] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.055558] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.063724] device bridge_slave_0 entered promiscuous mode
[  266.072080] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.078507] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.086201] device bridge_slave_1 entered promiscuous mode
[  266.103515] bond0: Enslaving bond_slave_0 as an active interface with an up link
[  266.112283] bond0: Enslaving bond_slave_1 as an active interface with an up link
[  266.133460] IPv6: ADDRCONF(NETDEV_UP): team_slave_0: link is not ready
[  266.141472] team0: Port device team_slave_0 added
[  266.147067] IPv6: ADDRCONF(NETDEV_UP): team_slave_1: link is not ready
[  266.154103] team0: Port device team_slave_1 added
[  266.172280] batman_adv: batadv0: Adding interface: batadv_slave_0
[  266.178542] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.203823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  266.215758] batman_adv: batadv0: Adding interface: batadv_slave_1
[  266.222082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  266.247575] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  266.258556] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_0: link is not ready
[  266.265963] IPv6: ADDRCONF(NETDEV_UP): bridge_slave_1: link is not ready
[  266.288862] device hsr_slave_0 entered promiscuous mode
[  266.294508] device hsr_slave_1 entered promiscuous mode
[  266.300760] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_0: link is not ready
[  266.308055] IPv6: ADDRCONF(NETDEV_UP): hsr_slave_1: link is not ready
[  266.377416] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.383757] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.390433] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.396827] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.427263] IPv6: ADDRCONF(NETDEV_UP): bond0: link is not ready
[  266.433335] 8021q: adding VLAN 0 to HW filter on device bond0
[  266.439887] Bluetooth: hci5 command 0x0419 tx timeout
[  266.443297] IPv6: ADDRCONF(NETDEV_UP): veth0: link is not ready
[  266.454946] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  266.462277] bridge0: port 1(bridge_slave_0) entered disabled state
[  266.469241] bridge0: port 2(bridge_slave_1) entered disabled state
[  266.479597] IPv6: ADDRCONF(NETDEV_UP): team0: link is not ready
[  266.485655] 8021q: adding VLAN 0 to HW filter on device team0
[  266.497740] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  266.505408] bridge0: port 1(bridge_slave_0) entered blocking state
[  266.511876] bridge0: port 1(bridge_slave_0) entered forwarding state
[  266.518758] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  266.526314] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.532684] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.547406] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  266.555307] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  266.564768] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  266.579849] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  266.590019] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  266.601689] IPv6: ADDRCONF(NETDEV_UP): hsr0: link is not ready
[  266.608234] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  266.616362] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  266.626019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  266.640578] IPv6: ADDRCONF(NETDEV_UP): vxcan0: link is not ready
[  266.648464] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  266.655131] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  266.665816] 8021q: adding VLAN 0 to HW filter on device batadv0
[  266.718660] IPv6: ADDRCONF(NETDEV_UP): veth0_virt_wifi: link is not ready
[  266.730244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  266.757828] IPv6: ADDRCONF(NETDEV_UP): veth0_vlan: link is not ready
[  266.765092] IPv6: ADDRCONF(NETDEV_UP): vlan0: link is not ready
[  266.772553] IPv6: ADDRCONF(NETDEV_UP): vlan1: link is not ready
[  266.782577] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  266.790840] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  266.798511] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  266.809484] device veth0_vlan entered promiscuous mode
[  266.819586] device veth1_vlan entered promiscuous mode
[  266.825584] IPv6: ADDRCONF(NETDEV_UP): macvlan0: link is not ready
[  266.835149] IPv6: ADDRCONF(NETDEV_UP): macvlan1: link is not ready
[  266.847475] IPv6: ADDRCONF(NETDEV_UP): veth0_macvtap: link is not ready
[  266.857610] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  266.864787] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  266.872416] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  266.881819] device veth0_macvtap entered promiscuous mode
[  266.888317] IPv6: ADDRCONF(NETDEV_UP): macvtap0: link is not ready
[  266.896388] device veth1_macvtap entered promiscuous mode
[  266.906004] IPv6: ADDRCONF(NETDEV_UP): veth0_to_batadv: link is not ready
[  266.916245] IPv6: ADDRCONF(NETDEV_UP): veth1_to_batadv: link is not ready
[  266.924899] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  266.934971] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.945201] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  266.955415] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.965015] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  266.974753] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  266.983914] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  266.994280] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.003808] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0
[  267.015289] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.025771] batman_adv: batadv0: Interface activated: batadv_slave_0
[  267.033834] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  267.041222] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  267.049589] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  267.060407] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  267.071124] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.080531] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  267.090897] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.100074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  267.111605] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.120782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  267.130516] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.139765] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1
[  267.149730] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  267.159939] IPv6: ADDRCONF(NETDEV_UP): batadv_slave_1: link is not ready
[  267.167136] batman_adv: batadv0: Interface activated: batadv_slave_1
[  267.174027] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  267.182034] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  267.290085] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
[  267.296471] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.313635] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.333889] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
02:53:04 executing program 0:
ioctl$DRM_IOCTL_MODE_GET_LEASE(0xffffffffffffffff, 0xc01064c8, &(0x7f0000000040)={0x8, 0x0, &(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]})
r0 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f0000000040)='u', 0x1, 0xfffffffffffffffd)
r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000280)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe27da2a9d5ba9ff3c009d308bd73f4772539", 0xc0, 0xfffffffffffffffe)
r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f00000000c0)="b7", 0x1, 0xfffffffffffffffe)
keyctl$dh_compute(0x17, &(0x7f0000000480)={r0, r1, r2}, &(0x7f0000000180)=""/117, 0x75, &(0x7f0000000100)={&(0x7f0000000140)={'rmd128\x00'}})
keyctl$KEYCTL_PKEY_QUERY(0x18, r1, 0x0, &(0x7f0000000080)='\v(\x00', &(0x7f0000000140))
r3 = syz_init_net_socket$ax25(0x3, 0x2, 0x0)
connect$ax25(r3, &(0x7f00000000c0)={{0x3, @netrom}, [@null={0x40, 0x40, 0x40, 0x40, 0x40, 0x40, 0x25dfdbfc}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default, @rose, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @bcast, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48)

02:53:04 executing program 1 (fault-call:0 fault-nth:11):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:04 executing program 4:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount$bpf(0x20000000, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(0xffffffffffffffff, 0x0, 0x0)
openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000043c0)=[{{0x0, 0x0, 0x0}, 0x8d38}, {{0x0, 0x0, &(0x7f0000002740)=[{&(0x7f00000013c0)=""/14, 0xe}], 0x1}}], 0x2, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f00000017c0), 0x3da, 0x0, 0x0)
pipe(0x0)
ioctl$CHAR_RAW_GETSIZE(0xffffffffffffffff, 0x1260, &(0x7f0000000300))
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0xfffffffffffffc7b, &(0x7f0000000140)={&(0x7f00000007c0)=ANY=[@ANYBLOB="4800000010000104000000000400000000000000", @ANYRES32=0x0, @ANYBLOB="130000000208020028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB='@\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0)
ioctl$PIO_FONTX(0xffffffffffffffff, 0x4b6c, &(0x7f0000000200)={0x1c2, 0x0, &(0x7f0000000380)="d1fbc6709926d61716a186b7385803aa078903f6cd4f4d9e7fe6ba2cd0a98fc32fba07ea8f5affaa69fd969c25c8d28e68c7e8609e644241b3d07240935e4d751c268e70c5e3a4ef26adc1abecad91efa04b7768ad883d86dd56f0ae0c9033629bfc8c76a7f4832befa51f65edbe29a8ad563800598a5e98a6a8c3b5320aa7a8b075500160e34989d3f8857e9cc5020302eb52e9f77c2c2d8be330a79bb451498e297cd31de04f1e9d6b4c994eabc4897eb4ed228dab2092f5c50554ff76e81f44f77bc4ddba8a4f70a6e0ac2211fbdc3fe1fe9d58a8906fe2bc75e04c35b5ba6dcf0ee92a383980fe72ea2f96b2e79c458847d38fff0d48eeaea8c68f00b660216757b260fb6d15fbe1988a41a0e308f8681bc8bc800cab79fa362727ff6339dbd6b06d914aabbe157192e661f6eef7b2d95abb1a28c13e41567b8e1b3eb7b410517b5d1ac22205e78dd2c86be8ac3a310677515a359afc76f9dec4700cd8b5f1de9ba65d7b12a3b672439e56171df5e01eec16805b24d342439718801e0c924d824f682e7cdcc4a49485e583bf8ca20ba8b8af405737ac5ed0a22d3e95249e49ed3fb9418a3c4650355bde88d52ebd1523136d9c3efd837ba44e660add3f85bc4eca588add3ed31dcf92d0cf746ec58ff3dd510cc422dde8c6c4ebe8e71f0495498051c823a43a8f6840b4050f73d296c313367c83f63882b25a876b41de7b4195d246396f002c70c6409893b3a12e9d5961e9cffcf09dd963b889f97e69fa8140844628cbaeadc16ccc5124bef179b9370a097a6d1fa0c5ac0a20241d55623bfb3019bad539c844e58d022060423fc95836a9560c5751adb371ef2c9f617d35f8771178314cb09efdb0161c74b6df3ff5d569f6ab19918a709f1347e5db4cafe7087b7180058dd1d8e0bce152ad745a35e3eecc70be909417d41944d035a8c89a197d93e4465e59207b8fdbd085c4e9c156ed427e111a9d41e3686fbc37cab9a299ba621f69ed299a093c253485eddcf44f23e2e875e47ce185c4db771c1e3be0f53d35564df5d56e4461b1eaea22efe83278cdf5512f1ec010dc68575902fc12963016cba294a4cf4ba8332fcb5c302fb85ff25901f5f2761a400e7cd2e625181e3fa35a4b6143ba10da9af55ba9db7fdedcefb83b9069364c1986da785f49c7213542b3ed1e12b0dca1d20cb99aeb83cfbf18c81d2777ecab1c03d7c164a7200b97a4c3225333453eb38f0fa759e551c0349285dcc6abd425d71580ad92b6ef6266b3a1692f031c57010a35dd8e260aa222a332bf47e44c66fcfa9806bec6d592fdb1ef75a61e67e04001f00a67af40ec73b32de0bd5737e4ec9cb38677a38567b4695421c78de0df39808cb118e8a5b81a1586f3ab31c0b2895a31c7d26f2b5d7da0bfac1a7802c70884671a27c7f48f35946d02abc5789b83f6d58933"})
mount(0x0, 0x0, 0x0, 0x1, 0x0)
pipe(0x0)
sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000780)={0x0, 0x0, 0x0}, 0x10000)

02:53:04 executing program 5:
r0 = syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000000080)="000400000100010044000000ff15ff7f6824", 0x12, 0x400}, {&(0x7f0000000780)="feffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300000000e0ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff07ffffed4103005cf9535f70000000e7c2645fe8c2645fe8c2645f44000000000000000000000000000000000000000000000000000000000000000000000000000000ed4102", 0xfffffffffffffebf, 0x880}, {&(0x7f0000010c00)="01002e0000000000000000000000000001002e2e000000000000000000000000020066696c6530", 0x27, 0x11000}], 0x2041004, &(0x7f00000003c0)=ANY=[])
futimesat(r0, 0x0, 0x0)
unlinkat(r0, &(0x7f00000000c0)='./file0\x00', 0x200)
ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, &(0x7f00000001c0)={0x80000000, 0x9, 0x20, 0x5, 0x2})
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000100)=""/172, 0xac}], 0x1, 0x0, 0x0)
r2 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r2, &(0x7f0000000380)=[{&(0x7f0000000100)=""/172, 0xac}], 0x1, 0x0, 0x0)
fcntl$dupfd(r1, 0x0, r2)

02:53:04 executing program 2:
r0 = socket(0x2b, 0x4000000000080002, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
bind$packet(r0, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @local}, 0x14)
getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000000)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d00800002400ffff01009e000000000000000000", @ANYRES32=r3, @ANYBLOB="0000000bf1ffffff000000000800010063627100a408020004040600030000000500000000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff070000000849000001ffff0002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050104000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000010800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500030000000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000000000008000000b300000006000000000000000007000001010000030000000080000000040000730a000008000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000400ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f0000f400000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010"], 0x8d0}}, 0x0)
sendmsg$AUDIT_ADD_RULE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000740)={0x420, 0x3f3, 0x2}, 0x420}}, 0x0)
r4 = socket(0x1000000010, 0x80002, 0x0)
sendmmsg$alg(r4, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

02:53:04 executing program 3:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x13102001ffe, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000100), 0x4)
r1 = syz_open_procfs(0x0, &(0x7f0000000140)='net/igmp\x00')
preadv(r1, &(0x7f00000017c0), 0x1b4, 0x74000000, 0x0)
ioctl$SCSI_IOCTL_SYNC(r1, 0x4)
recvmsg$can_bcm(r1, &(0x7f00000007c0)={&(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @loopback}}}, 0x80, &(0x7f00000006c0)=[{&(0x7f0000000140)=""/183, 0xb7}, {&(0x7f0000000200)=""/211, 0xd3}, {&(0x7f0000000080)=""/35, 0x23}, {&(0x7f00000003c0)=""/84, 0x54}, {&(0x7f0000000440)=""/238, 0xee}, {&(0x7f0000000540)=""/183, 0xb7}, {&(0x7f0000000600)=""/140, 0x8c}], 0x7, &(0x7f0000000740)=""/86, 0x56}, 0x40)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r3, r2)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x11)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000100), 0x40)
socket(0x0, 0x0, 0x0)
poll(0x0, 0x0, 0x8000000000000200)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
accept4$unix(r1, 0x0, &(0x7f0000000800), 0x800)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="000000000000000000240001801400018008000100e000000108000200ac1414000c000280de0001000100000004000d803c0002802c00018014000300fc02000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100010000000800074000000000"], 0x80}}, 0x0)

[  267.356097] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
[  267.365993] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  267.381744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  267.387127] Bluetooth: hci1 command 0x0409 tx timeout
[  267.394252] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  267.510597] FAULT_INJECTION: forcing a failure.
[  267.510597] name failslab, interval 1, probability 0, space 0, times 0
[  267.540335] CPU: 1 PID: 16786 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  267.544741] ax25_connect(): syz-executor.0 uses autobind, please contact jreuter@yaina.de
[  267.548253] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.548258] Call Trace:
[  267.548277]  dump_stack+0x1b2/0x283
[  267.548293]  should_fail.cold+0x10a/0x154
[  267.548308]  should_failslab+0xd6/0x130
[  267.548319]  kmem_cache_alloc+0x28e/0x3c0
[  267.548333]  selinux_file_alloc_security+0xaf/0x190
[  267.548343]  security_file_alloc+0x66/0xa0
[  267.548351]  ? selinux_is_enabled+0x5/0x50
[  267.548360]  get_empty_filp+0x15c/0x3e0
[  267.548371]  path_openat+0x84/0x2970
[  267.548385]  ? generic_file_write_iter+0x37a/0x650
[  267.548397]  ? path_lookupat+0x780/0x780
[  267.548407]  ? trace_hardirqs_on+0x10/0x10
[  267.548505]  ? do_msgrcv+0x250/0xf80
[  267.548528]  do_filp_open+0x179/0x3c0
[  267.548539]  ? may_open_dev+0xe0/0xe0
[  267.548550]  ? __alloc_fd+0x1be/0x490
[  267.548562]  ? lock_downgrade+0x740/0x740
[  267.548573]  ? do_raw_spin_unlock+0x164/0x220
[  267.548587]  ? _raw_spin_unlock+0x29/0x40
[  267.650692]  ? __alloc_fd+0x1be/0x490
[  267.654691]  do_sys_open+0x296/0x410
[  267.658506]  ? filp_open+0x60/0x60
[  267.662057]  ? SyS_pwrite64+0xca/0x140
[  267.666450]  ? fput+0xb/0x140
[  267.669645]  ? do_syscall_64+0x4c/0x640
[  267.676125]  ? do_sys_open+0x410/0x410
[  267.680044]  do_syscall_64+0x1d5/0x640
[  267.683937]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  267.689443] RIP: 0033:0x417aa1
[  267.692632] RSP: 002b:00007fc7fa8cfa20 EFLAGS: 00000293 ORIG_RAX: 0000000000000002
[  267.701052] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000417aa1
02:53:04 executing program 0:
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r1, &(0x7f0000000380)=[{&(0x7f0000000100)=""/172, 0xac}], 0x1, 0x0, 0x0)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000000)={0xa, 0x4e21, 0x0, @remote}, 0x1c, 0x0}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="2400000000000000290000003200000000000000000000000000ffffe0", @ANYRESOCT=r1], 0x28}}], 0x2, 0x0)

02:53:04 executing program 4:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sysvipc/shm\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=""/52, 0x34}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='oom_score_adj\x00')
preadv(r0, &(0x7f00000017c0), 0x3da, 0x2000000, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
write$P9_RAUTH(r1, &(0x7f0000000000)={0x14, 0x67, 0x2, {0x8, 0x2, 0x5}}, 0x14)

02:53:04 executing program 2:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x2, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000140)=0x8000)
mkdir(&(0x7f0000000100)='./file0\x00', 0xa0)
mkdir(&(0x7f00000000c0)='./bus\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x70, &(0x7f0000013ff4)=@assoc_value, &(0x7f0000002000)=0x8)
socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_RTOINFO(r1, 0x84, 0x0, &(0x7f00000000c0)={0x0, 0x4}, 0x10)
mkdir(&(0x7f0000000380)='./file0\x00', 0x4)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = fcntl$dupfd(r3, 0x0, r2)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
mount$overlay(0x400002, &(0x7f0000000000)='./bus\x00', &(0x7f0000000180)='overlay\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='upperdir=./file1,workdir=./fi=./bus,fscontext=system_u,\x00'])

02:53:04 executing program 1 (fault-call:0 fault-nth:12):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  267.708411] RDX: 0000000000000274 RSI: 0000000000000002 RDI: 00007fc7fa8cfae0
[  267.715684] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  267.723054] R10: 0000000000010b20 R11: 0000000000000293 R12: 0000000000000004
[  267.731692] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:04 executing program 4:
perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @multicast1}, 0x10)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
recvmmsg(0xffffffffffffffff, &(0x7f0000005540)=[{{0x0, 0x28000000, &(0x7f0000000240)=[{&(0x7f0000001340)=""/4067, 0x20002323}], 0x1, 0x0, 0x983a0000, 0x103}}], 0x1, 0x100, 0x0)
setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000100)={@in={{0x2, 0x4e1d, @multicast1}}, 0x0, 0x0, 0x41, 0x0, "67c73839d05ed29979d4d350524ea58b52ef502e89bbcaf01545b43964041d716919e65c6deece378734d94c3db916e2e3d37af8ee4f9243550945f30d2aeb4ec49a85c5611ff8df00dc767d6c7b17df"}, 0xd8)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170)

02:53:04 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, 0x0)
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, @perf_config_ext={0x1, 0x80}, 0x0, 0x3, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000300)='/proc/keys\x00', 0x0, 0x0)
r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1, 0x60001)
sendfile(r1, r0, 0x0, 0x10054)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
connect$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast2}, 0x3ec10806}, 0xfffffffffffffd60)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x8, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, 0x1c)
r3 = add_key$keyring(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
keyctl$invalidate(0x15, r3)
ioctl$RTC_PIE_OFF(r1, 0x7006)
setxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x2)
keyctl$negate(0xd, 0x0, 0x800, r3)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f0000000340)=@nat={'nat\x00', 0x1b, 0x5, 0x490, 0x0, 0x1d8, 0xffffffff, 0xe0, 0xe0, 0x3f8, 0x3f8, 0xffffffff, 0x3f8, 0x3f8, 0x5, &(0x7f00000001c0), {[{{@uncond, 0x0, 0x98, 0xe0, 0x0, {}, [@common=@ttl={{0x28, 'ttl\x00'}, {0x2, 0xff}}]}, @unspec=@DNAT1={0x48, 'DNAT\x00', 0x1, {0x0, @ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, @ipv4=@dev={0xac, 0x14, 0x14, 0x17}, @icmp_id=0x66, @icmp_id=0x65}}}, {{@ip={@loopback, @dev={0xac, 0x14, 0x14, 0x28}, 0x0, 0xffffffff, 'ip6tnl0\x00', 'ip6gretap0\x00', {}, {0xff}, 0x6, 0x0, 0x6}, 0x0, 0xc0, 0xf8, 0x0, {}, [@common=@ah={{0x30, 'ah\x00'}, {[0xbac, 0x1], 0x1}}, @common=@socket0={{0x20, 'socket\x00'}}]}, @SNAT0={0x38, 'SNAT\x00', 0x0, {0x1, {0x11, @local, @multicast2, @port=0x4e21, @port=0x4e22}}}}, {{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@common=@osf={{0x50, 'osf\x00'}, {'syz0\x00', 0x0, 0xb, 0x0, 0x2}}, @common=@set={{0x40, 'set\x00'}, {{0x4, [0x2, 0x4, 0x2, 0x0, 0x2, 0x2], 0x6, 0x1}}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv6=@dev={0xfe, 0x80, [], 0x15}, 'macvlan0\x00', {0x9}}}}, {{@ip={@rand_addr=0x64010102, @loopback, 0xffffff00, 0xff, 'gretap0\x00', 'caif0\x00', {}, {}, 0x1d, 0x0, 0x24}, 0x0, 0xa0, 0xd8, 0x0, {}, [@common=@ah={{0x30, 'ah\x00'}, {[0x5, 0x80000001], 0x1}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x0, @loopback, @loopback, @icmp_id=0x66, @port=0x4e21}}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x4f0)
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, 0x0)

[  267.868656] overlayfs: missing 'lowerdir'
[  267.891882] FAULT_INJECTION: forcing a failure.
[  267.891882] name failslab, interval 1, probability 0, space 0, times 0
[  267.971291] CPU: 0 PID: 16820 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  267.974453] overlayfs: missing 'lowerdir'
[  267.981986] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.982035] Call Trace:
[  267.982066]  dump_stack+0x1b2/0x283
[  267.982088]  should_fail.cold+0x10a/0x154
[  267.982103]  should_failslab+0xd6/0x130
[  267.982113]  kmem_cache_alloc_trace+0x29a/0x3d0
[  267.982235]  ? loop_get_status64+0x100/0x100
[  267.982283]  __kthread_create_on_node+0xbe/0x3a0
[  267.982296]  ? kthread_park+0x130/0x130
[  267.982319]  ? __fget+0x1fe/0x360
[  267.982327]  ? loop_get_status64+0x100/0x100
[  267.982334]  kthread_create_on_node+0xa8/0xd0
[  267.982344]  ? __kthread_create_on_node+0x3a0/0x3a0
[  267.982357]  ? __lockdep_init_map+0x100/0x560
[  267.982365]  ? __lockdep_init_map+0x100/0x560
[  267.982376]  lo_ioctl+0xcd9/0x1cd0
[  267.982388]  ? loop_set_status64+0xe0/0xe0
[  267.982425]  blkdev_ioctl+0x540/0x1830
[  267.982434]  ? blkpg_ioctl+0x8d0/0x8d0
[  267.982443]  ? trace_hardirqs_on+0x10/0x10
[  267.982458]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  267.982509]  block_ioctl+0xd9/0x120
02:53:04 executing program 0:
syz_mount_image$msdos(&(0x7f0000000040)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a0200027400f801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
chdir(&(0x7f0000000340)='./file1\x00')
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
dup(r0)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000140)='/dev/cachefiles\x00', 0x800, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r4 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/adsp1\x00', 0x0, 0x0)
dup2(r4, r3)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000180)={'team0\x00'})
r5 = dup2(r2, r1)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x2f39)
r6 = open(&(0x7f0000000000)='./bus\x00', 0x141442, 0x0)
ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x728df552})

[  267.982518]  ? blkdev_fallocate+0x3a0/0x3a0
[  267.982530]  do_vfs_ioctl+0x75a/0xff0
[  267.982541]  ? selinux_inode_setxattr+0x730/0x730
[  267.982554]  ? ioctl_preallocate+0x1a0/0x1a0
[  268.141278]  ? lock_downgrade+0x740/0x740
[  268.141300]  ? __fget+0x225/0x360
[  268.141315]  ? security_file_ioctl+0x83/0xb0
[  268.141328]  SyS_ioctl+0x7f/0xb0
[  268.141337]  ? do_vfs_ioctl+0xff0/0xff0
[  268.141351]  do_syscall_64+0x1d5/0x640
[  268.141368]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
02:53:04 executing program 5:
perf_event_open(&(0x7f00000012c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = getpid()
recvmsg$can_bcm(0xffffffffffffffff, 0x0, 0x1)
ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(r0, 0x5, &(0x7f0000000380))
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0)
bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000000)={0xffffffff}, 0x8)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r2, r3, &(0x7f0000029000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, &(0x7f0000000180)="660f3880022e0f3066b9800000c00f326635010000000f3066b9700500000f320f20e06635100000000f22e066b9800000c00f326635001000000f3065f30f090f090f01b81d6b660f388035", 0x4c}], 0x1, 0x52, 0x0, 0x0)
socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

02:53:04 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000440)={<r0=>0xffffffffffffffff})
r1 = dup2(r0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet6(0x10, 0x2, 0x0)
r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x8441, 0x0)
sendto$inet6(r3, &(0x7f00000000c0)="49c496a6483aa2effa5f992663f03b47d9a1954a100ebd463b15a59f39f9d1363eed2987cd1c4a14e523843bca57f06b507bc76cdf102b121ff84f175b4e82f680b924826a65c9d50277b9e724ddce306899220a5a37de8fc102abc40f07fa3f4b415dd9d628aac6ecb9ca5cb6f00d3f624fb382a49e65ca48194862766a3cf0f770db373e1fe3adad9f9689b551b2441817c0d8ff15e481672578", 0x9b, 0x4004800, &(0x7f0000000040)={0xa, 0x4e24, 0x360, @private0={0xfc, 0x0, [], 0x1}, 0x400}, 0x1c)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000240)={0x2, &(0x7f0000000080)=[{0x3c}, {0x16}]}, 0x10)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r1, 0x0, 0x20, 0x1000, &(0x7f0000000180)="be412c7f6dcc865fc988f4ebe44f0b8b14273603a86b49291eb1ef224aca878e", &(0x7f0000000480)=""/4096, 0x2c6d, 0x0, 0xbc, 0x1000, &(0x7f0000000280)="d56575e3599ba7ac99134950074f8219919b0444b61e88b117e241d67c73ec1f94ffa70132d8595275c3da311bfbb8932951e37fc8ca9fc4b496c19d2269474500a4a65727787334afe0a0a11ba4680903faf483821056fac50c08b704477832f7a63b2fd001d6058d4cb57c815c49ce733c2ba1b0d75d8dc1a8d21fdb864d5c5cf329f98b467b90702377775e3121911d176f8c810654bbc2cc2d38bc00da3e3cb09fa5207ee0b873b4bcb9bcfaba028574625e6275b98dd267796f", &(0x7f0000001480)="0985ba1a324bf18a24bc3ce145a13fcf8c53d258ba80d1dc93f3f7d12dacf0de1a8825c32cae8637613b359a29e7fe56c548327c07c426d3630351e4542d3687569e2a259f4481d568da720a93f6441353ab9f7af8cb576c05a15025395b0c42c3bdc9c51efa01e70f83141840d8fb78fe3850770ef1ff610e40737ec9ac7b92a72e50162db3bf843f6d1036711d07e00732064b2df9acabbf1d4b296437c2eda3acf3f5531ca97446350de6aa4c4f5787ef3de250d56f3bd0d6c38ba2a6092a651887224f26eba2b57e2df94de648655e876f122248a3a2c91366a3309ce19c875af319e746682b318af335c75bc65a111ccc72a150e58de7b3b2fffd1695d1e3ac4c611b29bf2ca99a12cac822b583926f4f03337aad67f460ac345221d97eee700180f75009872e45370fe8ee85eff3fe0a8de8a5264e7431d7f944d162ac87e755ce66983e94d3083301e4150685374d07464111d9302be7581948d592d895e38d28133cc8926be978d98125dcb02ce47b0bf29d67cd6d6e4c9d0c2cbc4a84894c77ae119a6aaa385f246eebf6451a363abc3b18449a0a98397d011526c4b66da8e9a4c8a15845d2669b31b4badb7f3eb037ab72a55b8b2977e3621e396eeb86973f14282fc1b194b0f4a69d5e9c54b6fc06eb1ac5b0574b3fca1cb72d8e66032dc7399bbbd751aab308bfd504ea9f814f769cf79c63f13e93aa3a0ed4f852b757fc42a327ea1b34682f815a5f63441fd8ee12f3864cee526d31a64e7011e08598488e7af63ed817d7249283426a9b05e08d01fea5c549fa7370cce8c8c32ca49dafad6785dec128ed90b53e8b6432fc49b430dc52cc673b81a233c2080f0af1673a92339bfdec67c99eba87a51f2b673b47a8e4195b8563baa6867103f73951a7a7ba78d5c908a30876840b838192b706543cd4e4fd6dfb1cb352a4724ce4455cd900bdedad757ca2cc7345287a7055e7a0b5fc35a7f996f79ff73ef67e994904ce31ac59b5dea041b8bc5d9737a73bfea531138a3e0224137aa1223006caa4cc29baaa9f041d6781b1e8239835c06c4e5bc0e5477af59dd3184082c2a7969376a393456be398ff243ef689665be89099a7d2b1dff8c0debf0bd58a84c57ccc422714fe953ccb1b4cba18eeb4cf984f97bb91321cc0513fbb08c1731fc9c58f1fc7d36a29d7503c303acb9243dadff8163f0092f46d927428eba74b0f6e107e5e65ddef08fb6679054ac5e8469a7e5af49bb4409a8f5d999b1bbf930693902ce83398b26b48a1bc73a2950c60f7f543df904ce0c749fbe09d4d47e6b70a69e8856ded7a69b806a0fd00c85829a99aec8b9dead9ed1895cd95eaa2051ebd5dfd7efbdd7e8ea190726f79c5d4ee23621454f76c9979c7232b3d4ee478a71cc1f3b3adb7cb7d34766248816697674b3d05600842fe44a99d56e482c60ee84ea26855f323623e8c4d5b3804ccfa5e41e647ca221539a0f60c10e2865c30f851e280cfaed00173908d71d366a83427d97b78d22d42d9afed870be56871467c1ad3c616d0564c096e6a05477bddc55ebf4b1406bbbe6fcd1b15e3e66a499f8b959237f558e3277c0fa1faa4a94607ae548ee86c7158643cf74dd3abab9936fa261f17a38315ab7f73a735bd2e9e02fea29870b9e9313d78b543142c3f8a5dcf8c9c93f38cf7d2bf8872e971528bd34be907b39cb64a3f46d1f3874331c3d168349b02261ed086d7d9805e6b507247254925994427e0f7d914044a18f6eac9cb277509bc0e704163826a2ca1c15967fa39d3c848ef829bc9ea3093159b25d8e44c9099de61c62facb9253f2358c8ef8858a38a090bef5909372345fb3043c378f78aeb16fcce6fee7f964dc89ee3f4679f8de02601c15b4076b5a0ec7588d93af17d48a28dd7e1decc5509bccd8c097b3d872121d7b69dc7ff0b3d1e87fda06df552c2b89a012952661a3921ddf4affb74262bdec70ac2203dee61057934cbcc2b20d010816feea00712998ec39a4d069275b7d234b5326bd0b2623d7fa1beccc431b7388d535a14c8f1734ff8d1ce38af85b2d3f31feb3f52fd9bd4189e9b415c68651879a6533aad4af9d2081a096be68e8f9ddb5e6b1534731c7a2be379dab5760dccdcd94b3f7bd077edad024bc0c16a549908ef378b5e620779e9a8117263225935356aeb54cf8b2d94ddf34f827f381c36c93bb3484187bb2ac65ee6ace6552285e6897efa9aaa92bec10431e7db0bdfe28396483612aad39cad178b102993408eddcd3f8fb7d8fe22520df02477f6de50e48c1c8a7b23398c82dc74581da6dd154539f42a155b4442eb825be1543c1ce4cdd3a1205f76fdc07e0ded01def4f6daafc97d53adafc2c7aeae5ba448a4f3fd525a1edc2713f702000a1768d9598c882881bfa1d5d6fadd1b44007d17d83773f6fd21762aabd8de99985c63cae67a0ab61b9cfbe14ca1441a204df0d045d5d671dde24a8881f6a46b3f14308bfe3113b386dddebc69314a182de21b73262ff7fd1a5101828ffdb6780bd1d85c545ee091dbafc0fe47d35a05bcf3fa7917be107f74b1bd4757ce5e57af5c831e815f3a074f128dc9a0f30b9d0e8330d27f994965dd6392ffe4c388a88acf585ce5c7ee53c5f9caa03e4c95f51511c4e4f1db2f10799629bf4aed99482bf13db411d540171438d6b0ba4792547164ccfba8afe8059e432c4d5a577585aefb526c3f5319b33cc121b6ac3f9ba473758d8ebf1bf79b0a09f4084d9b375088e84c22904680d53438eb3131cfc48f0a8555effb7b643ec649beac13f482dabbb2f5d0da91d174204f879064cdb6d24993d189f6c54215793bd9ea42521b78e6ed7810a05556465f7eea5c2210ba3fb945a7a642d066c8e6f1ae901fa7b0ecd7f9a64d2b5ebd4a582e1af3f5def5884643815d0f2752ff7d1b01be991cecf9a1fe5063df2f38b6d2af5f084029d678611a4211ae1f3a9872644700e51a1eee16e939a6e04c7623b11dde6377d2718af44a90c3b07ed0de8a50582ca8b8353d068775e63d27119afccd65b5eddecb8d97ad7175d0479e7ccb5c7a5d6be50ef03b1e4b211d2d96728399ddd6e0191879b695d65e4c22d6affb73d4cb8a49edb32f839f20cf4df8c4da9ac0cc0770ed4440ac604301e12b0cf2beb40f6bbd52a00362a3fbcd10c19e33f15e19f155df04369d0631edbf5ea51640affd8d244cc3c04a72c57fd0750b92cde889ac0a01c9d48a351c049ea8b0653ba5fe532510c456211e0032cbf9e78887c6848bfcc2f5ec54117f849e54ba6bce58c6cbd4788de5a90d68d81ade6d9b78fc4e5fdd370c4691ce9538b6a116991c38e0fee594158d91a64143c1d3c0765021b13130334cd1325c5fd6d74a9075b29f6e602e4a7c5ccca7e5229010ab8d4b4fa00003bef13101018ca54ea7854bb915bc834b367ae91acbf2d50b4eed8e58251a5176821c736cf1cbbb679273d51598c29969c2a2490ff1bb253a759ba8c51313181f3e02c4f36891fcfe5d725b045a0abaa0b818367e61711841f83f45c86e6f57fd12c405d05e4babb5155fe2603fb97066db8eff890a468506729b6737f65c3d29c8c0394dd931e1776b801487d53624e35a89b221acc6638573dce9506dd6cd18b41b49ab111a7c970ac0314734d9790dd77ea7e225eb105613740af35fbc9381a7c121b633032e1a2f57a975633fa17a561df9bea26fea8efc009484795af1b8254d5b3437e911aa8ab9b124e14058e21d0a46777f88be9322a2bf8fa5954d56b690c0de29b70d74908dc78f09e8bdecfc5ff08164e1bcdd047a34aac156e65ac498952c2c79120fa4c152d6590b3570659905ac12d117328a4491b47810940af4b6eddad3a23af518ffec01f2bccb4d5c458a3adaa6b80d985a3fc0b947e9862e4fc6a7f432b9b7bec39bbf26d95465ed4de351f27c79412899f9bf361fd288e09224d6e756685bb56d0e3b0381a52bdcf743d86ea87ed93b461ad553dda612289b361364aea78e91669b9e60d89420b9b87deda7de2a3d353db18f60252f59110e1bae1312aa6ffc29b5b9f1ede1e045670b937cb3d4a325c22491fe0f49a2442ba82fdba60d933f613c3a82cc80027c7b6f79356ab40b92124078a96c3d1bd70a5f57f60426134e8d7118557169c5e49b3ace4702d1ece12c06c4de68c6f4f842f1be169d975df39d976d8bc03b7b70522a3c6d703be5cf1a1173878b3c68bc36cb620ce9a861c3fff63022d93ede87518295bff5334aa1a64b3ba1f2c0893f8e468cc680f46093e413547d3d931f01186a929ac93d08a44c1cc1da7750d78161bad41cade30cb5fdae9282d088942b29a116910c90ddf75e33224e1ba0e32da1ebac696ba7dc4c974a74df0e7e5f2b5e1997857df0a0cdd72e0a0db7d5a6e5bf88db385294409d189ef049d18c0ae8119725f499181d0b6361ac152e16a9a07fb5e5c45d2a3f243a49fac823f3a42cf64c55f53e2b817029b2aa1150e5341dc6278094b202beccc3597452237914997eec8442065a3a885881d0d5e9f3108606526dd2751c00438ba269037fe31d12f201932d012b935e882110c77c7861c9cb8662267f1ac59e813ff3b4e06d597202ad4aeaca7cca04828f9cc57030f46e482fac4ccd69c3d8693554235edebce92f0fab6d835df8dac88fd5aa649857b89744970cacd8e1c9f62376cd0fe7b570860ecda534e06d5046b127a216db7d4b180475b8cc02a9dde35f26df1a68fd29b8dbc652227940368b5704bcc994acaff2060dc93e34ae64699755e4611cc3f4c8107a57b293bcd997d7d4101c5a6c9c0ce87e7b5df4ce8a1a9e642dba5af3a1e457238d433766853e0f9dd86e361b406209b1039dccbde70bc71282a5709eec9bb3ce5fbeef38fc7d53ba9a817c8b23b52d0096ed7656643d1272bdb6c938789299ce20a61942c2681ca1794d222848ba22dc3a3b956bf59bc2a4dd487ff5dd3845bccddb8bacd8dff9e860f1fc4464d259a34e11ddcb58759ae40d2f351490a81777ae1db94bf0de2d14bde953d7ffdaee264804e0519671351a95e6df08aae2d3b2074891a7fbdb6aaa020977a4eb3ce91ab64e96a36d4776d401e0f563cecdadc36aeb17a44f281f01189fa4a88b7045a24647820c2449e0d5424fe995c41984a0d70646d9fb802a71cd34399d24ae9c2d283bbe49ba88295aa599b186963e22798b0c3aeb2cbe3ced7fcd9e87948d90c18e351f83fdd0b3efab56cd617a5af98e2ef33d99951615d5ca584b555d7577ec21f4ff8c509a6e9c8c278c649dbada2299af0a81bac5e927a1d4606ab72d775e2b4be63d7c0b63e5c46cf24f1e940f171a66bc0595a745d3f4c27c9dbc04b9d96ecf9a576f32534c0cd90695c350579caaa94b6523d94670ce0040bb1ae216e9ecca1efdd692473094a10665ca006e1c2774983ed9b882fd970e47a8d43044fa31220e30293ace1e8b6f63eaa79987d3e533189a26fce33c4431d564abfe79f991d4afef0d857d435ff75c8dd89b1bb225a43f5dd5b31f8a39daa7a12d09b1914dafe80fd01ef7f881b5e9aa24337b426108a80f8f6cb0cc718116fc9e9ab3db468eb518cf8ce41b07e8cbc7407053e3e40775560e55d56fb840037c538168c3cd63a1a2022c6bf936e61c3f1d6eefcf9eb5b0d923286f7eb9e79429718538567f8e7d959b592916e2fbc7014f0f5005a263b16c7c8ba93c54fb8832b1284513b5e624a4115cbac8786461693870d318985d0796d5c3edeecd8865294bf151ed8a2100afa3354b04269839b84db4b1378f06"}, 0x40)

02:53:04 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x181000, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
socket$inet6(0xa, 0x800, 0x0)
r3 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x0, 0x2)
preadv(r3, &(0x7f0000000600)=[{&(0x7f0000000840)=""/199, 0xc7}, {&(0x7f0000000c00)=""/203, 0xcb}, {&(0x7f0000000180)=""/51, 0x33}, {&(0x7f00000004c0)=""/87, 0x57}, {&(0x7f0000000380)=""/60, 0x3c}, {&(0x7f00000006c0)=""/35, 0x23}, {&(0x7f0000000b00)=""/248, 0xf8}, {&(0x7f0000000780)=""/177, 0xb1}, {&(0x7f0000000540)=""/108, 0x6c}], 0x9, 0x5a, 0x0)
r4 = socket$can_raw(0x1d, 0x3, 0x1)
r5 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
r6 = socket$vsock_dgram(0x28, 0x2, 0x0)
r7 = accept(r4, &(0x7f0000000280)=@isdn, &(0x7f0000000080)=0x80)
r8 = syz_genetlink_get_family_id$tipc(&(0x7f0000000340)='TIPC\x00')
sendmsg$TIPC_CMD_SHOW_STATS(r7, &(0x7f0000000440)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000400)={&(0x7f00000003c0)={0x1c, r8, 0x4, 0x70bd28, 0x25dfdbfc, {}, ["", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x40)
syz_kvm_setup_cpu$x86(r6, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0)
r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0)
r10 = openat$adsp1(0xffffffffffffff9c, &(0x7f00000005c0)='/dev/adsp1\x00', 0x10000, 0x0)
dup2(r10, r9)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r9, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000480)={0x4, 0x3f, 0x2, 0x7f, 0xa106, 0x2})
sendto$llc(r9, &(0x7f00000001c0)="f4e4ccb814f21af1eb87d41c3aa9db55adb55effb82f9ad3c4bea88adcb31c13a10a4b3aa5b41ca06cf94dc810321dcab51150991c26ae08d6605d55f61be8352cad97b9d7020422251df05b2636ed02d59e515f108aaaf8ada047435c21caba32c89e725308dc640ab22b9e9b5f59d70d88e3371fbef10375c581a8e641ccfb8619be56263ced97134a1d0a172374e5669095ffe106e1aa79956626e15ab6010d815774de708873efc9576bb7c66b3a250749efb6", 0xb5, 0x20000014, &(0x7f0000000040)={0x1a, 0x101, 0x2, 0x9, 0x0, 0x20, @random="4d2dba0f15c0"}, 0x10)

[  268.141381] RIP: 0033:0x45dfe7
[  268.174484] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.182495] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  268.189944] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  268.197222] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  268.204493] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  268.212273] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:04 executing program 0:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="200000008000000006000000660000000f000000000000000100000001000000004000000040000020000000d3f4655fd4f4655f0100ffff53ef010001000000d3f4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010300)="02000000030000000400000066000f", 0xf, 0x800}, {&(0x7f0000010400)="ffffff03000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x802, 0x1000}, {&(0x7f0000011500)="ed41000000080000d3f4655fd3f4655fd3f4655f000000000000040004", 0x1d, 0x2200}], 0x0, &(0x7f0000000240)=ANY=[])
setresgid(0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0x2, 0xffffffffffffffff, 0x0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x491282, 0x0)
pwritev(r0, &(0x7f00000006c0)=[{&(0x7f0000000780)="c3", 0x47ffffe}], 0x1, 0x400fa7f, 0x0)

02:53:04 executing program 1 (fault-call:0 fault-nth:13):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:04 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000140)="b8875200000f23c00f21f83502000b000f23f8360f01c366b855008ee8663e26f26fb984000040b800480000ba000000000f302edd07eab40000007f00c4e17c28710f9a004000006600360fc79bcf000000", 0x52}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

[  268.406687] FAULT_INJECTION: forcing a failure.
[  268.406687] name failslab, interval 1, probability 0, space 0, times 0
[  268.438873] CPU: 1 PID: 16857 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
02:53:05 executing program 2:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$tmpfs(&(0x7f0000000100)='tmpfs\x00', &(0x7f0000000200)='./bus\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)={[{@mpol={'mpol', 0x3d, {'local', '', @val={0x3a, [0x35, 0x4]}}}, 0x33}]})

[  268.448107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.458092] Call Trace:
[  268.460784]  dump_stack+0x1b2/0x283
[  268.465774]  should_fail.cold+0x10a/0x154
[  268.472383]  should_failslab+0xd6/0x130
[  268.476713]  kmem_cache_alloc+0x28e/0x3c0
[  268.480923]  __kernfs_new_node+0x6f/0x470
[  268.485097]  kernfs_create_dir_ns+0x8c/0x200
[  268.489579]  internal_create_group+0xe9/0x710
[  268.494117]  lo_ioctl+0x1137/0x1cd0
[  268.497930]  ? loop_set_status64+0xe0/0xe0
[  268.502207]  blkdev_ioctl+0x540/0x1830
[  268.506102]  ? blkpg_ioctl+0x8d0/0x8d0
[  268.509999]  ? trace_hardirqs_on+0x10/0x10
[  268.514249]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  268.519368]  block_ioctl+0xd9/0x120
[  268.523036]  ? blkdev_fallocate+0x3a0/0x3a0
[  268.527364]  do_vfs_ioctl+0x75a/0xff0
[  268.531264]  ? selinux_inode_setxattr+0x730/0x730
[  268.536550]  ? ioctl_preallocate+0x1a0/0x1a0
[  268.540984]  ? lock_downgrade+0x740/0x740
[  268.545145]  ? __fget+0x225/0x360
[  268.548696]  ? security_file_ioctl+0x83/0xb0
[  268.553328]  SyS_ioctl+0x7f/0xb0
[  268.556699]  ? do_vfs_ioctl+0xff0/0xff0
[  268.560676]  do_syscall_64+0x1d5/0x640
[  268.564587]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  268.569799] RIP: 0033:0x45dfe7
[  268.572986] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.580730] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  268.588001] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  268.595394] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
02:53:05 executing program 0:
r0 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
mmap(&(0x7f0000a05000/0x400000)=nil, 0x400000, 0xe, 0x8012, r0, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendto(r3, &(0x7f0000cfefee)="12", 0x1, 0x0, 0x0, 0x0)

[  268.602747] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  268.610369] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:05 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000300)=[@text32={0x20, &(0x7f0000000140)="b8875200000f23c00f21f83502000b000f23f8360f01c366b855008ee8663e26f26fb984000040b800480000ba000000000f302edd07eab40000007f00c4e17c28710f9a004000006600360fc79bcf000000", 0x52}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x0, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
socket$inet_icmp_raw(0x2, 0x3, 0x1)
r3 = dup(r2)
getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14)
ioctl$RTC_ALM_SET(0xffffffffffffffff, 0x40247007, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x154})
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)

[  268.649102] print_req_error: I/O error, dev loop1, sector 0
[  268.671926] print_req_error: I/O error, dev loop1, sector 0
[  268.677833] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.686243] print_req_error: I/O error, dev loop1, sector 0
[  268.692061] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.701506] print_req_error: I/O error, dev loop1, sector 0
[  268.707574] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.715007] print_req_error: I/O error, dev loop1, sector 0
[  268.721616] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.729357] print_req_error: I/O error, dev loop1, sector 0
[  268.735145] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.742704] print_req_error: I/O error, dev loop1, sector 0
02:53:05 executing program 4:
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f00000011c0)={&(0x7f00000c2000/0x4000)=nil, &(0x7f000090a000/0x4000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f0000229000/0x2000)=nil, &(0x7f0000909000/0x2000)=nil, &(0x7f0000fff000/0x1000)=nil, &(0x7f00000de000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x0}, 0x68)
r0 = syz_open_procfs(0x0, &(0x7f0000000100)='environ\x00')
read$FUSE(r0, &(0x7f0000000140), 0xfffffefa)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xda6000)=nil, 0xda6000, 0x0, 0x64031, 0xffffffffffffffff, 0x0)

02:53:05 executing program 5:
r0 = socket(0x200000000000011, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'syz_tun\x00', <r1=>0x0})
bind$packet(r0, &(0x7f0000000000)={0x11, 0x800, r1, 0x1, 0x0, 0x6, @dev}, 0x14)
syz_emit_ethernet(0x6a, &(0x7f0000000180)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, @address_request}}}}, 0x0)

02:53:05 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  268.749735] Buffer I/O error on dev loop1, logical block 0, async page read
[  268.759164] print_req_error: I/O error, dev loop1, sector 24
[  268.765039] Buffer I/O error on dev loop1, logical block 3, async page read
[  268.782442] tmpfs: Bad value 'local:53' for mount option 'mpol'
02:53:05 executing program 5:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x70, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast1}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_NAT_SRC={0xc, 0x6, 0x0, 0x1, [@CTA_NAT_V4_MINIP={0x8, 0x1, @multicast1}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}]}, 0x70}}, 0x0)

02:53:05 executing program 0:
prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0)
getpid()
r0 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0x4}, {{&(0x7f0000000340)=@ethernet={0x0, @remote}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000880)=""/4096, 0x1000}], 0x1, &(0x7f00000003c0)=""/27, 0x1b}, 0x8}, {{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000700)=""/124, 0x7c}, {&(0x7f0000000780)=""/176, 0xb0}, {0x0}], 0x3, &(0x7f0000002040)=""/41, 0x29}, 0x6}, {{&(0x7f0000000100)=@x25={0x9, @remote}, 0x80, 0x0}, 0xfffffffc}], 0x4, 0x0, 0x0)
pipe(&(0x7f0000000300)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
write(r1, &(0x7f0000000340), 0x41395527)
sched_setattr(0x0, &(0x7f00000004c0)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r2)
r3 = socket(0x1e, 0x1, 0x0)
sendmsg(r3, &(0x7f0000001dc0)={&(0x7f0000000080)=@generic={0x10000000001e, "02ff0100000001000000000000000ae77f5bf86c48020002000000f1ffffff009a480075e6a50000de010300000000e4ff064b3f013a000000080000008f00000000ac50d5fe32c4000000007fffffff6a008356edb9a6341c1fd45624281e00070ecddd0206c39750c40000fd00000900000000000b0000db000004da36"}, 0x80, 0x0}, 0x0)
r4 = open(&(0x7f0000002000)='./bus\x00', 0x44042, 0x0)
ftruncate(r4, 0x2008002)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), &(0x7f0000000200)=0xc)
sendfile(r2, r4, 0x0, 0x200fff)

[  268.940686] device team_slave_0 entered promiscuous mode
[  268.946475] device team_slave_1 entered promiscuous mode
[  268.974801] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  268.982449] device macsec1 entered promiscuous mode
02:53:05 executing program 4:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cgroup.controllers\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x7a05, 0x1700)
write$cgroup_int(r1, &(0x7f0000000200), 0x43400)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r2, &(0x7f0000000200), 0x43400)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0xc028660f, &(0x7f00000005c0)=0x415194013)

02:53:05 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  268.999606] device team0 entered promiscuous mode
[  269.070879] BTRFS error (device loop1): open_ctree failed
02:53:05 executing program 1 (fault-call:0 fault-nth:14):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:05 executing program 3:
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000004300)='/dev/fuse\x00', 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000042c0)='./file0\x00', &(0x7f0000002100)='fuse\x00', 0x0, &(0x7f0000002140)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000004200)={0x50, 0x0, r1}, 0x50)
syz_fuse_handle_req(r0, &(0x7f0000000000)="9eda438838743bd4e9720bee57093515dc189a5ea685e9556c1c2c3cfc4df50d66d31a48aa312663b68d18c5826b5b55fb738208863dac0f10f423aee7a5d8ddc45ebdfeb7424bae859d7c37ecfc4b63914d5a56d91017dd22bc84f759a15969951aef9d5c88c96560896988fa18cd946cfcc3a0f1c993348377904eac32c980bdf7976ebca2b499cab63c4e841514277fc71d4620e29a92523402485de0e82896484c0ae497a4d686df23ca7b68c3fd5e624d3510d7f94838e54af877ca58a00c5a672bba11f5aa1ed1980dfef47b9973d0bf456ded5e72f1702b3dc5197fce39cba53a038d8dc0ec783ce70577107dc5e8b299e64a0b7f1191f0926bd25762370191710bab2f44e9069f55f8a3f87e4cb488a2fb3348c0bf3b3874291f83e4776b160ea73aafa3919c7c069c73c0052173a63158db8b65541d161f9c964926ad7f06bdd6cb6a32135b04e35701c2e13c49c1f75dc7a25d623378860692d172ec3f1e1f2d9dc77c015c13721efcb101c2390abb847e871132f472a37cc0163b39b1d575a5444e246a08a1afb1a696cabab29498a314429a3b9f44c43ba29f71fac1fbe0d01c3c16d22730932704bcfb0c1b7a432bc51dd3f5dd5afc3b342cbe6a6ff899039e28f9a51881b1d46fdcf31767cb6f5c5c69ab3c80615d77c4d1664fc4ec831b8cea2e752bbb7a9ce79df875b29f1e232751daf32a1a0c4ff8bd0688e2b8e2d668b8a77e20a9eb6ec2e2c23b94e507baeacbcfa31fb6e1ca3343668f43e3aa6d85e7c29bf0bb4dbdabddc92be7f4a6f5d21b19e6da17bfb6cc926e3847532fae29c7b62fb909130ec372d3c16cfe6aaf3ce2af0fe7610fde7aad61bc80d2f96b999c8ccf6d22cf903ca8ae8b879ec4a416f334982e9810c0140a18d4dc81b5edaae23e9f4abaf40ed71512aebbba5bb251545e188db789558a845a2877b14bdaeec3c738b7d730c0860531bf5517d4f0e8f95ed3571f8a35816d5116fcb8d7cbf42b7d5d5e65541508c898bb2e0fe96297d2ab7135662de39df099ebaed5871111f5346278cee5728cec512e6c0a0d65b51e3d627873195b84103341c2bc83b6c8fdd8ba17f5957413f61c69d618c9b9d0b1f08dc81921b6c662ee1da3bfa019b095e9a03c2db4d645ccb7364e895098cbf7d932c72d80663c7a1694d122f7348393079223c11d36c64a5856eae0397ab9a9d948204b74e56525a9d552dd0916de81cbb5af3c59b3d7f8f9154423ce2cb45a5bc808e24bef13212019a19545fe54ba84d01534358380192b8c7b0eda907810375bb66a578a58fec392b47991271c8367b91d710e8a176bc1a4e96f0e137d4c25fbb03eddc392f9f170dd744472b864fbbae7c93d86e682308b21b73c5652065d72cf02e1152b44024a90a3b52eb0bb3cb412e518d37a68aa4c7f46789c54ab30d3a73d0a8712fde612294cda2aa1ccf164930b9b1d17801d4fbb06e849d39bf2b5141330caa0d2618b616f1c67e1ca57080e79ed9092ba7a55e8121cfc825cd26a0199a479a7ab1b7b23d2a4dd82fa6d04ee41ca680435efc934f0451e865e8632ac2f1115f4cdd33b0fccb7a2326127faf20cba37c828613dba5a98f4e1ad25eb6b91078cf73d873df9ef91531476f64b83559ff7ccdc4c070d478b18196ea05fe8d4ea0216ee5273dfabbd04582f40f064c9781afd2cbf30901f28cd09cc934f1b2d50883778274177e3dba8af0a1b931d80ce1a6c4085780ea2195b65ecfd2953f78a5290fe560d0cd6a5e73890a5a82dc410b92a3ef2be05ec5607820fd4ca6b9c3aa258d59022fdcb21665f1ce4e8aad8fd918c43bd3c2afe3dc223ff9f48831d401c8b6996190793d1dd7551f8511b69283992398d8f9b4bd2b3398d3b8c6f3c5d8b802ca5282b70242df2b7be4b38e70c3065f8da888631375afcc05ce578089c4f783776b286b7a60d1b5e189e2742a3240c1036a953d886885422eef01413c38099b64505fd5a73488acb4e611820674c58ae74d6c64a885d4beda9bd7903bcdc71e3711e2a057c0eab2100c321050ab14c6e453c53182577ad3178603cd9afde40a701120e9a36074fd582428c74e02781318e6c65450f8f020bd22475696fe13b8c59260e53a06d16eabd135e887a0a6bbc8ad21be7661df76fec5b13844f68b8eed1a7379713738beac9f23c7a26520e19797a910cde9fb285179526889b908b7eb49bb06f70f6271fba8712c1a4269ebcf4b7d043e924e3d2c4c753fd7e547d95841e335179836f76424e728810d7f32b78256ea30c79d9238a6588426e1f2d4c0b03d5605bd826ed24f0f11326b4cf958632b86e017aa80e142db1580c44f76d9c98196f3f6852ab2bfc6a01a3553a130c2d171957f5a45c3550fbbc990ef8742a98a86b280a57b9f198ff436bc01161ada50e6f23026c3254adf2321bff7e20aa54080bbb57d8d52c6a6df6107706a2e5bc6da68f17b474c0edd39401d765086e885cf7992405f856557915603cbe8894676e996bbadbb649a5e7498b91f9bd2f697dd9ebbe4d386050258b9f4c94781e61c660651c3f1e3ae51f8c035eca365bf15d6db48ea9ce183515f4a208d010f7c23dcacbd6e225490d7e9c133525f5c9018d752b21b4897bf18b64b6a9936f538a0a8958fc934440aeeaad2b68ac844d76f0900a6c95bd0b353d85d4fb62eb88360112237fd8c636a80e3130b21d66ae8ec58a4b76cba0602f96da919f7e84fd37e3ec2379f58e389a39c78d2482e03c379e3c4649ad63a76e3707ecff07d2fcb0c9dfc524cab49e69a09c92e4f88714335cb57d3f6184d07bef9657280fb5c9fd2d8f940f7ac6c5407e3077aa2e4ba8e217e0ee19e302d6d90e3be05a86dade35d2e454e511afb5cf5936f1d11f2fa6be6ceaa817dbdc7a6aabf2fad8ff3efa8382a25099f0c5989d2ad56ae0f4968b2cfcfc67b4f1c161c75900b4848f59a3c0376dfcb7997bf28e9e85d6dd942a360516de38e1c1a038a796f9a77ff2b0c7e5e8f4932391a0e58e76dacc6f9764178a211dfde3e75d367d2911ff398126ffdf83cf2fbdf1ad5232bed9155f7a168638a572094a9e934d4969b358cf6e121d7fd2aeae2f499068b42c152f0e3403a230885d6f92f038ddaa23499f804ffb06abdbabb51f6c38c92fb1a6271a4b13d6d11125b8ec12efa5907dc65062797fb9cca15e2f254e76b182d3fcdb4e96ac4de36d6df7e7bba5c32f422286b1be3b79bffb6fd693761952d195a84ad9ceb07287a0fbefab9e0347b513c5f60233ccd4b52d90ec144a2f896d9dc7f279f8aa93038f3efa286e1c3006933a4d7183d952f8d28b141b28b2af355b5bd8198dfde1ffb8d09202aff0d16ca3fec194662892a49f829813970a4520f1228aa03d211a45bed3b2e05bf1f10b1a152761e7b6c6ddea863a3c02224256092c70ca70dc185c4c385dd98b09e2682661e1e66f71d9c4037048eb70e8a1cbe57de87ec43713abf5fdcf63b9c482f318e3bec37e878dadbae15a02d731e6c8574eb14c059d72f73be5174add786d06b585a28a06d349d8e434a491b34897b3c1ad786ec8280d7f57edd4fbc6aea5485d659b59d393e331cf91e6ed76f340fcf7cf460892fa7318fc42b883f61d888ad982a751accb613c66661fba5f3d6de751a6a9ef8a4700316aaad04e991aab7903f4ef012ec2a8c092234e74ef335daf360ae47bbd2bbc6ad8c1a4f81efe8bbd703cb55ef36b32b4e30cb5a3b165c02ba295d0e1c40ce6ff8f479a74f01275f113ebfa8ade37a59ce70e6ca2a6f48f1be085f61bf772e2c2da523a2cfe63e99c57bdb1ff23139d4fca49eff7547e9880eefd3f7511a677efa23b52098ba89037c48dfcda2e8c1cfb9f892161049e53f8cee55256279512aecab8c441600dae0fd957883273047cf5c66ba209f830aa2ce0cbe41ca08c0cef4aed7f4324009200661a7ce680e5a8df2d051c1d8b2f63d25d8d74d05c75c46c8f3f24d625539e63459650960498a54ec3b16225bbbf4d3930009df265839d72611f5332a904cdebada108236e4414a2909ad01ec44b9d7f75de4385ad7ca5152e890a0919b3639fd1bcbca3b737ebb8d9ae541b1271cf2166ba15830e66f3d3afd3b754a7f81ad4f0999704ae99c114907c5be4a4797f13b80564f234723a34dbe137dabfd7fa23562df679f54a6ab54def6d63deae9844f72fd73efd0413551f5c4b9ee826eb3b7faf92a59ea34a16723b4fea14d1c8815a4e2d39fc48d1dbce526a7c53f5a96d0ef6463a0cee73fd3505f5c764a264b83c4a21f80e8b61c82d24442d13da99d18dc1b2538e7a510f6093d9ef2bc5cc777d4f98411e93919eddfd69d6e20d227cb61c50f358ea227f4de941fb080c1cf6b1f6e25533768fe133dbfc3f9d29c603bed38aa3c5af5b81a706b0067b40b88f992610d04c7cc36b8f649697cd6a93fae51138161891ae75a7147780fc59af5a6e18c54f9d2a4fe7fa92314b399afba9a40d0cc24f70a2593acf8d179215e06b7a9a88224bafcb2cbf60caf5fe4ff38208a70793b5dc33cd572956260e1c86312d3ba9b3a4b2b44376f2e78c616a6c0880ac8dcbaa30b9f761d500fd03a8518dd0509157b184a2d95e0caf3ffc8ac2db6c54d80c71a1e5b9ea3bf51071e2118af204123daceeb04e4f6f31f32a4d3fbb76ee49440cabda2c121c1b99acab5b87cecc37c3f9066af34ab29d6598bbfd91047a2ac7ce3a8f3027ff5e6d743506f161087278896a98ed37122ba208b61cf54d3929555ab06b564cd5e4f46f4755a6cfa2ef2b30d29ea66f2749d4060d411fa9160c91b6f55cf071ac8222c6313df18759e2958cddfe3db4cbeb9cd39abcf5f0beaecae8437813995cb7ed0b87d42ca942ff7245ece204798d01361c5f008e0d82bdf76660515bc78f7f8f409ccf68614b2cb50f5af2615661326fd971bc57eeeade60ea906b8df1cb0dfafd318cd2c396309c329d0469ca192aa8f51d7c4227685440f073983255baf054b97b9d7be1d1470d7eabd5c09b2116b4e86b0567b7e97e088717a4fe3dbdd310a1c39136ea4d2c47492001f9885dba03bf97e7da376171d666441cdc2f999db137603d57df32b4260fa0165e82917bb1631ea314e7a7437e66fc68cef22cda8f456d6e583f6e3237e0bc79987a9103f7cf0918e26881f67ea582e1ff3a49177599d385bf6e42572a2547933aeddb826530e9adf30dd84c3a7fae5c4c26f6c6f3a9f0906decd314e2407825abef959c5416d18a92ff34e6c521a16e8a0a29937c77d4ee99b41d530a732acbe0bf5d274df9d496b47a9a624546bdcf9976cde12ec989cb2a70b33a7c8a3a77652023164695f9db30dfcf587f0cd4f73e385730bcbdd688f6dcb08ba0efbb9f579220afefa4acfea522e864fce9b1782ce9f14824d16e9d33a2609c23ba3c5a1af02549357a0dcc12e37819d778021762cf895abeac1125b744c8b8225a091e7be9ded9993cfa3ca9abb83e25c8f559009977a2ed9374a89619fae5ef6d164bb73d242004dc8428e44689b33ee3bbe88bb4962ab0a32a90e7aea044f08410752cb2d7aeaf3196648a3a99092665b478bb394b48f79b36db0efc7f50d6a5179c945f5298cfaac5e5dea715296f92abce7281d48a0c9c6b785a35ef5f1697c047ddb254fe9a8ab9f498b0c1ae09ffd01a3d8d427fee7e36c51e0e5c2fee2245fb8464626ab5c9857ebce91f7d22bf024d10c2d71021cd69268472de419e6cefd970cc3a8e4d1bbe6496799aa7f100411766e712aff08b731460f14f9d7356db12cf8e1c6121968dc68b1d81c086b325ca4ce6fe1f476707e08fa913144b757c6be17cf93150db29544d207f09a896f33b7335d9339215da751e7af2c6bdd19db6f521af2c8a5998dc607f97026d07111488741134c1c86eba123273d1fd5ee4b471e86f9ae9478a04c7482076ab34a1eca5c64f89e5106eed44bceec019c67c12fb4db4fdac153f4ac3b63ffeb6d30de58ec039e2dd3c181e254cd94d0a2b0b44490384cc5915b54ee1db2b6d059879bf8126c9ca976d0f7862da07ecd350930a081810a7afd72b2ad3f65b96ae9c7f91227a2b5513a559f36b90fe01be9ae5ad3ca65e2c26f358fc26b858a3633fda7ae49a5fb705220a5819b3cca41b1ccc21d7c40f5fa9c422288efa5394e4312675899d704a2aab62b8363f58fd4bc12a8bea6ffc45b4414237bf5f019321206dbba439acb5ef26641f30fdac20f964354bce94e4c9d73e137f9806deefaf6f4acaa0e76ad4fef9f6cb7fc01bbabda9612c05adbe46afcf94819e8a4b4b49ff764784fa432d47fb6d4230900043d1b4521cd6839fe8c5df4d1899fdfb13880e207cac73f0a29020bdd563bd9c2f6bcd1ec523b3e03ebf6164fc65af001830c51396f9df2d346f83a59cfc82201cf1150ea57259d579fc2ed199b3fbe42d5188c84e4354610743e5b23a265246313cc63913f17412fa00d98b379b80b96d936969572e11316bc8926cb23115186f3b2387b82c3898fa41bf16a308da62d5a3eb3609af1943fddde08a4036eb2a41b7292caad9eb082614b02a1fa255bc7abd4d0e3b4ec1801e131e68c7aa9da1a0ff10f9de87dec8fad1ad8bfa99caa49e203a7b9c33e044d4544a537471e7a452468b821959bc488c6b8cbf81e90081a26de273ad1203cc06adb6af242ab19f96c1c66b58c37e2c9309704fba63af99a8d9c5efc651afb631fe9f546b938cc3b8e526c4159e5c9f7afb29fd1d55fabf09367ce2a63a35e7a2062d1c772ed981fd77157a847f687a177cf9886ce41df8cc509302b46bc1e2ba896b1c1656a1bbfdf4cd9ac39cf8510d1c823075f16550fd044aacc8d42a56f03718f7b18475cdc3999faeb25ab3dd8a807ee04d8e5d831d08b4e309dff50330685138797e10c6362636f53f22bfc1f3d5090a5d369282d9de36bb4e2505411ccc6ea395afa1567b15a2fb4be2adeea7126b1a8e80034105e0d98bdd78e796ce1cdc06a4ae666fc0baec5c52614340ed997673e26ec47c88846c000bb7c9077337cd44f5c041fdcc64986e5e1c0f488148f0ee6f842c44c0b72e82109270341bba6e9080b70fcf930d0f10be5a36798e70111fed72727b72282ff164fc08319d74f1f57cde71b57cb397a9e753f87b97729bafba017a24cbfdee5dfe7fc296c112e93bb8fce560ca80a3afd8370baaa79ad783b51352b5440b144a47378c9ae22eda5794328e95bcca220fd07bb56915529b155c61858efe89ad36a79288e74c0e251addcfaf797432175a5562b46eff5e3aebeb74623e18beef85389383c604d8884431b07dc4bea0174aadc337ff41f558a63f16690feae47efa2a5d1318b7397e1e4ba398727d286791b71610e1d78d32800e7e113c12abf0f60b6ca4401ecd23b7aacd990633b2b017daf6bfef1b2361ece74b7dbcbb1a73d4bc1f9d2e5c9fb0b7980d25cc44d1b10c09ef5a6a05c84669294a5cadf0cd88ab449f9f0bcdd8c48590d416c5c1feaa494a2145949c2a3373df7c6014225f2745bbeb20ff294d22c0d96ca111e6926946207cab56a03162a49e68968e398f70690188ee3ca847ef421742d60b9a6ad029e8a3d607950b2bf8ad8ff297cb39acc94905635770436e134435e28205140331b5100d9f64469792fffac87bca0835cbc617446ff86a7b50418c305f32e658b32130e491e38709fd3697017ac8084cdf1ed81a28375aed092ab4e32ca88a933154dd3a9e99351acbada926b67b310c7070ac1a414a28c5abfe1f45476249a12f18ca2d981528d881ed3c5072e46a6eff3cdf37dcbc89c7f79c88a1f8d15d15beb66a0e4440c7b93e379c4e2bac1d5c8e85f1852887e2cfeb178fba1c67dc2adb0c87df8ca4444ca7f455509f492effb5001328b8cc696e2933207a2d78bbce8562ca34a248193c914406b161c8141479d891b0c6110ec1e25cad38299b489f2ec437017cadba67dcb58abd4933c95b3526f1d4747b8701a7d71e446e4b62e2941d4281faca0cf22914be5aad80f47100000000ceb24e82508fe55a92fb6db70d03d1c1ec09cfee31639341756a4630a0eaaecac7bfbddf9d30c42cbd45eb181d5bd341307ad26f496bb042e2b655c03ac3dcc587acbf50f79b5c239be9938b62d3251b199f8413b020605d5d0552cfd9c39c9132719d6d0a326b000e12fcb51bc274df79d11430060d05978cdd50583f1bca82c57dbee605e2d00fcb5414af13a596d35cb5ba62de6a28cbccc857d23547b1c7fd5ac8fbf6758d5b8451fa46d9acc00344dc2e565674b1dd3547eb8f8aa5fff99042f8d1d59e6ad2f53379211e6832fcb68f5777eb2db85b28f724f4e4ce6342cf55713ff7b0cb4f7f47dd12a6566b86709eaefae024373267ce72a89e7f3e42ab48edcccc96b5d0403fe93a927e5ccf470014f220b8257393226cd7b996f20e6a34f81206733a9fdce03b701943c1b560d3eab68c2c225cf7f7f2b56123be2bb173e9e5b37f4d3348f6b987764ad07c2acd44514ff264d7eda31e5e517a179414841ad4553d51c08f435e05f10aa82d74b97a9ba3a133e6c9175fdcd4f3dc9c16d3be1d5bbaf13240177081ac1d56681bfa988a93af09868afd608520c0bfd71d857a6661fdaf6f2e166987eb007449dd26334ae932c5003fefc0f983b9e49cbfcea325f2de16a9ae935caa46f5b3433957fb370971ed957f138f08a60fed5b84995e428e7ae7d5c22021ff016baef0e713a118344c016a99ad469313ba7f2452da0dd82e019f64aa229cf80a69b3e08ac5847f10d247179855546313232f23e055c2f74ecef14e0fdcc29a9bf0976fbb249bd5c7903183d2a53c70960a183630e7d4928daa7091a85ad987d2a4a5b8f6be6612fa72d9fbb33c67bb38eff19f2e784f94e0354cf6d35a5b2c62233c039de3734b38e97ec72bd673fef09fd56fec329818cc68cdf12cb52f7d37a8350c16e94208880bfcd3e895d7aa4489e3dd15db4a9026f0d2a46f1e89c35845dbd976a1992b87c15a0c7580e6424b8792a7bb7b933d7c5433d4133ba4dbbcf7995d6ed3feaa32f876a287feeb9cc6107778c1f83e0119d980b9e994c2a3ae3de24a103efb3cacb746b49d1ad85746b233ab4aaf0e988ec2a786bc93f32040d3bdc3008031634cdfded5ac95b2279e096243228296591e7ba53c4a127772cc4620e6b238ccad250629194533d0a669ff3366c52d64928693e0b0cbb0b8e2c6029089d4dfe2b4b6c5dcd85f1a02770611e65001e48a32a8b0431a3b9d77fa3a95be38a0436a704c05a8e0183f3214c25531a63796f679bf72885aa766468d42b2543542d7e82544efc5c5e81e6a91a0f5d4e68000cff687d63e45c9a11d4ef515050daa592c9a828ac7c0488e7cdb3d6fdaef5e9176ee68d981ea50d386d74df3b40660351736deb03bfceb721878cf9894b0302df15964242ab6b9f77f98ba1c7993735983d2b022600ab74a19e3636e1400d08ba45d3a5c2774cb06a1c358bbfc11d27efaf7ca53c2e7757c8c76da24707d91a4a5244262898d68083ff91c514d9b9b1ebaa0cb0b10254fda1b1e82b9a1a47f117b5b280ddbec1f6732d11117ef1a7a674699df87fe795d1243cb9c4527e364e2b711b6562a87fafc130ce0baf1701686639b05f0c8dc708f008b1e6ab89e8d623bb83f3d54b7bcdbdacd055ac4eccbd36bbe0af0f65a00e3d6dd985ae8851d176976cfb5816d1fc2a63d3546aecaa4e712ca6961d1f181315d553de6b53485faed0dcfcf819a1ba3badffe797377d3d1ddaed8e7a0acc0c3d277762262a139f94de49faca167b11bf04f2104a5ab9a73367a6461f7124c91a2c4229ef98e6ebde9aac283c7d029400d71293f488ba169b62c1e94689cf5b248ed4aea62b88d65bb764cfe27d5231a58486e7381df518f4ed81cb905108c54a5050a94ca0e94da20d3794bc5fab9127dc95b6404b1e27b4e28136fc27806f7be798444c33aca88ffd45b860eba0d5033839f5a092863954604f1952bd61dad23b11643fe14f3ade08116aa2c13eee701ccd13e506bd65a1060bf69579aea8c8143cd38c0891a3065f251eba0c20ab9c69ddf28e3bd6400cc203bac8de1882239ad4e1b97b0ae2f1abb7bac7c0d8ef82b97ebfb1f5577f06a3a1377b09ada4db87d342f20ab0eca4b9c206042471307511429cb57a578211f92d3647189861cad9145f5eb26ab696abe50a2a6c1b469df97da28aba4e79b586c348a430f5ea61c4be1032fa61d18581f05a07fb8707c8996e0fff1c3eda59b992687fa12483b9327e10224b20d42e8b3fc4670bf070ced602283273d6818acd1f6da567c44d3f5e1377065d43d87d889843ae48e7fa8ba1634815695b8c480ca271e6e833799c70da80fd79acc09b989667a2294de5da73f0363df9a33ad4dab8d27cf7bed0a06838672e3d07d52b6396e9b5576021d5e925abd533bf161c944795065fdd44e8462e3070c479f1c118276653488dd9b2f1a673f8cad3612ca1fab4388ec9c8f834a01a499adb7b3a9a977672f6d75b41bbdd7f91ceb7e7a88568d17bb432be9e4e96e115075bce197ef4754d2914c2c59e2d7f4c08f0dbe34d31f229428f211bf1d7e8f5c319ed4a8273cb6255eb318851ac4557b0278fac63107a54d407c42f300b843a12abd3b893b46c7efac2e388ab42b87aebe2543bd4c15f459bc50aad10ffe1c1196fb52c26e54bdaa7fbd52451f207ffb073ef4b3f71eedd7da40c89505019739e3fa733bcdc84ff4919e8fe2358129ef28291be1d6426b8bafe88463b1d3cd7273745381c7f65221898e6ad361e88b24c54ccc7ac9a830145b6dc096e2d71ef71ec4f03524cb870b724e08d223bdec2f6fdde6200217a13b5136004d455d66547f5a1793e0cad85677d49e5c558852107007c8136812cf021afaf6f7e8f59883371be46cda412dd9c6fcf187c31252ceb5758901d39cd5355ab386d9a7fe6ea46ebf277aaf809c3023211ea9aa189de4d422080ebb9fec50ffab6b95ba4ae5018accc497e79149ed6047ce561ccc10e9194cdccd5c9fb75175c8dbc9d0a916ad59288f010defbbb50d263041ab37aac0f93253bef6f898cd0825d99d27224f26181f9713b8979da64756c95e7505f25a2688960d6155c3613dcc31b6c337a6dbfc6b12cfde1db22b93bbd5e48534fb0bda8b212577a14dcf665c834b0bd24e5f624d2455fe048dbe930328d7cb632db3b0e244bb5d43390b420b15157a339487fc78976f867d3a361aafdd3f50a93c01882da7c220089a544381db22e2c86b228dc2be01820468460437588952a549d37498e529e62aa62bad1580546bcb1e9a6ed1870b7838d05d12f6e3a041e78b1bdb80894626f20889ccb3a468aa4fb24b9c87cbb28623ce59c6b3c6286db366d08004551a25fe4d8d194a2bb7c52e1c85a5fbe4cb15b171489da121bea1c469a6bb185d63213084e3a81ee54dc03a94dc5ecdda7bfaad1df68021aaf4627c9d529f13e5c81b5ee4dd228949ca16b9a61d186211d153294470907557e5e14ae665013f285fe4d3766e7b3d8ce5e2a14692072d4d8f79354bcc8db8a2a36c8bcd", 0x2000, &(0x7f00000069c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000066c0)={0x90, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000, 0x0, 0x0, 0x0, 0x100}}}, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./file0/file0\x00', 0x185842, 0x0)
read$char_raw(r2, &(0x7f0000006c00)={""/38509}, 0x5f4400)

[  269.108655] audit: type=1800 audit(1601002385.660:112): pid=16931 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.0" name="bus" dev="sda1" ino=16396 res=0
02:53:05 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  269.194347] FAULT_INJECTION: forcing a failure.
[  269.194347] name failslab, interval 1, probability 0, space 0, times 0
[  269.206009] CPU: 1 PID: 16950 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  269.214163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  269.224297] Call Trace:
[  269.227435]  dump_stack+0x1b2/0x283
[  269.231598]  should_fail.cold+0x10a/0x154
[  269.235735]  should_failslab+0xd6/0x130
[  269.239700]  kmem_cache_alloc+0x40/0x3c0
[  269.244274]  radix_tree_node_alloc.constprop.0+0x1b0/0x2f0
[  269.251056]  idr_get_free_cmn+0x595/0x8d0
[  269.255198]  idr_alloc_cmn+0xe8/0x1e0
[  269.259458]  ? __fprop_inc_percpu_max+0x1d0/0x1d0
[  269.265253]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  269.270586]  ? __schedule+0x1450/0x1de0
[  269.274916]  ? cpuacct_charge+0x1cf/0x350
[  269.279504]  ? fs_reclaim_release+0xd0/0x110
[  269.284636]  idr_alloc_cyclic+0xc2/0x1d0
[  269.288691]  ? idr_alloc_cmn+0x1e0/0x1e0
[  269.294087]  ? __radix_tree_preload+0x1c3/0x250
[  269.298741]  __kernfs_new_node+0xaf/0x470
[  269.302875]  kernfs_create_dir_ns+0x8c/0x200
[  269.307267]  internal_create_group+0xe9/0x710
[  269.311939]  lo_ioctl+0x1137/0x1cd0
[  269.315676]  ? loop_set_status64+0xe0/0xe0
[  269.320099]  blkdev_ioctl+0x540/0x1830
[  269.324836]  ? blkpg_ioctl+0x8d0/0x8d0
[  269.328745]  ? trace_hardirqs_on+0x10/0x10
[  269.332991]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  269.338088]  block_ioctl+0xd9/0x120
[  269.341698]  ? blkdev_fallocate+0x3a0/0x3a0
[  269.346721]  do_vfs_ioctl+0x75a/0xff0
[  269.350544]  ? selinux_inode_setxattr+0x730/0x730
[  269.355369]  ? ioctl_preallocate+0x1a0/0x1a0
[  269.359936]  ? lock_downgrade+0x740/0x740
[  269.364966]  ? __fget+0x225/0x360
[  269.368594]  ? security_file_ioctl+0x83/0xb0
[  269.375013]  SyS_ioctl+0x7f/0xb0
[  269.379075]  ? do_vfs_ioctl+0xff0/0xff0
[  269.383126]  do_syscall_64+0x1d5/0x640
[  269.387085]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  269.392272] RIP: 0033:0x45dfe7
[  269.395458] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  269.403143] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  269.410428] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  269.418667] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  269.427765] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  269.435047] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:06 executing program 4:
perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00'})
socket(0x11, 0x800000003, 0x0)
ppoll(&(0x7f0000000180)=[{r0}], 0x1, 0x0, 0x0, 0x0)
unshare(0x2000400)
pselect6(0x40, &(0x7f0000000040)={0x1f}, 0x0, 0x0, 0x0, 0x0)

[  269.458602] audit: type=1800 audit(1601002386.010:113): pid=16955 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.3" name="file0" dev="sda1" ino=16114 res=0
[  269.486851] Bluetooth: hci1 command 0x041b tx timeout
02:53:06 executing program 3:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_emit_ethernet(0x22, &(0x7f0000000000)={@link_local, @local, @void, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x33, 0x0, @empty, @empty}}}}}, 0x0)

[  269.531936] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:06 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  269.608127] BTRFS error (device loop1): open_ctree failed
02:53:06 executing program 1 (fault-call:0 fault-nth:15):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:06 executing program 3:
r0 = socket$inet6(0xa, 0x6, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
r3 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x6)
setsockopt(r3, 0x10d, 0x800000000d, &(0x7f00001c9fff)="03", 0x1)
connect$inet(r3, &(0x7f0000000040)={0x2, 0x4e20, @remote}, 0x10)
sendmmsg(r3, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000600)="c5", 0x1}], 0x1, &(0x7f0000001000)=[{0x10}, {0x10}], 0x20}}], 0x2, 0x0)

02:53:06 executing program 5:
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x254, 0xc8, 0x17c, 0x17c, 0xc8, 0x5, 0x18c, 0x260, 0x260, 0x18c, 0x260, 0x3, 0x0, {[{{@ipv6={@private2, @private0, [], [], 'veth0_to_bridge\x00', 'gre0\x00'}, 0x0, 0xa4, 0xc8, 0x52020000}, @common=@unspec=@CLASSIFY={0x24, 'CLASSIFY\x00'}}, {{@ipv6={@initdev={0xfe, 0x88, [], 0x0, 0x0}, @empty, [], [], 'syzkaller0\x00', 'bridge0\x00'}, 0x0, 0xa4, 0xc4}, @unspec=@TRACE={0x20, 'TRACE\x00'}}], {{[], 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x2b0)

[  269.669485] print_req_error: I/O error, dev loop1, sector 0
02:53:06 executing program 0:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
io_setup(0x5, &(0x7f00000000c0)=<r1=>0x0)
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
dup2(r2, r0)
io_submit(r1, 0x1, &(0x7f0000000940)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000180)='+', 0x1}])
io_submit(r1, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0x12f}])

02:53:06 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  269.834593] FAULT_INJECTION: forcing a failure.
[  269.834593] name failslab, interval 1, probability 0, space 0, times 0
[  269.859236] CPU: 0 PID: 17017 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  269.867136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  269.876487] Call Trace:
[  269.879075]  dump_stack+0x1b2/0x283
[  269.882704]  should_fail.cold+0x10a/0x154
[  269.886855]  should_failslab+0xd6/0x130
[  269.890831]  kmem_cache_alloc+0x28e/0x3c0
[  269.893695] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'.
[  269.894978]  __kernfs_new_node+0x6f/0x470
[  269.894992]  kernfs_new_node+0x7b/0xe0
[  269.895003]  __kernfs_create_file+0x3d/0x320
[  269.895015]  sysfs_add_file_mode_ns+0x1e1/0x450
[  269.895026]  ? kernfs_create_dir_ns+0x171/0x200
[  269.923929] netlink: 76 bytes leftover after parsing attributes in process `syz-executor.5'.
[  269.925552]  internal_create_group+0x22b/0x710
[  269.925570]  lo_ioctl+0x1137/0x1cd0
[  269.925584]  ? loop_set_status64+0xe0/0xe0
[  269.925595]  blkdev_ioctl+0x540/0x1830
[  269.925605]  ? blkpg_ioctl+0x8d0/0x8d0
[  269.954314]  ? trace_hardirqs_on+0x10/0x10
[  269.958552]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  269.963660]  block_ioctl+0xd9/0x120
[  269.967288]  ? blkdev_fallocate+0x3a0/0x3a0
[  269.971613]  do_vfs_ioctl+0x75a/0xff0
[  269.975408]  ? selinux_inode_setxattr+0x730/0x730
[  269.980421]  ? ioctl_preallocate+0x1a0/0x1a0
[  269.984825]  ? lock_downgrade+0x740/0x740
[  269.988975]  ? __fget+0x225/0x360
[  269.992432]  ? security_file_ioctl+0x83/0xb0
[  269.997283]  SyS_ioctl+0x7f/0xb0
[  270.000645]  ? do_vfs_ioctl+0xff0/0xff0
[  270.004618]  do_syscall_64+0x1d5/0x640
[  270.008523]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  270.013715] RIP: 0033:0x45dfe7
[  270.016891] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.024580] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
02:53:06 executing program 3:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)={0x54, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_HASHSIZE={0x8}]}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'hash:ip,mac\x00'}]}, 0x54}}, 0x0)

02:53:06 executing program 5:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="900000001000010400"/20, @ANYRES32, @ANYBLOB="30000400000000005c001280090001007866726d"], 0x90}}, 0x0)

02:53:06 executing program 3:
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='oom_score_adj\x00')
exit(0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendfile(r0, r0, 0x0, 0x800000000000800)

02:53:06 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)={0x5, 0x5, 0x7, 0x9}, 0x2c)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)={0xd, 0x1fb, 0x4, 0x100000001, 0x0, r0}, 0x40)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000180)={r1, &(0x7f00000001c0), 0x0}, 0x20)

[  270.031830] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  270.039079] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  270.046331] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  270.053671] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  270.174463] print_req_error: I/O error, dev loop1, sector 0
[  270.188130] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  270.246552] BTRFS error (device loop1): open_ctree failed
02:53:06 executing program 4:
r0 = open(&(0x7f00000000c0)='./file0\x00', 0x1ade42, 0x0)
ioctl$EXT4_IOC_GROUP_ADD(r0, 0x40246608, &(0x7f0000000300)={0x401})

02:53:06 executing program 5:
perf_event_open(&(0x7f0000000000)={0x2, 0x70, 0x20, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
quotactl(0x40000080000100, 0x0, 0x0, 0x0)

02:53:06 executing program 0:
prlimit64(0x0, 0xe, 0x0, 0x0)
r0 = getpid()
sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8, 0x8000, 0x0, 0x0, 0x3}, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000041c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000300)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$NL80211_CMD_STOP_SCHED_SCAN(0xffffffffffffffff, 0x0, 0x20000000)
socket$inet_udp(0x2, 0x2, 0x0)
fcntl$setpipe(r2, 0x407, 0x0)
ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0x0)
write(r2, 0x0, 0x0)
vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0)
sendmsg$NLBL_UNLABEL_C_LIST(0xffffffffffffffff, 0x0, 0x41)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50b, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x183, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000040)='fuse\x00', 0xd000000, &(0x7f0000000140)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x6000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})

02:53:06 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:06 executing program 1 (fault-call:0 fault-nth:16):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  270.411215] FAULT_INJECTION: forcing a failure.
[  270.411215] name failslab, interval 1, probability 0, space 0, times 0
[  270.427490] CPU: 0 PID: 17062 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  270.428190] audit: type=1800 audit(1601002386.971:114): pid=17060 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=15777 res=0
[  270.435558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.435565] Call Trace:
[  270.468327]  dump_stack+0x1b2/0x283
[  270.471959]  should_fail.cold+0x10a/0x154
[  270.476893]  should_failslab+0xd6/0x130
[  270.480864]  kmem_cache_alloc+0x28e/0x3c0
[  270.485013]  __kernfs_new_node+0x6f/0x470
[  270.489160]  kernfs_new_node+0x7b/0xe0
[  270.493043]  __kernfs_create_file+0x3d/0x320
[  270.497453]  sysfs_add_file_mode_ns+0x1e1/0x450
[  270.502116]  ? kernfs_create_dir_ns+0x171/0x200
[  270.506786]  internal_create_group+0x22b/0x710
[  270.511453]  lo_ioctl+0x1137/0x1cd0
[  270.515079]  ? loop_set_status64+0xe0/0xe0
[  270.519397]  blkdev_ioctl+0x540/0x1830
[  270.523279]  ? blkpg_ioctl+0x8d0/0x8d0
[  270.527161]  ? trace_hardirqs_on+0x10/0x10
[  270.531395]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  270.536503]  block_ioctl+0xd9/0x120
[  270.540124]  ? blkdev_fallocate+0x3a0/0x3a0
[  270.544451]  do_vfs_ioctl+0x75a/0xff0
[  270.548255]  ? selinux_inode_setxattr+0x730/0x730
[  270.548870] audit: type=1800 audit(1601002387.101:115): pid=17060 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=15777 res=0
[  270.553089]  ? ioctl_preallocate+0x1a0/0x1a0
[  270.553101]  ? lock_downgrade+0x740/0x740
[  270.553115]  ? __fget+0x225/0x360
[  270.585535]  ? security_file_ioctl+0x83/0xb0
[  270.589942]  SyS_ioctl+0x7f/0xb0
[  270.593304]  ? do_vfs_ioctl+0xff0/0xff0
[  270.597279]  do_syscall_64+0x1d5/0x640
[  270.601164]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  270.606341] RIP: 0033:0x45dfe7
02:53:07 executing program 4:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0)
socket(0x10, 0x803, 0x0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000840)=@newlink={0x30, 0x10, 0x801, 0x0, 0xfffffffc, {0x0, 0x0, 0x0, 0x0, 0x80, 0x8b22}, [@IFLA_MASTER={0x8, 0x4}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)

02:53:07 executing program 5:
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fffffff}]})
signalfd(0xffffffffffffffff, &(0x7f0000000080), 0x8)

02:53:07 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  270.609531] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.617235] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  270.624490] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  270.631737] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  270.639083] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  270.646345] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:07 executing program 3:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0xf1, 0x0})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x17)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = gettid()
tkill(r1, 0x1b)

02:53:07 executing program 5:
r0 = socket$inet6(0xa, 0x1, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x6, 0x0, &(0x7f0000000080))

02:53:07 executing program 4:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:07 executing program 0:
getpid()
rt_tgsigqueueinfo(0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$inet_int(r0, 0x0, 0xe, 0x0, &(0x7f0000000300))

[  270.743751] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  270.781773] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:07 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:07 executing program 3:
r0 = socket$kcm(0xa, 0x2, 0x73)
setsockopt$inet6_opts(r0, 0x29, 0x37, &(0x7f0000009f40)=ANY=[], 0x8)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$kcm(r0, &(0x7f00000003c0)={&(0x7f0000000000)=@nl=@unspec, 0x80, 0x0}, 0x0)

[  270.858124] ptrace attach of "/root/syz-executor.3"[17084] was attempted by "/root/syz-executor.3"[17085]
[  270.887867] BTRFS error (device loop1): open_ctree failed
02:53:07 executing program 0:
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000000)={0x1000000002, 0x70, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
lchown(&(0x7f0000000000)='./file0\x00', 0x0, 0x0)

[  270.943484] audit: type=1804 audit(1601002387.491:116): pid=17092 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir696686776/syzkaller.WrdTQe/122/bus/file0" dev="sda1" ino=16382 res=1
02:53:07 executing program 3:
syz_open_procfs(0x0, &(0x7f0000000040)='fd\x00')
syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='environ\x00')
exit(0x0)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_open_procfs(0x0, &(0x7f0000000080)='fd/4\x00')

[  270.984204] overlayfs: './file0' not a directory
02:53:07 executing program 1 (fault-call:0 fault-nth:17):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:07 executing program 4:
openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/vmallocinfo\x00', 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000001400)=@ipx, 0x80, 0x0}}], 0x1, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
perf_event_open(&(0x7f000001d000)={0x1, 0x4a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
preadv(r0, &(0x7f00000017c0), 0x3da, 0x0, 0x0)

02:53:07 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:07 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:07 executing program 0:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x3a3dd4008400af01, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r2 = memfd_create(&(0x7f0000000a80)='\\\xba\x140D\xf8systemem0md5sum$\x00`\xfa\x90$\x1f\x8c3\xa1\xa8k\x1e\xca9\xb2\xbb\b\x8f\x94>\xb8\x0f\x92r\xb4\\\xbd\xc0\xc0\xa5\xf8;|\x16-\xbcR\x0f\x00FVL/3w\x1d\x1dTRG\xd37z\xcbS\x82\x7f\xac;Be!\x84Q\xb7\xdc\xb6\xf0\xc6\x9e\xb0\xa6\xf4\x88Tj\b\x00\x00\x00\xc7\xd58\xfd\xb6\x00\x80\xf9\xd7?\xc0\x9a\x9b\xba\x0f\x01\x96\xa8\x0f\x11\x1c/~O\x92\xd8D\x90\xf7\x9aW\xf3\x19tH\\\x92\xb3\xe3\xff\xcb@\xd4\xd6%\xea\xe7)\x81\xdc\x91T\x85\x14\x84\xe4\xae\xe2\xd8\xf6S\xb5\xbb\x9d\xa9Ek\x1az\x7fa\x9cY\xd2zIU\xe4\b\xc6Q\x1a\xcbr\x191\x19\xd70\x17\xd9qD\xaa\x83\x1d\x9ei\x8c\x83\x9eVa$\xa1\x0eEP\x03\xee\xea\x9e\xce\xfac\xce9\xe8\r\x17\xf0\xf4\x89B[\xfc\xe3?\xbe\xc4\xc0{\x1e\xc5g\xc7\x12\xf6?\f\xdd\xec\xfc\x1c\xb3Xc\xc0\fPm~$M>A\x8a\xd6\x1d\xd8\xe4\xf1?\xea\x1a\x15\x13J\xe3\"\x87\x9b\x02\x7f\x13\tF', 0x0)
r3 = memfd_create(&(0x7f0000000140)='$.6/%cpuset]\x00', 0x0)
write$binfmt_elf64(r3, &(0x7f00000004c0)=ANY=[@ANYBLOB="7f454c460200000000000000a3dbb40003003e"], 0x3c)
execveat(r3, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)
mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r2, 0x0)
rt_sigaction(0x7, &(0x7f0000b4a000)={0x0, 0x0, 0x0}, 0x0, 0x8, &(0x7f0000000000))
prctl$PR_SET_DUMPABLE(0x4, 0x0)
syz_open_procfs(0x0, &(0x7f0000000300)='net/rpc\x00')

[  271.071857] audit: type=1804 audit(1601002387.551:117): pid=17106 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir696686776/syzkaller.WrdTQe/122/bus/bus/file0" dev="sda1" ino=16390 res=1
[  271.134593] FAULT_INJECTION: forcing a failure.
[  271.134593] name failslab, interval 1, probability 0, space 0, times 0
[  271.172647] CPU: 1 PID: 17122 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  271.180619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  271.189971] Call Trace:
[  271.192556]  dump_stack+0x1b2/0x283
[  271.196188]  should_fail.cold+0x10a/0x154
[  271.197545] Buffer I/O error on dev loop1, logical block 0, async page read
[  271.200333]  should_failslab+0xd6/0x130
[  271.208316] Buffer I/O error on dev loop1, logical block 0, async page read
[  271.211378]  kmem_cache_alloc+0x28e/0x3c0
[  271.218646] Buffer I/O error on dev loop1, logical block 0, async page read
[  271.222634]  __kernfs_new_node+0x6f/0x470
[  271.234377]  kernfs_new_node+0x7b/0xe0
[  271.238264]  __kernfs_create_file+0x3d/0x320
[  271.242670]  sysfs_add_file_mode_ns+0x1e1/0x450
[  271.247796]  ? kernfs_create_dir_ns+0x171/0x200
[  271.252465]  internal_create_group+0x22b/0x710
[  271.257057]  lo_ioctl+0x1137/0x1cd0
[  271.260686]  ? loop_set_status64+0xe0/0xe0
[  271.265032]  blkdev_ioctl+0x540/0x1830
[  271.269474]  ? blkpg_ioctl+0x8d0/0x8d0
[  271.273364]  ? trace_hardirqs_on+0x10/0x10
[  271.277602]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  271.283056]  block_ioctl+0xd9/0x120
[  271.286680]  ? blkdev_fallocate+0x3a0/0x3a0
[  271.290999]  do_vfs_ioctl+0x75a/0xff0
[  271.294802]  ? selinux_inode_setxattr+0x730/0x730
[  271.299730]  ? ioctl_preallocate+0x1a0/0x1a0
[  271.304139]  ? lock_downgrade+0x740/0x740
[  271.308297]  ? __fget+0x225/0x360
[  271.311742]  ? security_file_ioctl+0x83/0xb0
[  271.316187]  SyS_ioctl+0x7f/0xb0
[  271.319533]  ? do_vfs_ioctl+0xff0/0xff0
[  271.323483]  do_syscall_64+0x1d5/0x640
[  271.327369]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
02:53:07 executing program 0:
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_buf(r0, 0x29, 0x10, 0x0, &(0x7f0000000040))

02:53:07 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:07 executing program 4:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x80000000, 0x0)
bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0)
ioctl$KDFONTOP_SET_DEF(0xffffffffffffffff, 0x4b72, &(0x7f00000000c0)={0x2, 0x0, 0x0, 0x0, 0xf1, 0x0})
ptrace$setopts(0x4206, r0, 0x0, 0x0)
tkill(r0, 0x17)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
r1 = gettid()
tkill(r1, 0x1b)

[  271.332555] RIP: 0033:0x45dfe7
[  271.335728] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.343415] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  271.350660] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  271.357904] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  271.365166] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  271.372418] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:08 executing program 0:

02:53:08 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:08 executing program 0:

[  271.393062] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  271.432344] ptrace attach of "/root/syz-executor.4"[17140] was attempted by "/root/syz-executor.4"[17143]
[  271.456583] BTRFS error (device loop1): open_ctree failed
[  271.556543] Bluetooth: hci1 command 0x040f tx timeout
02:53:08 executing program 3:

02:53:08 executing program 0:

02:53:08 executing program 4:

02:53:08 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:08 executing program 1 (fault-call:0 fault-nth:18):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:08 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  271.925030] FAULT_INJECTION: forcing a failure.
[  271.925030] name failslab, interval 1, probability 0, space 0, times 0
[  271.939642] CPU: 0 PID: 17169 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  271.947537] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  271.956885] Call Trace:
[  271.959473]  dump_stack+0x1b2/0x283
[  271.963108]  should_fail.cold+0x10a/0x154
[  271.967264]  should_failslab+0xd6/0x130
[  271.971243]  kmem_cache_alloc+0x28e/0x3c0
02:53:08 executing program 0:

02:53:08 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:08 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  271.975391]  __kernfs_new_node+0x6f/0x470
[  271.979536]  kernfs_new_node+0x7b/0xe0
[  271.983423]  __kernfs_create_file+0x3d/0x320
[  271.987831]  sysfs_add_file_mode_ns+0x1e1/0x450
[  271.992502]  ? kernfs_create_dir_ns+0x171/0x200
[  271.997169]  internal_create_group+0x22b/0x710
[  272.001750]  lo_ioctl+0x1137/0x1cd0
[  272.005372]  ? loop_set_status64+0xe0/0xe0
[  272.009611]  blkdev_ioctl+0x540/0x1830
[  272.013500]  ? blkpg_ioctl+0x8d0/0x8d0
[  272.017386]  ? trace_hardirqs_on+0x10/0x10
[  272.021623]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  272.026726]  block_ioctl+0xd9/0x120
[  272.030349]  ? blkdev_fallocate+0x3a0/0x3a0
[  272.034673]  do_vfs_ioctl+0x75a/0xff0
[  272.038557]  ? selinux_inode_setxattr+0x730/0x730
[  272.043398]  ? ioctl_preallocate+0x1a0/0x1a0
[  272.047807]  ? lock_downgrade+0x740/0x740
[  272.052766]  ? __fget+0x225/0x360
[  272.056221]  ? security_file_ioctl+0x83/0xb0
[  272.060628]  SyS_ioctl+0x7f/0xb0
[  272.063993]  ? do_vfs_ioctl+0xff0/0xff0
[  272.067966]  do_syscall_64+0x1d5/0x640
[  272.071876]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  272.077058] RIP: 0033:0x45dfe7
[  272.080239] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  272.087941] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  272.095304] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  272.102569] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  272.109841] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  272.117105] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:08 executing program 3:

02:53:08 executing program 4:

02:53:08 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:08 executing program 3:

[  272.123202] audit: type=1804 audit(1601002388.671:118): pid=17188 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/18/bus/file0" dev="sda1" ino=16414 res=1
02:53:08 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:08 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:08 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  272.243440] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:08 executing program 1 (fault-call:0 fault-nth:19):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:08 executing program 4:

02:53:08 executing program 3:

02:53:08 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:08 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  272.329816] BTRFS error (device loop1): open_ctree failed
02:53:09 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:09 executing program 4:

02:53:09 executing program 3:

[  272.403643] audit: type=1804 audit(1601002388.951:119): pid=17212 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/19/bus/file0" dev="sda1" ino=15893 res=1
[  272.418794] FAULT_INJECTION: forcing a failure.
[  272.418794] name failslab, interval 1, probability 0, space 0, times 0
[  272.502120] CPU: 1 PID: 17226 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  272.510052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.520278] Call Trace:
[  272.522870]  dump_stack+0x1b2/0x283
[  272.526591]  should_fail.cold+0x10a/0x154
[  272.530768]  should_failslab+0xd6/0x130
[  272.534747]  kmem_cache_alloc+0x28e/0x3c0
[  272.538899]  __kernfs_new_node+0x6f/0x470
[  272.543050]  kernfs_new_node+0x7b/0xe0
[  272.546943]  __kernfs_create_file+0x3d/0x320
[  272.551355]  sysfs_add_file_mode_ns+0x1e1/0x450
[  272.556031]  ? kernfs_create_dir_ns+0x171/0x200
[  272.560710]  internal_create_group+0x22b/0x710
[  272.565558]  lo_ioctl+0x1137/0x1cd0
[  272.569315]  ? loop_set_status64+0xe0/0xe0
[  272.573553]  blkdev_ioctl+0x540/0x1830
02:53:09 executing program 4:

02:53:09 executing program 4:

02:53:09 executing program 4:

02:53:09 executing program 4:

[  272.576392] audit: type=1804 audit(1601002389.051:120): pid=17238 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/20/bus/file0" dev="sda1" ino=15766 res=1
[  272.577552]  ? blkpg_ioctl+0x8d0/0x8d0
[  272.577566]  ? trace_hardirqs_on+0x10/0x10
[  272.577582]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  272.616130]  block_ioctl+0xd9/0x120
[  272.619757]  ? blkdev_fallocate+0x3a0/0x3a0
[  272.624079]  do_vfs_ioctl+0x75a/0xff0
[  272.627883]  ? selinux_inode_setxattr+0x730/0x730
[  272.632822]  ? ioctl_preallocate+0x1a0/0x1a0
[  272.637229]  ? lock_downgrade+0x740/0x740
[  272.641385]  ? __fget+0x225/0x360
[  272.644842]  ? security_file_ioctl+0x83/0xb0
[  272.650025]  SyS_ioctl+0x7f/0xb0
[  272.653472]  ? do_vfs_ioctl+0xff0/0xff0
[  272.657486]  do_syscall_64+0x1d5/0x640
[  272.661359]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  272.666576] RIP: 0033:0x45dfe7
[  272.669745] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  272.677431] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  272.684786] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  272.692036] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  272.699316] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  272.707107] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  272.730574] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:09 executing program 1 (fault-call:0 fault-nth:20):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:09 executing program 4:

02:53:09 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:09 executing program 3:

02:53:09 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:09 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
setreuid(0x0, 0xee00)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  272.766469] BTRFS error (device loop1): open_ctree failed
02:53:09 executing program 4:

02:53:09 executing program 3:

02:53:09 executing program 3:

[  272.875000] FAULT_INJECTION: forcing a failure.
[  272.875000] name failslab, interval 1, probability 0, space 0, times 0
02:53:09 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:09 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:09 executing program 4:

[  272.902604] audit: type=1804 audit(1601002389.451:121): pid=17264 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/21/bus/file0" dev="sda1" ino=15893 res=1
[  272.930374] CPU: 0 PID: 17261 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  272.938271] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.947934] Call Trace:
[  272.950739]  dump_stack+0x1b2/0x283
[  272.954377]  should_fail.cold+0x10a/0x154
[  272.958544]  should_failslab+0xd6/0x130
[  272.962528]  kmem_cache_alloc_trace+0x29a/0x3d0
[  272.967341]  ? dev_uevent_filter+0xd0/0xd0
[  272.971591]  kobject_uevent_env+0x1fa/0xcb0
[  272.975976]  ? internal_create_group+0x48f/0x710
[  272.980738]  lo_ioctl+0x11a6/0x1cd0
[  272.984369]  ? loop_set_status64+0xe0/0xe0
[  272.988696]  blkdev_ioctl+0x540/0x1830
[  272.992680]  ? blkpg_ioctl+0x8d0/0x8d0
[  272.996574]  ? trace_hardirqs_on+0x10/0x10
[  273.001021]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  273.006128]  block_ioctl+0xd9/0x120
[  273.009753]  ? blkdev_fallocate+0x3a0/0x3a0
[  273.014074]  do_vfs_ioctl+0x75a/0xff0
[  273.017961]  ? selinux_inode_setxattr+0x730/0x730
[  273.022803]  ? ioctl_preallocate+0x1a0/0x1a0
[  273.027209]  ? lock_downgrade+0x740/0x740
[  273.031362]  ? __fget+0x225/0x360
[  273.034822]  ? security_file_ioctl+0x83/0xb0
[  273.039232]  SyS_ioctl+0x7f/0xb0
[  273.042596]  ? do_vfs_ioctl+0xff0/0xff0
[  273.046608]  do_syscall_64+0x1d5/0x640
[  273.050604]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  273.055891] RIP: 0033:0x45dfe7
[  273.059162] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  273.066868] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  273.074147] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  273.083418] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  273.091561] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  273.098832] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  273.131797] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:09 executing program 1 (fault-call:0 fault-nth:21):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:09 executing program 3:

02:53:09 executing program 4:
socket(0xa, 0x802, 0x80000000088)
r0 = socket$netlink(0x10, 0x3, 0x4)
perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
sendmsg$TIPC_CMD_SHOW_PORTS(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={0x0}}, 0x0)
writev(r0, &(0x7f0000fb1000)=[{&(0x7f0000000180)="480000001400197f09004b0101048c590a88ffffff010001000000000028213ee20600d4ff5bffff00c7e5ed5e00000000000000000000eaf60d18125d4b18857a9eace3dbe8b12c", 0x48}], 0x1)

02:53:09 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:09 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:09 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  273.191491] BTRFS error (device loop1): open_ctree failed
02:53:09 executing program 3:

02:53:09 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  273.288956] FAULT_INJECTION: forcing a failure.
[  273.288956] name failslab, interval 1, probability 0, space 0, times 0
[  273.304552] CPU: 0 PID: 17295 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  273.312450] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.321821] Call Trace:
[  273.324601]  dump_stack+0x1b2/0x283
[  273.328237]  should_fail.cold+0x10a/0x154
[  273.332586]  should_failslab+0xd6/0x130
[  273.336827]  kmem_cache_alloc_trace+0x29a/0x3d0
[  273.341790]  ? dev_uevent_filter+0xd0/0xd0
[  273.346360]  kobject_uevent_env+0x1fa/0xcb0
[  273.350682]  ? internal_create_group+0x48f/0x710
[  273.355900]  lo_ioctl+0x11a6/0x1cd0
[  273.359790]  ? loop_set_status64+0xe0/0xe0
[  273.364009]  blkdev_ioctl+0x540/0x1830
[  273.367996]  ? blkpg_ioctl+0x8d0/0x8d0
[  273.372698]  ? trace_hardirqs_on+0x10/0x10
[  273.377117]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  273.382293]  block_ioctl+0xd9/0x120
[  273.385934]  ? blkdev_fallocate+0x3a0/0x3a0
[  273.390250]  do_vfs_ioctl+0x75a/0xff0
[  273.394068]  ? selinux_inode_setxattr+0x730/0x730
[  273.399160]  ? ioctl_preallocate+0x1a0/0x1a0
[  273.403667]  ? lock_downgrade+0x740/0x740
[  273.407890]  ? __fget+0x225/0x360
[  273.411517]  ? security_file_ioctl+0x83/0xb0
[  273.416011]  SyS_ioctl+0x7f/0xb0
[  273.419367]  ? do_vfs_ioctl+0xff0/0xff0
[  273.423324]  do_syscall_64+0x1d5/0x640
[  273.427197]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  273.432453] RIP: 0033:0x45dfe7
02:53:10 executing program 3:

02:53:10 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  273.435622] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  273.443679] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  273.451986] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  273.459690] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  273.466972] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  273.474232] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:10 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:10 executing program 2:
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r0, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  273.626322] Bluetooth: hci1 command 0x0419 tx timeout
[  273.676685] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:10 executing program 1 (fault-call:0 fault-nth:22):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:10 executing program 3:

02:53:10 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:10 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:10 executing program 2:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:10 executing program 4:

[  273.737379] BTRFS error (device loop1): open_ctree failed
02:53:10 executing program 3:

02:53:10 executing program 4:

02:53:10 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:10 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  273.833299] FAULT_INJECTION: forcing a failure.
[  273.833299] name failslab, interval 1, probability 0, space 0, times 0
02:53:10 executing program 3:

[  273.885427] CPU: 0 PID: 17345 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  273.893344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.902701] Call Trace:
[  273.905351]  dump_stack+0x1b2/0x283
[  273.908987]  should_fail.cold+0x10a/0x154
[  273.913165]  should_failslab+0xd6/0x130
[  273.917162]  kmem_cache_alloc_node+0x263/0x410
[  273.921935]  __alloc_skb+0x5c/0x510
[  273.926708]  kobject_uevent_env+0x70b/0xcb0
[  273.931122]  lo_ioctl+0x11a6/0x1cd0
[  273.934755]  ? loop_set_status64+0xe0/0xe0
[  273.938992]  blkdev_ioctl+0x540/0x1830
[  273.942901]  ? blkpg_ioctl+0x8d0/0x8d0
[  273.946886]  ? trace_hardirqs_on+0x10/0x10
[  273.951145]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  273.959169]  block_ioctl+0xd9/0x120
[  273.963041]  ? blkdev_fallocate+0x3a0/0x3a0
[  273.967356]  do_vfs_ioctl+0x75a/0xff0
[  273.971180]  ? selinux_inode_setxattr+0x730/0x730
[  273.977397]  ? ioctl_preallocate+0x1a0/0x1a0
[  273.981884]  ? lock_downgrade+0x740/0x740
[  273.986930]  ? __fget+0x225/0x360
[  273.991094]  ? security_file_ioctl+0x83/0xb0
[  273.995683]  SyS_ioctl+0x7f/0xb0
[  273.999464]  ? do_vfs_ioctl+0xff0/0xff0
[  274.003421]  do_syscall_64+0x1d5/0x640
[  274.007567]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  274.013007] RIP: 0033:0x45dfe7
[  274.016181] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.023968] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
02:53:10 executing program 4:

[  274.031251] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  274.038955] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  274.046731] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  274.054076] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  274.083977] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:10 executing program 1 (fault-call:0 fault-nth:23):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:10 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:10 executing program 3:

02:53:10 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:10 executing program 2:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:10 executing program 4:

[  274.149394] BTRFS error (device loop1): open_ctree failed
02:53:10 executing program 3:

02:53:10 executing program 4:

02:53:10 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:10 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:10 executing program 3:

02:53:10 executing program 4:

[  274.283235] FAULT_INJECTION: forcing a failure.
[  274.283235] name failslab, interval 1, probability 0, space 0, times 0
[  274.329116] CPU: 1 PID: 17383 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  274.337022] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.346371] Call Trace:
[  274.348962]  dump_stack+0x1b2/0x283
[  274.352633]  should_fail.cold+0x10a/0x154
[  274.356792]  should_failslab+0xd6/0x130
[  274.360766]  kmem_cache_alloc_node+0x263/0x410
[  274.365348]  __alloc_skb+0x5c/0x510
[  274.368974]  kobject_uevent_env+0x70b/0xcb0
[  274.373286]  lo_ioctl+0x11a6/0x1cd0
[  274.376893]  ? loop_set_status64+0xe0/0xe0
[  274.381109]  blkdev_ioctl+0x540/0x1830
[  274.384975]  ? blkpg_ioctl+0x8d0/0x8d0
[  274.388839]  ? trace_hardirqs_on+0x10/0x10
[  274.393059]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  274.398158]  block_ioctl+0xd9/0x120
[  274.401767]  ? blkdev_fallocate+0x3a0/0x3a0
[  274.406067]  do_vfs_ioctl+0x75a/0xff0
[  274.409869]  ? selinux_inode_setxattr+0x730/0x730
[  274.414688]  ? ioctl_preallocate+0x1a0/0x1a0
[  274.419073]  ? lock_downgrade+0x740/0x740
[  274.423200]  ? __fget+0x225/0x360
[  274.426647]  ? security_file_ioctl+0x83/0xb0
[  274.431035]  SyS_ioctl+0x7f/0xb0
[  274.434382]  ? do_vfs_ioctl+0xff0/0xff0
[  274.438333]  do_syscall_64+0x1d5/0x640
[  274.442202]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  274.447369] RIP: 0033:0x45dfe7
[  274.450549] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.458288] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  274.465554] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  274.472802] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  274.480050] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  274.487297] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  274.533690] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:11 executing program 3:

02:53:11 executing program 1 (fault-call:0 fault-nth:24):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:11 executing program 4:

02:53:11 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:11 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:11 executing program 2:
r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  274.586889] BTRFS error (device loop1): open_ctree failed
02:53:11 executing program 3:

02:53:11 executing program 4:

02:53:11 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:11 executing program 3:

02:53:11 executing program 3:

02:53:11 executing program 3:

[  274.720945] FAULT_INJECTION: forcing a failure.
[  274.720945] name failslab, interval 1, probability 0, space 0, times 0
[  274.746812] CPU: 1 PID: 17418 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  274.754980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.764331] Call Trace:
[  274.767711]  dump_stack+0x1b2/0x283
[  274.771347]  should_fail.cold+0x10a/0x154
[  274.775501]  should_failslab+0xd6/0x130
[  274.779475]  kmem_cache_alloc_node_trace+0x25a/0x400
[  274.784586]  __kmalloc_node_track_caller+0x38/0x70
[  274.789779]  __alloc_skb+0x96/0x510
[  274.793419]  kobject_uevent_env+0x70b/0xcb0
[  274.797753]  lo_ioctl+0x11a6/0x1cd0
[  274.801693]  ? loop_set_status64+0xe0/0xe0
[  274.806028]  blkdev_ioctl+0x540/0x1830
[  274.810092]  ? blkpg_ioctl+0x8d0/0x8d0
[  274.813971]  ? trace_hardirqs_on+0x10/0x10
[  274.818197]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  274.823649]  block_ioctl+0xd9/0x120
[  274.827302]  ? blkdev_fallocate+0x3a0/0x3a0
[  274.831696]  do_vfs_ioctl+0x75a/0xff0
[  274.835494]  ? selinux_inode_setxattr+0x730/0x730
[  274.841315]  ? ioctl_preallocate+0x1a0/0x1a0
[  274.845970]  ? lock_downgrade+0x740/0x740
[  274.850121]  ? __fget+0x225/0x360
[  274.853557]  ? security_file_ioctl+0x83/0xb0
[  274.859352]  SyS_ioctl+0x7f/0xb0
[  274.863431]  ? do_vfs_ioctl+0xff0/0xff0
[  274.867419]  do_syscall_64+0x1d5/0x640
[  274.871313]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  274.876490] RIP: 0033:0x45dfe7
[  274.879665] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  274.887549] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  274.894800] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  274.902151] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  274.909417] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  274.916668] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  274.943814] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:11 executing program 1 (fault-call:0 fault-nth:25):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:11 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:11 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:11 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:11 executing program 3:

02:53:11 executing program 4:

[  275.027825] BTRFS error (device loop1): open_ctree failed
02:53:11 executing program 4:

02:53:11 executing program 3:

02:53:11 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:11 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:11 executing program 3:

02:53:11 executing program 3:

[  275.153796] FAULT_INJECTION: forcing a failure.
[  275.153796] name failslab, interval 1, probability 0, space 0, times 0
[  275.170939] CPU: 1 PID: 17455 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  275.178842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.188194] Call Trace:
[  275.190785]  dump_stack+0x1b2/0x283
[  275.194418]  should_fail.cold+0x10a/0x154
[  275.198612]  should_failslab+0xd6/0x130
[  275.202589]  kmem_cache_alloc_node_trace+0x25a/0x400
[  275.207873]  __kmalloc_node_track_caller+0x38/0x70
[  275.213154]  __alloc_skb+0x96/0x510
[  275.216786]  kobject_uevent_env+0x70b/0xcb0
[  275.221145]  lo_ioctl+0x11a6/0x1cd0
[  275.224866]  ? loop_set_status64+0xe0/0xe0
[  275.229108]  blkdev_ioctl+0x540/0x1830
[  275.232992]  ? blkpg_ioctl+0x8d0/0x8d0
[  275.236972]  ? trace_hardirqs_on+0x10/0x10
[  275.242096]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  275.247226]  block_ioctl+0xd9/0x120
[  275.253383]  ? blkdev_fallocate+0x3a0/0x3a0
[  275.257777]  do_vfs_ioctl+0x75a/0xff0
[  275.261570]  ? selinux_inode_setxattr+0x730/0x730
[  275.266485]  ? ioctl_preallocate+0x1a0/0x1a0
[  275.270888]  ? lock_downgrade+0x740/0x740
[  275.275034]  ? __fget+0x225/0x360
[  275.278478]  ? security_file_ioctl+0x83/0xb0
[  275.282887]  SyS_ioctl+0x7f/0xb0
[  275.286245]  ? do_vfs_ioctl+0xff0/0xff0
[  275.290226]  do_syscall_64+0x1d5/0x640
[  275.294484]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  275.299680] RIP: 0033:0x45dfe7
[  275.302943] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.310824] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  275.318345] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  275.325606] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  275.334333] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  275.341673] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  275.368533] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:12 executing program 1 (fault-call:0 fault-nth:26):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:12 executing program 3:

02:53:12 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup(r0)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x19, &(0x7f00000000c0), &(0x7f0000000240)=0x8)

02:53:12 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:12 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:12 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  275.466462] BTRFS error (device loop1): open_ctree failed
02:53:12 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f00000001c0)={0x1c, 0x1c}, 0x1c)

02:53:12 executing program 5:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:12 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:12 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:12 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  275.590178] kauditd_printk_skb: 1 callbacks suppressed
[  275.590186] audit: type=1804 audit(1601002392.141:123): pid=17488 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/32/bus/file0" dev="sda1" ino=16420 res=1
[  275.596581] FAULT_INJECTION: forcing a failure.
[  275.596581] name failslab, interval 1, probability 0, space 0, times 0
02:53:12 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/4081, 0xff1}], 0x1}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
readv(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/82, 0x52}, {0x0}, {0x0}], 0x3)
recvfrom$inet(r2, 0x0, 0xff0b, 0x0, 0x0, 0x800e00360)
shutdown(r3, 0x0)
ppoll(&(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)

[  275.678458] print_req_error: 32 callbacks suppressed
[  275.678465] print_req_error: I/O error, dev loop1, sector 0
[  275.709954] CPU: 0 PID: 17496 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  275.718125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.727570] Call Trace:
[  275.728282] print_req_error: I/O error, dev loop1, sector 0
[  275.730241]  dump_stack+0x1b2/0x283
[  275.730259]  should_fail.cold+0x10a/0x154
[  275.730272]  should_failslab+0xd6/0x130
[  275.736059] buffer_io_error: 25 callbacks suppressed
[  275.736064] Buffer I/O error on dev loop1, logical block 0, async page read
[  275.739580]  kmem_cache_alloc_node+0x263/0x410
[  275.745160] print_req_error: I/O error, dev loop1, sector 0
[  275.747757]  __alloc_skb+0x5c/0x510
[  275.747771]  kobject_uevent_env+0x70b/0xcb0
[  275.747789]  lo_ioctl+0x11a6/0x1cd0
[  275.747802]  ? loop_set_status64+0xe0/0xe0
[  275.747815]  blkdev_ioctl+0x540/0x1830
[  275.747824]  ? blkpg_ioctl+0x8d0/0x8d0
[  275.747836]  ? trace_hardirqs_on+0x10/0x10
[  275.747850]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  275.747866]  block_ioctl+0xd9/0x120
[  275.747875]  ? blkdev_fallocate+0x3a0/0x3a0
[  275.752965] Buffer I/O error on dev loop1, logical block 0, async page read
[  275.760052]  do_vfs_ioctl+0x75a/0xff0
[  275.760064]  ? selinux_inode_setxattr+0x730/0x730
[  275.760073]  ? ioctl_preallocate+0x1a0/0x1a0
[  275.760083]  ? lock_downgrade+0x740/0x740
[  275.760097]  ? __fget+0x225/0x360
[  275.760110]  ? security_file_ioctl+0x83/0xb0
[  275.760120]  SyS_ioctl+0x7f/0xb0
[  275.760128]  ? do_vfs_ioctl+0xff0/0xff0
[  275.760139]  do_syscall_64+0x1d5/0x640
[  275.760154]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  275.779157] print_req_error: I/O error, dev loop1, sector 0
[  275.781944] RIP: 0033:0x45dfe7
[  275.781950] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.781961] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  275.781966] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  275.781971] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  275.781979] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  275.786254] Buffer I/O error on dev loop1, logical block 0, async page read
[  275.790064] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  275.866487] audit: type=1804 audit(1601002392.381:124): pid=17518 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/33/bus/file0" dev="sda1" ino=16005 res=1
[  275.950115] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:12 executing program 1 (fault-call:0 fault-nth:27):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:12 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup(r0)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0xa, &(0x7f0000000140), &(0x7f0000000080)=0x98)

02:53:12 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:12 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:12 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  276.015999] BTRFS error (device loop1): open_ctree failed
02:53:12 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:12 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
sendto(r0, 0x0, 0x0, 0x0, &(0x7f0000000140)=@in6={0x1c, 0x1c, 0x2}, 0x1c)

[  276.108168] FAULT_INJECTION: forcing a failure.
[  276.108168] name failslab, interval 1, probability 0, space 0, times 0
[  276.131428] audit: type=1804 audit(1601002392.681:125): pid=17549 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/34/bus/file0" dev="sda1" ino=15800 res=1
02:53:12 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:12 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
r2 = dup2(r0, r1)
getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0x100, &(0x7f0000000040), &(0x7f0000000140)=0xb8)

[  276.165819] CPU: 0 PID: 17547 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  276.173814] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.183164] Call Trace:
[  276.185758]  dump_stack+0x1b2/0x283
[  276.189407]  should_fail.cold+0x10a/0x154
[  276.193564]  should_failslab+0xd6/0x130
[  276.197547]  kmem_cache_alloc_node_trace+0x25a/0x400
[  276.202654]  __kmalloc_node_track_caller+0x38/0x70
[  276.207590]  __alloc_skb+0x96/0x510
[  276.211227]  kobject_uevent_env+0x70b/0xcb0
02:53:12 executing program 4:

02:53:12 executing program 4:

[  276.215826]  lo_ioctl+0x11a6/0x1cd0
[  276.219466]  ? loop_set_status64+0xe0/0xe0
[  276.223703]  blkdev_ioctl+0x540/0x1830
[  276.227591]  ? blkpg_ioctl+0x8d0/0x8d0
[  276.231490]  ? trace_hardirqs_on+0x10/0x10
[  276.235729]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  276.240855]  block_ioctl+0xd9/0x120
[  276.244497]  ? blkdev_fallocate+0x3a0/0x3a0
[  276.248823]  do_vfs_ioctl+0x75a/0xff0
[  276.252711]  ? selinux_inode_setxattr+0x730/0x730
[  276.257560]  ? ioctl_preallocate+0x1a0/0x1a0
[  276.261967]  ? lock_downgrade+0x740/0x740
[  276.266114]  ? __fget+0x225/0x360
[  276.269584]  ? security_file_ioctl+0x83/0xb0
[  276.273991]  SyS_ioctl+0x7f/0xb0
[  276.277356]  ? do_vfs_ioctl+0xff0/0xff0
[  276.281329]  do_syscall_64+0x1d5/0x640
[  276.285221]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  276.290404] RIP: 0033:0x45dfe7
[  276.293587] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  276.301305] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  276.308565] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  276.315834] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  276.323101] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  276.330360] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  276.347415] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  276.386091] BTRFS error (device loop1): open_ctree failed
02:53:13 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x23, &(0x7f0000000040), &(0x7f0000000100)=0x94)

02:53:13 executing program 4:
r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r1 = dup(r0)
pipe(&(0x7f0000000100)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = socket$inet(0x2, 0x3, 0x5)
setsockopt$inet_msfilter(r4, 0x0, 0x8, &(0x7f0000000180)=ANY=[@ANYBLOB="1b"], 0x1)
getsockopt$inet_pktinfo(r4, 0x0, 0x8, &(0x7f0000000140)={<r5=>0x0, @local, @local}, &(0x7f0000000000)=0xc)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001c40)={&(0x7f0000000300)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x7}}}, 0x24}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="d00800002d00fd"], 0x2}}, 0x0)
setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000000)={@mcast2}, 0x14)
r6 = socket$inet(0x10, 0x2, 0x0)
write$binfmt_misc(r3, &(0x7f0000000000)=ANY=[], 0xfffffecc)
splice(r2, 0x0, r6, 0x0, 0x86ffde, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)

02:53:13 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:13 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:13 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:13 executing program 1 (fault-call:0 fault-nth:28):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:13 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  276.703566] FAULT_INJECTION: forcing a failure.
[  276.703566] name failslab, interval 1, probability 0, space 0, times 0
[  276.734420] audit: type=1804 audit(1601002393.281:126): pid=17595 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/35/bus/file0" dev="sda1" ino=15728 res=1
[  276.739877] CPU: 0 PID: 17596 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  276.766988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.774344] print_req_error: I/O error, dev loop1, sector 0
[  276.776343] Call Trace:
[  276.776362]  dump_stack+0x1b2/0x283
[  276.776377]  should_fail.cold+0x10a/0x154
[  276.776390]  should_failslab+0xd6/0x130
[  276.776400]  kmem_cache_alloc_node_trace+0x25a/0x400
02:53:13 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  276.776411]  __kmalloc_node_track_caller+0x38/0x70
[  276.776424]  __alloc_skb+0x96/0x510
[  276.776436]  kobject_uevent_env+0x70b/0xcb0
[  276.782524] print_req_error: I/O error, dev loop1, sector 0
[  276.784925]  lo_ioctl+0x11a6/0x1cd0
[  276.784940]  ? loop_set_status64+0xe0/0xe0
[  276.784951]  blkdev_ioctl+0x540/0x1830
[  276.784961]  ? blkpg_ioctl+0x8d0/0x8d0
[  276.788656] Buffer I/O error on dev loop1, logical block 0, async page read
[  276.792730]  ? trace_hardirqs_on+0x10/0x10
[  276.802684] print_req_error: I/O error, dev loop1, sector 0
02:53:13 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
r2 = dup2(r0, r1)
setsockopt$inet_sctp_SCTP_AUTH_KEY(r2, 0x84, 0x13, &(0x7f00000000c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="981b00c4"], 0x9)

[  276.806709]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  276.806727]  block_ioctl+0xd9/0x120
[  276.806735]  ? blkdev_fallocate+0x3a0/0x3a0
[  276.806745]  do_vfs_ioctl+0x75a/0xff0
[  276.806755]  ? selinux_inode_setxattr+0x730/0x730
[  276.806765]  ? ioctl_preallocate+0x1a0/0x1a0
[  276.806774]  ? lock_downgrade+0x740/0x740
[  276.806787]  ? __fget+0x225/0x360
[  276.806800]  ? security_file_ioctl+0x83/0xb0
[  276.806810]  SyS_ioctl+0x7f/0xb0
[  276.806819]  ? do_vfs_ioctl+0xff0/0xff0
02:53:13 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="10024e22ac1400bb00"/131, @ANYRES32], 0xa0)

[  276.810425] Buffer I/O error on dev loop1, logical block 0, async page read
[  276.814813]  do_syscall_64+0x1d5/0x640
[  276.823427] print_req_error: I/O error, dev loop1, sector 0
[  276.824111]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  276.824120] RIP: 0033:0x45dfe7
[  276.824127] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246
[  276.828406] Buffer I/O error on dev loop1, logical block 0, async page read
[  276.832216]  ORIG_RAX: 0000000000000010
[  276.837792] print_req_error: I/O error, dev loop1, sector 0
[  276.843165] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  276.843171] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  276.843176] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  276.843180] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  276.843185] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  276.868448] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=17609 comm=syz-executor.4
02:53:13 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:13 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  276.876464] Buffer I/O error on dev loop1, logical block 0, async page read
[  277.021893] netlink: 2220 bytes leftover after parsing attributes in process `syz-executor.4'.
[  277.041340] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:13 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  277.121183] audit: type=1804 audit(1601002393.671:127): pid=17634 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/36/bus/file0" dev="sda1" ino=15929 res=1
[  277.162596] BTRFS error (device loop1): open_ctree failed
02:53:14 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
sendto(r0, &(0x7f0000000200)="88", 0x1, 0x0, &(0x7f0000000000)=@in={0x10, 0x2}, 0x10)

02:53:14 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)

02:53:14 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:14 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:14 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:14 executing program 1 (fault-call:0 fault-nth:29):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  277.544068] FAULT_INJECTION: forcing a failure.
[  277.544068] name failslab, interval 1, probability 0, space 0, times 0
[  277.569151] CPU: 0 PID: 17658 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  277.577072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.586440] Call Trace:
[  277.589073]  dump_stack+0x1b2/0x283
02:53:14 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind(r0, &(0x7f0000000080)=@in={0x10, 0x2}, 0x10)

02:53:14 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000080), &(0x7f0000000140)=0x8c)

02:53:14 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x100)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f00000000c0), &(0x7f0000000180)=0xb8)

[  277.592716]  should_fail.cold+0x10a/0x154
[  277.596904]  should_failslab+0xd6/0x130
[  277.599967] audit: type=1804 audit(1601002394.151:128): pid=17665 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/37/bus/file0" dev="sda1" ino=15990 res=1
[  277.600877]  kmem_cache_alloc_node+0x263/0x410
[  277.600904]  __alloc_skb+0x5c/0x510
[  277.633724]  kobject_uevent_env+0x70b/0xcb0
[  277.638060]  lo_ioctl+0x11a6/0x1cd0
02:53:14 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
sendmsg(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)=[{0x10}], 0x10}, 0x0)

[  277.641789]  ? loop_set_status64+0xe0/0xe0
[  277.646027]  blkdev_ioctl+0x540/0x1830
[  277.649935]  ? blkpg_ioctl+0x8d0/0x8d0
[  277.653835]  ? trace_hardirqs_on+0x10/0x10
[  277.658093]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  277.663210]  block_ioctl+0xd9/0x120
[  277.666836]  ? blkdev_fallocate+0x3a0/0x3a0
[  277.671243]  do_vfs_ioctl+0x75a/0xff0
[  277.675042]  ? selinux_inode_setxattr+0x730/0x730
[  277.679877]  ? ioctl_preallocate+0x1a0/0x1a0
[  277.684529]  ? lock_downgrade+0x740/0x740
[  277.688764]  ? __fget+0x225/0x360
02:53:14 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
r1 = socket$inet_sctp(0x2, 0x1, 0x84)
dup2(r1, r0)

02:53:14 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
sendto(r0, &(0x7f0000000300)="91", 0x1, 0x0, &(0x7f0000000340)=@in6={0x1c, 0x1c, 0x3}, 0x1c)

02:53:14 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  277.692269]  ? security_file_ioctl+0x83/0xb0
[  277.696688]  SyS_ioctl+0x7f/0xb0
[  277.700049]  ? do_vfs_ioctl+0xff0/0xff0
[  277.704023]  do_syscall_64+0x1d5/0x640
[  277.707918]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  277.713117] RIP: 0033:0x45dfe7
[  277.716301] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  277.724000] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  277.731271] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
02:53:14 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
pwritev(0xffffffffffffffff, &(0x7f00000001c0)=[{&(0x7f0000000040)="8f3a7d67c164ac23b5efc7cd44ab812b1434cb3eb7d0940a5896105ef1674e5e6ce65a275db5bfd52eee8c657f40bd5d445346ab61dcf9ee20014ec6015dd51b12", 0x41}], 0x1, 0x0, 0x0)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = fcntl$dupfd(r1, 0x0, r0)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x23, &(0x7f0000000000), 0xfe6a)

02:53:14 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  277.738529] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  277.745796] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  277.753058] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:14 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:14 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  277.829903] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  277.888585] BTRFS error (device loop1): open_ctree failed
02:53:14 executing program 1 (fault-call:0 fault-nth:30):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:14 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
sendmsg(r0, &(0x7f0000000140)={&(0x7f0000000000)=@un=@file={0xa}, 0xa, 0x0, 0x0, &(0x7f00000000c0)=[{0x10}], 0x10}, 0x0)

02:53:14 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:14 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:14 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200)
r1 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r1, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  277.921835] audit: type=1804 audit(1601002394.471:129): pid=17703 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/38/bus/file0" dev="sda1" ino=15973 res=1
02:53:14 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f0000000080)=ANY=[@ANYBLOB="01080000", @ANYRES32=<r2=>0x0], &(0x7f0000000100)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r1, 0x84, 0x108, &(0x7f0000000040)={r2, 0x0, 0x1}, &(0x7f00000000c0)=0x18)

02:53:14 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:14 executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0xa, &(0x7f00000000c0), &(0x7f0000000040)=0xa0)

[  278.081689] FAULT_INJECTION: forcing a failure.
[  278.081689] name failslab, interval 1, probability 0, space 0, times 0
[  278.094648] CPU: 1 PID: 17736 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  278.102896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.112333] Call Trace:
[  278.114925]  dump_stack+0x1b2/0x283
[  278.118560]  should_fail.cold+0x10a/0x154
[  278.122713]  should_failslab+0xd6/0x130
[  278.126686]  kmem_cache_alloc_node_trace+0x25a/0x400
02:53:14 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="10024e22ac1400bb00"/128, @ANYRES32, @ANYBLOB="01000000cd39000006"], 0xa0)

[  278.131820]  __kmalloc_node_track_caller+0x38/0x70
[  278.135174] audit: type=1804 audit(1601002394.641:130): pid=17746 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/39/bus/file0" dev="sda1" ino=15944 res=1
[  278.136951]  __alloc_skb+0x96/0x510
[  278.136967]  kobject_uevent_env+0x70b/0xcb0
[  278.136985]  lo_ioctl+0x11a6/0x1cd0
[  278.174225]  ? loop_set_status64+0xe0/0xe0
02:53:14 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(r0, 0x84, 0x7, &(0x7f0000000200), &(0x7f0000000140)=0x84)

02:53:14 executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
setsockopt$inet_sctp_SCTP_EVENTS(r0, 0x84, 0xc, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0xb)

[  278.178737]  blkdev_ioctl+0x540/0x1830
[  278.183118]  ? blkpg_ioctl+0x8d0/0x8d0
[  278.187014]  ? trace_hardirqs_on+0x10/0x10
[  278.191782]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  278.197617]  block_ioctl+0xd9/0x120
[  278.202933]  ? blkdev_fallocate+0x3a0/0x3a0
[  278.208396]  do_vfs_ioctl+0x75a/0xff0
[  278.212290]  ? selinux_inode_setxattr+0x730/0x730
[  278.217189]  ? ioctl_preallocate+0x1a0/0x1a0
[  278.221864]  ? lock_downgrade+0x740/0x740
[  278.226707]  ? __fget+0x225/0x360
02:53:14 executing program 3:
r0 = socket(0x2, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="8202cde917"], 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x105, &(0x7f0000000040)={0x1, [<r1=>0x0]}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x108, &(0x7f00000000c0)={r1, 0x0, 0x2}, &(0x7f0000000100)=0x18)

[  278.230776]  ? security_file_ioctl+0x83/0xb0
[  278.235218]  SyS_ioctl+0x7f/0xb0
[  278.239114]  ? do_vfs_ioctl+0xff0/0xff0
[  278.243108]  do_syscall_64+0x1d5/0x640
[  278.247458]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  278.252761] RIP: 0033:0x45dfe7
[  278.256232] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.265163] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  278.273661] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  278.281857] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  278.289446] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  278.297061] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  278.321707] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:15 executing program 1 (fault-call:0 fault-nth:31):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:15 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup(r0)
sendmsg(r1, &(0x7f0000001900)={&(0x7f0000000040)=@in6={0x1c, 0x1c}, 0x1c, &(0x7f0000001380)=[{&(0x7f0000000080)="99", 0x1}], 0x1, &(0x7f0000001400)=[{0x10}], 0x10}, 0x0)

02:53:15 executing program 4:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)={0x0, @in, 0x0, 0x0, 0x100}, 0x98)

02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:15 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  278.365966] BTRFS error (device loop1): open_ctree failed
[  278.467334] FAULT_INJECTION: forcing a failure.
[  278.467334] name failslab, interval 1, probability 0, space 0, times 0
[  278.484774] CPU: 1 PID: 17783 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  278.494519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.503962] Call Trace:
[  278.506569]  dump_stack+0x1b2/0x283
[  278.507604] audit: type=1804 audit(1601002395.041:131): pid=17786 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/40/bus/file0" dev="sda1" ino=16442 res=1
[  278.510288]  should_fail.cold+0x10a/0x154
[  278.510302]  should_failslab+0xd6/0x130
[  278.544763]  kmem_cache_alloc_node_trace+0x25a/0x400
[  278.550367]  __kmalloc_node_track_caller+0x38/0x70
[  278.555485]  __alloc_skb+0x96/0x510
[  278.559178]  kobject_uevent_env+0x70b/0xcb0
[  278.563499]  lo_ioctl+0x11a6/0x1cd0
[  278.567127]  ? loop_set_status64+0xe0/0xe0
[  278.571360]  blkdev_ioctl+0x540/0x1830
[  278.575406]  ? blkpg_ioctl+0x8d0/0x8d0
[  278.579276]  ? trace_hardirqs_on+0x10/0x10
[  278.583492]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  278.588612]  block_ioctl+0xd9/0x120
[  278.592221]  ? blkdev_fallocate+0x3a0/0x3a0
[  278.596572]  do_vfs_ioctl+0x75a/0xff0
[  278.600358]  ? selinux_inode_setxattr+0x730/0x730
[  278.605184]  ? ioctl_preallocate+0x1a0/0x1a0
[  278.609678]  ? lock_downgrade+0x740/0x740
[  278.614169]  ? __fget+0x225/0x360
[  278.617608]  ? security_file_ioctl+0x83/0xb0
[  278.622000]  SyS_ioctl+0x7f/0xb0
[  278.625356]  ? do_vfs_ioctl+0xff0/0xff0
[  278.629323]  do_syscall_64+0x1d5/0x640
[  278.634005]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  278.639375] RIP: 0033:0x45dfe7
[  278.642893] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.650955] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  278.658300] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [0x0]}, &(0x7f0000001700)=0x8)
getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r1, 0x84, 0x107, &(0x7f0000000440), &(0x7f0000000480)=0x18)

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  278.665657] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  278.672925] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  278.680202] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  278.717486] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:15 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
sendto(r0, &(0x7f0000000200)="88", 0x1, 0x0, &(0x7f0000000140)=@in6={0x1c, 0x1c, 0x2}, 0x1c)

02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  278.776979] BTRFS error (device loop1): open_ctree failed
02:53:15 executing program 1 (fault-call:0 fault-nth:32):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:15 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:15 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x26, &(0x7f0000000000), &(0x7f0000000040)=0x8)

[  278.815449] audit: type=1804 audit(1601002395.361:132): pid=17811 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/41/bus/file0" dev="sda1" ino=15900 res=1
[  278.917930] FAULT_INJECTION: forcing a failure.
[  278.917930] name failslab, interval 1, probability 0, space 0, times 0
[  278.926609] print_req_error: I/O error, dev loop1, sector 0
[  278.936969] CPU: 1 PID: 17829 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  278.944862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.954213] Call Trace:
[  278.956141] Buffer I/O error on dev loop1, logical block 0, async page read
[  278.956797]  dump_stack+0x1b2/0x283
[  278.956815]  should_fail.cold+0x10a/0x154
[  278.964041] Buffer I/O error on dev loop1, logical block 0, async page read
[  278.967515]  should_failslab+0xd6/0x130
[  278.967526]  kmem_cache_alloc_node_trace+0x25a/0x400
[  278.967538]  __kmalloc_node_track_caller+0x38/0x70
[  278.967550]  __alloc_skb+0x96/0x510
[  278.967565]  kobject_uevent_env+0x70b/0xcb0
[  278.972906] Buffer I/O error on dev loop1, logical block 0, async page read
[  278.978778]  lo_ioctl+0x11a6/0x1cd0
[  278.978792]  ? loop_set_status64+0xe0/0xe0
[  278.978803]  blkdev_ioctl+0x540/0x1830
[  278.978811]  ? blkpg_ioctl+0x8d0/0x8d0
[  278.978823]  ? trace_hardirqs_on+0x10/0x10
[  279.028348]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  279.033465]  block_ioctl+0xd9/0x120
[  279.037120]  ? blkdev_fallocate+0x3a0/0x3a0
[  279.041462]  do_vfs_ioctl+0x75a/0xff0
[  279.045241]  ? selinux_inode_setxattr+0x730/0x730
[  279.050069]  ? ioctl_preallocate+0x1a0/0x1a0
[  279.054467]  ? lock_downgrade+0x740/0x740
[  279.058607]  ? __fget+0x225/0x360
[  279.062124]  ? security_file_ioctl+0x83/0xb0
02:53:15 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmsg(r0, &(0x7f0000000480)={&(0x7f0000000040)=@in6={0x1c, 0x1c, 0x1}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000080)="e7", 0x1}], 0x1, &(0x7f0000000340)=[{0x10}], 0x10}, 0x0)

02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, 0x0, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [<r2=>0x0]}, &(0x7f0000001700)=0x8)
getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r1, 0x84, 0x26, &(0x7f00000000c0)={r2}, &(0x7f0000000100)=0x8)

[  279.066530]  SyS_ioctl+0x7f/0xb0
[  279.069884]  ? do_vfs_ioctl+0xff0/0xff0
[  279.073862]  do_syscall_64+0x1d5/0x640
[  279.077734]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  279.082903] RIP: 0033:0x45dfe7
[  279.086070] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.093757] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  279.101009] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  279.108262] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  279.115507] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  279.122773] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:15 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x100)
sendmsg$inet_sctp(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000000c0)='\f', 0x1}], 0x1, &(0x7f0000000440)=[@authinfo={0x10}], 0x10}, 0x0)

[  279.159779] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:15 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
connect$inet(r0, &(0x7f0000000200)={0x10, 0x2}, 0x10)
setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f0000000000)=0x5, 0x4)
sendmsg(r0, &(0x7f0000000880)={&(0x7f0000000040)=@in={0x10, 0x2}, 0x10, 0x0}, 0x205)

02:53:15 executing program 1 (fault-call:0 fault-nth:33):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  279.228643] BTRFS error (device loop1): open_ctree failed
02:53:15 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0xf, &(0x7f0000000080), &(0x7f00000000c0)=0xc)

02:53:15 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x0, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:15 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, 0x0}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:15 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:15 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x0, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:15 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x1, 0x84)
dup2(r0, r1)

[  279.367269] FAULT_INJECTION: forcing a failure.
[  279.367269] name failslab, interval 1, probability 0, space 0, times 0
02:53:16 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  279.427692] CPU: 1 PID: 17881 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  279.435709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  279.446103] Call Trace:
[  279.448698]  dump_stack+0x1b2/0x283
[  279.452331]  should_fail.cold+0x10a/0x154
[  279.456483]  should_failslab+0xd6/0x130
[  279.460456]  kmem_cache_alloc_node+0x263/0x410
[  279.464664] overlayfs: failed to resolve './file1': -2
[  279.465063]  __alloc_skb+0x5c/0x510
[  279.465079]  kobject_uevent_env+0x70b/0xcb0
[  279.478367]  lo_ioctl+0x11a6/0x1cd0
[  279.482001]  ? loop_set_status64+0xe0/0xe0
[  279.486239]  blkdev_ioctl+0x540/0x1830
[  279.490131]  ? blkpg_ioctl+0x8d0/0x8d0
[  279.494018]  ? trace_hardirqs_on+0x10/0x10
[  279.499726]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  279.504823]  block_ioctl+0xd9/0x120
[  279.508452]  ? blkdev_fallocate+0x3a0/0x3a0
[  279.512778]  do_vfs_ioctl+0x75a/0xff0
[  279.516589]  ? selinux_inode_setxattr+0x730/0x730
[  279.530453]  ? ioctl_preallocate+0x1a0/0x1a0
[  279.534865]  ? lock_downgrade+0x740/0x740
[  279.539058]  ? __fget+0x225/0x360
[  279.542505]  ? security_file_ioctl+0x83/0xb0
[  279.546898]  SyS_ioctl+0x7f/0xb0
[  279.550245]  ? do_vfs_ioctl+0xff0/0xff0
[  279.554247]  do_syscall_64+0x1d5/0x640
[  279.558135]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  279.563326] RIP: 0033:0x45dfe7
[  279.566501] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
02:53:16 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  279.574194] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  279.581439] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  279.588687] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  279.595945] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  279.603193] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  279.639820] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:16 executing program 1 (fault-call:0 fault-nth:34):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:16 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x0, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:16 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x21, &(0x7f0000000080), 0x10)

02:53:16 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/4081, 0xff1}], 0x1}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
readv(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/82, 0x52}, {0x0}], 0x2)
recvfrom$inet(r2, 0x0, 0xff0b, 0x0, 0x0, 0x800e00360)
shutdown(r3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)

02:53:16 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:16 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  279.688705] BTRFS error (device loop1): open_ctree failed
02:53:16 executing program 3:
r0 = socket(0x2, 0x5, 0x0)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000040), &(0x7f00000001c0)=0x59)

02:53:16 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={0x0, 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  279.792743] FAULT_INJECTION: forcing a failure.
[  279.792743] name failslab, interval 1, probability 0, space 0, times 0
[  279.806900] overlayfs: failed to resolve './file1': -2
02:53:16 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:16 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x1c, 0x1c, 0x2}, 0x1c)
getsockname$inet6(r0, 0x0, &(0x7f0000000100))

02:53:16 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  279.834239] CPU: 0 PID: 17934 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  279.842147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  279.851510] Call Trace:
[  279.854107]  dump_stack+0x1b2/0x283
[  279.857748]  should_fail.cold+0x10a/0x154
[  279.861914]  should_failslab+0xd6/0x130
[  279.865892]  kmem_cache_alloc_node+0x263/0x410
[  279.870476]  __alloc_skb+0x5c/0x510
[  279.874136]  kobject_uevent_env+0x70b/0xcb0
[  279.878465]  lo_ioctl+0x11a6/0x1cd0
02:53:16 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0100000000000000008000a"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  279.882095]  ? loop_set_status64+0xe0/0xe0
[  279.886419]  blkdev_ioctl+0x540/0x1830
[  279.890300]  ? blkpg_ioctl+0x8d0/0x8d0
[  279.894185]  ? trace_hardirqs_on+0x10/0x10
[  279.898423]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  279.903532]  block_ioctl+0xd9/0x120
[  279.907330]  ? blkdev_fallocate+0x3a0/0x3a0
[  279.911651]  do_vfs_ioctl+0x75a/0xff0
[  279.915456]  ? selinux_inode_setxattr+0x730/0x730
[  279.920294]  ? ioctl_preallocate+0x1a0/0x1a0
[  279.924707]  ? lock_downgrade+0x740/0x740
[  279.928872]  ? __fget+0x225/0x360
[  279.932320]  ? security_file_ioctl+0x83/0xb0
[  279.936724]  SyS_ioctl+0x7f/0xb0
[  279.940104]  ? do_vfs_ioctl+0xff0/0xff0
[  279.944605]  do_syscall_64+0x1d5/0x640
[  279.948494]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  279.953683] RIP: 0033:0x45dfe7
[  279.956886] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.964585] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  279.971853] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  279.979118] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  279.986381] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  279.993812] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  280.023555] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:16 executing program 1 (fault-call:0 fault-nth:35):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:16 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:16 executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x23, &(0x7f0000000380), 0x94)

[  280.056122] BTRFS error (device loop1): open_ctree failed
[  280.161960] FAULT_INJECTION: forcing a failure.
[  280.161960] name failslab, interval 1, probability 0, space 0, times 0
[  280.193831] CPU: 0 PID: 17972 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  280.201751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  280.211107] Call Trace:
[  280.213694]  dump_stack+0x1b2/0x283
[  280.217411]  should_fail.cold+0x10a/0x154
[  280.221565]  should_failslab+0xd6/0x130
[  280.225539]  kmem_cache_alloc_node+0x263/0x410
[  280.230122]  __alloc_skb+0x5c/0x510
[  280.233754]  kobject_uevent_env+0x70b/0xcb0
[  280.238085]  lo_ioctl+0x11a6/0x1cd0
[  280.241694]  ? loop_set_status64+0xe0/0xe0
[  280.245981]  blkdev_ioctl+0x540/0x1830
[  280.250247]  ? blkpg_ioctl+0x8d0/0x8d0
[  280.254137]  ? trace_hardirqs_on+0x10/0x10
[  280.258367]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  280.263464]  block_ioctl+0xd9/0x120
[  280.267105]  ? blkdev_fallocate+0x3a0/0x3a0
[  280.271420]  do_vfs_ioctl+0x75a/0xff0
[  280.275203]  ? selinux_inode_setxattr+0x730/0x730
[  280.280034]  ? ioctl_preallocate+0x1a0/0x1a0
[  280.284452]  ? lock_downgrade+0x740/0x740
[  280.288600]  ? __fget+0x225/0x360
[  280.292041]  ? security_file_ioctl+0x83/0xb0
[  280.296427]  SyS_ioctl+0x7f/0xb0
[  280.299771]  ? do_vfs_ioctl+0xff0/0xff0
[  280.303722]  do_syscall_64+0x1d5/0x640
[  280.307601]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  280.312783] RIP: 0033:0x45dfe7
[  280.315963] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.323661] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  280.330949] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  280.338220] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  280.345475] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
[  280.352738] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  280.382886] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  280.415744] BTRFS error (device loop1): open_ctree failed
02:53:17 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000300)={0x10, 0x2}, 0x10)
bind(r0, &(0x7f0000000080)=@in={0x10, 0x2}, 0x10)

02:53:17 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:17 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x3, &(0x7f00000000c0), &(0x7f0000000100)=0x8)

02:53:17 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:17 executing program 1 (fault-call:0 fault-nth:36):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:17 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c}, 0x1c)

02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  280.671503] overlayfs: failed to resolve './file1': -2
[  280.690413] FAULT_INJECTION: forcing a failure.
[  280.690413] name failslab, interval 1, probability 0, space 0, times 0
02:53:17 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  280.719923] kauditd_printk_skb: 4 callbacks suppressed
[  280.719932] audit: type=1804 audit(1601002397.271:137): pid=17992 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/49/bus/file0" dev="sda1" ino=16444 res=1
[  280.739020] print_req_error: 16 callbacks suppressed
[  280.739026] print_req_error: I/O error, dev loop1, sector 0
[  280.774527] CPU: 0 PID: 17994 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  280.782862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  280.795631] print_req_error: I/O error, dev loop1, sector 0
[  280.796471] Call Trace:
[  280.802207] buffer_io_error: 11 callbacks suppressed
[  280.802213] Buffer I/O error on dev loop1, logical block 0, async page read
[  280.804739]  dump_stack+0x1b2/0x283
02:53:17 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
dup2(r0, r1)

[  280.812423] print_req_error: I/O error, dev loop1, sector 0
[  280.817245]  should_fail.cold+0x10a/0x154
[  280.817262]  should_failslab+0xd6/0x130
[  280.817272]  kmem_cache_alloc_trace+0x29a/0x3d0
[  280.817284]  ? kobject_create.cold+0x20/0x20
[  280.817356]  call_usermodehelper_setup+0x73/0x2e0
[  280.817368]  kobject_uevent_env+0xab1/0xcb0
[  280.821493] Buffer I/O error on dev loop1, logical block 0, async page read
[  280.827189]  lo_ioctl+0x11a6/0x1cd0
[  280.827202]  ? loop_set_status64+0xe0/0xe0
[  280.827213]  blkdev_ioctl+0x540/0x1830
[  280.835351] print_req_error: I/O error, dev loop1, sector 0
[  280.835775]  ? blkpg_ioctl+0x8d0/0x8d0
[  280.835789]  ? trace_hardirqs_on+0x10/0x10
[  280.835805]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  280.835822]  block_ioctl+0xd9/0x120
[  280.835829]  ? blkdev_fallocate+0x3a0/0x3a0
[  280.835846]  do_vfs_ioctl+0x75a/0xff0
[  280.840574] Buffer I/O error on dev loop1, logical block 0, async page read
[  280.844961]  ? selinux_inode_setxattr+0x730/0x730
[  280.851659] print_req_error: I/O error, dev loop1, sector 0
[  280.854081]  ? ioctl_preallocate+0x1a0/0x1a0
[  280.854093]  ? lock_downgrade+0x740/0x740
[  280.854109]  ? __fget+0x225/0x360
[  280.854124]  ? security_file_ioctl+0x83/0xb0
[  280.861228] Buffer I/O error on dev loop1, logical block 0, async page read
[  280.865155]  SyS_ioctl+0x7f/0xb0
[  280.871243] print_req_error: I/O error, dev loop1, sector 0
[  280.873238]  ? do_vfs_ioctl+0xff0/0xff0
[  280.873253]  do_syscall_64+0x1d5/0x640
[  280.873267]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  280.873277] RIP: 0033:0x45dfe7
02:53:17 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="10024e22ac1400bb00"/135, @ANYBLOB="01000000cd39"], 0xa0)

[  280.879078] Buffer I/O error on dev loop1, logical block 0, async page read
[  280.882915] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246
[  280.887350] print_req_error: I/O error, dev loop1, sector 0
[  280.892214]  ORIG_RAX: 0000000000000010
[  280.892220] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  280.892225] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  280.892231] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  280.892236] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:17 executing program 4:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x100)
sendmsg$inet_sctp(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@authinfo={0x10}], 0x10}, 0x0)

02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:17 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xe, &(0x7f0000001f40), 0x3)

[  280.892241] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  281.035894] Buffer I/O error on dev loop1, logical block 0, async page read
[  281.043156] print_req_error: I/O error, dev loop1, sector 24
[  281.049497] Buffer I/O error on dev loop1, logical block 3, async page read
02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:17 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  281.151150] audit: type=1804 audit(1601002397.701:138): pid=18015 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/50/bus/file0" dev="sda1" ino=16458 res=1
[  281.256096] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  281.295607] BTRFS error (device loop1): open_ctree failed
02:53:17 executing program 1 (fault-call:0 fault-nth:37):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:17 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/4081, 0xff1}], 0x1}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
readv(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/82, 0x52}], 0x1)
recvfrom$inet(r2, 0x0, 0xff0b, 0x0, 0x0, 0x800e00360)
shutdown(r3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)

02:53:17 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r0, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001600)=""/4099, 0x1003}], 0x1}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/126, 0x7e}, {0x0}, {0x0}], 0x3}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r3, 0x0, 0x1fc0, 0x0, 0x0, 0x800e00509)
shutdown(r2, 0x0)
r4 = dup(r3)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
dup2(r4, r5)
shutdown(r5, 0x0)

02:53:17 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:17 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:17 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:18 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:18 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  281.416146] FAULT_INJECTION: forcing a failure.
[  281.416146] name failslab, interval 1, probability 0, space 0, times 0
[  281.439296] CPU: 0 PID: 18058 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  281.442519] audit: type=1804 audit(1601002397.991:139): pid=18056 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/51/bus/file0" dev="sda1" ino=16118 res=1
[  281.447199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.447204] Call Trace:
[  281.447222]  dump_stack+0x1b2/0x283
[  281.447238]  should_fail.cold+0x10a/0x154
[  281.447252]  should_failslab+0xd6/0x130
[  281.495409]  kmem_cache_alloc_trace+0x29a/0x3d0
[  281.496649] print_req_error: I/O error, dev loop1, sector 0
[  281.500074]  ? kobject_create.cold+0x20/0x20
[  281.510173]  call_usermodehelper_setup+0x73/0x2e0
02:53:18 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  281.515020]  kobject_uevent_env+0xab1/0xcb0
[  281.519349]  lo_ioctl+0x11a6/0x1cd0
[  281.522986]  ? loop_set_status64+0xe0/0xe0
[  281.523036] print_req_error: I/O error, dev loop1, sector 0
[  281.527207]  blkdev_ioctl+0x540/0x1830
[  281.527217]  ? blkpg_ioctl+0x8d0/0x8d0
[  281.527229]  ? trace_hardirqs_on+0x10/0x10
[  281.527243]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  281.527258]  block_ioctl+0xd9/0x120
[  281.532951] Buffer I/O error on dev loop1, logical block 0, async page read
[  281.536813]  ? blkdev_fallocate+0x3a0/0x3a0
02:53:18 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  281.536824]  do_vfs_ioctl+0x75a/0xff0
[  281.536834]  ? selinux_inode_setxattr+0x730/0x730
[  281.536844]  ? ioctl_preallocate+0x1a0/0x1a0
[  281.536854]  ? lock_downgrade+0x740/0x740
[  281.541228] Buffer I/O error on dev loop1, logical block 0, async page read
[  281.544960]  ? __fget+0x225/0x360
[  281.544975]  ? security_file_ioctl+0x83/0xb0
[  281.544987]  SyS_ioctl+0x7f/0xb0
[  281.550894] Buffer I/O error on dev loop1, logical block 0, async page read
[  281.554060]  ? do_vfs_ioctl+0xff0/0xff0
[  281.554074]  do_syscall_64+0x1d5/0x640
02:53:18 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  281.554088]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  281.554097] RIP: 0033:0x45dfe7
[  281.625509] RSP: 002b:00007fc7fa8cfa28 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  281.633221] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045dfe7
[  281.640486] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005
[  281.647751] RBP: 0000000000000000 R08: 0000000020000260 R09: 0000000000000000
[  281.655975] R10: 0000000000010b20 R11: 0000000000000246 R12: 0000000000000004
02:53:18 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  281.663246] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000270
[  281.671770] Bluetooth: hci3 command 0x0406 tx timeout
[  281.753115] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  281.778020] audit: type=1804 audit(1601002398.332:140): pid=18086 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/52/bus/file0" dev="sda1" ino=15901 res=1
02:53:18 executing program 1 (fault-call:0 fault-nth:38):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

[  281.840194] BTRFS error (device loop1): open_ctree failed
[  281.919476] FAULT_INJECTION: forcing a failure.
[  281.919476] name failslab, interval 1, probability 0, space 0, times 0
[  281.930906] CPU: 0 PID: 18099 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  281.938791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.948136] Call Trace:
[  281.950733]  dump_stack+0x1b2/0x283
[  281.955874]  should_fail.cold+0x10a/0x154
[  281.960020]  should_failslab+0xd6/0x130
[  281.964405]  kmem_cache_alloc+0x28e/0x3c0
[  281.968654]  getname_flags+0xc8/0x550
[  281.972434]  SyS_mkdirat+0x83/0x270
[  281.976052]  ? SyS_mknod+0x30/0x30
[  281.979568]  ? fput+0xb/0x140
[  281.982650]  ? do_syscall_64+0x4c/0x640
[  281.986609]  ? SyS_mkdirat+0x270/0x270
[  281.990487]  do_syscall_64+0x1d5/0x640
[  281.994360]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  281.999533] RIP: 0033:0x45d597
[  282.002712] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  282.010396] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  282.017652] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  282.025084] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  282.032344] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  282.039594] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:18 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))

02:53:18 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:18 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:18 executing program 0:
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:18 executing program 1 (fault-call:0 fault-nth:39):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:18 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDR_INFO(r1, 0x84, 0x101, &(0x7f0000000080), &(0x7f0000000140)=0xa0)

[  282.297191] FAULT_INJECTION: forcing a failure.
[  282.297191] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  282.311119] CPU: 0 PID: 18121 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  282.319427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  282.329487] Call Trace:
[  282.332107]  dump_stack+0x1b2/0x283
[  282.335758]  should_fail.cold+0x10a/0x154
[  282.339912]  ? lock_downgrade+0x740/0x740
[  282.344073]  __alloc_pages_nodemask+0x22c/0x2720
[  282.348846]  ? __lock_acquire+0x5fc/0x3f20
[  282.353266]  ? lo_ioctl+0x8ae/0x1cd0
[  282.355636] overlayfs: failed to resolve './file0': -2
[  282.357005]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  282.367133]  ? trace_hardirqs_on+0x10/0x10
[  282.371374]  ? blkpg_ioctl+0x8d0/0x8d0
[  282.373394] audit: type=1804 audit(1601002398.922:141): pid=18122 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/53/bus/file0" dev="sda1" ino=15778 res=1
[  282.375265]  ? trace_hardirqs_on+0x10/0x10
[  282.375279]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  282.375293]  cache_grow_begin+0x8f/0x420
[  282.375305]  cache_alloc_refill+0x273/0x350
[  282.375317]  kmem_cache_alloc+0x333/0x3c0
[  282.375330]  getname_flags+0xc8/0x550
[  282.426582]  SyS_mkdirat+0x83/0x270
[  282.430213]  ? SyS_mknod+0x30/0x30
[  282.433751]  ? fput+0xb/0x140
[  282.436854]  ? do_syscall_64+0x4c/0x640
[  282.440838]  ? SyS_mkdirat+0x270/0x270
02:53:19 executing program 4:
r0 = socket(0x2, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="8202cde917"], 0x10)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r0, 0x84, 0x105, &(0x7f0000000040)={0x1, [<r1=>0x0]}, &(0x7f0000000200)=0x8)
getsockopt$inet_sctp_SCTP_STATUS(r0, 0x84, 0x100, &(0x7f0000000100)={r1}, &(0x7f00000001c0)=0xb0)

02:53:19 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:19 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/4081, 0xff1}], 0x1}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
readv(r3, &(0x7f0000000340)=[{&(0x7f00000001c0)=""/82, 0x52}, {0x0}, {0x0}, {0x0}], 0x4)
recvfrom$inet(r2, 0x0, 0xff0b, 0x0, 0x0, 0x800e00360)
shutdown(r3, 0x0)
ppoll(&(0x7f0000000100)=[{}], 0x1, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)

02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  282.444734]  do_syscall_64+0x1d5/0x640
[  282.448625]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  282.453809] RIP: 0033:0x45d597
[  282.456993] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  282.464698] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  282.471975] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  282.479239] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  282.486506] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
02:53:19 executing program 0:
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:19 executing program 4:
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x1c, 0x1c, 0x2}, 0x1c)
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x100)

[  282.494029] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  282.501093] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
02:53:19 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:19 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
sendto(r0, 0x0, 0x0, 0x80, &(0x7f0000000000)=@in={0x10, 0x2}, 0x10)

[  282.538410] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:19 executing program 0:
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  282.589650] BTRFS error (device loop1): open_ctree failed
[  282.597003] overlayfs: failed to resolve './file0': -2
02:53:19 executing program 1 (fault-call:0 fault-nth:40):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:19 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  282.620082] audit: type=1804 audit(1601002399.172:142): pid=18148 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/54/bus/file0" dev="sda1" ino=15778 res=1
[  282.653014] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  282.718403] overlayfs: failed to resolve './file0': -2
[  282.755342] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  282.777509] audit: type=1804 audit(1601002399.332:143): pid=18171 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/55/bus/file0" dev="sda1" ino=15854 res=1
[  282.806804] FAULT_INJECTION: forcing a failure.
[  282.806804] name failslab, interval 1, probability 0, space 0, times 0
[  282.825982] CPU: 1 PID: 18172 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  282.833869] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  282.843222] Call Trace:
[  282.845814]  dump_stack+0x1b2/0x283
[  282.849450]  should_fail.cold+0x10a/0x154
[  282.853600]  should_failslab+0xd6/0x130
[  282.857575]  kmem_cache_alloc+0x28e/0x3c0
[  282.861726]  __d_alloc+0x2a/0xa20
[  282.865173]  ? d_lookup+0x172/0x220
[  282.868797]  d_alloc+0x46/0x240
[  282.872078]  __lookup_hash+0x101/0x270
[  282.876224]  filename_create+0x156/0x3f0
[  282.880286]  ? kern_path_mountpoint+0x40/0x40
[  282.884786]  SyS_mkdirat+0x95/0x270
[  282.888416]  ? SyS_mknod+0x30/0x30
[  282.891955]  ? do_syscall_64+0x4c/0x640
[  282.895924]  ? SyS_mkdirat+0x270/0x270
[  282.899824]  do_syscall_64+0x1d5/0x640
[  282.903715]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  282.908899] RIP: 0033:0x45d597
[  282.912083] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  282.920739] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  282.927998] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  282.935249] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  282.942969] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  282.950217] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:19 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
sendto(r0, &(0x7f0000000000)='[', 0x1, 0x0, &(0x7f0000000140)=@in6={0x1c, 0x1c, 0x2}, 0x1c)

02:53:19 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = fcntl$dupfd(r0, 0x0, r0)
setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0xa, &(0x7f0000000080)=ANY=[@ANYBLOB="10024e22ac1400bb00"/136, @ANYBLOB="01000000cd39"], 0xa0)

02:53:19 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:19 executing program 0:
mkdir(0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002000100000000000000060000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:19 executing program 1 (fault-call:0 fault-nth:41):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:19 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002000100000000000000060000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:20 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:20 executing program 4:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/4081, 0xff1}], 0x1}, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r1, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)={<r3=>0xffffffffffffffff})
readv(r3, &(0x7f0000000240)=[{&(0x7f00000001c0)=""/93, 0x5d}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x6)
recvfrom$inet(r2, 0x0, 0xff0b, 0x0, 0x0, 0x800e00360)
shutdown(r3, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
shutdown(r2, 0x0)

[  283.377724] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.399292] overlayfs: failed to resolve './file0': -2
[  283.401881] FAULT_INJECTION: forcing a failure.
[  283.401881] name failslab, interval 1, probability 0, space 0, times 0
[  283.443101] audit: type=1804 audit(1601002399.992:144): pid=18207 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/56/bus/file0" dev="sda1" ino=16133 res=1
[  283.483006] CPU: 0 PID: 18212 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
02:53:20 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f0000000000002500000000000002000100000000000000060000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:20 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000000)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x105, &(0x7f00000016c0)={0x1, [<r2=>0x0]}, &(0x7f0000001700)=0x8)
getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x1a, &(0x7f00000007c0)={r2}, &(0x7f0000000800)=0x8)

[  283.490916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.500267] Call Trace:
[  283.502863]  dump_stack+0x1b2/0x283
[  283.506496]  should_fail.cold+0x10a/0x154
[  283.510651]  should_failslab+0xd6/0x130
[  283.512576] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.514709]  kmem_cache_alloc+0x28e/0x3c0
[  283.527420]  selinux_inode_alloc_security+0xb1/0x2a0
[  283.532537]  security_inode_alloc+0x8d/0xd0
[  283.536876]  inode_init_always+0x576/0xb10
02:53:20 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  283.541116]  alloc_inode+0x7a/0x170
[  283.544839]  new_inode+0x1d/0xf0
[  283.548270]  __ext4_new_inode+0x360/0x4eb0
[  283.552516]  ? lock_downgrade+0x740/0x740
[  283.556671]  ? ext4_free_inode+0x1460/0x1460
[  283.561088]  ? avc_has_perm+0x1a4/0x330
[  283.565070]  ? avc_has_perm_noaudit+0x2a0/0x2a0
[  283.569811]  ? dquot_initialize_needed+0x240/0x240
[  283.574753]  ? security_transition_sid+0xcb/0x120
[  283.579600]  ? security_transition_sid+0x9c/0x120
[  283.584555]  ext4_mkdir+0x2e4/0xba0
[  283.588194]  ? selinux_dentry_init_security+0x220/0x220
02:53:20 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  283.593569]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  283.598335]  ? security_inode_mkdir+0xca/0x100
[  283.602922]  vfs_mkdir+0x463/0x6e0
[  283.606473]  SyS_mkdirat+0x1fd/0x270
[  283.610238]  ? SyS_mknod+0x30/0x30
[  283.613790]  ? do_syscall_64+0x4c/0x640
[  283.615639] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.617766]  ? SyS_mkdirat+0x270/0x270
[  283.617781]  do_syscall_64+0x1d5/0x640
[  283.617796]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  283.617807] RIP: 0033:0x45d597
02:53:20 executing program 0:
mkdir(0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:20 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:20 executing program 3:
r0 = socket$inet6_sctp(0x1c, 0x5, 0x84)
connect$inet6(r0, &(0x7f0000000240)={0x1c, 0x1c, 0x3}, 0x1c)
r1 = dup2(r0, r0)
connect(r1, &(0x7f0000000280)=@in6={0x1c, 0x1c, 0x1}, 0x1c)

[  283.642566] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  283.650386] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  283.657675] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  283.665035] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  283.672308] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  283.679683] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:20 executing program 1 (fault-call:0 fault-nth:42):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:20 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  283.717619] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.755683] overlayfs: failed to resolve './file0': -2
[  283.779625] audit: type=1804 audit(1601002400.332:145): pid=18246 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/57/bus/file0" dev="sda1" ino=15976 res=1
[  283.808420] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
[  283.820831] FAULT_INJECTION: forcing a failure.
02:53:20 executing program 0:
mkdir(0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  283.820831] name failslab, interval 1, probability 0, space 0, times 0
[  283.832509] CPU: 1 PID: 18256 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  283.840390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.849829] Call Trace:
[  283.852417]  dump_stack+0x1b2/0x283
[  283.856047]  should_fail.cold+0x10a/0x154
[  283.860197]  should_failslab+0xd6/0x130
[  283.864176]  __kmalloc+0x6d/0x400
[  283.867705]  ? context_struct_to_string.part.0+0x1f9/0x430
[  283.873419]  context_struct_to_string.part.0+0x1f9/0x430
[  283.878873]  ? dump_masked_av_helper+0x90/0x90
[  283.883451]  ? sidtab_search_core+0x181/0x2a0
[  283.887944]  security_sid_to_context_core+0x2f2/0x410
[  283.893135]  selinux_inode_init_security+0x45a/0x680
[  283.898240]  ? selinux_inode_create+0x30/0x30
[  283.902796]  ? get_cached_acl+0x5d/0x320
[  283.906868]  security_inode_init_security+0x15f/0x320
[  283.912221]  ? ext4_init_acl+0x190/0x190
[  283.916370]  ? unregister_lsm_notifier+0x20/0x20
[  283.921134]  ? insert_inode_locked+0x39e/0x4b0
[  283.925718]  __ext4_new_inode+0x35e1/0x4eb0
02:53:20 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  283.930050]  ? ext4_free_inode+0x1460/0x1460
[  283.932829] overlayfs: failed to resolve './file0': -2
[  283.934455]  ? avc_has_perm+0x1a4/0x330
[  283.934502]  ? avc_has_perm_noaudit+0x2a0/0x2a0
[  283.934515]  ? dquot_initialize_needed+0x240/0x240
[  283.944342] audit: type=1804 audit(1601002400.492:146): pid=18269 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/58/bus/file0" dev="sda1" ino=16120 res=1
[  283.948516]  ? security_transition_sid+0xcb/0x120
[  283.948525]  ? security_transition_sid+0x9c/0x120
[  283.948541]  ext4_mkdir+0x2e4/0xba0
[  283.948554]  ? selinux_dentry_init_security+0x220/0x220
[  283.948565]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  283.948578]  ? security_inode_mkdir+0xca/0x100
[  283.948589]  vfs_mkdir+0x463/0x6e0
[  283.948601]  SyS_mkdirat+0x1fd/0x270
[  283.948611]  ? SyS_mknod+0x30/0x30
[  283.948622]  ? do_syscall_64+0x4c/0x640
[  283.948630]  ? SyS_mkdirat+0x270/0x270
[  283.948640]  do_syscall_64+0x1d5/0x640
[  283.948654]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  283.948661] RIP: 0033:0x45d597
[  283.948666] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  283.948676] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  283.948680] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  283.948685] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  283.948692] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  284.073582] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  284.095855] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'.
02:53:21 executing program 4:
r0 = socket$inet6_sctp(0x1c, 0x1, 0x84)
r1 = socket$inet6_sctp(0x1c, 0x5, 0x84)
r2 = fcntl$dupfd(r1, 0x0, r0)
setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r2, 0x84, 0x23, &(0x7f0000000000)=0x1c00, 0xfe6a)

02:53:21 executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f0000000000)={0x10, 0x2}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x100)
sendmsg$inet_sctp(r0, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)

02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:21 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:21 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:21 executing program 1 (fault-call:0 fault-nth:43):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:21 executing program 3:
write$tun(0xffffffffffffffff, &(0x7f00000002c0)=ANY=[@ANYBLOB="000002000000000000e6c29e1d0d274b974c620000000f0063218cf8003806ff20010000000000000000bec800000002fe8000"/60, @ANYRES32, @ANYRES32=0x41424344, @ANYBLOB="c904000290400000ce80b424c7ee008c00ff"], 0x6e)
syz_emit_ethernet(0x46, &(0x7f00000002c0)={@link_local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr, @empty}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x10, 0x0, 0x0, 0x0, {[@mptcp=@mp_fclose={0x1e, 0xc}, @sack={0x5, 0x2}, @nop]}}}}}}}, 0x0)

02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:21 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  284.604321] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  284.638371] FAULT_INJECTION: forcing a failure.
[  284.638371] name failslab, interval 1, probability 0, space 0, times 0
02:53:21 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  284.733385] CPU: 0 PID: 18298 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  284.741296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  284.750734] Call Trace:
[  284.753844]  dump_stack+0x1b2/0x283
[  284.757473]  should_fail.cold+0x10a/0x154
[  284.761631]  should_failslab+0xd6/0x130
[  284.765604]  __kmalloc+0x2c1/0x400
[  284.769322]  ? ext4_find_extent+0x879/0xbc0
[  284.773652]  ext4_find_extent+0x879/0xbc0
[  284.777825]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  284.783279]  ext4_ext_map_blocks+0x19a/0x6b10
[  284.787775]  ? __lock_acquire+0x5fc/0x3f20
[  284.792012]  ? __lock_acquire+0x5fc/0x3f20
[  284.796250]  ? mark_buffer_dirty+0x95/0x480
[  284.800654]  ? trace_hardirqs_on+0x10/0x10
[  284.804894]  ? __ext4_handle_dirty_metadata+0x120/0x480
[  284.810259]  ? ext4_find_delalloc_cluster+0x180/0x180
[  284.815449]  ? trace_hardirqs_on+0x10/0x10
[  284.819685]  ? ext4_mark_iloc_dirty+0x1615/0x2700
[  284.824540]  ? ext4_es_lookup_extent+0x321/0xac0
[  284.829299]  ? lock_acquire+0x170/0x3f0
02:53:21 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c01000000000"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  284.833277]  ? lock_acquire+0x170/0x3f0
[  284.837252]  ? ext4_map_blocks+0x29f/0x1730
[  284.841579]  ext4_map_blocks+0xb19/0x1730
[  284.845733]  ? ext4_issue_zeroout+0x150/0x150
[  284.850224]  ? __ext4_new_inode+0x27c/0x4eb0
[  284.854643]  ext4_getblk+0x98/0x3f0
[  284.858266]  ? ext4_iomap_begin+0x7f0/0x7f0
[  284.862589]  ext4_bread+0x6c/0x1a0
[  284.866135]  ? ext4_getblk+0x3f0/0x3f0
[  284.870019]  ? dquot_initialize_needed+0x240/0x240
[  284.874950]  ? security_transition_sid+0xcb/0x120
[  284.879788]  ? security_transition_sid+0x9c/0x120
[  284.884640]  ext4_append+0x143/0x350
[  284.888356]  ext4_mkdir+0x4c9/0xba0
[  284.891991]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  284.896663]  ? security_inode_mkdir+0xca/0x100
[  284.901331]  vfs_mkdir+0x463/0x6e0
[  284.904875]  SyS_mkdirat+0x1fd/0x270
[  284.908597]  ? SyS_mknod+0x30/0x30
[  284.912142]  ? do_syscall_64+0x4c/0x640
[  284.916115]  ? SyS_mkdirat+0x270/0x270
[  284.919993]  do_syscall_64+0x1d5/0x640
[  284.923866]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  284.929045] RIP: 0033:0x45d597
02:53:21 executing program 4:
write$binfmt_script(0xffffffffffffffff, 0x0, 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600)=0x1801, 0x4)
sendmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000b40)="390284246ca1dc05ce4410a6ca80c1439fd609fdadaaa966d94159393148a97dc2efa999231aa8d2b255f1c09634f8a6684c61270614d2edd0b2fb32e02fefe644849d797868b9c0b9fd90fa189c5d3c1bed393699a709243aaf3d5eba9908ed1ba395ae04ad7bdfa9ca552b83794b860580efc4b32cd07905c189e832276bd09b6addcaaa174627814d0751fdff16c3c82edfde1ac3da835fcbb3f7fae30053f44370fbb7c5fdfdb8447a2106d7135b7372ab7a3d8eb6326fb3b1ef6418a1bef59973cf2acf2c085b", 0xc9}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000240)="49ab1dabd1d707715eaf00dce3cd8150ded71ee87e041febf2f6d83f668f9503fe67f8c85457696a4dbf8b8d5bb745f5fad04792d8a7ce53df5c829f53f6cf2ddb4e4b19aa43baa2b4539963a2b6fc113d53c396ca23b9a7a060d547b093eea6490fb48d7c4260920b40506cb78d5fbae3885029bf9280b0a42ac84053e15850ecedb07f7e9b165df5c79e9e662de771f5820fe64ae1252b2755d6431bfdd98d66c3f4daebcf3568bfbaf6dca6e2a5e4f2fbfca837c145ec600eed7bd7a57ede2d6a120b5765c87f6761bcda4a63ff64", 0xd0}], 0x1}}], 0x2, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
bind$alg(0xffffffffffffffff, 0x0, 0x0)

02:53:21 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280)='mptcp_pm\x00')
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000002c0)={0x28, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @initdev={0xac, 0x1e, 0x0, 0x0}}]}]}, 0x28}}, 0x0)

02:53:21 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  284.932307] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  284.940011] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  284.947268] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  284.954516] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  284.961772] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  284.969025] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c050005000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  285.011911] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:21 executing program 1 (fault-call:0 fault-nth:44):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:21 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:21 executing program 3:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000440)=ANY=[@ANYRES64], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0xb00000000065808, 0x0)
sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000100)={0xfffffffffffffffe, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="2800000004060102000001007a59008000000b000500010007"], 0x1}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendfile(r2, r1, 0x0, 0x100003000)

02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c0500050000000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  285.085173] BTRFS error (device loop1): open_ctree failed
02:53:21 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  285.233588] FAULT_INJECTION: forcing a failure.
[  285.233588] name failslab, interval 1, probability 0, space 0, times 0
[  285.245306] CPU: 0 PID: 18363 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  285.253192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.262548] Call Trace:
[  285.265144]  dump_stack+0x1b2/0x283
[  285.268782]  should_fail.cold+0x10a/0x154
[  285.272940]  should_failslab+0xd6/0x130
[  285.276917]  kmem_cache_alloc+0x40/0x3c0
[  285.280985]  __es_insert_extent+0x338/0x1360
[  285.285395]  ? __es_shrink+0x8c0/0x8c0
[  285.289285]  ? lock_acquire+0x170/0x3f0
[  285.293261]  ? ext4_es_insert_extent+0x11f/0x530
[  285.298026]  ext4_es_insert_extent+0x1b9/0x530
[  285.302613]  ? ext4_es_find_delayed_extent_range+0x930/0x930
[  285.308411]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  285.313972]  ? ext4_es_find_delayed_extent_range+0x646/0x930
[  285.319773]  ext4_ext_map_blocks+0x1e2c/0x6b10
[  285.324360]  ? __lock_acquire+0x5fc/0x3f20
02:53:21 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c0500050000000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  285.330869]  ? __lock_acquire+0x5fc/0x3f20
[  285.335112]  ? mark_buffer_dirty+0x95/0x480
[  285.339460]  ? trace_hardirqs_on+0x10/0x10
[  285.343699]  ? __ext4_handle_dirty_metadata+0x120/0x480
[  285.349067]  ? ext4_find_delalloc_cluster+0x180/0x180
[  285.354260]  ? trace_hardirqs_on+0x10/0x10
[  285.358494]  ? ext4_mark_iloc_dirty+0x1615/0x2700
[  285.363344]  ? ext4_es_lookup_extent+0x321/0xac0
[  285.368196]  ? lock_acquire+0x170/0x3f0
[  285.372178]  ? lock_acquire+0x170/0x3f0
[  285.376155]  ? ext4_map_blocks+0x29f/0x1730
[  285.380482]  ext4_map_blocks+0xb19/0x1730
[  285.384633]  ? ext4_issue_zeroout+0x150/0x150
[  285.389132]  ? __ext4_new_inode+0x27c/0x4eb0
[  285.393548]  ext4_getblk+0x98/0x3f0
[  285.397175]  ? ext4_iomap_begin+0x7f0/0x7f0
[  285.401503]  ext4_bread+0x6c/0x1a0
[  285.405158]  ? ext4_getblk+0x3f0/0x3f0
[  285.409215]  ? dquot_initialize_needed+0x240/0x240
[  285.414141]  ? security_transition_sid+0xcb/0x120
[  285.418980]  ? security_transition_sid+0x9c/0x120
[  285.423828]  ext4_append+0x143/0x350
[  285.427544]  ext4_mkdir+0x4c9/0xba0
[  285.431175]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  285.435849]  ? security_inode_mkdir+0xca/0x100
[  285.440430]  vfs_mkdir+0x463/0x6e0
[  285.443978]  SyS_mkdirat+0x1fd/0x270
[  285.447699]  ? SyS_mknod+0x30/0x30
[  285.451274]  ? do_syscall_64+0x4c/0x640
[  285.455595]  ? SyS_mkdirat+0x270/0x270
[  285.459485]  do_syscall_64+0x1d5/0x640
[  285.463382]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  285.468570] RIP: 0033:0x45d597
[  285.471758] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
02:53:22 executing program 4:
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, 0xffffffffffffffff, 0x0)
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d)
bind$inet(r0, &(0x7f0000000440)={0x2, 0x4e23, @broadcast}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4)
sendmmsg(r0, &(0x7f00000004c0)=[{{0x0, 0x0, &(0x7f0000000d40)=[{&(0x7f0000000b40)="390284246ca1dc05ce4410a6ca80c1439fd609fdadaaa966d94159393148a97dc2efa999231aa8d2b255f1c09634f8a6684c61270614d2edd0b2fb32e02fefe644849d797868b9c0b9fd90fa189c5d3c1bed393699a709243aaf3d5eba9908ed1ba395ae04ad7bdfa9ca552b83794b860580efc4b32cd07905c189e832276bd09b6addcaaa174627814d0751fdff16c3c82edfde1ac3da835fcbb3f7fae30053f44370fbb7c5fdfdb8447a2106d7135b7372ab7a3d8eb6326fb3b1ef6418a1bef59973cf2acf2c085b", 0xc9}], 0x1}}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000240)="49ab1dabd1d707715eaf00dce3cd8150ded71ee87e041febf2f6d83f668f9503fe67f8c85457696a4dbf8b8d5bb745f5fad04792d8a7ce53df5c829f53f6cf2ddb4e4b19aa43baa2b4539963a2b6fc113d53c396ca23b9a7a060d547b093eea6490fb48d7c4260920b40506cb78d5fbae3885029bf9280b0a42ac84053e15850ecedb07f7e9b165df5c79e9e662de771f5820fe64ae1252b2755d6431bfdd98d66c3f4daebcf3568bfbaf6dca6e2a5e4f2fbfca837c145ec600eed7bd7a57ede2d6a120b5765c87f6761bcda4a63ff6472714063fea927fe78e9c669ffafc3b02ab3a6b68b84d0c6e1", 0xe9}, {}, {&(0x7f0000000340)="e1321727df7bd025131ce0d3aa2063cce03cd8bdbdc4ed169267e2668dfc0a05142351c7c78b0f86bd0274e1e6", 0x2d}], 0x3}}], 0x2, 0x0)
sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0)

02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:22 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:22 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c0500050000000000"], 0x80}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x400000000000117, 0x0)

[  285.479553] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  285.486822] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  285.494088] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  285.501355] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  285.508623] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:22 executing program 5:
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

[  285.561738] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  285.637133] BTRFS error (device loop1): open_ctree failed
02:53:22 executing program 1 (fault-call:0 fault-nth:45):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:22 executing program 4:
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f00002aafe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
listen(r0, 0x1ff)
r1 = socket$inet_sctp(0x2, 0x801, 0x84)
sendmsg(r1, &(0x7f0000000040)={&(0x7f0000000240)=@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x36}}, 0x3b, &(0x7f0000000180)=[{&(0x7f0000000000)="b2", 0xffe0}], 0xa, 0x0, 0x0, 0x9000004}, 0xffffff7f00000000)

[  285.759353] overlayfs: failed to resolve './file1': -2
[  285.776894] FAULT_INJECTION: forcing a failure.
[  285.776894] name failslab, interval 1, probability 0, space 0, times 0
[  285.788340] CPU: 1 PID: 18401 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  285.796254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.805606] Call Trace:
[  285.808201]  dump_stack+0x1b2/0x283
[  285.811840]  should_fail.cold+0x10a/0x154
[  285.815996]  should_failslab+0xd6/0x130
[  285.819994]  kmem_cache_alloc+0x40/0x3c0
[  285.824060]  __es_insert_extent+0x338/0x1360
[  285.830993]  ? __es_shrink+0x8c0/0x8c0
[  285.834889]  ? lock_acquire+0x170/0x3f0
[  285.838873]  ? ext4_es_insert_extent+0x11f/0x530
[  285.843767]  ext4_es_insert_extent+0x1b9/0x530
[  285.848367]  ? ext4_es_find_delayed_extent_range+0x930/0x930
[  285.854175]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  285.859639]  ? ext4_es_find_delayed_extent_range+0x646/0x930
[  285.865454]  ext4_ext_map_blocks+0x1e2c/0x6b10
[  285.870064]  ? __lock_acquire+0x5fc/0x3f20
[  285.874379]  ? finish_task_switch+0x178/0x610
[  285.878886]  ? finish_task_switch+0x14d/0x610
[  285.883637]  ? switch_mm_irqs_off+0x601/0xeb0
[  285.888146]  ? ext4_find_delalloc_cluster+0x180/0x180
[  285.893346]  ? trace_hardirqs_on+0x10/0x10
[  285.897597]  ? io_schedule_timeout+0x140/0x140
[  285.902403]  ? ___preempt_schedule+0x16/0x18
[  285.906827]  ? preempt_schedule_common+0x45/0xc0
[  285.911831]  ? lock_acquire+0x170/0x3f0
[  285.915821]  ? ext4_map_blocks+0x29f/0x1730
[  285.920162]  ext4_map_blocks+0xb19/0x1730
[  285.924552]  ? ext4_issue_zeroout+0x150/0x150
[  285.929059]  ? __ext4_new_inode+0x27c/0x4eb0
[  285.933488]  ext4_getblk+0x98/0x3f0
[  285.937136]  ? ext4_iomap_begin+0x7f0/0x7f0
[  285.941475]  ext4_bread+0x6c/0x1a0
[  285.945026]  ? ext4_getblk+0x3f0/0x3f0
[  285.948918]  ? dquot_initialize_needed+0x240/0x240
[  285.953855]  ? security_transition_sid+0xcb/0x120
[  285.958706]  ? security_transition_sid+0x9c/0x120
[  285.963565]  ext4_append+0x143/0x350
[  285.967294]  ext4_mkdir+0x4c9/0xba0
[  285.974410]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  285.980161]  ? security_inode_mkdir+0xca/0x100
[  285.985016]  vfs_mkdir+0x463/0x6e0
[  285.988578]  SyS_mkdirat+0x1fd/0x270
[  285.989245] kauditd_printk_skb: 4 callbacks suppressed
[  285.989253] audit: type=1804 audit(1601002402.342:151): pid=18398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/62/bus/file0" dev="sda1" ino=15898 res=1
[  285.992393]  ? SyS_mknod+0x30/0x30
[  286.025173] audit: type=1804 audit(1601002402.342:152): pid=18377 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="ToMToU" comm="syz-executor.3" name="/root/syzkaller-testdir321547071/syzkaller.vincSs/80/cgroup.controllers" dev="sda1" ino=15935 res=1
[  286.025831]  ? do_syscall_64+0x4c/0x640
[  286.054629]  ? SyS_mkdirat+0x270/0x270
02:53:22 executing program 3:

02:53:22 executing program 5:
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c01000"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:22 executing program 4:

[  286.058533]  do_syscall_64+0x1d5/0x640
[  286.062545]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  286.068542] RIP: 0033:0x45d597
[  286.072340] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  286.080057] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  286.087339] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  286.094610] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  286.101883] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
02:53:22 executing program 5:
socket$key(0xf, 0x3, 0x2)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000000180), 0x400000000000117, 0x0)

02:53:22 executing program 4:

02:53:22 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:22 executing program 3:
r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
getsockname$llc(r0, 0x0, 0x0)

[  286.109155] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:22 executing program 4:
r0 = socket$inet6(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e20}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f00000000c0)={0x0, @in={{0xa, 0x0, @local}}}, &(0x7f0000000180)=0x9c)

[  286.183790] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  286.243828] overlayfs: failed to resolve './file1': -2
[  286.257608] BTRFS error (device loop1): open_ctree failed
02:53:22 executing program 1 (fault-call:0 fault-nth:46):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:22 executing program 3:
syz_emit_ethernet(0x6e, &(0x7f0000000080)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x0, 0x0, 0x0, {0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @local, {[@timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}, @lsrr={0x83, 0x7, 0x0, [@multicast2]}, @timestamp_addr={0x44, 0x4}, @ssrr={0x89, 0xb, 0x0, [@initdev={0xac, 0x1e, 0x0, 0x0}, @initdev={0xac, 0x1e, 0x0, 0x0}]}, @lsrr={0x83, 0xf, 0x0, [@remote, @broadcast, @empty]}]}}}}}}}, 0x0)

02:53:22 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)

02:53:22 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(0x0, 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  286.282121] audit: type=1804 audit(1601002402.832:153): pid=18434 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/63/bus/file0" dev="sda1" ino=15794 res=1
02:53:22 executing program 3:

02:53:22 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:22 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)

[  286.387707] overlayfs: failed to resolve './file1': -2
02:53:23 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  286.412806] audit: type=1804 audit(1601002402.962:154): pid=18451 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/64/bus/file0" dev="sda1" ino=15721 res=1
[  286.449537] FAULT_INJECTION: forcing a failure.
[  286.449537] name failslab, interval 1, probability 0, space 0, times 0
[  286.461017] CPU: 1 PID: 18452 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  286.468906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.478260] Call Trace:
[  286.480852]  dump_stack+0x1b2/0x283
[  286.484490]  should_fail.cold+0x10a/0x154
[  286.488644]  should_failslab+0xd6/0x130
[  286.492621]  kmem_cache_alloc+0x40/0x3c0
[  286.497205]  __es_insert_extent+0x338/0x1360
[  286.501624]  ext4_es_insert_extent+0x1b9/0x530
[  286.506211]  ? ext4_es_find_delayed_extent_range+0x930/0x930
02:53:23 executing program 3:

[  286.512020]  ext4_map_blocks+0x887/0x1730
[  286.516177]  ? ext4_issue_zeroout+0x150/0x150
[  286.520677]  ? __ext4_new_inode+0x27c/0x4eb0
[  286.525097]  ext4_getblk+0x98/0x3f0
[  286.528732]  ? ext4_iomap_begin+0x7f0/0x7f0
[  286.533067]  ext4_bread+0x6c/0x1a0
[  286.536605]  ? ext4_getblk+0x3f0/0x3f0
[  286.540488]  ? dquot_initialize_needed+0x240/0x240
[  286.545416]  ? security_transition_sid+0xcb/0x120
[  286.550257]  ? security_transition_sid+0x9c/0x120
[  286.555111]  ext4_append+0x143/0x350
[  286.558825]  ext4_mkdir+0x4c9/0xba0
02:53:23 executing program 3:

[  286.562457]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  286.567127]  ? security_inode_mkdir+0xca/0x100
[  286.571716]  vfs_mkdir+0x463/0x6e0
[  286.575264]  SyS_mkdirat+0x1fd/0x270
[  286.578991]  ? SyS_mknod+0x30/0x30
[  286.582531]  ? do_syscall_64+0x4c/0x640
[  286.586501]  ? SyS_mkdirat+0x270/0x270
[  286.590478]  do_syscall_64+0x1d5/0x640
[  286.594372]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  286.599558] RIP: 0033:0x45d597
[  286.602744] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  286.610446] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  286.617715] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  286.624986] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  286.632263] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
[  286.639533] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  286.681728] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  286.716298] BTRFS error (device loop1): open_ctree failed
02:53:23 executing program 4:

02:53:23 executing program 3:

02:53:23 executing program 5:
r0 = socket$key(0xf, 0x3, 0x2)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200aa080200000080000000bd00000105000600200000000a0000000000dfffff0400e50000070000001f000000000000250000000000000200010000000000000006000000627c05000500000000000a"], 0x80}}, 0x0)
sendmmsg(r0, 0x0, 0x0, 0x0)

02:53:23 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:23 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:23 executing program 1 (fault-call:0 fault-nth:47):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:23 executing program 3:

02:53:23 executing program 3:

[  287.120047] FAULT_INJECTION: forcing a failure.
[  287.120047] name failslab, interval 1, probability 0, space 0, times 0
[  287.132996] CPU: 1 PID: 18489 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  287.141254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.150607] Call Trace:
[  287.153218]  dump_stack+0x1b2/0x283
[  287.156862]  should_fail.cold+0x10a/0x154
[  287.161102]  should_failslab+0xd6/0x130
[  287.165082]  kmem_cache_alloc+0x40/0x3c0
02:53:23 executing program 4:

[  287.169145]  __es_insert_extent+0x338/0x1360
[  287.173566]  ext4_es_insert_extent+0x1b9/0x530
[  287.178326]  ? ext4_es_find_delayed_extent_range+0x930/0x930
[  287.184131]  ext4_map_blocks+0x887/0x1730
[  287.188285]  ? ext4_issue_zeroout+0x150/0x150
[  287.192773]  ? __ext4_new_inode+0x27c/0x4eb0
[  287.197216]  ext4_getblk+0x98/0x3f0
[  287.200868]  ? ext4_iomap_begin+0x7f0/0x7f0
[  287.205196]  ext4_bread+0x6c/0x1a0
[  287.208745]  ? ext4_getblk+0x3f0/0x3f0
[  287.212630]  ? dquot_initialize_needed+0x240/0x240
02:53:23 executing program 4:

02:53:23 executing program 3:

[  287.217555]  ? security_transition_sid+0xcb/0x120
[  287.222396]  ? security_transition_sid+0x9c/0x120
[  287.227243]  ext4_append+0x143/0x350
[  287.230962]  ext4_mkdir+0x4c9/0xba0
[  287.234706]  ? ext4_init_dot_dotdot+0x5a0/0x5a0
[  287.239381]  ? security_inode_mkdir+0xca/0x100
[  287.243963]  vfs_mkdir+0x463/0x6e0
[  287.247510]  SyS_mkdirat+0x1fd/0x270
[  287.251319]  ? SyS_mknod+0x30/0x30
[  287.254871]  ? do_syscall_64+0x4c/0x640
[  287.258844]  ? SyS_mkdirat+0x270/0x270
[  287.262731]  do_syscall_64+0x1d5/0x640
02:53:23 executing program 3:

02:53:23 executing program 4:

[  287.266626]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  287.275978] RIP: 0033:0x45d597
[  287.279162] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000213 ORIG_RAX: 0000000000000053
[  287.286875] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 000000000045d597
[  287.294142] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100
[  287.303010] RBP: 00007fc7fa8cfae0 R08: 0000000020000260 R09: 0000000000000000
[  287.310277] R10: 0000000000010b20 R11: 0000000000000213 R12: 0000000020000000
02:53:23 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(0x0, 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:23 executing program 4:

[  287.317543] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:23 executing program 5:

02:53:24 executing program 3:

[  287.371405] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:24 executing program 1 (fault-call:0 fault-nth:48):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:24 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:24 executing program 5:

02:53:24 executing program 4:

[  287.425020] BTRFS error (device loop1): open_ctree failed
02:53:24 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:24 executing program 3:

02:53:24 executing program 5:

02:53:24 executing program 4:

02:53:24 executing program 3:

[  287.544786] nla_parse: 12 callbacks suppressed
[  287.544792] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  287.576215] FAULT_INJECTION: forcing a failure.
[  287.576215] name failslab, interval 1, probability 0, space 0, times 0
[  287.613720] audit: type=1804 audit(1601002404.162:155): pid=18535 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/68/bus/file0" dev="sda1" ino=16495 res=1
[  287.630500] CPU: 1 PID: 18531 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  287.646275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.655626] Call Trace:
[  287.658212]  dump_stack+0x1b2/0x283
[  287.661844]  should_fail.cold+0x10a/0x154
[  287.665996]  should_failslab+0xd6/0x130
[  287.669973]  __kmalloc_track_caller+0x2bc/0x400
[  287.674637]  ? strndup_user+0x5b/0xf0
[  287.678445]  memdup_user+0x22/0xa0
[  287.681987]  strndup_user+0x5b/0xf0
[  287.685611]  ? copy_mnt_ns+0xa30/0xa30
[  287.689498]  SyS_mount+0x39/0x120
[  287.692949]  ? copy_mnt_ns+0xa30/0xa30
[  287.696839]  do_syscall_64+0x1d5/0x640
[  287.700731]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  287.705915] RIP: 0033:0x460bca
02:53:24 executing program 3:

02:53:24 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:24 executing program 5:

[  287.709098] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  287.716812] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  287.724079] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  287.731344] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  287.738632] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  287.745897] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  287.772432] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
02:53:24 executing program 1 (fault-call:0 fault-nth:49):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:24 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:24 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c0"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:24 executing program 4:

02:53:24 executing program 5:

02:53:24 executing program 3:

02:53:24 executing program 4:

02:53:24 executing program 3:

02:53:24 executing program 5:

02:53:24 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:24 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, 0x0, &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:24 executing program 4:

[  287.911831] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
[  287.930211] audit: type=1804 audit(1601002404.482:156): pid=18560 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/69/bus/file0" dev="sda1" ino=16104 res=1
[  287.982060] FAULT_INJECTION: forcing a failure.
[  287.982060] name failslab, interval 1, probability 0, space 0, times 0
[  288.024576] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  288.047825] CPU: 1 PID: 18563 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  288.055741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.065092] Call Trace:
[  288.067684]  dump_stack+0x1b2/0x283
[  288.070507] audit: type=1804 audit(1601002404.622:157): pid=18573 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/70/bus/file0" dev="sda1" ino=16496 res=1
[  288.071313]  should_fail.cold+0x10a/0x154
[  288.071329]  should_failslab+0xd6/0x130
[  288.071341]  __kmalloc_track_caller+0x2bc/0x400
[  288.108626]  ? strndup_user+0x5b/0xf0
[  288.112426]  memdup_user+0x22/0xa0
[  288.115966]  strndup_user+0x5b/0xf0
[  288.119597]  ? copy_mnt_ns+0xa30/0xa30
[  288.123502]  SyS_mount+0x68/0x120
[  288.126949]  ? copy_mnt_ns+0xa30/0xa30
[  288.130843]  do_syscall_64+0x1d5/0x640
[  288.134734]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  288.139918] RIP: 0033:0x460bca
[  288.143102] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  288.150810] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  288.158077] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  288.165345] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
02:53:24 executing program 1 (fault-call:0 fault-nth:50):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:24 executing program 5:

02:53:24 executing program 3:

02:53:24 executing program 4:

02:53:24 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:24 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  288.172644] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  288.179913] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:24 executing program 5:

02:53:24 executing program 4:

02:53:24 executing program 5:

02:53:24 executing program 4:
r0 = socket(0x2, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="8202cded17"], 0x10)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
dup2(r1, r0)

02:53:24 executing program 3:

02:53:24 executing program 5:

[  288.265186] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  288.288536] audit: type=1804 audit(1601002404.842:158): pid=18589 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/71/bus/file0" dev="sda1" ino=16104 res=1
[  288.321527] FAULT_INJECTION: forcing a failure.
[  288.321527] name failslab, interval 1, probability 0, space 0, times 0
[  288.355562] CPU: 0 PID: 18588 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  288.363474] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.372938] Call Trace:
[  288.375532]  dump_stack+0x1b2/0x283
[  288.379167]  should_fail.cold+0x10a/0x154
[  288.383321]  should_failslab+0xd6/0x130
[  288.387302]  kmem_cache_alloc_trace+0x29a/0x3d0
[  288.391974]  ? copy_mnt_ns+0xa30/0xa30
[  288.395862]  copy_mount_options+0x59/0x2f0
[  288.400098]  ? copy_mnt_ns+0xa30/0xa30
[  288.403989]  SyS_mount+0x84/0x120
[  288.407444]  ? copy_mnt_ns+0xa30/0xa30
[  288.411335]  do_syscall_64+0x1d5/0x640
[  288.415233]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
02:53:25 executing program 1 (fault-call:0 fault-nth:51):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:25 executing program 4:

02:53:25 executing program 3:

02:53:25 executing program 5:

02:53:25 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:25 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  288.420419] RIP: 0033:0x460bca
[  288.423604] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  288.431370] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  288.438786] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  288.446079] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  288.453353] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  288.460626] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:25 executing program 5:

02:53:25 executing program 3:

02:53:25 executing program 4:

[  288.578800] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'.
[  288.610974] print_req_error: 6 callbacks suppressed
[  288.610979] print_req_error: I/O error, dev loop1, sector 0
02:53:25 executing program 3:

02:53:25 executing program 5:

02:53:25 executing program 4:

[  288.624696] FAULT_INJECTION: forcing a failure.
[  288.624696] name failslab, interval 1, probability 0, space 0, times 0
[  288.640018] audit: type=1804 audit(1601002405.192:159): pid=18614 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/72/bus/file0" dev="sda1" ino=16134 res=1
[  288.704963] CPU: 1 PID: 18615 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  288.712872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.722227] Call Trace:
[  288.724823]  dump_stack+0x1b2/0x283
[  288.728460]  should_fail.cold+0x10a/0x154
[  288.732616]  should_failslab+0xd6/0x130
[  288.736598]  kmem_cache_alloc+0x28e/0x3c0
[  288.740749]  alloc_vfsmnt+0x23/0x7f0
[  288.744460]  ? _raw_read_unlock+0x29/0x40
[  288.748607]  vfs_kern_mount.part.0+0x27/0x470
[  288.753107]  do_mount+0xe53/0x2a00
[  288.756654]  ? copy_mount_string+0x40/0x40
[  288.760900]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  288.765916]  ? copy_mnt_ns+0xa30/0xa30
[  288.769806]  ? copy_mount_options+0x1fa/0x2f0
[  288.774300]  ? copy_mnt_ns+0xa30/0xa30
[  288.778273]  SyS_mount+0xa8/0x120
[  288.781723]  ? copy_mnt_ns+0xa30/0xa30
[  288.785614]  do_syscall_64+0x1d5/0x640
[  288.789507]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  288.794694] RIP: 0033:0x460bca
[  288.797880] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  288.805615] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  288.812881] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  288.820335] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  288.827790] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  288.835059] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:25 executing program 1 (fault-call:0 fault-nth:52):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:25 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:25 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:25 executing program 3:

02:53:25 executing program 5:

02:53:25 executing program 4:

02:53:25 executing program 4:

02:53:25 executing program 3:

02:53:25 executing program 4:

[  288.971893] audit: type=1804 audit(1601002405.522:160): pid=18644 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/73/bus/file0" dev="sda1" ino=16508 res=1
02:53:25 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:25 executing program 3:

02:53:25 executing program 4:

[  289.027845] FAULT_INJECTION: forcing a failure.
[  289.027845] name failslab, interval 1, probability 0, space 0, times 0
[  289.120938] CPU: 1 PID: 18646 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  289.129567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.138340] overlayfs: missing 'lowerdir'
[  289.138927] Call Trace:
[  289.145651]  dump_stack+0x1b2/0x283
[  289.149314]  should_fail.cold+0x10a/0x154
[  289.153475]  should_failslab+0xd6/0x130
[  289.157473]  kmem_cache_alloc+0x28e/0x3c0
[  289.161638]  alloc_vfsmnt+0x23/0x7f0
[  289.165350]  ? _raw_read_unlock+0x29/0x40
[  289.169528]  vfs_kern_mount.part.0+0x27/0x470
[  289.174039]  do_mount+0xe53/0x2a00
[  289.177620]  ? copy_mount_string+0x40/0x40
[  289.181872]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  289.186903]  ? copy_mnt_ns+0xa30/0xa30
[  289.190801]  ? copy_mount_options+0x1fa/0x2f0
[  289.195330]  ? copy_mnt_ns+0xa30/0xa30
[  289.199234]  SyS_mount+0xa8/0x120
[  289.202787]  ? copy_mnt_ns+0xa30/0xa30
[  289.206701]  do_syscall_64+0x1d5/0x640
[  289.210603]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  289.215801] RIP: 0033:0x460bca
02:53:25 executing program 1 (fault-call:0 fault-nth:53):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:25 executing program 5:

02:53:25 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:25 executing program 3:

02:53:25 executing program 4:

02:53:25 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  289.219000] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  289.226727] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  289.234000] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  289.241282] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  289.248555] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  289.255830] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:25 executing program 3:

02:53:25 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:25 executing program 3:

02:53:25 executing program 3:

[  289.362969] overlayfs: missing 'lowerdir'
02:53:26 executing program 5:

02:53:26 executing program 4:

[  289.401532] FAULT_INJECTION: forcing a failure.
[  289.401532] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  289.413358] CPU: 1 PID: 18677 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  289.421234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.430587] Call Trace:
[  289.433184]  dump_stack+0x1b2/0x283
[  289.436820]  should_fail.cold+0x10a/0x154
[  289.440973]  __alloc_pages_nodemask+0x22c/0x2720
[  289.445736]  ? __lock_acquire+0x5fc/0x3f20
[  289.450045]  ? is_bpf_text_address+0xb8/0x150
[  289.454545]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  289.459398]  ? __kernel_text_address+0x9/0x30
[  289.463899]  ? trace_hardirqs_on+0x10/0x10
[  289.468136]  ? __save_stack_trace+0xa0/0x160
[  289.472550]  ? depot_save_stack+0x10d/0x3e3
[  289.476877]  ? kasan_kmalloc+0x139/0x160
[  289.480935]  ? kasan_kmalloc+0xeb/0x160
[  289.484910]  cache_grow_begin+0x8f/0x420
[  289.488973]  cache_alloc_refill+0x273/0x350
[  289.493328]  kmem_cache_alloc+0x333/0x3c0
[  289.497476]  getname_flags+0xc8/0x550
[  289.501280]  user_path_at_empty+0x2a/0x50
[  289.505429]  do_mount+0x118/0x2a00
[  289.508973]  ? copy_mount_string+0x40/0x40
[  289.513208]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  289.518226]  ? kmem_cache_alloc_trace+0x36c/0x3d0
[  289.523068]  ? copy_mnt_ns+0xa30/0xa30
[  289.527127]  ? copy_mount_options+0x1fa/0x2f0
[  289.531654]  ? copy_mnt_ns+0xa30/0xa30
[  289.535542]  SyS_mount+0xa8/0x120
[  289.538996]  ? copy_mnt_ns+0xa30/0xa30
[  289.542888]  do_syscall_64+0x1d5/0x640
[  289.546804]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  289.551986] RIP: 0033:0x460bca
[  289.555176] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  289.562881] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  289.570154] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  289.577424] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  289.584689] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  289.592128] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  289.623299] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:26 executing program 1 (fault-call:0 fault-nth:54):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:26 executing program 3:

02:53:26 executing program 4:

02:53:26 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:26 executing program 5:

[  289.675537] BTRFS error (device loop1): open_ctree failed
02:53:26 executing program 5:

02:53:26 executing program 3:

02:53:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:26 executing program 4:

02:53:26 executing program 5:

02:53:26 executing program 3:

[  289.798294] overlayfs: missing 'lowerdir'
[  289.810551] FAULT_INJECTION: forcing a failure.
[  289.810551] name failslab, interval 1, probability 0, space 0, times 0
[  289.864476] CPU: 1 PID: 18715 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  289.872473] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.881827] Call Trace:
[  289.884423]  dump_stack+0x1b2/0x283
[  289.888058]  should_fail.cold+0x10a/0x154
[  289.892210]  should_failslab+0xd6/0x130
[  289.896201]  __kmalloc_track_caller+0x2bc/0x400
[  289.900866]  ? kstrdup_const+0x35/0x60
[  289.904755]  ? lock_downgrade+0x740/0x740
[  289.908904]  kstrdup+0x36/0x70
[  289.912095]  kstrdup_const+0x35/0x60
[  289.915817]  alloc_vfsmnt+0xe0/0x7f0
[  289.919550]  ? _raw_read_unlock+0x29/0x40
[  289.923887]  vfs_kern_mount.part.0+0x27/0x470
[  289.928383]  do_mount+0xe53/0x2a00
[  289.931926]  ? copy_mount_string+0x40/0x40
[  289.936245]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  289.941273]  ? copy_mnt_ns+0xa30/0xa30
[  289.945159]  ? copy_mount_options+0x1fa/0x2f0
[  289.949648]  ? copy_mnt_ns+0xa30/0xa30
[  289.953527]  SyS_mount+0xa8/0x120
[  289.957078]  ? copy_mnt_ns+0xa30/0xa30
[  289.961007]  do_syscall_64+0x1d5/0x640
[  289.964900]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  289.970086] RIP: 0033:0x460bca
[  289.973277] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  289.980981] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  289.988249] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  289.995517] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  290.002781] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  290.010053] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:26 executing program 1 (fault-call:0 fault-nth:55):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:26 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB, @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:26 executing program 3:

02:53:26 executing program 4:

02:53:26 executing program 5:

02:53:26 executing program 5:

02:53:26 executing program 3:

02:53:26 executing program 3:

02:53:26 executing program 4:

02:53:26 executing program 5:

02:53:26 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000100007477427", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  290.144379] FAULT_INJECTION: forcing a failure.
[  290.144379] name failslab, interval 1, probability 0, space 0, times 0
[  290.179122] overlayfs: missing 'lowerdir'
[  290.227514] CPU: 0 PID: 18746 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  290.235425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.244778] Call Trace:
[  290.247371]  dump_stack+0x1b2/0x283
[  290.251011]  should_fail.cold+0x10a/0x154
[  290.255163]  should_failslab+0xd6/0x130
[  290.259138]  __kmalloc_track_caller+0x2bc/0x400
[  290.263898]  ? btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  290.269964]  kstrdup+0x36/0x70
[  290.273162]  btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  290.280264]  ? kstrdup_const+0x35/0x60
[  290.284158]  ? parse_security_options.constprop.0+0x90/0x90
[  290.290060]  ? lock_acquire+0x170/0x3f0
[  290.294105]  ? pcpu_alloc+0x8e8/0xf50
[  290.297912]  ? trace_hardirqs_on+0x10/0x10
[  290.302150]  ? pcpu_alloc+0x8e8/0xf50
[  290.305948]  ? _find_next_bit+0xdb/0x100
[  290.310021]  btrfs_mount+0xfe/0x1fe0
[  290.313737]  ? lock_downgrade+0x740/0x740
[  290.317885]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  290.323864]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  290.329316]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  290.334336]  ? __lockdep_init_map+0x100/0x560
[  290.338837]  ? __lockdep_init_map+0x100/0x560
[  290.343335]  mount_fs+0x92/0x2a0
[  290.346791]  vfs_kern_mount.part.0+0x5b/0x470
[  290.351287]  do_mount+0xe53/0x2a00
[  290.354836]  ? copy_mount_string+0x40/0x40
[  290.359073]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  290.364091]  ? copy_mnt_ns+0xa30/0xa30
[  290.367979]  ? copy_mount_options+0x1fa/0x2f0
[  290.370159] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  290.372474]  ? copy_mnt_ns+0xa30/0xa30
[  290.372484]  SyS_mount+0xa8/0x120
[  290.372494]  ? copy_mnt_ns+0xa30/0xa30
[  290.392249]  do_syscall_64+0x1d5/0x640
[  290.396148]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  290.401334] RIP: 0033:0x460bca
[  290.404518] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  290.412227] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  290.419493] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  290.426931] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  290.434210] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  290.441484] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:27 executing program 1 (fault-call:0 fault-nth:56):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:27 executing program 4:

02:53:27 executing program 3:

02:53:27 executing program 5:

02:53:27 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000100007477427", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:27 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:27 executing program 5:

02:53:27 executing program 3:

02:53:27 executing program 4:

[  290.559350] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  290.584203] overlayfs: missing 'lowerdir'
[  290.590029] FAULT_INJECTION: forcing a failure.
[  290.590029] name failslab, interval 1, probability 0, space 0, times 0
02:53:27 executing program 5:

02:53:27 executing program 3:

02:53:27 executing program 4:

[  290.626379] CPU: 0 PID: 18781 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  290.634486] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.643837] Call Trace:
[  290.646429]  dump_stack+0x1b2/0x283
[  290.650062]  should_fail.cold+0x10a/0x154
[  290.654215]  should_failslab+0xd6/0x130
[  290.658280]  __kmalloc_track_caller+0x2bc/0x400
[  290.662951]  ? btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  290.669015]  kstrdup+0x36/0x70
[  290.672210]  btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  290.678133]  ? kstrdup_const+0x35/0x60
[  290.682043]  ? parse_security_options.constprop.0+0x90/0x90
[  290.687763]  ? lock_acquire+0x170/0x3f0
[  290.691743]  ? pcpu_alloc+0x8e8/0xf50
[  290.695589]  ? trace_hardirqs_on+0x10/0x10
[  290.699827]  ? pcpu_alloc+0x8e8/0xf50
[  290.704155]  ? _find_next_bit+0xdb/0x100
[  290.708239]  btrfs_mount+0xfe/0x1fe0
[  290.711960]  ? lock_downgrade+0x740/0x740
[  290.716121]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  290.722113]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  290.727658]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  290.732767]  ? __lockdep_init_map+0x100/0x560
[  290.737267]  ? __lockdep_init_map+0x100/0x560
[  290.741769]  mount_fs+0x92/0x2a0
[  290.745148]  vfs_kern_mount.part.0+0x5b/0x470
[  290.749675]  do_mount+0xe53/0x2a00
[  290.753221]  ? do_raw_spin_unlock+0x164/0x220
[  290.757721]  ? copy_mount_string+0x40/0x40
[  290.761969]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  290.767015]  ? copy_mnt_ns+0xa30/0xa30
[  290.770918]  ? copy_mount_options+0x1fa/0x2f0
[  290.775422]  ? copy_mnt_ns+0xa30/0xa30
[  290.779314]  SyS_mount+0xa8/0x120
[  290.782770]  ? copy_mnt_ns+0xa30/0xa30
[  290.786662]  do_syscall_64+0x1d5/0x640
[  290.790557]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  290.795752] RIP: 0033:0x460bca
[  290.798939] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  290.806648] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  290.814009] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
02:53:27 executing program 1 (fault-call:0 fault-nth:57):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:27 executing program 4:

02:53:27 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000100007477427", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:27 executing program 5:

02:53:27 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r0, 0x0, 0x27c7, 0x0, 0x0, 0x800e0050e)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001600)=""/4099, 0x1003}], 0x1}, 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
recvmsg(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000280)=""/126, 0x7e}], 0x1}, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
recvfrom$inet(r3, 0x0, 0x1fc0, 0x0, 0x0, 0x800e00509)
shutdown(r2, 0x0)
r4 = dup(r3)
r5 = socket$inet_udplite(0x2, 0x2, 0x88)
dup2(r4, r5)
shutdown(r5, 0x0)

02:53:27 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  290.821291] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  290.828566] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  290.835840] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:27 executing program 5:

02:53:27 executing program 4:

02:53:27 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:27 executing program 5:

[  290.946256] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  290.998699] overlayfs: missing 'lowerdir'
[  291.013492] FAULT_INJECTION: forcing a failure.
[  291.013492] name failslab, interval 1, probability 0, space 0, times 0
[  291.013522] kauditd_printk_skb: 5 callbacks suppressed
02:53:27 executing program 5:

02:53:27 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  291.013528] audit: type=1804 audit(1601002407.562:166): pid=18813 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/79/bus/file0" dev="sda1" ino=16149 res=1
[  291.030880] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  291.090870] CPU: 1 PID: 18814 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  291.098774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.108125] Call Trace:
[  291.110746]  dump_stack+0x1b2/0x283
[  291.114379]  should_fail.cold+0x10a/0x154
[  291.118530]  should_failslab+0xd6/0x130
[  291.122513]  __kmalloc_track_caller+0x2bc/0x400
[  291.127181]  ? kstrdup_const+0x35/0x60
[  291.131191]  ? lock_downgrade+0x740/0x740
[  291.135341]  kstrdup+0x36/0x70
[  291.138545]  kstrdup_const+0x35/0x60
[  291.142257]  alloc_vfsmnt+0xe0/0x7f0
[  291.145975]  vfs_kern_mount.part.0+0x27/0x470
[  291.150471]  vfs_kern_mount+0x3c/0x60
[  291.154277]  btrfs_mount+0x42a/0x1fe0
[  291.158088]  ? lock_downgrade+0x740/0x740
[  291.162232]  ? _find_next_bit+0xdb/0x100
[  291.166292]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  291.172271]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  291.177723]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  291.182742]  ? __lockdep_init_map+0x100/0x560
[  291.187242]  ? __lockdep_init_map+0x100/0x560
[  291.191742]  mount_fs+0x92/0x2a0
[  291.195113]  vfs_kern_mount.part.0+0x5b/0x470
[  291.199611]  do_mount+0xe53/0x2a00
[  291.203153]  ? do_raw_spin_unlock+0x164/0x220
[  291.207686]  ? copy_mount_string+0x40/0x40
[  291.211924]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  291.217034]  ? copy_mnt_ns+0xa30/0xa30
[  291.220937]  ? copy_mount_options+0x1fa/0x2f0
[  291.222778] overlayfs: missing 'lowerdir'
[  291.225429]  ? copy_mnt_ns+0xa30/0xa30
[  291.225441]  SyS_mount+0xa8/0x120
[  291.225449]  ? copy_mnt_ns+0xa30/0xa30
[  291.225461]  do_syscall_64+0x1d5/0x640
[  291.225475]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  291.225482] RIP: 0033:0x460bca
[  291.225487] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  291.225496] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  291.225500] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  291.225506] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
02:53:27 executing program 1 (fault-call:0 fault-nth:58):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:27 executing program 5:

[  291.225511] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  291.225519] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  291.233922] audit: type=1804 audit(1601002407.782:167): pid=18832 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/80/bus/file0" dev="sda1" ino=16498 res=1
[  291.382696] FAULT_INJECTION: forcing a failure.
[  291.382696] name failslab, interval 1, probability 0, space 0, times 0
[  291.408233] CPU: 1 PID: 18843 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  291.416143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.425572] Call Trace:
[  291.428404]  dump_stack+0x1b2/0x283
[  291.432645]  should_fail.cold+0x10a/0x154
[  291.436782]  should_failslab+0xd6/0x130
[  291.440757]  __kmalloc_track_caller+0x2bc/0x400
[  291.445410]  ? kstrdup_const+0x35/0x60
[  291.449276]  ? lock_downgrade+0x740/0x740
[  291.453407]  kstrdup+0x36/0x70
[  291.456583]  kstrdup_const+0x35/0x60
[  291.460277]  alloc_vfsmnt+0xe0/0x7f0
[  291.463983]  vfs_kern_mount.part.0+0x27/0x470
[  291.468546]  vfs_kern_mount+0x3c/0x60
[  291.472326]  btrfs_mount+0x42a/0x1fe0
[  291.476121]  ? lock_downgrade+0x740/0x740
[  291.480265]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  291.486229]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  291.491681]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  291.496697]  ? __lockdep_init_map+0x100/0x560
[  291.501181]  ? __lockdep_init_map+0x100/0x560
[  291.505667]  mount_fs+0x92/0x2a0
[  291.509152]  vfs_kern_mount.part.0+0x5b/0x470
[  291.513640]  do_mount+0xe53/0x2a00
[  291.517166]  ? retint_kernel+0x2d/0x2d
[  291.521037]  ? copy_mount_string+0x40/0x40
[  291.525270]  ? copy_mount_options+0x185/0x2f0
[  291.530111]  ? copy_mount_options+0x197/0x2f0
[  291.534595]  ? copy_mount_options+0x1fa/0x2f0
[  291.539074]  ? copy_mnt_ns+0xa30/0xa30
[  291.542959]  SyS_mount+0xa8/0x120
[  291.546390]  ? copy_mnt_ns+0xa30/0xa30
[  291.550627]  do_syscall_64+0x1d5/0x640
[  291.554498]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  291.559688] RIP: 0033:0x460bca
[  291.562858] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  291.570563] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  291.577829] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  291.585087] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  291.592346] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  291.599607] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:28 executing program 3:

02:53:28 executing program 4:

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:28 executing program 5:

02:53:28 executing program 1 (fault-call:0 fault-nth:59):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  291.788827] FAULT_INJECTION: forcing a failure.
[  291.788827] name failslab, interval 1, probability 0, space 0, times 0
[  291.814286] CPU: 0 PID: 18861 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  291.822290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.831648] Call Trace:
[  291.834245]  dump_stack+0x1b2/0x283
[  291.837883]  should_fail.cold+0x10a/0x154
[  291.842040]  should_failslab+0xd6/0x130
[  291.846021]  __kmalloc+0x2c1/0x400
[  291.849565]  ? match_strdup+0x58/0xa0
[  291.854245]  match_strdup+0x58/0xa0
[  291.857876]  btrfs_parse_early_options.constprop.0+0x232/0x2f0
[  291.863857]  ? parse_security_options.constprop.0+0x90/0x90
[  291.869583]  ? lock_acquire+0x170/0x3f0
[  291.870085] overlayfs: missing 'lowerdir'
[  291.873554]  ? pcpu_alloc+0x8e8/0xf50
[  291.873572]  ? trace_hardirqs_on+0x10/0x10
[  291.873583]  ? pcpu_alloc+0x8e8/0xf50
[  291.890040]  ? _find_next_bit+0xdb/0x100
[  291.893729] audit: type=1804 audit(1601002408.362:168): pid=18870 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/81/bus/file0" dev="sda1" ino=16495 res=1
[  291.894104]  btrfs_mount+0xfe/0x1fe0
[  291.894120]  ? lock_downgrade+0x740/0x740
[  291.926763]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  291.932750]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  291.938224]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  291.943256]  ? __lockdep_init_map+0x100/0x560
[  291.947756]  ? __lockdep_init_map+0x100/0x560
[  291.952258]  mount_fs+0x92/0x2a0
[  291.955629]  vfs_kern_mount.part.0+0x5b/0x470
[  291.960127]  vfs_kern_mount+0x3c/0x60
[  291.963929]  btrfs_mount+0x42a/0x1fe0
[  291.967733]  ? lock_downgrade+0x740/0x740
[  291.971884]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  291.977863]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  291.983318]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  291.988337]  ? __lockdep_init_map+0x100/0x560
[  291.992834]  ? __lockdep_init_map+0x100/0x560
[  291.997333]  mount_fs+0x92/0x2a0
[  292.000705]  vfs_kern_mount.part.0+0x5b/0x470
[  292.005203]  do_mount+0xe53/0x2a00
[  292.008750]  ? copy_mount_string+0x40/0x40
[  292.012986]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  292.018012]  ? copy_mnt_ns+0xa30/0xa30
[  292.021904]  ? copy_mount_options+0x1fa/0x2f0
[  292.026401]  ? copy_mnt_ns+0xa30/0xa30
[  292.030291]  SyS_mount+0xa8/0x120
[  292.033751]  ? copy_mnt_ns+0xa30/0xa30
02:53:28 executing program 3:

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 4:

02:53:28 executing program 5:

[  292.037727]  do_syscall_64+0x1d5/0x640
[  292.041619]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  292.046802] RIP: 0033:0x460bca
[  292.049986] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  292.057692] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  292.064960] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  292.072317] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  292.079585] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
02:53:28 executing program 3:

02:53:28 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:28 executing program 5:

[  292.086850] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a3", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 1 (fault-call:0 fault-nth:60):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:28 executing program 5:

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a3", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:28 executing program 3:

02:53:28 executing program 4:

[  292.226686] overlayfs: missing 'lowerdir'
02:53:28 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:28 executing program 3:

[  292.246920] audit: type=1804 audit(1601002408.802:169): pid=18894 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/82/bus/file0" dev="sda1" ino=16495 res=1
02:53:28 executing program 5:

02:53:28 executing program 4:

02:53:28 executing program 3:

02:53:28 executing program 5:

02:53:28 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a3", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  292.298293] FAULT_INJECTION: forcing a failure.
[  292.298293] name failslab, interval 1, probability 0, space 0, times 0
[  292.389828] CPU: 0 PID: 18902 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  292.392657] overlayfs: option "workdir=." is useless in a non-upper mount, ignore
[  292.397734] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.397739] Call Trace:
[  292.397759]  dump_stack+0x1b2/0x283
[  292.397775]  should_fail.cold+0x10a/0x154
[  292.397790]  should_failslab+0xd6/0x130
[  292.397801]  __kmalloc_track_caller+0x2bc/0x400
[  292.397812]  ? btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  292.397825]  kstrdup+0x36/0x70
[  292.397835]  btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  292.397844]  ? kstrdup_const+0x35/0x60
[  292.397856]  ? parse_security_options.constprop.0+0x90/0x90
[  292.397869]  ? lock_acquire+0x170/0x3f0
[  292.397878]  ? pcpu_alloc+0x8e8/0xf50
[  292.397888]  ? trace_hardirqs_on+0x10/0x10
[  292.397898]  ? pcpu_alloc+0x8e8/0xf50
[  292.397906]  ? _find_next_bit+0xdb/0x100
[  292.397918]  btrfs_mount+0xfe/0x1fe0
[  292.397931]  ? lock_downgrade+0x740/0x740
[  292.397944]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  292.397962]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  292.397973]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  292.397986]  ? __lockdep_init_map+0x100/0x560
[  292.397997]  ? __lockdep_init_map+0x100/0x560
[  292.398009]  mount_fs+0x92/0x2a0
[  292.398022]  vfs_kern_mount.part.0+0x5b/0x470
[  292.398034]  vfs_kern_mount+0x3c/0x60
[  292.398045]  btrfs_mount+0x42a/0x1fe0
[  292.398057]  ? lock_downgrade+0x740/0x740
[  292.398071]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  292.398089]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  292.398100]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  292.398112]  ? __lockdep_init_map+0x100/0x560
[  292.398123]  ? __lockdep_init_map+0x100/0x560
[  292.398134]  mount_fs+0x92/0x2a0
[  292.398147]  vfs_kern_mount.part.0+0x5b/0x470
[  292.398159]  do_mount+0xe53/0x2a00
[  292.398175]  ? copy_mount_string+0x40/0x40
[  292.398186]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  292.398195]  ? copy_mnt_ns+0xa30/0xa30
[  292.398206]  ? copy_mount_options+0x1fa/0x2f0
[  292.398215]  ? copy_mnt_ns+0xa30/0xa30
[  292.398226]  SyS_mount+0xa8/0x120
[  292.398234]  ? copy_mnt_ns+0xa30/0xa30
[  292.398246]  do_syscall_64+0x1d5/0x640
[  292.398261]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  292.398269] RIP: 0033:0x460bca
[  292.398274] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  292.398284] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  292.398290] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
02:53:29 executing program 1 (fault-call:0 fault-nth:61):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:29 executing program 5:

02:53:29 executing program 4:

02:53:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:29 executing program 3:

02:53:29 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  292.398296] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  292.398301] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  292.398307] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  292.624712] audit: type=1804 audit(1601002409.112:170): pid=18921 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/83/bus/file0" dev="sda1" ino=16525 res=1
[  292.628272] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
02:53:29 executing program 4:

02:53:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

02:53:29 executing program 3:

02:53:29 executing program 5:

02:53:29 executing program 4:

02:53:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000000), 0x4924924924924cb, 0x0)

[  292.827716] FAULT_INJECTION: forcing a failure.
[  292.827716] name failslab, interval 1, probability 0, space 0, times 0
[  292.857690] overlayfs: option "workdir=." is useless in a non-upper mount, ignore
[  292.887938] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  292.898566] CPU: 0 PID: 18938 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  292.906551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.915902] Call Trace:
[  292.918497]  dump_stack+0x1b2/0x283
[  292.922136]  should_fail.cold+0x10a/0x154
[  292.926292]  should_failslab+0xd6/0x130
[  292.930278]  __kmalloc_track_caller+0x2bc/0x400
[  292.934951]  ? btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  292.941012]  kstrdup+0x36/0x70
[  292.944563]  btrfs_parse_early_options.constprop.0+0x9b/0x2f0
[  292.950456]  ? kstrdup_const+0x35/0x60
[  292.954353]  ? parse_security_options.constprop.0+0x90/0x90
[  292.960069]  ? lock_acquire+0x170/0x3f0
[  292.964063]  ? pcpu_alloc+0x8e8/0xf50
[  292.967927]  ? trace_hardirqs_on+0x10/0x10
[  292.972179]  ? pcpu_alloc+0x8e8/0xf50
[  292.975980]  ? _find_next_bit+0xdb/0x100
[  292.980052]  btrfs_mount+0xfe/0x1fe0
[  292.983772]  ? lock_downgrade+0x740/0x740
[  292.990794]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  292.995959] audit: type=1804 audit(1601002409.452:171): pid=18939 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/84/bus/file0" dev="sda1" ino=16544 res=1
[  292.996772]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.026952]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.031981]  ? __lockdep_init_map+0x100/0x560
[  293.036472]  ? __lockdep_init_map+0x100/0x560
[  293.040950]  mount_fs+0x92/0x2a0
[  293.044297]  vfs_kern_mount.part.0+0x5b/0x470
[  293.048771]  vfs_kern_mount+0x3c/0x60
[  293.052664]  btrfs_mount+0x42a/0x1fe0
[  293.056443]  ? lock_downgrade+0x740/0x740
[  293.060569]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  293.066523]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.071967]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.077090]  ? __lockdep_init_map+0x100/0x560
[  293.081578]  ? __lockdep_init_map+0x100/0x560
[  293.086058]  mount_fs+0x92/0x2a0
[  293.089408]  vfs_kern_mount.part.0+0x5b/0x470
[  293.093896]  do_mount+0xe53/0x2a00
[  293.097468]  ? aa_label_asxprint+0x30/0xd0
[  293.101684]  ? copy_mount_string+0x40/0x40
[  293.105897]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.110908]  ? copy_mnt_ns+0xa30/0xa30
[  293.114785]  ? copy_mount_options+0x1fa/0x2f0
[  293.119290]  ? copy_mnt_ns+0xa30/0xa30
[  293.123154]  SyS_mount+0xa8/0x120
[  293.126585]  ? copy_mnt_ns+0xa30/0xa30
[  293.130452]  do_syscall_64+0x1d5/0x640
[  293.134318]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  293.139484] RIP: 0033:0x460bca
[  293.142650] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  293.150339] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  293.157599] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  293.164863] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  293.172212] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  293.179475] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:29 executing program 1 (fault-call:0 fault-nth:62):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

02:53:29 executing program 5:

02:53:29 executing program 3:

02:53:29 executing program 4:

02:53:29 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:29 executing program 3:

02:53:29 executing program 5:

02:53:29 executing program 4:

02:53:29 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

[  293.369803] overlayfs: option "workdir=." is useless in a non-upper mount, ignore
[  293.376026] FAULT_INJECTION: forcing a failure.
[  293.376026] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  293.405023] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  293.416051] CPU: 0 PID: 18976 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  293.423950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.433303] Call Trace:
[  293.435911]  dump_stack+0x1b2/0x283
[  293.439544]  should_fail.cold+0x10a/0x154
[  293.443699]  __alloc_pages_nodemask+0x22c/0x2720
[  293.448467]  ? _raw_spin_unlock_irqrestore+0x66/0xe0
[  293.453573]  ? debug_check_no_obj_freed+0x2c0/0x674
[  293.458598]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.464051]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  293.468893]  ? kfree+0x14a/0x250
[  293.472265]  ? btrfs_parse_early_options.constprop.0+0x18e/0x2f0
[  293.478411]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  293.483432]  ? btrfs_parse_early_options.constprop.0+0x193/0x2f0
[  293.489583]  ? parse_security_options.constprop.0+0x90/0x90
[  293.495294]  ? lock_acquire+0x170/0x3f0
[  293.499270]  ? pcpu_alloc+0x8e8/0xf50
[  293.503130]  alloc_pages_current+0x155/0x260
[  293.507544]  get_zeroed_page+0x19/0x50
[  293.511435]  parse_security_options.constprop.0+0x1a/0x90
[  293.516978]  btrfs_mount+0x1d5/0x1fe0
[  293.520783]  ? lock_downgrade+0x740/0x740
[  293.525372]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  293.531348]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.536809]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.541826]  ? __lockdep_init_map+0x100/0x560
[  293.546436]  ? __lockdep_init_map+0x100/0x560
[  293.550937]  mount_fs+0x92/0x2a0
[  293.554312]  vfs_kern_mount.part.0+0x5b/0x470
[  293.558808]  vfs_kern_mount+0x3c/0x60
[  293.562639]  btrfs_mount+0x42a/0x1fe0
[  293.566563]  ? lock_downgrade+0x740/0x740
[  293.570717]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  293.576698]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.582149]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.587266]  ? __lockdep_init_map+0x100/0x560
[  293.591760]  ? __lockdep_init_map+0x100/0x560
[  293.596256]  mount_fs+0x92/0x2a0
[  293.599626]  vfs_kern_mount.part.0+0x5b/0x470
[  293.604132]  do_mount+0xe53/0x2a00
[  293.607684]  ? copy_mount_string+0x40/0x40
[  293.611919]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.616934]  ? copy_mnt_ns+0xa30/0xa30
02:53:29 executing program 5:
r0 = semget$private(0x0, 0x7, 0x0)
semop(r0, &(0x7f0000000000)=[{}, {0x0, 0x7ff}, {0x0, 0x1}], 0x3)

02:53:30 executing program 2:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = fcntl$dupfd(r0, 0x0, r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000300)=ANY=[@ANYBLOB="500000001000074774270600fd5721d41001a381", @ANYRES32=0x0, @ANYBLOB="7f218102810300001c0012000b0001006d616373656300e10b00020005000d00000300000a0005c010"], 0x50}}, 0x0)
sendmmsg$alg(r2, 0x0, 0x0, 0x0)

[  293.620826]  ? copy_mount_options+0x1fa/0x2f0
[  293.625318]  ? copy_mnt_ns+0xa30/0xa30
[  293.629213]  SyS_mount+0xa8/0x120
[  293.632662]  ? copy_mnt_ns+0xa30/0xa30
[  293.636551]  do_syscall_64+0x1d5/0x640
[  293.641312]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  293.646587] RIP: 0033:0x460bca
[  293.649770] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  293.657479] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
02:53:30 executing program 1 (fault-call:0 fault-nth:63):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:30 executing program 5:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x0, 0x0, 0x3}, 0x0)
syz_mount_image$msdos(&(0x7f00000002c0)='msdos\x00', &(0x7f00000003c0)='./file1\x00', 0xffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="0400050900000000666174000404090a020002740ef801", 0x17}], 0x0, &(0x7f00000004c0)=ANY=[])
pipe(&(0x7f00000001c0))
r0 = open$dir(&(0x7f0000000380)='./file0\x00', 0x0, 0x0)
ftruncate(0xffffffffffffffff, 0x200004)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80001d00c0d0)
write$9p(0xffffffffffffffff, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be", 0x2de)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0xc)
setresuid(0x0, r1, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0)
setresuid(0x0, 0x0, 0x0)
read$FUSE(0xffffffffffffffff, &(0x7f0000001700)={0x2020}, 0x2020)
setxattr$system_posix_acl(0x0, &(0x7f0000000100)='system.posix_acl_default\x00', &(0x7f0000000540)=ANY=[@ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB, @ANYRESOCT, @ANYBLOB="040001000000000008", @ANYRES32, @ANYBLOB="10000500000000002000020000000000"], 0x44, 0x0)
sendfile(0xffffffffffffffff, r0, 0x0, 0x0)

02:53:30 executing program 3:
r0 = syz_mount_image$vfat(&(0x7f0000000240)='vfat\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000080)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041", 0x21, 0x600}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'utf8'}}]})
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0)

02:53:30 executing program 2:
syz_mount_image$udf(&(0x7f0000000000)='udf\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000400), 0x0, &(0x7f00000004c0)={[{@longad='longad'}]})

02:53:30 executing program 4:

02:53:30 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  293.664752] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  293.669488] audit: type=1804 audit(1601002409.972:172): pid=18974 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/85/bus/file0" dev="sda1" ino=16121 res=1
[  293.672017] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  293.672023] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  293.672028] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:30 executing program 4:

02:53:30 executing program 3:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000001000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='percpu_alloc_percpu\x00', r1}, 0x10)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x5, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x79, 0x10, 0xa8}, [@ldst={0x7}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195}, 0x48)

[  293.833579] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  293.840430] overlayfs: unrecognized mount option "upper" or missing value
[  293.859754] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  293.873396] FAULT_INJECTION: forcing a failure.
02:53:30 executing program 4:
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
mount$fuse(0x20000000, &(0x7f00000004c0)='./file0\x00', 0x0, 0x7a04, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
creat(&(0x7f0000000180)='./bus\x00', 0x0)

[  293.873396] name failslab, interval 1, probability 0, space 0, times 0
[  293.920136] CPU: 1 PID: 19018 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  293.922500] UDF-fs: Scanning with blocksize 512 failed
[  293.928045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.928050] Call Trace:
[  293.928071]  dump_stack+0x1b2/0x283
[  293.928087]  should_fail.cold+0x10a/0x154
[  293.928100]  should_failslab+0xd6/0x130
[  293.928110]  kmem_cache_alloc_trace+0x29a/0x3d0
[  293.928124]  selinux_parse_opts_str+0x442/0x950
[  293.928140]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  293.928150]  ? selinux_key_alloc+0x1a0/0x1a0
[  293.928166]  ? selinux_sb_copy_data+0x331/0x3b0
[  293.949408] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  293.953138]  security_sb_parse_opts_str+0x6e/0xa0
[  293.953153]  parse_security_options.constprop.0+0x49/0x90
[  293.953164]  btrfs_mount+0x1d5/0x1fe0
[  293.960657] UDF-fs: Scanning with blocksize 1024 failed
[  293.961779]  ? lock_downgrade+0x740/0x740
[  293.961793]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  293.961809]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.969904] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  293.971484]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.971499]  ? __lockdep_init_map+0x100/0x560
[  293.971508]  ? __lockdep_init_map+0x100/0x560
[  293.971521]  mount_fs+0x92/0x2a0
[  293.981724] UDF-fs: Scanning with blocksize 2048 failed
[  293.988565]  vfs_kern_mount.part.0+0x5b/0x470
[  293.988578]  vfs_kern_mount+0x3c/0x60
[  293.988591]  btrfs_mount+0x42a/0x1fe0
[  293.988604]  ? lock_downgrade+0x740/0x740
[  293.988615]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  293.988632]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  293.988642]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  293.988653]  ? __lockdep_init_map+0x100/0x560
[  293.988663]  ? __lockdep_init_map+0x100/0x560
[  294.000769] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found
[  294.002932]  mount_fs+0x92/0x2a0
[  294.002947]  vfs_kern_mount.part.0+0x5b/0x470
[  294.002957]  do_mount+0xe53/0x2a00
[  294.002971]  ? copy_mount_string+0x40/0x40
[  294.008419] UDF-fs: Scanning with blocksize 4096 failed
[  294.012449]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  294.012460]  ? copy_mnt_ns+0xa30/0xa30
[  294.012471]  ? copy_mount_options+0x1fa/0x2f0
[  294.012481]  ? copy_mnt_ns+0xa30/0xa30
[  294.026476] audit: type=1804 audit(1601002410.582:173): pid=19017 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/86/bus/file0" dev="sda1" ino=16491 res=1
[  294.030524]  SyS_mount+0xa8/0x120
[  294.030534]  ? copy_mnt_ns+0xa30/0xa30
[  294.030548]  do_syscall_64+0x1d5/0x640
[  294.030563]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  294.184777] RIP: 0033:0x460bca
[  294.187964] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  294.195662] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  294.202939] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  294.210196] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
02:53:30 executing program 2:
unshare(0x2a000400)
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
unshare(0x8000400)

02:53:30 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  294.217456] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  294.224731] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:30 executing program 1 (fault-call:0 fault-nth:64):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:30 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')
r1 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
perf_event_open$cgroup(0x0, r2, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x4)

02:53:31 executing program 3:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x3d, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x1ab, &(0x7f00000003c0)='bdev!)-%+wlan\x00posi\x19Mx_dxl_accesszQ\tU\x97\x12=J\xd5\x8b;YE\xec\x8c;\xf7\xcc\xa7\x8b6\n\xbe\x01\x01\xae\xb6\f4\x87\xd9j\xd8\x0e\xc2\x10\xb1\x7f\x95\x01fE\xaea\x10\x8f\xac\xa9+V\x863Hhk{2\x00\x14I\xf7\xd6\xcd)\x05\x87q6\xed~\xd0\xb2\xf8\x8d\xaa\b\xe4\"\x1c\xbf\x8f_[\x17@\xe5\xec\x10\a\xb95w\x8by}/\x8cw\xe6\x99\xfe \x84]8\x940U\xb3E;\xff\xa1!\x9a\x87\x88\x02\xbf\xab\x97B\xd9\x06\xf2\n\xf7\x1f\xd8v\x7fD\xf2\x87\xf7}V\x89}\xf0\xb7\x8d\x85\xf6\x9b\xcc\xd3Lh.\r\xd3J\"\x1f\xdeW>F.\xdf$\xee\x18\x0e5\xa1\xfcN\x88`\xbbj,q[\x90/\x9b\xf0\xccr\xc1\xa8\x85E\x85p+\xd1\xbe\x10\rgx\xb8\x93k\x8c\x1dTi\xafq\xde\x06/ \x93O.\xe5<0\xfa\b\x82\xe4c&\x99\xd6psf\xa8\xacjh9\x8bk\x8f\n$\xf2\x06#\xc8\xd2\x00\x00w\x03,\xbb\xed\xf1o\xd8\x19\xd2\x1d\xbb\xd3\x18E\x0e&\x83\xdfWL?P$\xb4a\f\x154\xdd\xacx\x91<\x97\x13\xab\xe2\xdd\n\x13\x19\xb9U\n\xb5\xb6\xffBQ\x80\xe6\xe6\xaf\xc8\x15_>\xe6\xfc\xb9R\x06\xcd/\x87\x11\xf1\xb9\xbe&,c\xfd3\xc4\xeaP\x9b\xdf5\xcc\xa4RDx\xad\xc0\x8f|\xe3u\xbe\x1e\xd5\xa6\xcc\xb8\x86\x8b0\'\xcc\x01\x9bQ/\xf9\xa7vfa\xdf!\x1axt\xd1\r\xd9&MC\xcc,2\xce\xd2kCJ\x10\x88\xc5#\x92\xa32)2\xd3\xa02q\xdb\xe4\xe3\x97\x9d\xbc\xc9\xf8G'}, 0xfffffe14)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x7a05, 0x1700)
perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40305839, &(0x7f0000000040)=0x18040000000000)

[  294.403392] FAULT_INJECTION: forcing a failure.
[  294.403392] name failslab, interval 1, probability 0, space 0, times 0
[  294.421804] overlayfs: unrecognized mount option "upper" or missing value
[  294.463342] CPU: 0 PID: 19050 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  294.471290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.479370] audit: type=1804 audit(1601002411.013:174): pid=19048 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/87/bus/file0" dev="sda1" ino=15776 res=1
[  294.480640] Call Trace:
[  294.480659]  dump_stack+0x1b2/0x283
[  294.480675]  should_fail.cold+0x10a/0x154
[  294.515713]  should_failslab+0xd6/0x130
[  294.519697]  kmem_cache_alloc_trace+0x29a/0x3d0
[  294.524535]  selinux_parse_opts_str+0x4aa/0x950
[  294.529210]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  294.534242]  ? selinux_key_alloc+0x1a0/0x1a0
[  294.538651]  ? selinux_sb_copy_data+0x331/0x3b0
[  294.543307]  security_sb_parse_opts_str+0x6e/0xa0
[  294.548141]  parse_security_options.constprop.0+0x49/0x90
[  294.553667]  btrfs_mount+0x1d5/0x1fe0
[  294.557469]  ? lock_downgrade+0x740/0x740
[  294.561608]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  294.567594]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  294.573034]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  294.578035]  ? __lockdep_init_map+0x100/0x560
[  294.582533]  ? __lockdep_init_map+0x100/0x560
[  294.587037]  mount_fs+0x92/0x2a0
[  294.591714]  vfs_kern_mount.part.0+0x5b/0x470
[  294.596201]  vfs_kern_mount+0x3c/0x60
[  294.599985]  btrfs_mount+0x42a/0x1fe0
[  294.603768]  ? lock_downgrade+0x740/0x740
[  294.607893]  ? _find_next_bit+0xdb/0x100
[  294.611936]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  294.617891]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  294.623323]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  294.628325]  ? __lockdep_init_map+0x100/0x560
[  294.632803]  ? __lockdep_init_map+0x100/0x560
[  294.637277]  mount_fs+0x92/0x2a0
[  294.640626]  vfs_kern_mount.part.0+0x5b/0x470
[  294.645104]  do_mount+0xe53/0x2a00
[  294.648627]  ? copy_mount_string+0x40/0x40
[  294.652844]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  294.657841]  ? copy_mnt_ns+0xa30/0xa30
02:53:31 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000d5f4655fd5f4655f0100ffff53ef010001000000d4f4655f000000000000000001000000000000000b0000000002000028", 0x5d, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012600)="ed41000000100000d4f4655fd5f4655fd5f4655f000000000000040008", 0x1d, 0x4200}], 0x0, &(0x7f0000000140)=ANY=[])

[  294.661724]  ? copy_mount_options+0x1fa/0x2f0
[  294.666199]  ? copy_mnt_ns+0xa30/0xa30
[  294.670067]  SyS_mount+0xa8/0x120
[  294.673515]  ? copy_mnt_ns+0xa30/0xa30
[  294.677382]  do_syscall_64+0x1d5/0x640
[  294.681253]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  294.686419] RIP: 0033:0x460bca
[  294.689586] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  294.697273] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  294.704520] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
02:53:31 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)={0x17, 0x0, 0x40002, 0x2, 0x0, 0x1}, 0x2c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000fe6000)={0x3, 0x4, 0x4, 0x100000009, 0x0, 0x1}, 0x40)
bpf$PROG_LOAD(0x5, &(0x7f0000001300)={0x3, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018100000", @ANYRES32=r0, @ANYBLOB="000000000000000018100000", @ANYRES32=r3, @ANYBLOB="00000000000000009500000000000000"], &(0x7f0000000080)='GPL\x00', 0x2, 0x1000, &(0x7f0000000280)=""/4096, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70)

02:53:31 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')
r1 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0}, 0x0)
bpf$MAP_DELETE_BATCH(0x1b, 0x0, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
perf_event_open$cgroup(0x0, r2, 0x0, 0xffffffffffffffff, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(r1, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x4)

02:53:31 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upper'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  294.711771] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  294.719022] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  294.726269] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:31 executing program 1 (fault-call:0 fault-nth:65):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:31 executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='pids.events\x00', 0x275a, 0x0)
r1 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000680)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18)
r2 = accept4(r1, 0x0, 0x0, 0x0)
sendto$inet(r2, &(0x7f0000000000)="14885eed546ff69928d88019da678265cb928c68bd832286b357666a2952d944db1810081c894742f06f015d761e417a3fe9e66a1d", 0xfffffffffffffd82, 0x8a0, 0x0, 0xffffffffffffffbf)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28012, r0, 0x0)

02:53:31 executing program 5:
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f00000003c0)='./bus\x00', 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mkdir(&(0x7f0000000280)='./bus/file0\x00', 0x0)
mount$overlay(0x400002, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000100)='overlay\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB='upperdir=./file1,lowerdir=./bus,workdir=./file0,nfs_export=on'])
lsetxattr$security_capability(&(0x7f0000000140)='./bus/file0\x00', &(0x7f0000000180)='security.capability\x00', 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
rmdir(&(0x7f0000000080)='./bus/file0\x00')

[  294.808439] print_req_error: I/O error, dev loop1, sector 0
[  294.876107] FAULT_INJECTION: forcing a failure.
[  294.876107] name failslab, interval 1, probability 0, space 0, times 0
[  294.907405] overlayfs: unrecognized mount option "upper" or missing value
[  294.918067] overlayfs: unrecognized mount option "nfs_export=on" or missing value
02:53:31 executing program 5:
msgsnd(0x0, &(0x7f0000001c00)={0x2}, 0x8, 0x800)

[  294.921136] CPU: 1 PID: 19077 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  294.933595] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.942950] Call Trace:
[  294.945544]  dump_stack+0x1b2/0x283
[  294.949182]  should_fail.cold+0x10a/0x154
[  294.952251] overlayfs: unrecognized mount option "nfs_export=on" or missing value
[  294.953333]  should_failslab+0xd6/0x130
[  294.953346]  kmem_cache_alloc_trace+0x29a/0x3d0
[  294.953361]  selinux_parse_opts_str+0x4aa/0x950
[  294.953376]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  294.974229] audit: type=1804 audit(1601002411.503:175): pid=19081 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/88/bus/file0" dev="sda1" ino=16561 res=1
[  295.003786]  ? selinux_key_alloc+0x1a0/0x1a0
[  295.006873] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  295.008203]  ? selinux_sb_copy_data+0x331/0x3b0
[  295.008220]  security_sb_parse_opts_str+0x6e/0xa0
02:53:31 executing program 2:
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x19, 0x4, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000000), &(0x7f00000000c0)}, 0x20)
bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000080)={r0, &(0x7f0000000180), &(0x7f0000000040)=""/55}, 0x20)

[  295.008235]  parse_security_options.constprop.0+0x49/0x90
[  295.008247]  btrfs_mount+0x1d5/0x1fe0
[  295.036169]  ? lock_downgrade+0x740/0x740
[  295.040410]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  295.046392]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  295.051866]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.056899]  ? __lockdep_init_map+0x100/0x560
[  295.061399]  ? __lockdep_init_map+0x100/0x560
[  295.065898]  mount_fs+0x92/0x2a0
[  295.069267]  vfs_kern_mount.part.0+0x5b/0x470
[  295.073765]  vfs_kern_mount+0x3c/0x60
[  295.077573]  btrfs_mount+0x42a/0x1fe0
[  295.081379]  ? lock_downgrade+0x740/0x740
[  295.085528]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  295.091505]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  295.097044]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.102065]  ? __lockdep_init_map+0x100/0x560
[  295.106558]  ? __lockdep_init_map+0x100/0x560
[  295.111144]  mount_fs+0x92/0x2a0
[  295.114612]  vfs_kern_mount.part.0+0x5b/0x470
[  295.119108]  do_mount+0xe53/0x2a00
[  295.122660]  ? copy_mount_string+0x40/0x40
[  295.126894]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.131913]  ? copy_mnt_ns+0xa30/0xa30
[  295.135802]  ? copy_mount_options+0x1fa/0x2f0
[  295.140297]  ? copy_mnt_ns+0xa30/0xa30
[  295.144184]  SyS_mount+0xa8/0x120
[  295.147637]  ? copy_mnt_ns+0xa30/0xa30
[  295.151525]  do_syscall_64+0x1d5/0x640
[  295.155505]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  295.160688] RIP: 0033:0x460bca
[  295.163872] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
02:53:31 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:31 executing program 5:
perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x21890}, 0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0)
r0 = socket$kcm(0xa, 0x5, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
recvmsg(r1, &(0x7f0000000140)={&(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, <r2=>0xffffffffffffffff, {0x2, 0x0, @loopback}}}, 0x35a, 0x0}, 0x0)
sendmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x0)
write$cgroup_int(r2, &(0x7f0000000000), 0xe9000)

[  295.171578] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  295.178844] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  295.186117] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  295.193388] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  295.200657] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:31 executing program 3:
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8914, &(0x7f0000000000)={'geneve1\x00', @remote})
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0xc028660f, 0x0)
getpid()
r1 = socket$kcm(0x2, 0x3, 0x2)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f00000006c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d640500000000006504040001001f000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000c74396c8e34049fc564e0b9cc7553358380b3a1f59916ffc9bf0bdf81509f07fb2ea80e5cf8dcf819bf5774fedda52e39c90af27db5b56024df96b4673b4e8d5467e114604ea09b290a248a120c9c6e39f403ff065f93072aae80677eeba68562eaeae2bcd87cef90000005e69aa79e603c82caa501891595c44aa4b09d2f7b072f07707819ce25f6127a536c2356996ff278b40a75342e8853239389425c67455"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$OBJ_GET_PROG(0x7, 0x0, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000007c0)={'geneve1\x00', @link_local})
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f00000000c0))

02:53:31 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x11, 0x800000003, 0x0)
bind(r1, &(0x7f0000000100)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80)
getsockname$packet(r1, &(0x7f00000003c0)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=@newlink={0x30, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xd, r2}, @IFLA_GROUP={0x8}]}, 0x30}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[@ANYBLOB="3000000010000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\r', @ANYRES32=0x0], 0x30}}, 0x0)

02:53:31 executing program 2:
r0 = open$dir(&(0x7f00000000c0)='./file1\x00', 0x40000400000002c2, 0x0)
pwritev(r0, &(0x7f0000000080)=[{&(0x7f00000006c0), 0x100000}], 0x3, 0x0, 0x0)
rename(&(0x7f0000001300)='./file1\x00', &(0x7f0000000000)='./file0\x00')

02:53:31 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  295.309610] overlayfs: workdir and upperdir must be separate subtrees
02:53:31 executing program 5:
openat(0xffffffffffffff9c, &(0x7f00000020c0)='./file0/file0\x00', 0x0, 0x0)
ioctl$SG_IO(0xffffffffffffffff, 0x2285, 0x0)
socket(0x10, 0x0, 0x0)
syz_genetlink_get_family_id$tipc(&(0x7f00000000c0)='TIPC\x00')
perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000140)='NLBL_UNLBL\x00')
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000001c0)='sysfs\x00', 0x0, 0x0)
inotify_init()
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='./file0/bus\x00', 0x2000000)
umount2(&(0x7f0000000080)='./file0\x00', 0x0)

[  295.353346] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  295.369946] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  295.403371] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  295.425906] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  295.441668] overlayfs: workdir and upperdir must be separate subtrees
02:53:32 executing program 1 (fault-call:0 fault-nth:66):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:32 executing program 5:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'cmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000680)="d3abc7990d535c9e70bc111c8eff7f0000000000004e0000", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendto$inet(r1, &(0x7f0000000000)="14885eed546ff69928d88019da678265cb928c68bd832286b357666a2952d944db1810081c894742f06f015d761e417a3fe9e66a1d", 0xfffffffffffffd82, 0x8a0, 0x0, 0xffffffffffffffbf)

02:53:32 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:32 executing program 2:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r2, &(0x7f0000000080)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x24}}, 0x10)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r2, &(0x7f0000000040), 0x14123f2dc6a8be1, 0x0)

[  295.540410] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  295.563387] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  295.595712] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  295.625892] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
02:53:32 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  295.646603] overlayfs: workdir and upperdir must be separate subtrees
[  295.656765] FAULT_INJECTION: forcing a failure.
[  295.656765] name failslab, interval 1, probability 0, space 0, times 0
[  295.716583] CPU: 0 PID: 19139 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  295.724495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.733848] Call Trace:
[  295.736441]  dump_stack+0x1b2/0x283
[  295.740074]  should_fail.cold+0x10a/0x154
[  295.744225]  should_failslab+0xd6/0x130
[  295.748204]  kmem_cache_alloc_trace+0x29a/0x3d0
[  295.752877]  selinux_parse_opts_str+0x442/0x950
[  295.757576]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  295.762591]  ? selinux_key_alloc+0x1a0/0x1a0
[  295.767005]  ? selinux_sb_copy_data+0x331/0x3b0
[  295.771698]  security_sb_parse_opts_str+0x6e/0xa0
[  295.776545]  parse_security_options.constprop.0+0x49/0x90
[  295.782083]  btrfs_mount+0x1d5/0x1fe0
[  295.785885]  ? lock_downgrade+0x740/0x740
[  295.790035]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  295.796100]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  295.801572]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.806591]  ? __lockdep_init_map+0x100/0x560
[  295.811090]  ? __lockdep_init_map+0x100/0x560
[  295.814146] overlayfs: failed to resolve './fil': -2
[  295.815582]  mount_fs+0x92/0x2a0
[  295.815597]  vfs_kern_mount.part.0+0x5b/0x470
[  295.815609]  vfs_kern_mount+0x3c/0x60
[  295.815623]  btrfs_mount+0x42a/0x1fe0
[  295.815636]  ? lock_downgrade+0x740/0x740
[  295.815649]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  295.815666]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  295.815678]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.856709]  ? __lockdep_init_map+0x100/0x560
[  295.861204]  ? __lockdep_init_map+0x100/0x560
[  295.865702]  mount_fs+0x92/0x2a0
[  295.869072]  vfs_kern_mount.part.0+0x5b/0x470
[  295.873566]  do_mount+0xe53/0x2a00
[  295.877107]  ? do_raw_spin_unlock+0x164/0x220
[  295.881608]  ? copy_mount_string+0x40/0x40
[  295.885843]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  295.890855]  ? copy_mnt_ns+0xa30/0xa30
[  295.895263]  ? copy_mount_options+0x1fa/0x2f0
[  295.899753]  ? copy_mnt_ns+0xa30/0xa30
[  295.903639]  SyS_mount+0xa8/0x120
[  295.907086]  ? copy_mnt_ns+0xa30/0xa30
[  295.911932]  do_syscall_64+0x1d5/0x640
[  295.915845]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  295.921052] RIP: 0033:0x460bca
[  295.924240] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  295.931944] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  295.939208] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  295.946564] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  295.953828] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
02:53:32 executing program 3:
r0 = gettid()
syz_open_procfs(r0, &(0x7f00000001c0)='status\x00')

02:53:32 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, <r4=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r4, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r4, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x2c, 0x64, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@TCA_CHAIN={0x8}]}, 0x2c}}, 0x0)

[  295.961089] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:32 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  296.011093] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  296.031367] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  296.040097] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  296.060616] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  296.093979] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready
[  296.112248] overlayfs: failed to resolve './fil': -2
[  296.125159] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  296.133577] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  296.144536] kauditd_printk_skb: 4 callbacks suppressed
[  296.144545] audit: type=1804 audit(1601002412.703:180): pid=19156 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/93/bus/file0" dev="sda1" ino=16134 res=1
[  296.146956] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
02:53:32 executing program 4:
r0 = creat(&(0x7f0000000080)='./bus\x00', 0x0)
write$binfmt_elf64(r0, &(0x7f0000000200)=ANY=[], 0x8)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x6, 0x70, 0x0, 0x0, 0x0, 0x0, 0xfffffff6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000000), 0x3}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)

02:53:32 executing program 3:
unshare(0x8000000)
r0 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x8})
mq_timedreceive(r0, &(0x7f0000000300)=""/55, 0x37, 0x0, 0x0)

02:53:32 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./fil'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  296.201014] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=100 sclass=netlink_route_socket pid=19161 comm=syz-executor.2
[  296.206881] nla_parse: 8 callbacks suppressed
[  296.206887] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
02:53:32 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open$cgroup(&(0x7f0000000040)={0x0, 0x70, 0xfd, 0x0, 0x81, 0x0, 0x0, 0x0, 0x200, 0x4, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x2, 0x1, @perf_config_ext={0x0, 0x10000}, 0x0, 0x0, 0x80000000, 0x6, 0x9, 0x0, 0x1}, r0, 0xe, r1, 0x0)
r2 = perf_event_open(&(0x7f0000000bc0)={0x2, 0x70, 0xbf, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f00000002c0)={0x5, 0x70, 0x1f, 0x4, 0x5, 0x0, 0x0, 0x9, 0x88000, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0xfffffa41, 0x0, @perf_bp={&(0x7f0000000200), 0x2}, 0x4a0, 0x0, 0x9, 0x7, 0x0, 0xff, 0x9}, 0x0, 0x2, r1, 0x1)
ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, 0xffffffffffffffff)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x7a05, 0x1700)
getpid()
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
write$cgroup_type(0xffffffffffffffff, &(0x7f0000000380)='threaded\x00', 0x9)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700)
ioctl$PERF_EVENT_IOC_PERIOD(r4, 0x40086602, &(0x7f0000000040)=0xc)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000000c0)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
write$cgroup_type(r3, &(0x7f0000000000)='threaded\x00', 0x249000)

[  296.264082] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'.
[  296.285535] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=100 sclass=netlink_route_socket pid=19158 comm=syz-executor.2
[  296.315989] overlayfs: failed to resolve './fil': -2
[  296.334022] audit: type=1804 audit(1601002412.883:181): pid=19170 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/94/bus/file0" dev="sda1" ino=16209 res=1
02:53:33 executing program 1 (fault-call:0 fault-nth:67):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:33 executing program 5:
clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
exit_group(0x0)
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/crypto\x00', 0x0, 0x0)
pipe(&(0x7f0000000ac0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, 0x0, 0x4000000000010044)

02:53:33 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:33 executing program 4:
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket(0x11, 0x800000003, 0x8)
bind(r1, &(0x7f00000000c0)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c954"}, 0x80)
r2 = open(&(0x7f0000002000)='./bus\x00', 0x46042, 0x0)
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ftruncate(r2, 0x2008002)
sendfile(r0, r2, 0x0, 0x200fff)

[  296.444862] audit: type=1804 audit(1601002412.943:182): pid=19174 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.4" name="/root/syzkaller-testdir696686776/syzkaller.WrdTQe/232/bus" dev="sda1" ino=16532 res=1
[  296.498111] FAULT_INJECTION: forcing a failure.
[  296.498111] name failslab, interval 1, probability 0, space 0, times 0
[  296.509744] CPU: 1 PID: 19185 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  296.517629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  296.527048] Call Trace:
[  296.529669]  dump_stack+0x1b2/0x283
[  296.533309]  should_fail.cold+0x10a/0x154
[  296.537470]  should_failslab+0xd6/0x130
[  296.541470]  kmem_cache_alloc+0x40/0x3c0
[  296.545541]  radix_tree_node_alloc.constprop.0+0x1b0/0x2f0
[  296.551182]  __radix_tree_create+0x323/0x4b0
[  296.555604]  page_cache_tree_insert+0x98/0x2a0
[  296.560199]  ? file_check_and_advance_wb_err+0x370/0x370
[  296.565655]  ? __add_to_page_cache_locked+0x1ed/0x840
[  296.570861]  __add_to_page_cache_locked+0x1fd/0x840
[  296.575899]  ? page_cache_tree_insert+0x2a0/0x2a0
[  296.580748]  ? find_get_entry+0x339/0x630
[  296.584908]  add_to_page_cache_lru+0xcf/0x2b0
[  296.589413]  ? add_to_page_cache_locked+0x40/0x40
[  296.594265]  ? alloc_pages_current+0x15d/0x260
[  296.598857]  do_read_cache_page+0x36f/0xbb0
[  296.603275]  ? blkdev_writepages+0xd0/0xd0
[  296.607590]  btrfs_read_disk_super+0xd0/0x370
[  296.612110]  btrfs_scan_one_device+0xb5/0x330
[  296.613426] overlayfs: failed to resolve './file': -2
[  296.616631]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  296.616761]  ? device_list_add+0x8f0/0x8f0
[  296.616778]  btrfs_mount+0x1fc/0x1fe0
[  296.635067]  ? lock_downgrade+0x740/0x740
[  296.639234]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  296.645223]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  296.650679]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  296.655684]  ? __lockdep_init_map+0x100/0x560
[  296.660175]  ? __lockdep_init_map+0x100/0x560
[  296.664652]  mount_fs+0x92/0x2a0
[  296.668002]  vfs_kern_mount.part.0+0x5b/0x470
[  296.672477]  vfs_kern_mount+0x3c/0x60
[  296.676260]  btrfs_mount+0x42a/0x1fe0
[  296.680060]  ? lock_downgrade+0x740/0x740
[  296.684210]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  296.690176]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  296.695631]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  296.700646]  ? __lockdep_init_map+0x100/0x560
[  296.705152]  ? __lockdep_init_map+0x100/0x560
[  296.709636]  mount_fs+0x92/0x2a0
[  296.712985]  vfs_kern_mount.part.0+0x5b/0x470
[  296.717476]  do_mount+0xe53/0x2a00
[  296.721013]  ? copy_mount_string+0x40/0x40
[  296.725237]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  296.730247]  ? copy_mnt_ns+0xa30/0xa30
[  296.734121]  ? copy_mount_options+0x1fa/0x2f0
[  296.738618]  ? copy_mnt_ns+0xa30/0xa30
[  296.744222]  SyS_mount+0xa8/0x120
02:53:33 executing program 5:
perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
recvmmsg(r0, &(0x7f0000002c80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40000140, 0x0)

[  296.747671]  ? copy_mnt_ns+0xa30/0xa30
[  296.751540]  do_syscall_64+0x1d5/0x640
[  296.755411]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  296.760596] RIP: 0033:0x460bca
[  296.763852] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  296.771541] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  296.778789] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  296.786037] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  296.793308] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  296.800829] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:33 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  296.846185] audit: type=1800 audit(1601002413.403:183): pid=19203 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16579 res=0
02:53:33 executing program 5:
clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = getpid()
r1 = inotify_init1(0x0)
fcntl$setown(r1, 0x8, 0xffffffffffffffff)
fcntl$getownex(r1, 0x10, &(0x7f0000000100)={0x0, <r2=>0x0})
kcmp(r2, r0, 0x1, 0xffffffffffffffff, 0xffffffffffffffff)

02:53:33 executing program 4:
perf_event_open(&(0x7f00000000c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=@bridge_getlink={0x20, 0x12, 0x30b}, 0x20}}, 0x0)

02:53:33 executing program 2:
mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
acct(&(0x7f00000000c0)='./file0\x00')

[  296.906415] audit: type=1800 audit(1601002413.453:184): pid=19204 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="bus" dev="sda1" ino=16579 res=0
[  296.964306] overlayfs: failed to resolve './file': -2
[  296.999279] audit: type=1804 audit(1601002413.553:185): pid=19210 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/96/bus/file0" dev="sda1" ino=16578 res=1
[  297.019642] Process accounting resumed
02:53:33 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000840)={&(0x7f0000000380)=@in={0x2, 0x0, @dev}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xb80b0048}, 0x0)

02:53:33 executing program 4:
pipe(&(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
write$binfmt_script(r1, 0x0, 0xfffffcaa)
r2 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r2, &(0x7f0000000400)={0x26, 'hash\x00', 0x0, 0x0, 'digest_null\x00'}, 0x58)
r3 = accept4(r2, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0)
r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r5 = dup(r4)
ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200)
splice(r0, 0x0, r3, 0x0, 0x80000001, 0x0)

02:53:33 executing program 2:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)

[  297.062782] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  297.117180] BTRFS error (device loop1): open_ctree failed
02:53:33 executing program 1 (fault-call:0 fault-nth:68):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:33 executing program 5:
syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file1\x00', 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f0000000080)="083d906d6b66732e66617400028001000240000004f8", 0x16}, {0x0, 0x0, 0x601}], 0x0, &(0x7f0000000140))

02:53:33 executing program 2:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)

02:53:33 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000340)={0x2, 0x6, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, [@sadb_x_nat_t_type={0x1}, @sadb_x_nat_t_type={0x1}]}, 0x20}}, 0x0)

02:53:33 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  297.268090] overlayfs: failed to resolve './file': -2
[  297.286499] FAT-fs (loop5): bogus number of FAT sectors
[  297.294012] FAT-fs (loop5): Can't find a valid FAT filesystem
[  297.309073] audit: type=1804 audit(1601002413.863:186): pid=19247 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/97/bus/file0" dev="sda1" ino=16581 res=1
[  297.310887] FAULT_INJECTION: forcing a failure.
[  297.310887] name failslab, interval 1, probability 0, space 0, times 0
[  297.344857] CPU: 1 PID: 19257 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  297.352878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.362210] Call Trace:
[  297.364780]  dump_stack+0x1b2/0x283
[  297.368389]  should_fail.cold+0x10a/0x154
[  297.372535]  should_failslab+0xd6/0x130
[  297.376486]  kmem_cache_alloc+0x40/0x3c0
[  297.380543]  radix_tree_node_alloc.constprop.0+0x1b0/0x2f0
[  297.386145]  __radix_tree_create+0x323/0x4b0
[  297.390553]  page_cache_tree_insert+0x98/0x2a0
[  297.395112]  ? file_check_and_advance_wb_err+0x370/0x370
[  297.400557]  ? __add_to_page_cache_locked+0x1ed/0x840
[  297.405747]  __add_to_page_cache_locked+0x1fd/0x840
[  297.410823]  ? page_cache_tree_insert+0x2a0/0x2a0
[  297.415734]  ? find_get_entry+0x339/0x630
[  297.419874]  add_to_page_cache_lru+0xcf/0x2b0
[  297.424390]  ? add_to_page_cache_locked+0x40/0x40
[  297.429422]  ? alloc_pages_current+0x15d/0x260
[  297.433983]  do_read_cache_page+0x36f/0xbb0
[  297.438334]  ? blkdev_writepages+0xd0/0xd0
[  297.442558]  btrfs_read_disk_super+0xd0/0x370
[  297.447034]  btrfs_scan_one_device+0xb5/0x330
[  297.451535]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  297.456531]  ? device_list_add+0x8f0/0x8f0
[  297.460750]  btrfs_mount+0x1fc/0x1fe0
[  297.464531]  ? lock_downgrade+0x740/0x740
[  297.468661]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  297.474614]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  297.480043]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  297.485036]  ? __lockdep_init_map+0x100/0x560
[  297.489541]  ? __lockdep_init_map+0x100/0x560
[  297.494016]  mount_fs+0x92/0x2a0
[  297.497380]  vfs_kern_mount.part.0+0x5b/0x470
[  297.501850]  vfs_kern_mount+0x3c/0x60
[  297.505626]  btrfs_mount+0x42a/0x1fe0
[  297.509403]  ? lock_downgrade+0x740/0x740
[  297.513547]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  297.519502]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  297.525103]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  297.530094]  ? __lockdep_init_map+0x100/0x560
[  297.534580]  ? __lockdep_init_map+0x100/0x560
[  297.539050]  mount_fs+0x92/0x2a0
[  297.542393]  vfs_kern_mount.part.0+0x5b/0x470
[  297.546951]  do_mount+0xe53/0x2a00
[  297.550473]  ? copy_mount_string+0x40/0x40
[  297.554680]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  297.559677]  ? copy_mnt_ns+0xa30/0xa30
[  297.563537]  ? copy_mount_options+0x1fa/0x2f0
[  297.568007]  ? copy_mnt_ns+0xa30/0xa30
[  297.571867]  SyS_mount+0xa8/0x120
[  297.575294]  ? copy_mnt_ns+0xa30/0xa30
[  297.579156]  do_syscall_64+0x1d5/0x640
[  297.583031]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  297.588192] RIP: 0033:0x460bca
[  297.591356] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  297.599036] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  297.606296] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
02:53:34 executing program 3:
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
sendmsg$inet_sctp(r0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@dstaddrv4={0x18, 0x84, 0x9, @local={0xac, 0x14, 0x0}}], 0x18}, 0x0)

02:53:34 executing program 2:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000000))
perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x4, 0xffffffffffffffff, 0x0)

02:53:34 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x0, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  297.613625] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  297.620966] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  297.628730] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:34 executing program 2:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000840)={&(0x7f0000000380)=@in={0x2, 0x0, @dev}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xb80b0048}, 0x0)

02:53:34 executing program 3:
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000400), 0x84)

[  297.695636] FAT-fs (loop5): bogus number of FAT sectors
[  297.702323] FAT-fs (loop5): Can't find a valid FAT filesystem
[  297.821668] audit: type=1804 audit(1601002414.373:187): pid=19270 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/98/bus/file0" dev="sda1" ino=16565 res=1
[  297.888429] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  297.927808] BTRFS error (device loop1): open_ctree failed
02:53:34 executing program 4:
prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0)
r0 = getpid()
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc0}, 0x10)
sched_setattr(r0, &(0x7f0000000280)={0x38, 0x2, 0x0, 0x0, 0x8}, 0x0)
r2 = socket$inet6(0xa, 0x2, 0x0)
recvmmsg(r2, &(0x7f0000000500)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x0, 0x0)
pipe(&(0x7f0000000440)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
fcntl$setpipe(r4, 0x407, 0x0)
sendfile(r3, 0xffffffffffffffff, &(0x7f0000000400)=0x20, 0x9)
write(r4, &(0x7f0000000340), 0x41395527)
vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f0000000340)={0x38, 0x3, 0x1, 0x0, 0x0, 0x100000001}, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
perf_event_open(&(0x7f000001d000)={0x2, 0x70, 0x7e, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000180)}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
request_key(&(0x7f0000000100)='user\x00', &(0x7f00000000c0)={'syz', 0x1, 0xd}, &(0x7f0000000200)='R\tr0s\xac\x84cusgrVex:DeXy\x13\x12 =\xe0A(\xc8\x17~\xee\x87\xd4\xd7i\x0fH\x10\xe5\x14U\xf1E\x7f\xea:X\xaf\xe1\x11\xcb\ftuo\xba\x1f\xd8xx\xf7\xca\x04\x1a\xd3\x84%4?R\xcc\'lr\x9d\x05R\x0e', 0x0)

02:53:34 executing program 5:
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
close(r0)

02:53:34 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0), 0x4b)
r0 = socket$kcm(0x2, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000003e40))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r1, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001900)='cgroup.controllers\x00', 0x26e1, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'team_slave_1\x00'})
r3 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r3, 0x1, 0x3e, &(0x7f00000002c0)=r2, 0x161)
sendmsg$inet(r3, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x4e24, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff00}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="110000000000000004f407000100000000000000000000001c00000000000000000000fd04000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c00000000000000090000000888f800", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000240000000000000000000000070000009404000044100900000000000000000000007e000000000011000000000000000000001f00"/76], 0x98}, 0x0)

02:53:34 executing program 2:
mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x0, 0x6031, 0xffffffffffffffff, 0x0)
mremap(&(0x7f0000a01000/0x4000)=nil, 0x4000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
clone(0x0, 0x0, 0x0, 0x0, 0x0)

02:53:34 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x0, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:34 executing program 1 (fault-call:0 fault-nth:69):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:34 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x29, 0x2, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8b0b, &(0x7f0000000000)='wlan1\x00\x1f\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9\xff\x7f\x00\x00\x00\x00\x00\x00\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b8\x84c\xf2\xc2\fpp.{\xb2\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2\x9d\xe9\x00\x00\x00)-v\x91WQ\xfd\xdcSE;\x9d\xc3\xc1LO\xf1\xf7\xbe\xdc\xd0Y\a\xdf\x11\r\x9a\xfe#N\a\xc6\xf3I\x89tZU#Ifx\xc3\xeb\xbe\xb6efpM\xc8\xaa\x88BA\n\xd1\x16\x81\x96ZI\xb2\xb5\xf2\xe6\xf5\x00\x92\r\xf6\x8d\x95\x9db\xe2\xc4\xad\xcb>\x89<h\xae\xa5\x8c\xc9f7\xbb\xb8\xc3|\r&F\x86qc\x1bO\x82r\xf1\xf0\x80\xdc\xca\xeak]\x02\xa5\xc2\xa4\xed;\x9fP')

[  298.042762] FAULT_INJECTION: forcing a failure.
[  298.042762] name failslab, interval 1, probability 0, space 0, times 0
[  298.094881] CPU: 1 PID: 19299 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  298.102813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.112170] Call Trace:
[  298.114772]  dump_stack+0x1b2/0x283
[  298.118409]  should_fail.cold+0x10a/0x154
[  298.122563]  ? mempool_free+0x1d0/0x1d0
[  298.126541]  should_failslab+0xd6/0x130
[  298.130521]  kmem_cache_alloc+0x40/0x3c0
[  298.134588]  ? mempool_free+0x1d0/0x1d0
[  298.138571]  mempool_alloc+0x10e/0x2d0
[  298.139560] audit: type=1804 audit(1601002414.693:188): pid=19318 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/99/bus/file0" dev="sda1" ino=15840 res=1
[  298.142459]  ? remove_element.isra.0+0x1b0/0x1b0
[  298.142471]  ? alloc_buffer_head+0x20/0x110
[  298.142482]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.182642]  bio_alloc_bioset+0x41b/0x830
[  298.186804]  ? bvec_alloc+0x2d0/0x2d0
[  298.190642]  ? lock_downgrade+0x740/0x740
02:53:34 executing program 5:
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socket$kcm(0x2, 0x0, 0x0)
r1 = socket$kcm(0x11, 0x200000000000002, 0x300)
recvmsg$kcm(r1, &(0x7f0000001cc0)={0x0, 0x0, 0x0}, 0x0)
r2 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r2, &(0x7f0000002780)={&(0x7f00000000c0)=@nl=@proc={0x10, 0x0, 0x0, 0x200000}, 0x80, 0x0}, 0x0)

[  298.194804]  submit_bh_wbc+0xf5/0x6f0
[  298.198612]  block_read_full_page+0x6ce/0x870
[  298.203121]  ? set_init_blocksize+0x210/0x210
[  298.207791]  ? __lru_cache_add+0x178/0x250
[  298.212030]  ? __bread_gfp+0x2e0/0x2e0
[  298.215923]  ? add_to_page_cache_lru+0x136/0x2b0
[  298.220682]  ? add_to_page_cache_locked+0x40/0x40
[  298.225533]  ? alloc_pages_current+0x15d/0x260
[  298.230122]  do_read_cache_page+0x38e/0xbb0
[  298.236447]  ? blkdev_writepages+0xd0/0xd0
[  298.240796]  btrfs_read_disk_super+0xd0/0x370
[  298.245301]  btrfs_scan_one_device+0xb5/0x330
[  298.249977]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  298.254995]  ? device_list_add+0x8f0/0x8f0
[  298.259965]  btrfs_mount+0x1fc/0x1fe0
[  298.263785]  ? lock_downgrade+0x740/0x740
[  298.267941]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  298.274109]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.279750]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  298.284779]  ? __lockdep_init_map+0x100/0x560
[  298.289293]  ? __lockdep_init_map+0x100/0x560
[  298.293884]  mount_fs+0x92/0x2a0
[  298.297253]  vfs_kern_mount.part.0+0x5b/0x470
[  298.301733]  vfs_kern_mount+0x3c/0x60
[  298.305531]  btrfs_mount+0x42a/0x1fe0
[  298.309346]  ? lock_downgrade+0x740/0x740
[  298.313599]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  298.319564]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.325125]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  298.330206]  ? __lockdep_init_map+0x100/0x560
[  298.334705]  ? __lockdep_init_map+0x100/0x560
[  298.339253]  mount_fs+0x92/0x2a0
[  298.342650]  vfs_kern_mount.part.0+0x5b/0x470
[  298.347148]  do_mount+0xe53/0x2a00
[  298.350686]  ? copy_mount_string+0x40/0x40
[  298.354910]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  298.359914]  ? copy_mnt_ns+0xa30/0xa30
[  298.363792]  ? copy_mount_options+0x1fa/0x2f0
[  298.368289]  ? copy_mnt_ns+0xa30/0xa30
[  298.372169]  SyS_mount+0xa8/0x120
[  298.375713]  ? copy_mnt_ns+0xa30/0xa30
[  298.379597]  do_syscall_64+0x1d5/0x640
[  298.383467]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  298.388635] RIP: 0033:0x460bca
02:53:35 executing program 2:
r0 = socket$kcm(0x2, 0x3, 0x2)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000840)={&(0x7f0000000380)=@in={0x2, 0x0, @dev}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xb80b0048}, 0xe000000)

02:53:35 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6, 0xffffffffffffff7f}, 0xc47, 0x7f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x8)
r0 = socket$kcm(0x10, 0x2, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
ioctl$TUNGETFILTER(r1, 0x801054db, &(0x7f0000000200)=""/94)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e74000026000511d25a80648c63940d0424fc60100016400a0002000200000037153e370a00018004000000d1bd", 0x33fe0}], 0x1}, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
r2 = socket$kcm(0x10, 0x3, 0x0)
recvmsg$kcm(r0, &(0x7f000000db40)={&(0x7f000000d900)=@xdp, 0x80, 0x0}, 0x12002)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
recvmsg$kcm(r2, &(0x7f0000003900)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0)
write$cgroup_int(0xffffffffffffffff, 0x0, 0x0)
sendmsg$sock(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000002c0)}, 0x4)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)

02:53:35 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x0, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  298.391804] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  298.399844] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  298.407107] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  298.414361] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  298.421621] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  298.428906] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:35 executing program 2:
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000140)={<r0=>0x0, <r1=>0x0})
recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x10000023, &(0x7f00000002c0)=""/77, 0x42e}, 0x0)
recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0xfe76, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0x6129d00b}], 0x1, &(0x7f00000001c0)=""/4, 0x10036, 0x7301}, 0x3f00)
recvmsg$kcm(r1, &(0x7f00000014c0)={&(0x7f0000000240)=@can, 0x80, &(0x7f0000000440)=[{&(0x7f0000000340)=""/208, 0xd0}], 0x1, &(0x7f00000004c0)=""/4096, 0x1000}, 0x10000)
sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000100), 0x47, &(0x7f0000000000)}, 0x0)

[  298.459962] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:35 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0), 0x4b)
socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000003e40))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001900)='cgroup.controllers\x00', 0x26e1, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x2a, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff00}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="110000000000000004f407000100000000000000000000001c00000000000000000000fd04000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c00000000000000090000000888f800", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000240000000000000000000000070000009404000044100900000000000000000000007e000000000011000000000000000000001f00"/76], 0x98}, 0x0)

[  298.559213] BTRFS error (device loop1): open_ctree failed
02:53:35 executing program 5:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r1 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xb0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x40082404, &(0x7f0000000100)=0x2)
ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, 0xffffffffffffffff)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0x0, 0xffffffffffffffff, 0x0, 0x34f, &(0x7f0000000440)='nr0\x01\x00`\xa1\x9e\xf9\xd2\xc6s\xd9\xa1W\x1c\xb9\xe16\x9b\xcda\xef~Iy:\xe1\x87\x12\xee\xeb\x1d\xaav\x94\x97\x80\v\x7f\xbb\xd3[\x17\f\x10u\x1d9\xae\xb6`\xd8c\xe4\x9b\x8cO;=\xadH\x90+[-l\xfd\n\xbd7,c\xbc\xf5\xd7\a\xf3\xfdM.\x8dD<\x88\xbc\x0eV7\xdd\x82\xfc45\xbe\xd4\xde]i<\x9ax\x1c\x86>\x05\xd8\xa6\xf8h\x9a[\xe2\x92\x16\x06\x1f?\xf5?\x8bk9fx\xe7\xba\x15^\xf9\x15-~C\xb1\xec\xcb#1\xeb\x8e\xb1\xedU\x86\xdc\xf8\xb3\xb0\xb9\x996\x1aD\xff,\"\xc2\xab\xbe\xf4-\xd2N\xab\xe6r3F\xa6\xe4l\x04\x99\xa2\x14B\xd8\xd0\r\xcbW\xf0\x13\xffu\x95\xed\xd0\xff\ai0\xde6u\xd3A\x17\xa4N\xb0\xe4\xf82\x93m\xa4NW\xe4:>6\xbdH\xd2\xa8[\xf4\xfdJ\x80N\x83CZ\xf5\xe2\x87\xd4\xe2s7\xb4\xad\xa1\x1b&!\x98\x86\"R\x06\x00\x00\x00\x00\x00\x00\x00\x95\xfe7q\xe9\xf4,\xa3\x0f\xb2\x1e\x12\xf0\xa3\xd8\xbc-\x85EJ\xf9\xfc\xc0#-\x8f\xd9\tD\x8b\x01\xf4lY=1\xea\x1c\x92de\xe3ZA\x99\a\x9c<\xa4\x11(\xb1|\xb0\x1f\xbf[R+\xe0\xfd\x02\x02*\xda7\xfe\xcc\x0e\xb6\xc8\xc8\x83\x18\x83\xb8Z\x11\x06\xf2\xf8g\x02\rR\x9f\x17\xa3P\xf2\r\xd3\xbfQ\xa9\x8c\xfd\xa7\f.68\xa4\x83\xfd?\x87\x94\v\xb4x\xb0|L\x11\x03\x94\xc0\t=\x17\x95P\x89\xf2\xca\x97\xbb\xfeu\x12L\x9b\x85\x96\xe0\b\xbf\n\x02\x8bS\x9c\xecyl\xec\x9b\xf5\x85\xeb\x80\xfe>\r&\x014\x01\xf4\xb7\x83\x9a\xfa*\xa6\x06\xb7Pk7N\xc2\xd9\xee\xd0\xb0M\x00\xab\xc3\t\fc\xd8dx\xd5\x1dU*s)\x12[\x14\xb1\xc0\xd7\x1a\xa0\x16\xa2z\x9e\x93 \xddeF>29\v\x02\xa2b\x13R\xef\xffA,\xb9.$\xfa\x9f\xde[\x80\xd1=\xce\x1b\xeb\xf6\xf4\xe3z\x1f\x9dz\xa3\xc0\xe2\xa2\xb1\xeeq\xf5\xec0\x8e\xf4\xfb\xd9\x87\xf03\xdb\xae|\x10&V5c\xa6\xce\xcd\x8a\xdf\xe1\x89\"\xea\xde\xe7\xa3\xbe\xe7\xff\xf9 \x11\xfdY\xc6\xa1\xe8\xda\v\\?\xcb\x87\bn\x9b\x01\x1f\xf8\xe8\x1eV\xfaC\xdf\xc3Vv\x9b\x1a\xfc\x14.c\x94\xc9=\xb0\x0f!d\b\x18*@m\x7f\xaal\x17G\xd6?\x81\x16P\x03\x10e\xc3\xcd\xb1B\xeb\x01B\\\x91A\xa1\x8an\xb4#\xadr\x1e\x81v\xa2\x0e6x\xca\x8b\xa6\xd8\x81\x10:\x0e(\xdd\xfc\xc9\xc6\xb4\xf0\'f:\xbd\xfe\x11\xf8\xc8W\x81s^\xd9W\xf1\x94\xaf\xc5\x8a\xb4f\x1b\x17E\xb23\x12\xb0\xeb\xef\x8c\xb24h\xd7}\x7f\x92Hgej\x957\xe2A'}, 0xffffffffffffffc0)
ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x40082406, &(0x7f0000000140)='\xdb^\x00')
ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x4030582a, &(0x7f0000000040))

02:53:35 executing program 1 (fault-call:0 fault-nth:70):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:35 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  298.736432] audit: type=1804 audit(1601002415.293:189): pid=19351 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/100/bus/file0" dev="sda1" ino=15903 res=1
[  298.776579] FAULT_INJECTION: forcing a failure.
[  298.776579] name failslab, interval 1, probability 0, space 0, times 0
[  298.793078] CPU: 0 PID: 19363 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  298.800964] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.810356] Call Trace:
[  298.812927]  dump_stack+0x1b2/0x283
[  298.816537]  should_fail.cold+0x10a/0x154
[  298.820764]  ? mempool_free+0x1d0/0x1d0
[  298.824727]  should_failslab+0xd6/0x130
[  298.828678]  kmem_cache_alloc+0x40/0x3c0
[  298.832717]  ? mempool_free+0x1d0/0x1d0
[  298.836669]  mempool_alloc+0x10e/0x2d0
[  298.840547]  ? remove_element.isra.0+0x1b0/0x1b0
[  298.848844]  ? alloc_buffer_head+0x20/0x110
[  298.853174]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.858624]  bio_alloc_bioset+0x41b/0x830
[  298.862752]  ? bvec_alloc+0x2d0/0x2d0
[  298.866530]  ? lock_downgrade+0x740/0x740
[  298.870660]  submit_bh_wbc+0xf5/0x6f0
[  298.874440]  block_read_full_page+0x6ce/0x870
[  298.878913]  ? set_init_blocksize+0x210/0x210
[  298.883399]  ? __lru_cache_add+0x178/0x250
[  298.887610]  ? __bread_gfp+0x2e0/0x2e0
[  298.891490]  ? add_to_page_cache_lru+0x136/0x2b0
[  298.896224]  ? add_to_page_cache_locked+0x40/0x40
[  298.901044]  ? alloc_pages_current+0x15d/0x260
[  298.905603]  do_read_cache_page+0x38e/0xbb0
[  298.909905]  ? blkdev_writepages+0xd0/0xd0
[  298.914119]  btrfs_read_disk_super+0xd0/0x370
[  298.918602]  btrfs_scan_one_device+0xb5/0x330
[  298.923087]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  298.928080]  ? device_list_add+0x8f0/0x8f0
[  298.932295]  btrfs_mount+0x1fc/0x1fe0
[  298.936074]  ? lock_downgrade+0x740/0x740
[  298.940220]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  298.946176]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.951614]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  298.956611]  ? __lockdep_init_map+0x100/0x560
[  298.961083]  ? __lockdep_init_map+0x100/0x560
[  298.965580]  mount_fs+0x92/0x2a0
[  298.968925]  vfs_kern_mount.part.0+0x5b/0x470
[  298.973659]  vfs_kern_mount+0x3c/0x60
[  298.978142]  btrfs_mount+0x42a/0x1fe0
[  298.981919]  ? lock_downgrade+0x740/0x740
[  298.986055]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  298.992011]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  298.997440]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  299.002436]  ? __lockdep_init_map+0x100/0x560
[  299.006910]  ? __lockdep_init_map+0x100/0x560
[  299.011386]  mount_fs+0x92/0x2a0
[  299.015167]  vfs_kern_mount.part.0+0x5b/0x470
[  299.019641]  do_mount+0xe53/0x2a00
[  299.023164]  ? copy_mount_string+0x40/0x40
[  299.027381]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  299.032386]  ? copy_mnt_ns+0xa30/0xa30
[  299.036252]  ? copy_mount_options+0x1fa/0x2f0
[  299.041157]  ? copy_mnt_ns+0xa30/0xa30
[  299.045021]  SyS_mount+0xa8/0x120
[  299.048449]  ? copy_mnt_ns+0xa30/0xa30
[  299.052331]  do_syscall_64+0x1d5/0x640
[  299.056200]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  299.061371] RIP: 0033:0x460bca
[  299.064543] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
02:53:35 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0), 0x4b)
socket$kcm(0x2, 0x200000000000001, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000003e40))
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
openat$cgroup_subtree(r0, &(0x7f0000000040)='cgroup.subtree_control\x00', 0x2, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000001900)='cgroup.controllers\x00', 0x26e1, 0x0)
r2 = socket$kcm(0x2, 0x1000000000000002, 0x0)
setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x161)
sendmsg$inet(r2, &(0x7f0000007940)={&(0x7f0000000100)={0x2, 0x2a, @rand_addr=0x20}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000380), 0xff00}], 0x1, &(0x7f0000007880)=ANY=[@ANYBLOB="110000000000000004f407000100000000000000000000001c00000000000000000000fd04000000", @ANYRES32=0x0, @ANYBLOB="ac1414bbe0000001000000001c00000000000000090000000888f800", @ANYRES32=0x0, @ANYBLOB="000000000000000000000000240000000000000000000000070000009404000044100900000000000000000000007e000000000011000000000000000000001f00"/76], 0x98}, 0x0)

[  299.072229] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  299.079475] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  299.087263] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  299.094516] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  299.102024] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:35 executing program 5:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4001, @remote}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20004019)
recvmsg(r0, &(0x7f00000009c0)={&(0x7f0000000640)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}}}, 0x80, &(0x7f0000000880)=[{&(0x7f00000006c0)=""/195, 0xc3}], 0x1}, 0x0)
close(r0)

[  299.233615] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:35 executing program 5:
r0 = socket$kcm(0xa, 0x5, 0x0)
perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000040)=@in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000000)="c4", 0x1}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x7, "c0"}], 0x18}, 0xc0060)

02:53:35 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x25b, &(0x7f0000000080)=[{&(0x7f0000000200)="d800000018008100e00f80ecdb0ab9040a4465ef0b007c05e87c55a1bc000900b8000699020000000500154006008178a8001600a40001c00205001203ac040e8fd67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe04000000730d16a4683e4f6d0200003f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e04adcdf634c1f215ce3bb9ad809d5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92307f27260e9703", 0xd8}], 0x1}, 0x0)

02:53:35 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:36 executing program 4:
r0 = socket$kcm(0x2, 0x3, 0x2)
recvmsg(r0, &(0x7f000000bf80)={0x0, 0x0, 0x0}, 0x2000)

02:53:36 executing program 3:
perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xbfffffffffffffff, 0xffffffffffffffff, 0x0)
mkdir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)

[  299.367822] BTRFS error (device loop1): open_ctree failed
[  299.368409] IPv6: NLM_F_CREATE should be specified when creating new route
[  299.383033] netlink: 160 bytes leftover after parsing attributes in process `syz-executor.4'.
02:53:36 executing program 2:
socketpair(0x1e, 0x4, 0x0, &(0x7f0000000140)={0x0, 0x0})

02:53:36 executing program 5:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
recvmsg(0xffffffffffffffff, &(0x7f0000007500)={&(0x7f0000006f80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3631, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x74d000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
bpf$BPF_GET_PROG_INFO(0xf, 0x0, 0x0)

02:53:36 executing program 1 (fault-call:0 fault-nth:71):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:36 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x0, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:36 executing program 4:
socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8921, &(0x7f0000000040)='lo:&\xb7`Q\xb1Y\xa9\xc8J,`\xd2\x98\x00\x00\x00 ')

02:53:36 executing program 3:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4001, @remote}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20004019)
setsockopt$sock_attach_bpf(r0, 0x1, 0xd, &(0x7f0000000080), 0x2cb)
close(r0)

02:53:36 executing program 4:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x3a6, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000034000511d25a80648c63940d0135fc60100012400c0002000200000037153e370a0001802e256400d1bd", 0x2e}], 0x1}, 0x0)

02:53:36 executing program 2:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x200002, 0x0)
r0 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200)
socketpair(0x25, 0x1, 0x0, &(0x7f0000000140)={0x0, 0x0})

02:53:36 executing program 3:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xb)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e28030026000511d25a80648c63940d0424fc60100016400a0002000200000037153e370a00118004000000d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0xa, 0x0, 0x11)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x100002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={r1})

[  299.619422] FAULT_INJECTION: forcing a failure.
[  299.619422] name failslab, interval 1, probability 0, space 0, times 0
02:53:36 executing program 2:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x10f, 0x87, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0xff7f, &(0x7f0000000000)=[{&(0x7f0000000040)="2e00000034000511d25a80648c63940d0135fc60100012400c0002000200000037153e370a0001802e256400d1bd", 0x2e}], 0x1}, 0x0)

[  299.737465] CPU: 0 PID: 19413 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  299.745376] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.754902] Call Trace:
[  299.757496]  dump_stack+0x1b2/0x283
[  299.761141]  should_fail.cold+0x10a/0x154
[  299.766092]  should_failslab+0xd6/0x130
[  299.770075]  kmem_cache_alloc_node_trace+0x25a/0x400
[  299.775180]  __kmalloc_node+0x38/0x70
[  299.778974]  kvmalloc_node+0x88/0xd0
[  299.782689]  btrfs_mount+0x911/0x1fe0
[  299.786487]  ? lock_downgrade+0x740/0x740
[  299.790634]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  299.796612]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  299.802063]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  299.807083]  ? __lockdep_init_map+0x100/0x560
[  299.811586]  ? __lockdep_init_map+0x100/0x560
[  299.816080]  mount_fs+0x92/0x2a0
[  299.819449]  vfs_kern_mount.part.0+0x5b/0x470
[  299.823945]  vfs_kern_mount+0x3c/0x60
[  299.827745]  btrfs_mount+0x42a/0x1fe0
[  299.831549]  ? lock_downgrade+0x740/0x740
[  299.835696]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  299.841673]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  299.847133]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  299.852153]  ? __lockdep_init_map+0x100/0x560
[  299.856648]  ? __lockdep_init_map+0x100/0x560
[  299.861257]  mount_fs+0x92/0x2a0
[  299.864622]  vfs_kern_mount.part.0+0x5b/0x470
[  299.869232]  do_mount+0xe53/0x2a00
[  299.872776]  ? copy_mount_string+0x40/0x40
[  299.877028]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  299.882053]  ? copy_mnt_ns+0xa30/0xa30
02:53:36 executing program 4:
mkdir(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)

02:53:36 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000340)={0x1, 0x8, 0x209e20, 0x8000000001}, 0x2c)
r0 = socket$kcm(0x11, 0x200000000000002, 0x300)
recvmsg(r0, &(0x7f0000007500)={&(0x7f0000006f80)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, 0x80, 0x0, 0x0, 0xffffffffffffffff}, 0x0)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
perf_event_open(&(0x7f0000000200)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0xce7c, 0xc3631, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffbfffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x81, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffff7ffffffffff, 0xffffffffffffffff, 0x0)
bpf$MAP_CREATE(0x2, &(0x7f0000003000)={0x3, 0x0, 0x77fffb, 0x0, 0x74d000, 0x0, 0x0, [0x0, 0xeca7020000000000, 0x0, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x600]}, 0x2c)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000140)={0xffffffffffffffff, 0xc0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=0x100, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x5}, 0x0, 0x0, &(0x7f0000000080)={0x2, 0x8, 0x8, 0x2}, &(0x7f00000000c0)=0x5, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=0x3f}}, 0x10)

02:53:36 executing program 4:
perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x7}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000180)={0x0, 0x8782559fc2aff2e2, &(0x7f0000000080)=[{&(0x7f0000000040)="2e28030026000511d25a80648c63940d0424fc60100016400a0002000200000037153e370a00118004000000d1bd", 0x33fe0}], 0x1}, 0x0)
socket$kcm(0xa, 0x0, 0x11)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x100002, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, &(0x7f0000000000)={r1})

[  299.885942]  ? copy_mount_options+0x1fa/0x2f0
[  299.890441]  ? copy_mnt_ns+0xa30/0xa30
[  299.894327]  SyS_mount+0xa8/0x120
[  299.897778]  ? copy_mnt_ns+0xa30/0xa30
[  299.902014]  do_syscall_64+0x1d5/0x640
[  299.905911]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  299.911102] RIP: 0033:0x460bca
[  299.914372] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  299.922074] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  299.929338] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  299.936605] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  299.943875] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  299.951137] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:36 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x0, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  300.048335] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:36 executing program 1 (fault-call:0 fault-nth:72):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:36 executing program 5:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x9, 0x1, 0x80, 0x400}, 0x3c)
bpf$MAP_DELETE_BATCH(0x1b, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000480), 0x0, 0x8001, r0}, 0x38)

02:53:36 executing program 2:
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0xfffffffffffffed3, &(0x7f0000000080)=[{&(0x7f0000000040)="2ea400001e00056bd25a80648c69940d0124fc60100009400ac00e48053582c137153e370948018000f01700d1bd", 0x33fe0}], 0x1}, 0x7a000000)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)

02:53:36 executing program 3:

02:53:36 executing program 4:

02:53:36 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x0, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  300.121956] BTRFS error (device loop1): open_ctree failed
02:53:36 executing program 4:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
bpf$BPF_PROG_GET_NEXT_ID(0xb, &(0x7f0000000000)={0x81}, 0x8)

02:53:36 executing program 2:
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg(r0, &(0x7f00000006c0)={&(0x7f0000000040)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000700)=[{&(0x7f0000000000)="c4", 0x1}], 0x1, &(0x7f0000000380)=[{0x18, 0x84, 0x7, "e0"}], 0x18}, 0x0)

02:53:36 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$kcm(0x29, 0x2, 0x0)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000000780)={&(0x7f0000000080)={0x2, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10, 0x0}, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0)
perf_event_open$cgroup(0x0, r1, 0x0, 0xffffffffffffffff, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4)
sendmsg$kcm(r0, &(0x7f0000000840)={&(0x7f0000000380)=@in={0x2, 0x900, @dev}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xb80b0048}, 0x0)

02:53:36 executing program 5:
r0 = socket$kcm(0x29, 0x2, 0x0)
r1 = socket$kcm(0x2b, 0x1, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
close(r0)
r2 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r2, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4001, @remote}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x20004019)
sendmsg(r0, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000180)="85", 0x1}], 0x1}, 0x80)

[  300.265419] FAULT_INJECTION: forcing a failure.
[  300.265419] name failslab, interval 1, probability 0, space 0, times 0
[  300.292285] CPU: 0 PID: 19472 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  300.300198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  300.309724] Call Trace:
02:53:36 executing program 4:

02:53:36 executing program 2:

[  300.312317]  dump_stack+0x1b2/0x283
[  300.315947]  should_fail.cold+0x10a/0x154
[  300.320095]  ? kasan_kmalloc+0xeb/0x160
[  300.324074]  should_failslab+0xd6/0x130
[  300.328049]  kmem_cache_alloc_node+0x54/0x410
[  300.332603]  create_task_io_context+0x2a/0x3c0
[  300.337194]  generic_make_request_checks+0x1350/0x19f0
[  300.342470]  ? mempool_alloc+0x10e/0x2d0
[  300.346528]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  300.351977]  ? blk_rq_prep_clone+0x6c0/0x6c0
[  300.356383]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  300.361407]  ? trace_hardirqs_on+0x10/0x10
[  300.365660]  generic_make_request+0x67/0x850
[  300.370069]  ? remove_element.isra.0+0x1b0/0x1b0
[  300.374826]  ? blk_queue_exit+0x1d0/0x1d0
[  300.379324]  ? alloc_buffer_head+0x20/0x110
[  300.383643]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  300.389091]  ? guard_bio_eod+0x15c/0x520
[  300.393154]  submit_bio+0x234/0x390
[  300.396776]  ? generic_make_request+0x850/0x850
[  300.401441]  ? guard_bio_eod+0x1ba/0x520
[  300.405500]  ? bio_add_page+0x96/0xe0
[  300.409303]  submit_bh_wbc+0x526/0x6f0
[  300.413192]  block_read_full_page+0x6ce/0x870
[  300.417689]  ? set_init_blocksize+0x210/0x210
[  300.422196]  ? __lru_cache_add+0x178/0x250
[  300.426430]  ? __bread_gfp+0x2e0/0x2e0
[  300.430316]  ? add_to_page_cache_lru+0x136/0x2b0
[  300.435070]  ? add_to_page_cache_locked+0x40/0x40
[  300.439941]  ? alloc_pages_current+0x15d/0x260
[  300.444527]  do_read_cache_page+0x38e/0xbb0
[  300.448843]  ? blkdev_writepages+0xd0/0xd0
[  300.453684]  btrfs_read_disk_super+0xd0/0x370
[  300.458230]  btrfs_scan_one_device+0xb5/0x330
[  300.462727]  ? trace_hardirqs_on_caller+0x3a8/0x580
[  300.467734]  ? device_list_add+0x8f0/0x8f0
[  300.471983]  btrfs_mount+0x1fc/0x1fe0
[  300.475945]  ? lock_downgrade+0x740/0x740
[  300.480111]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  300.486342]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  300.491786]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  300.496791]  ? __lockdep_init_map+0x100/0x560
[  300.501284]  ? __lockdep_init_map+0x100/0x560
[  300.505763]  mount_fs+0x92/0x2a0
[  300.509125]  vfs_kern_mount.part.0+0x5b/0x470
[  300.513601]  vfs_kern_mount+0x3c/0x60
[  300.517389]  btrfs_mount+0x42a/0x1fe0
[  300.521192]  ? lock_downgrade+0x740/0x740
[  300.525321]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  300.531274]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  300.536702]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  300.541697]  ? __lockdep_init_map+0x100/0x560
[  300.546181]  ? __lockdep_init_map+0x100/0x560
[  300.550674]  mount_fs+0x92/0x2a0
[  300.554021]  vfs_kern_mount.part.0+0x5b/0x470
[  300.558496]  do_mount+0xe53/0x2a00
[  300.562105]  ? copy_mount_string+0x40/0x40
[  300.566328]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  300.571322]  ? copy_mnt_ns+0xa30/0xa30
[  300.575190]  ? copy_mount_options+0x1fa/0x2f0
[  300.579663]  ? copy_mnt_ns+0xa30/0xa30
[  300.583528]  SyS_mount+0xa8/0x120
[  300.586964]  ? copy_mnt_ns+0xa30/0xa30
[  300.590844]  do_syscall_64+0x1d5/0x640
[  300.594715]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  300.599902] RIP: 0033:0x460bca
[  300.603085] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  300.611482] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  300.618738] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  300.625994] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  300.633246] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  300.640522] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  300.724980] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:37 executing program 1 (fault-call:0 fault-nth:73):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:37 executing program 5:
r0 = socket(0x2, 0x5, 0x0)
connect$unix(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="8202cde917"], 0x10)
connect(r0, &(0x7f0000000080)=@in={0x10, 0x2}, 0x10)

02:53:37 executing program 4:
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x7}, 0x0)
pipe(&(0x7f0000000100)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setpipe(r1, 0x407, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000140))
write(r1, &(0x7f0000000340), 0x41395527)
vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0xfffffe00}], 0x1, 0x0)
sched_setattr(0x0, &(0x7f00000002c0)={0x38, 0x0, 0x8, 0x0, 0x3}, 0x0)
r2 = socket$inet6(0xa, 0x3, 0x6)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xffd8)

02:53:37 executing program 2:
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vhost-vsock\x00', 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f0000000280)=""/97, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000780)={0x1, 0x0, 0x0, &(0x7f0000000580)=""/156, 0x0})
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000300))
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000003c0)=0x1)

02:53:37 executing program 3:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=.'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:37 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x0, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  300.766929] BTRFS error (device loop1): open_ctree failed
02:53:37 executing program 5:

02:53:37 executing program 2:

[  300.872697] FAULT_INJECTION: forcing a failure.
[  300.872697] name failslab, interval 1, probability 0, space 0, times 0
[  300.888299] overlayfs: option "workdir=." is useless in a non-upper mount, ignore
[  300.909725] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  300.922056] CPU: 1 PID: 19517 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  300.929974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  300.939329] Call Trace:
[  300.941922]  dump_stack+0x1b2/0x283
[  300.945564]  should_fail.cold+0x10a/0x154
[  300.949846]  should_failslab+0xd6/0x130
[  300.953822]  kmem_cache_alloc_trace+0x29a/0x3d0
[  300.958494]  btrfs_mount+0x988/0x1fe0
[  300.962296]  ? lock_downgrade+0x740/0x740
[  300.966447]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  300.972423]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  300.977878]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  300.982901]  ? __lockdep_init_map+0x100/0x560
[  300.987402]  ? __lockdep_init_map+0x100/0x560
[  300.991900]  mount_fs+0x92/0x2a0
[  300.995271]  vfs_kern_mount.part.0+0x5b/0x470
[  300.999769]  vfs_kern_mount+0x3c/0x60
[  301.003575]  btrfs_mount+0x42a/0x1fe0
[  301.007387]  ? lock_downgrade+0x740/0x740
[  301.011535]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  301.017512]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  301.022963]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  301.027980]  ? __lockdep_init_map+0x100/0x560
[  301.032564]  ? __lockdep_init_map+0x100/0x560
[  301.037062]  mount_fs+0x92/0x2a0
[  301.040428]  vfs_kern_mount.part.0+0x5b/0x470
[  301.044922]  do_mount+0xe53/0x2a00
[  301.048469]  ? copy_mount_string+0x40/0x40
[  301.052704]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  301.057730]  ? copy_mnt_ns+0xa30/0xa30
[  301.061613]  ? copy_mount_options+0x1fa/0x2f0
[  301.066106]  ? copy_mnt_ns+0xa30/0xa30
[  301.070077]  SyS_mount+0xa8/0x120
02:53:37 executing program 2:

02:53:37 executing program 5:

[  301.073522]  ? copy_mnt_ns+0xa30/0xa30
[  301.077409]  do_syscall_64+0x1d5/0x640
[  301.081300]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  301.086483] RIP: 0033:0x460bca
[  301.089667] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  301.097381] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  301.104644] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  301.111908] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  301.119172] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  301.126462] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:37 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:37 executing program 2:

[  301.164040] kauditd_printk_skb: 6 callbacks suppressed
[  301.164049] audit: type=1804 audit(1601002417.713:196): pid=19514 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir321547071/syzkaller.vincSs/147/bus/file0" dev="sda1" ino=16058 res=1
[  301.292349] audit: type=1804 audit(1601002417.843:197): pid=19540 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/107/bus/file0" dev="sda1" ino=15906 res=1
02:53:37 executing program 1 (fault-call:0 fault-nth:74):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:37 executing program 5:

02:53:37 executing program 4:

02:53:37 executing program 3:

02:53:37 executing program 2:

02:53:37 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:37 executing program 5:

02:53:38 executing program 2:

02:53:38 executing program 3:

[  301.464604] FAULT_INJECTION: forcing a failure.
[  301.464604] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  301.476522] CPU: 0 PID: 19555 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  301.484406] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  301.485813] audit: type=1804 audit(1601002418.023:198): pid=19552 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/108/bus/file0" dev="sda1" ino=16167 res=1
[  301.493756] Call Trace:
[  301.521164]  dump_stack+0x1b2/0x283
[  301.524794]  should_fail.cold+0x10a/0x154
[  301.528943]  ? lo_release+0x1b/0x190
[  301.532660]  __alloc_pages_nodemask+0x22c/0x2720
[  301.537415]  ? lo_release+0x1b/0x190
[  301.541132]  ? __lock_acquire+0x5fc/0x3f20
[  301.545374]  ? lock_downgrade+0x740/0x740
[  301.549523]  ? __ww_mutex_wakeup_for_backoff+0x210/0x210
[  301.554971]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  301.559813]  ? loop_clr_fd+0xc20/0xc20
[  301.563711]  ? trace_hardirqs_on+0x10/0x10
[  301.567951]  ? lock_downgrade+0x740/0x740
[  301.572098]  ? __blkdev_put+0x4f0/0x750
[  301.576078]  cache_grow_begin+0x8f/0x420
[  301.580144]  cache_alloc_refill+0x273/0x350
[  301.584470]  kmem_cache_alloc_node_trace+0x3e5/0x400
[  301.589583]  __kmalloc_node+0x38/0x70
[  301.593382]  kvmalloc_node+0x88/0xd0
[  301.597096]  btrfs_mount+0x911/0x1fe0
[  301.600899]  ? lock_downgrade+0x740/0x740
[  301.605055]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  301.611032]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  301.616488]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  301.621509]  ? __lockdep_init_map+0x100/0x560
[  301.626005]  ? __lockdep_init_map+0x100/0x560
[  301.630502]  mount_fs+0x92/0x2a0
[  301.633876]  vfs_kern_mount.part.0+0x5b/0x470
[  301.638427]  vfs_kern_mount+0x3c/0x60
[  301.642260]  btrfs_mount+0x42a/0x1fe0
[  301.646041]  ? lock_downgrade+0x740/0x740
[  301.650216]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  301.656187]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  301.661622]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  301.666621]  ? __lockdep_init_map+0x100/0x560
[  301.671117]  ? __lockdep_init_map+0x100/0x560
[  301.675609]  mount_fs+0x92/0x2a0
[  301.678977]  vfs_kern_mount.part.0+0x5b/0x470
[  301.683456]  do_mount+0xe53/0x2a00
[  301.686981]  ? do_raw_spin_unlock+0x164/0x220
[  301.691514]  ? copy_mount_string+0x40/0x40
[  301.695752]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  301.700749]  ? copy_mnt_ns+0xa30/0xa30
[  301.704617]  ? copy_mount_options+0x1fa/0x2f0
[  301.709095]  ? copy_mnt_ns+0xa30/0xa30
02:53:38 executing program 4:

[  301.712972]  SyS_mount+0xa8/0x120
[  301.716407]  ? copy_mnt_ns+0xa30/0xa30
[  301.720279]  do_syscall_64+0x1d5/0x640
[  301.724157]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  301.729324] RIP: 0033:0x460bca
[  301.732492] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  301.740177] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  301.747553] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  301.754800] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
02:53:38 executing program 3:

02:53:38 executing program 2:

[  301.762049] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  301.769303] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  301.791209] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:38 executing program 1 (fault-call:0 fault-nth:75):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:38 executing program 5:

02:53:38 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x468, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x420, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x408, 0x5, [@TCA_POLICE_RATE={0x404, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7]}]}]}}]}, 0x468}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:38 executing program 3:

02:53:38 executing program 4:

02:53:38 executing program 2:

[  301.865329] BTRFS error (device loop1): open_ctree failed
02:53:38 executing program 2:

02:53:38 executing program 3:

02:53:38 executing program 2:

02:53:38 executing program 5:

02:53:38 executing program 4:

[  302.019630] FAULT_INJECTION: forcing a failure.
[  302.019630] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  302.031456] CPU: 1 PID: 19586 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  302.039339] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  302.048689] Call Trace:
[  302.051279]  dump_stack+0x1b2/0x283
[  302.055013]  should_fail.cold+0x10a/0x154
[  302.059161]  ? deref_stack_reg+0x124/0x1a0
[  302.063400]  __alloc_pages_nodemask+0x22c/0x2720
[  302.068154]  ? deref_stack_reg+0x124/0x1a0
[  302.072394]  ? __lock_acquire+0x5fc/0x3f20
[  302.076632]  ? unwind_next_frame+0xe54/0x17d0
[  302.081129]  ? __save_stack_trace+0x63/0x160
[  302.085534]  ? deref_stack_reg+0x124/0x1a0
[  302.089772]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  302.094618]  ? trace_hardirqs_on+0x10/0x10
[  302.098857]  ? __lock_acquire+0x5fc/0x3f20
[  302.103096]  ? kernel_text_address+0xbd/0xf0
[  302.107504]  ? __kernel_text_address+0x9/0x30
[  302.112011]  ? __kernel_text_address+0x9/0x30
[  302.116505]  ? unwind_get_return_address+0x51/0x90
[  302.121432]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  302.126806]  cache_grow_begin+0x8f/0x420
[  302.130871]  cache_alloc_refill+0x273/0x350
[  302.135196]  kmem_cache_alloc+0x333/0x3c0
[  302.139343]  getname_kernel+0x4e/0x340
[  302.143231]  kern_path+0x1b/0x40
[  302.146598]  lookup_bdev+0xc6/0x1c0
[  302.150342]  ? bd_acquire+0x440/0x440
[  302.154146]  blkdev_get_by_path+0x1b/0xa0
[  302.158293]  btrfs_get_bdev_and_sb+0x2f/0x2c0
[  302.162792]  __btrfs_open_devices+0x172/0xa30
[  302.163812] audit: type=1804 audit(1601002418.583:199): pid=19585 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/109/bus/file0" dev="sda1" ino=15781 res=1
[  302.167290]  ? find_device+0xf0/0xf0
[  302.167305]  ? btrfs_mount+0x9ee/0x1fe0
[  302.199580]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  302.205033]  btrfs_open_devices+0x98/0xb0
[  302.209188]  btrfs_mount+0xb24/0x1fe0
[  302.213006]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  302.218989]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  302.224443]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.229465]  ? __lockdep_init_map+0x100/0x560
[  302.233959]  ? __lockdep_init_map+0x100/0x560
[  302.238455]  mount_fs+0x92/0x2a0
[  302.241826]  vfs_kern_mount.part.0+0x5b/0x470
[  302.246346]  vfs_kern_mount+0x3c/0x60
[  302.250153]  btrfs_mount+0x42a/0x1fe0
[  302.253958]  ? lock_downgrade+0x740/0x740
[  302.258108]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  302.264099]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  302.269553]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.274748]  ? __lockdep_init_map+0x100/0x560
[  302.279243]  ? __lockdep_init_map+0x100/0x560
[  302.283740]  mount_fs+0x92/0x2a0
[  302.287110]  vfs_kern_mount.part.0+0x5b/0x470
[  302.291605]  do_mount+0xe53/0x2a00
[  302.295152]  ? copy_mount_string+0x40/0x40
[  302.299385]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.304398]  ? copy_mnt_ns+0xa30/0xa30
[  302.308380]  ? copy_mount_options+0x1fa/0x2f0
[  302.312871]  ? copy_mnt_ns+0xa30/0xa30
[  302.316755]  SyS_mount+0xa8/0x120
02:53:38 executing program 4:

[  302.320203]  ? copy_mnt_ns+0xa30/0xa30
[  302.324092]  do_syscall_64+0x1d5/0x640
[  302.327983]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  302.333172] RIP: 0033:0x460bca
[  302.336355] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  302.344060] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  302.351326] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  302.358594] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  302.365861] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  302.373129] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  302.407655] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:39 executing program 1 (fault-call:0 fault-nth:76):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:39 executing program 5:

02:53:39 executing program 3:

02:53:39 executing program 2:

02:53:39 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:39 executing program 4:

02:53:39 executing program 5:

[  302.464662] BTRFS error (device loop1): open_ctree failed
02:53:39 executing program 3:

02:53:39 executing program 2:

02:53:39 executing program 4:

02:53:39 executing program 5:

02:53:39 executing program 3:

[  302.574250] FAULT_INJECTION: forcing a failure.
[  302.574250] name failslab, interval 1, probability 0, space 0, times 0
[  302.616441] audit: type=1804 audit(1601002419.173:200): pid=19626 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/110/bus/file0" dev="sda1" ino=15890 res=1
[  302.630675] CPU: 1 PID: 19627 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  302.649104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  302.658457] Call Trace:
[  302.661050]  dump_stack+0x1b2/0x283
[  302.664684]  should_fail.cold+0x10a/0x154
[  302.668839]  should_failslab+0xd6/0x130
[  302.672816]  kmem_cache_alloc_trace+0x29a/0x3d0
[  302.677492]  btrfs_mount+0x9ee/0x1fe0
[  302.681295]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  302.687272]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  302.692722]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.697754]  ? __lockdep_init_map+0x100/0x560
[  302.702252]  ? __lockdep_init_map+0x100/0x560
[  302.706750]  mount_fs+0x92/0x2a0
[  302.710124]  vfs_kern_mount.part.0+0x5b/0x470
[  302.714621]  vfs_kern_mount+0x3c/0x60
[  302.718427]  btrfs_mount+0x42a/0x1fe0
[  302.722234]  ? lock_downgrade+0x740/0x740
[  302.726388]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  302.732456]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  302.737911]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.742934]  ? __lockdep_init_map+0x100/0x560
[  302.747435]  ? __lockdep_init_map+0x100/0x560
[  302.751933]  mount_fs+0x92/0x2a0
[  302.755303]  vfs_kern_mount.part.0+0x5b/0x470
[  302.759805]  do_mount+0xe53/0x2a00
[  302.763368]  ? copy_mount_string+0x40/0x40
[  302.767607]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  302.772623]  ? copy_mnt_ns+0xa30/0xa30
[  302.776509]  ? copy_mount_options+0x1fa/0x2f0
[  302.781005]  ? copy_mnt_ns+0xa30/0xa30
[  302.785004]  SyS_mount+0xa8/0x120
[  302.788454]  ? copy_mnt_ns+0xa30/0xa30
[  302.792333]  do_syscall_64+0x1d5/0x640
[  302.796208]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  302.801509] RIP: 0033:0x460bca
[  302.804717] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
02:53:39 executing program 1 (fault-call:0 fault-nth:77):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:39 executing program 2:

02:53:39 executing program 5:

02:53:39 executing program 3:

02:53:39 executing program 4:

02:53:39 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  302.812404] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  302.819698] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  302.827041] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  302.834300] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  302.841552] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:39 executing program 2:

02:53:39 executing program 4:

02:53:39 executing program 3:

02:53:39 executing program 5:

[  302.963944] FAULT_INJECTION: forcing a failure.
[  302.963944] name failslab, interval 1, probability 0, space 0, times 0
[  302.997577] CPU: 1 PID: 19650 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  303.005490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.014846] Call Trace:
[  303.017070] audit: type=1804 audit(1601002419.573:201): pid=19659 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/111/bus/file0" dev="sda1" ino=15908 res=1
[  303.017431]  dump_stack+0x1b2/0x283
[  303.045676]  should_fail.cold+0x10a/0x154
[  303.049832]  should_failslab+0xd6/0x130
[  303.053810]  kmem_cache_alloc_trace+0x29a/0x3d0
[  303.058485]  btrfs_mount+0x988/0x1fe0
02:53:39 executing program 2:

02:53:39 executing program 5:

[  303.062289]  ? lock_downgrade+0x740/0x740
[  303.066438]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  303.072423]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  303.077876]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.082898]  ? __lockdep_init_map+0x100/0x560
[  303.087401]  ? __lockdep_init_map+0x100/0x560
[  303.091900]  mount_fs+0x92/0x2a0
[  303.095270]  vfs_kern_mount.part.0+0x5b/0x470
[  303.099764]  vfs_kern_mount+0x3c/0x60
[  303.103578]  btrfs_mount+0x42a/0x1fe0
[  303.107382]  ? lock_downgrade+0x740/0x740
[  303.111531]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  303.117508]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  303.122962]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.127983]  ? __lockdep_init_map+0x100/0x560
[  303.132480]  ? __lockdep_init_map+0x100/0x560
[  303.137078]  mount_fs+0x92/0x2a0
[  303.140452]  vfs_kern_mount.part.0+0x5b/0x470
[  303.144950]  do_mount+0xe53/0x2a00
[  303.148492]  ? do_raw_spin_unlock+0x164/0x220
[  303.152993]  ? copy_mount_string+0x40/0x40
[  303.157229]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.162244]  ? copy_mnt_ns+0xa30/0xa30
[  303.166132]  ? copy_mount_options+0x1fa/0x2f0
[  303.170634]  ? copy_mnt_ns+0xa30/0xa30
[  303.174524]  SyS_mount+0xa8/0x120
[  303.177976]  ? copy_mnt_ns+0xa30/0xa30
[  303.181870]  do_syscall_64+0x1d5/0x640
[  303.185765]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  303.190953] RIP: 0033:0x460bca
[  303.194142] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  303.201938] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
02:53:39 executing program 1 (fault-call:0 fault-nth:78):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:39 executing program 3:

02:53:39 executing program 2:

02:53:39 executing program 5:

02:53:39 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:39 executing program 4:

[  303.209209] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  303.216579] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  303.223851] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  303.231124] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:39 executing program 2:

02:53:39 executing program 4:

02:53:39 executing program 3:

02:53:39 executing program 5:

02:53:39 executing program 4:

[  303.372652] audit: type=1804 audit(1601002419.923:202): pid=19682 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/112/bus/file0" dev="sda1" ino=15841 res=1
[  303.409738] FAULT_INJECTION: forcing a failure.
[  303.409738] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  303.421564] CPU: 0 PID: 19683 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  303.429455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  303.438817] Call Trace:
[  303.441412]  dump_stack+0x1b2/0x283
[  303.445050]  should_fail.cold+0x10a/0x154
[  303.449201]  ? deref_stack_reg+0x124/0x1a0
[  303.453437]  __alloc_pages_nodemask+0x22c/0x2720
[  303.458196]  ? deref_stack_reg+0x124/0x1a0
[  303.462437]  ? __lock_acquire+0x5fc/0x3f20
[  303.466676]  ? unwind_next_frame+0xe54/0x17d0
02:53:39 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  303.471171]  ? __save_stack_trace+0x63/0x160
[  303.475579]  ? deref_stack_reg+0x124/0x1a0
[  303.479829]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  303.484675]  ? trace_hardirqs_on+0x10/0x10
[  303.488918]  ? __lock_acquire+0x5fc/0x3f20
[  303.493153]  ? kernel_text_address+0xbd/0xf0
[  303.497555]  ? __kernel_text_address+0x9/0x30
[  303.502049]  ? __kernel_text_address+0x9/0x30
[  303.506544]  ? unwind_get_return_address+0x51/0x90
[  303.511471]  ? entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  303.516843]  cache_grow_begin+0x8f/0x420
[  303.520909]  cache_alloc_refill+0x273/0x350
[  303.525238]  kmem_cache_alloc+0x333/0x3c0
[  303.529382]  getname_kernel+0x4e/0x340
[  303.533258]  kern_path+0x1b/0x40
[  303.536604]  lookup_bdev+0xc6/0x1c0
[  303.540270]  ? bd_acquire+0x440/0x440
[  303.544051]  blkdev_get_by_path+0x1b/0xa0
[  303.548181]  btrfs_get_bdev_and_sb+0x2f/0x2c0
[  303.552657]  __btrfs_open_devices+0x172/0xa30
[  303.557136]  ? find_device+0xf0/0xf0
[  303.560894]  ? btrfs_mount+0x9ee/0x1fe0
[  303.564852]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  303.570285]  btrfs_open_devices+0x98/0xb0
[  303.574411]  btrfs_mount+0xb24/0x1fe0
[  303.578195]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  303.584149]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  303.589702]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.594721]  ? __lockdep_init_map+0x100/0x560
[  303.599194]  ? __lockdep_init_map+0x100/0x560
[  303.603670]  mount_fs+0x92/0x2a0
[  303.607018]  vfs_kern_mount.part.0+0x5b/0x470
[  303.611492]  vfs_kern_mount+0x3c/0x60
[  303.615272]  btrfs_mount+0x42a/0x1fe0
[  303.619052]  ? lock_downgrade+0x740/0x740
[  303.623179]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  303.629221]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  303.634649]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.639662]  ? __lockdep_init_map+0x100/0x560
[  303.644136]  ? __lockdep_init_map+0x100/0x560
[  303.648610]  mount_fs+0x92/0x2a0
[  303.651959]  vfs_kern_mount.part.0+0x5b/0x470
[  303.656440]  do_mount+0xe53/0x2a00
[  303.660310]  ? copy_mount_string+0x40/0x40
[  303.664525]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  303.669519]  ? copy_mnt_ns+0xa30/0xa30
[  303.673384]  ? copy_mount_options+0x1fa/0x2f0
[  303.677855]  ? copy_mnt_ns+0xa30/0xa30
[  303.681742]  SyS_mount+0xa8/0x120
[  303.685195]  ? copy_mnt_ns+0xa30/0xa30
[  303.689087]  do_syscall_64+0x1d5/0x640
[  303.692962]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  303.698149] RIP: 0033:0x460bca
[  303.701317] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  303.709031] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  303.716279] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  303.723532] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  303.730867] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  303.738122] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  303.798388] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:40 executing program 3:

02:53:40 executing program 1 (fault-call:0 fault-nth:79):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:40 executing program 5:

02:53:40 executing program 2:

02:53:40 executing program 4:

02:53:40 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  303.831743] audit: type=1804 audit(1601002420.383:203): pid=19701 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/113/bus/file0" dev="sda1" ino=15920 res=1
[  303.864716] BTRFS error (device loop1): open_ctree failed
02:53:40 executing program 3:

02:53:40 executing program 2:

02:53:40 executing program 2:

02:53:40 executing program 5:

02:53:40 executing program 4:

02:53:40 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  303.986630] audit: type=1804 audit(1601002420.543:204): pid=19715 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/114/bus/file0" dev="sda1" ino=15812 res=1
[  304.029292] FAULT_INJECTION: forcing a failure.
[  304.029292] name failslab, interval 1, probability 0, space 0, times 0
[  304.080158] CPU: 0 PID: 19718 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  304.088071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.097424] Call Trace:
[  304.100023]  dump_stack+0x1b2/0x283
[  304.102757] audit: type=1804 audit(1601002420.633:205): pid=19728 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/115/bus/file0" dev="sda1" ino=15999 res=1
[  304.103654]  should_fail.cold+0x10a/0x154
[  304.103668]  ? mempool_free+0x1d0/0x1d0
[  304.103678]  should_failslab+0xd6/0x130
[  304.103689]  kmem_cache_alloc+0x40/0x3c0
[  304.144437]  ? mempool_free+0x1d0/0x1d0
[  304.148427]  mempool_alloc+0x10e/0x2d0
[  304.152295]  ? remove_element.isra.0+0x1b0/0x1b0
[  304.157033]  ? mark_held_locks+0xa6/0xf0
[  304.161074]  ? __find_get_block+0x817/0xc40
[  304.165505]  bio_alloc_bioset+0x41b/0x830
[  304.169721]  ? bvec_alloc+0x2d0/0x2d0
[  304.173582]  ? __getblk_slow+0x57f/0x7a0
[  304.177648]  submit_bh_wbc+0xf5/0x6f0
[  304.181440]  __bread_gfp+0x11c/0x2e0
[  304.185192]  btrfs_read_dev_super+0x79/0x1f0
[  304.189586]  btrfs_get_bdev_and_sb+0xd3/0x2c0
[  304.194062]  __btrfs_open_devices+0x172/0xa30
[  304.198542]  ? find_device+0xf0/0xf0
[  304.202237]  ? btrfs_mount+0x9ee/0x1fe0
[  304.206192]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  304.211645]  btrfs_open_devices+0x98/0xb0
[  304.215821]  btrfs_mount+0xb24/0x1fe0
[  304.219631]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  304.225612]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  304.231047]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.236045]  ? __lockdep_init_map+0x100/0x560
[  304.240521]  ? __lockdep_init_map+0x100/0x560
[  304.245007]  mount_fs+0x92/0x2a0
[  304.248365]  vfs_kern_mount.part.0+0x5b/0x470
[  304.252859]  vfs_kern_mount+0x3c/0x60
[  304.256649]  btrfs_mount+0x42a/0x1fe0
[  304.260450]  ? lock_downgrade+0x740/0x740
[  304.264589]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  304.270623]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  304.276069]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.281073]  ? __lockdep_init_map+0x100/0x560
[  304.285552]  ? __lockdep_init_map+0x100/0x560
[  304.290032]  mount_fs+0x92/0x2a0
[  304.293495]  vfs_kern_mount.part.0+0x5b/0x470
[  304.297994]  do_mount+0xe53/0x2a00
[  304.301524]  ? __irqentry_text_end+0x150333/0x1f9df3
[  304.306622]  ? copy_mount_string+0x40/0x40
[  304.311062]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.316120]  ? copy_mnt_ns+0xa30/0xa30
[  304.319994]  ? copy_mount_options+0x1fa/0x2f0
[  304.324484]  ? copy_mnt_ns+0xa30/0xa30
[  304.328361]  SyS_mount+0xa8/0x120
[  304.331794]  ? copy_mnt_ns+0xa30/0xa30
[  304.335669]  do_syscall_64+0x1d5/0x640
[  304.339542]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  304.344710] RIP: 0033:0x460bca
[  304.347967] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  304.355701] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  304.362984] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  304.370244] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  304.377520] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  304.384771] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  304.399610] BTRFS error (device loop1): support for check_integrity* not compiled in!
02:53:41 executing program 1 (fault-call:0 fault-nth:80):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:41 executing program 3:

02:53:41 executing program 2:

02:53:41 executing program 4:

02:53:41 executing program 5:

02:53:41 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  304.460581] BTRFS error (device loop1): open_ctree failed
02:53:41 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x83, 0x0, 0x0)
syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000140), 0x0, 0x600}], 0x0, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'cp865'}}]})
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000cf6fe4), 0x0)

02:53:41 executing program 4:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(0xffffffffffffffff, 0x84, 0x83, &(0x7f0000000280), 0x8)
r0 = syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c0065", 0x28, 0x600}], 0x0, &(0x7f00000001c0))
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0)
bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0)
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001840), 0x8)

02:53:41 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000180)={<r1=>0xffffffffffffffff}, 0x13f}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0x2, 0x0, 0x0, @private1}, {0x2, 0x0, 0x0, @loopback}, r1}}, 0x48)

02:53:41 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x119, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b69688214"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  304.585207] FAULT_INJECTION: forcing a failure.
[  304.585207] name failslab, interval 1, probability 0, space 0, times 0
[  304.612453] CPU: 0 PID: 19745 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  304.620363] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  304.629717] Call Trace:
[  304.632412]  dump_stack+0x1b2/0x283
[  304.636045]  should_fail.cold+0x10a/0x154
[  304.640199]  should_failslab+0xd6/0x130
[  304.644174]  kmem_cache_alloc_trace+0x29a/0x3d0
[  304.648848]  btrfs_mount+0x9ee/0x1fe0
[  304.652651]  ? _find_next_bit+0xdb/0x100
[  304.656714]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  304.662697]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  304.668152]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.673171]  ? __lockdep_init_map+0x100/0x560
[  304.677673]  ? __lockdep_init_map+0x100/0x560
[  304.682170]  mount_fs+0x92/0x2a0
[  304.685540]  vfs_kern_mount.part.0+0x5b/0x470
[  304.690057]  vfs_kern_mount+0x3c/0x60
[  304.693861]  btrfs_mount+0x42a/0x1fe0
[  304.697676]  ? lock_downgrade+0x740/0x740
[  304.700554] FAT-fs (loop4): Directory bread(block 6) failed
[  304.701825]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  304.701843]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  304.719626]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.724647]  ? __lockdep_init_map+0x100/0x560
[  304.729144]  ? __lockdep_init_map+0x100/0x560
[  304.733640]  mount_fs+0x92/0x2a0
[  304.737270]  vfs_kern_mount.part.0+0x5b/0x470
[  304.741768]  do_mount+0xe53/0x2a00
[  304.745309]  ? do_raw_spin_unlock+0x164/0x220
[  304.748502] FAT-fs (loop4): Directory bread(block 6) failed
[  304.749804]  ? copy_mount_string+0x40/0x40
[  304.749817]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  304.749828]  ? copy_mnt_ns+0xa30/0xa30
[  304.749838]  ? copy_mount_options+0x1fa/0x2f0
[  304.756117] FAT-fs (loop5): Directory bread(block 6) failed
[  304.759886]  ? copy_mnt_ns+0xa30/0xa30
[  304.759898]  SyS_mount+0xa8/0x120
[  304.759906]  ? copy_mnt_ns+0xa30/0xa30
[  304.759922]  do_syscall_64+0x1d5/0x640
[  304.794159]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  304.799345] RIP: 0033:0x460bca
[  304.802528] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  304.810233] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  304.818116] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
02:53:41 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:41 executing program 5:
sched_setscheduler(0x0, 0x0, 0x0)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0)
r1 = creat(&(0x7f0000000200)='./bus\x00', 0x0)
dup2(r0, r1)
io_setup(0x9, &(0x7f0000000100)=<r2=>0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f0000000180)={0x0, 0x0, 0x80000000000000, 0x5, 0x0, r1, 0x0}])

[  304.830935] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  304.838185] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  304.845434] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:41 executing program 1 (fault-call:0 fault-nth:81):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:41 executing program 3:
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x3e, 0x0)
write$nbd(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="06"], 0x88)

02:53:41 executing program 4:
creat(0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0)

02:53:41 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={0x0}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:41 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x12a, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b696882145cbcc9b5644ce7a25dac7d3eaf1618db7f"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

[  304.969785] dlm: Unknown command passed to DLM device : 0
[  304.969785] 
[  305.012892] dlm: Unknown command passed to DLM device : 0
[  305.012892] 
[  305.021348] FAULT_INJECTION: forcing a failure.
[  305.021348] name failslab, interval 1, probability 0, space 0, times 0
[  305.034912] CPU: 1 PID: 19792 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  305.042825] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  305.052173] Call Trace:
[  305.054766]  dump_stack+0x1b2/0x283
[  305.059092]  should_fail.cold+0x10a/0x154
[  305.063244]  should_failslab+0xd6/0x130
[  305.067225]  kmem_cache_alloc_trace+0x29a/0x3d0
[  305.071904]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  305.078745]  sget_userns+0x102/0xc10
[  305.082457]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  305.089308]  ? btrfs_kill_super+0x540/0x540
[  305.094674]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  305.101508]  ? btrfs_kill_super+0x540/0x540
[  305.105826]  sget+0xd1/0x110
[  305.108845]  btrfs_mount+0xbbe/0x1fe0
[  305.112652]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  305.116373] ptrace attach of "/root/syz-executor.5"[19809] was attempted by "/root/syz-executor.5"[19810]
[  305.118623]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  305.118635]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  305.118647]  ? __lockdep_init_map+0x100/0x560
[  305.143908]  ? __lockdep_init_map+0x100/0x560
[  305.148404]  mount_fs+0x92/0x2a0
[  305.151776]  vfs_kern_mount.part.0+0x5b/0x470
[  305.156281]  vfs_kern_mount+0x3c/0x60
[  305.160084]  btrfs_mount+0x42a/0x1fe0
02:53:41 executing program 5:
r0 = socket$kcm(0xa, 0x5, 0x0)
sendmsg(r0, &(0x7f0000000400)={&(0x7f0000000140)=@in6={0xa, 0x0, 0x0, @loopback={0x0, 0x7ffff000}}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000000)="be", 0x1}], 0x1}, 0x0)

[  305.163886]  ? lock_downgrade+0x740/0x740
[  305.168029]  ? _find_next_bit+0xdb/0x100
[  305.172088]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  305.178113]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  305.183557]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  305.188573]  ? __lockdep_init_map+0x100/0x560
[  305.193066]  ? __lockdep_init_map+0x100/0x560
[  305.197831]  mount_fs+0x92/0x2a0
[  305.201204]  vfs_kern_mount.part.0+0x5b/0x470
[  305.205697]  do_mount+0xe53/0x2a00
[  305.209236]  ? retint_kernel+0x2d/0x2d
[  305.213222]  ? copy_mount_string+0x40/0x40
[  305.217512]  ? __sanitizer_cov_trace_pc+0x9/0x50
[  305.222265]  ? copy_mount_options+0x1fa/0x2f0
[  305.226756]  ? copy_mnt_ns+0xa30/0xa30
[  305.230631]  SyS_mount+0xa8/0x120
[  305.234073]  ? copy_mnt_ns+0xa30/0xa30
[  305.237952]  do_syscall_64+0x1d5/0x640
[  305.241823]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  305.247006] RIP: 0033:0x460bca
[  305.251223] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
02:53:41 executing program 3:
perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
clone(0x22004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
recvmmsg(0xffffffffffffffff, &(0x7f0000002540)=[{{0x0, 0x0, &(0x7f00000000c0)=[{0x0}], 0x1}}], 0x1, 0x0, 0x0)
exit(0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/ip6_mr_cache\x00')
preadv(r0, &(0x7f00000017c0), 0x1b4, 0x0, 0x0)

02:53:41 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x3c, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}]}, 0x3c}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:41 executing program 4:
creat(0x0, 0x0)
ioctl$sock_inet_SIOCSIFADDR(0xffffffffffffffff, 0x8916, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0)

[  305.259024] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  305.266277] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  305.273970] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  305.281546] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  305.288805] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:44 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x119, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b69688214"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:53:44 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @cfhsi={{0xa, 0x1, 'cfhsi\x00'}, {0xc, 0x2, 0x0, 0x1, [@__IFLA_CAIF_HSI_INACTIVITY_TOUT={0x8}]}}}]}, 0x3c}}, 0x0)

02:53:44 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x3c, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}]}, 0x3c}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:44 executing program 3:
r0 = socket(0x2, 0x2, 0x0)
ioctl$sock_SIOCDELRT(r0, 0x890b, &(0x7f0000000340)={0x0, @in={0x2, 0x0, @private}, @in={0x2, 0x0, @dev}, @sco={0x1f, @any=[0x0, 0x0, 0x0, 0x0, 0xfd]}, 0xd7})

02:53:44 executing program 1 (fault-call:0 fault-nth:82):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:44 executing program 5:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x801, 0x84)
syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000140), 0x0, 0x600}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'cp865'}}]})
bpf$LINK_GET_NEXT_ID(0x1f, &(0x7f0000001840), 0x8)

02:53:44 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x3, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x0, 0x0, 0x0, 0x8000000, 0x8, 0xfb, 0x0, 0x8, 0x1, 0x3fffffffffffffc]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x400000]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001300)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000040)='M', 0x1}], 0x1}}], 0x1, 0x0)

02:53:44 executing program 4:
r0 = syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000100)='./file1\x00', 0x0, 0x3, &(0x7f0000000280)=[{&(0x7f0000000000)="083d906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000800)="4a9668ae87628dda43822e2bf7f5db100db28cdd434753dfdd3c311b1958b93c", 0x20, 0x601}, {0x0, 0x0, 0x10e00}], 0x0, &(0x7f0000000080)={[{@fat=@codepage={'codepage', 0x3d, '862'}}]})
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0)

02:53:44 executing program 5:
perf_event_open(&(0x7f00000000c0)={0x1, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000280)=0x3, 0xc6)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000003040)='ip6tnl0\x00', 0x10)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, 0x10)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)

[  307.620089] caif_hsicaif_hsi_newlink: failed to get the cfhsi_ops
[  307.657298] FAULT_INJECTION: forcing a failure.
[  307.657298] name failslab, interval 1, probability 0, space 0, times 0
[  307.690153] CPU: 1 PID: 19842 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  307.698058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  307.707410] Call Trace:
[  307.710172]  dump_stack+0x1b2/0x283
[  307.713804]  should_fail.cold+0x10a/0x154
[  307.717955]  should_failslab+0xd6/0x130
[  307.721927]  __kmalloc+0x2c1/0x400
[  307.725463]  ? __list_lru_init+0x67/0x710
[  307.729621]  __list_lru_init+0x67/0x710
[  307.733683]  sget_userns+0x504/0xc10
[  307.737393]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  307.744228]  ? btrfs_kill_super+0x540/0x540
[  307.748533]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  307.755352]  ? btrfs_kill_super+0x540/0x540
[  307.759655]  sget+0xd1/0x110
[  307.762655]  btrfs_mount+0xbbe/0x1fe0
[  307.766439]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  307.772395]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  307.777823]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  307.782820]  ? __lockdep_init_map+0x100/0x560
[  307.787295]  ? __lockdep_init_map+0x100/0x560
[  307.791782]  mount_fs+0x92/0x2a0
[  307.795128]  vfs_kern_mount.part.0+0x5b/0x470
[  307.799604]  vfs_kern_mount+0x3c/0x60
[  307.803384]  btrfs_mount+0x42a/0x1fe0
[  307.807161]  ? lock_downgrade+0x740/0x740
[  307.811297]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  307.817250]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  307.822676]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  307.827671]  ? __lockdep_init_map+0x100/0x560
[  307.832143]  ? __lockdep_init_map+0x100/0x560
[  307.838450]  mount_fs+0x92/0x2a0
[  307.841794]  vfs_kern_mount.part.0+0x5b/0x470
[  307.846269]  do_mount+0xe53/0x2a00
[  307.849865]  ? tomoyo_read_control+0x30/0x460
[  307.854342]  ? copy_mount_string+0x40/0x40
[  307.858820]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  307.864342]  ? copy_mnt_ns+0xa30/0xa30
[  307.868214]  ? copy_mount_options+0x1fa/0x2f0
[  307.872684]  ? copy_mnt_ns+0xa30/0xa30
[  307.876720]  SyS_mount+0xa8/0x120
[  307.880152]  ? copy_mnt_ns+0xa30/0xa30
[  307.884030]  do_syscall_64+0x1d5/0x640
[  307.887898]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  307.893165] RIP: 0033:0x460bca
[  307.896337] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  307.904022] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  307.911272] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  307.918521] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  307.925770] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  307.933019] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
02:53:44 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x3c, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}]}, 0x3c}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:44 executing program 4:
r0 = getpid()
sched_setscheduler(r0, 0x0, 0x0)
r1 = open(&(0x7f00000000c0)='./file0\x00', 0x40c2, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = dup(r2)
ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200)
write(r1, &(0x7f0000001400)="bb8f9f640903127a53527c6fbfe65d43b0e0586f2d40c7e7df58cac83420e83662d6e39bb6d5430622431454eedeeaee423d8f210bc3525fa7927c18d5fbc91ab13c2041136047d8da9375934d00f325499bfe7712208d387d41c31821c2a22d1325b556528e9b790b74053d1ed631c6ec8126d37c87216173138c00cef396868029af5b76bebac5e38b74d8bbc6ae66b6e202b6d505710377710ea7d43edf00e1a4c1c670bb4c263ce777da81abdd5ba5a5c82f67232f9b4d6f21b2e6afa8b38e4642b0daa2acbc0478d89b88e8b2094d4248855e5e81992e60be3afff0f3c3799350615489a901a659abdeca0c615a622ebf64175f990320e0356d4a11ed62eff72b709c23dd65942e8b534d7d775d370c1e435654a2634e6ee3649c4c3bcbe39e866f1eb9972af1a9cef42e701798a53dc92a242aadbac343e1765cf8ea5665e22deda69777e52b1e9e5d3edc022256939e1eee013448294911139d5b9c6241049fecdf9b31f4cdf6cff65d71b5071ef70e1798347c8846aa5b905e83050e3e606986ed3f603d18c5cdeb11cda1ce3abddea9376231af130e19fc7601ec1ab8cb5a7de9e2174547f18225b09a54fc8720dbb91eb69c1be88e601c3c9df4f2758f39a5151951b9c6dbb419ffd783a34c9fad10f201b8724d31865e2fc1fcf48db2be713053b43a0e3943c1e2b08e8a26e946c439d891db2a80b5ffa054bc8d0177d3214056250c61a537d2ec7630fb90395df2cd6aa9c5e573365db580520bdc3f1c6b2be992e1516a4b810a11935dc780699e461d9715f70c6d103ff49bf168f3cff4c0d0d6ba5671fcd2975450b0e1a3474139cb0f2d3476fcd87a8bccbeb2f5f8a821017b879aa5b9d1fafa9f4c429a74cd2da782114d97bf031746a817dd0293c4eddc3a9ecb5afe496f4971474ccd827449409f07cf94dda2e7dbe8520b5afff10a7e3b0b4289a167fc692635b5b7426d9e771b95860b09a3e752c867213c772e48ba30a78feecc7ff26e63e1749c62b52d377ac5cc52db830c965e04ccfcfb24ceacc69cfdc2094124dd27b2d68f699476a2562bab1de117ffc2b0702ee8b0b77f85fecec3a25b37ab7eb06232c9a73b4470f1727c82581d81942abf42d3ea37957927ad3dbd0ebe46678a9f4d25c47acaac83c14210a54b71fed40df017e2be27f01e3e6ea3ea381ca14efd202858e6535ad4f79a8cdf47e385b740a70c14e3651731a45cc0ca4a56f2e903cad0384efcc364caf67e09551d35c682ebc90a9286c4d274ba1b8ced742ede4e55a62db7ef9a96fde2add05b41599fd72a79ba280cc125cb266ef21b7eeafe3ee6aa78eef33fc66454549c3ec298cb683a55a32208cf6ce88b560166159d59e65f30540f62c5437652ea7f2a02f87ca242dd2250f58e75938a9a3ded51ae6598c2aba53287ff5cdaab17be7f4310f8e07e310d52778de79e1c2e4391b254be38910aa1cf6e1ca0e75d24be97d59f7025f16c6fbd549529b74e319c58f50438765ef0e3dc394eeb75dec41b3d80435b17520c97f5cd7ee692fb86d188fb0089fbf737dc1b96b9cc49be23a38a8cd92e5075f349993d7866369dd25eccbe1481477a05fee14e0edd1617921d7fcaa8fdc642e63b64388fa5b63442ff1466b1938d02546750b01ed9c980282ccbe10f204741249aed88c555ed6fdf7f68af9209807a71bbf4f31bef5a4223466da74ba8b034df529aef6ec6610a0d25973961e50e02af22d0ca8be1b9804a5918acbdb536e8f2f441ec9d640ed15133ee747440c86fc4526c9195954528673d25c8390170f3c19cb0b0c30b9e634c7ebae96946ae97c19eabca92226da925d22be37abbe0740938ea899ec42fd529a3b1063981e4c154219df5cf5af60a29b5a8ee530905725a14b28900eae937e705401ba8f632a7bca00d9724a992afdc9ed14aac71b8e3a7ee5ca095888feb195b4e083c3b611a1c2f8d092febe3b9f5f0df61e8d3c31a643c935b76bc1ad4265164e755484beb06610510bc51e8c6da8d71123bbe83a5e4128f41cf5c486d6a60496c300c406f990bee485cbdef794f2663ee66d2b18d8e55210c25c04b1a0c6d9c5f904e72806d2d4f5e5439bcdf146343cdffe4d0d70d42a9959cff9bd50c37cd478b0b0add16aae4dc839b46bca2ac7547144b6a422aed5e2db661bcb31a82bc0fc678e71a6cb090ef772860f3008b4152b5d281033be4a77b367baec3ab8ce7c83c601b11c8199bafcd15161a5454a6a982dbc3c2e3a5172b6a63e4904817075754eccbb0188c9cb2e5da9600f567485014887463b40f189b7ec3c5c0f36d502509e402c285765c78417ce6b3aab130ee79622dcd8ada842233e73a14554ee5e4995e32b3fe4075e247eb9bdeef64d1a7436c9b5782fb2f84f74e4c6e976289729c37b5bb8200a9480d181a6b11f5ec229b818134b8334967ae935ac1d81be4776fae4cb68b6fa330e93bd8de388b38455d569159bcd166df030a6dfedf28caf4608de7243f5df2c76f6680c301d819dc67d24d2f780432a931700a253b0a5b075195c6dbfd1fe17a1c11a3dffa872a07b877adc66d069fffb6d8326e1998c5a337c3d530250cae335ceffcf81dc438a47e73490d050a053813dbe6674e42c91ae94b4a88144f36adc1b08b4bcd6ddf4058c4e08d4dc83d5fbd843ee27eaf50b297c220350260d9abbeeb6deb921e50cae0ea590cfb6f00fb3c71520f565bb769705e2481ef27cf537d29f163c9fe3d39ed9fd18dc8b0c976cd302283e430807a9d751357f89092532d89fe280c69ad36e3541b5da9dea13fd19d0434c760fe295dfd9b9e63453c7853914c50b1b77ccd4b33c8b1f31fcb1aec040ffe2f9d728d8ea84297bac2e22230ebd1488c503b05b2e433cc37ce9fc123b7d3eb244b4549e9a841e73b664c8f6621ea5a4c9ff9c1da032255311f2c063a682baf4c97e7ba552bf71af4bd64f43872b846d15c65c487089be272cfa24a33f8c50930ea0bc4b089505fb8e97ded0e7e64a5ce897da6b940df4c3dddb8b4871d773f6ebf02058518c55c19aadb0f266caf18777ae68d2bfcfb2225961fcd10538ba664fd053a443320072707533ab761b9397bd0559126b84fe9196463ae50633017ea2d80940311d9c867102b1017f34af1965d8eb61be616a0d40656e2bbb750aee6f74f788c8acb2578e8686f5f8da6a19e979c152b7ee7c7f16902120588e2ff630144b5f929ffc593e946d9717c5968aa16c2d73d689fb5cce117acda3e23e5e0116de1cb6bddfa1a84cefb22c1e2c3753017696f27b9aec5d44f15411247643b84dd4410e784b4eb5b9c68fea671976f9b51c6526e2ddb40659611b0b3bcc7e249c77396fdb8c864ea9318f9de7fd3936fcbdc732c2f8b9556ec9afeb15d5e2df890351d66074d53dddc6e8dba8c91d733623ac95a49eb69c7de37ff2364ccddb01f6500750a012c2acf32a9f6bbd9e92d17ef858fbc34575db414ea42ad87a65b11ae5506469db256c421328f45aec73bdf18562447dc2840bbe9fc84dedd0fe6276fa174f21210d40193530ec7a70a9e60bfd6b00cba4d483be59950f16fa0dbd089b5fd0bb078badfcf42270cc62fe37be22b0d81f755263d74636fa466d2574ca62b58c649936d21e949de73ea45df3acade6609413f56fc218d6f11947bf1fd629d38d8acce90ee3c1a51117601ae126bec537e3e76ce7ecc53cfeefee8aaa104aa853a65aadf27bac9849ee0122793b11cd8e4f32fb07afa39e439cb738c30a6df958160aac15c26032a61aaf614b2e6601581fb0ab8d115e045005dee3df8ea42643cbcbb0b111130c42c94b7e874cfee50d5c2eb13b3a38c417fce9d740b7d43120431a7d44bc3934ee87b112401cbee3553837b6a0b4b3faaceb46eca4064301c8060870350e256ac9d5557f674536b9d9717a82fa211e7dfb52ca410d8a4f2f6b733c2a082f247538a6c40f56cf64204e62515db692f32733ff6f4b0787ef305d5e80881375467ae603ac3600e688c42f89a4fea4fdda09a8d59e19457c654a98c8129a8c65bae3310af2b170729e18400c915d0a2f4c4fc51747846630b95ec181228bda7ef48ad389815aa82de6c4a3b0746c28c01f9ec697ff17f095e1cf9d2fe78fdab9cbb1ca7aefc8af6a0cd98444735fad79e394a8f9c2fd358c3cde4ca6d57a620d0bb52dc6ff93f034b596f407c21511cc2c5ec8b0ede7f5c0acca61939ac7f2cad820c15133e69507eaa739e9a88936f4a74f0ad1574a1591f31f582a76157d89805cb3ba5e8d10509bf7a08e928653b4f05ba797a06765b74c8759fc34178624c08a2b99e59bcff5d33af2b0f9176b56c35f4da31c751a4c2fd88a1997cd9fc9bbf78220731d4c8cea23be1fd29c36b34d8458b7021ebcfafdc7e54096e517da3eb684298f742532d776164d9c9658e5faca0a3b08afca1bc27ed357884f49fe51bd0c38057f4288f1917e36e3865310b5eed140aef6150ae363293cf7467abd5e06cd7af5e2c49e7c5253a1155741e380bccb023a0faed93d9a64512d72436f1ef4ac0904a413e45164c23413bd57274a0a951c41a9a43aed094d4ea5c480ce64663cc9d36723179e2b19a48e9277a6591bbd888a06e0f2f142cd4495be4ba7274d69ba32a2788b935b2f18c5f336cb9de062829e2e0bb476efb36c3f53a766c14314f31637a464ac59d378ad7f51bef8d88715613653a427038e0d3e4dc3948bb1d70eb55c91c92f7510b1c0387253b458d2c90d17238f9eb239c680179a6c1e0759be367963e3b4d7395fd3911626582a094e6a8d0e746242f94267a4c57d5b2360ce3a6f7f3e3c10e124a54ed24d1585bc7b731cf731c94ee00ebf070b999b9bf28d76bfec9dcf12fcce2b9c4444c706ec6b943b5f39e9151a764ba1cd0cd6c1c7cdc3aa824cf17da705be27a18fbee41be39d6ae4dd4312f5f4bfee2c5bb21d941666f9d79b0f80c9b1bace84a05d2b0e3be1c3fd04d72b4b0124595c435813969d413960fddc858730a433383f3bc0472cb7683ea569e001f00"/3584, 0xe00)
fallocate(r1, 0x11, 0x0, 0x10000)

[  307.944397] kauditd_printk_skb: 4 callbacks suppressed
[  307.944407] audit: type=1804 audit(1601002424.263:210): pid=19843 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/120/bus/file0" dev="sda1" ino=16604 res=1
02:53:44 executing program 3:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
socket$inet6_sctp(0xa, 0x0, 0x84)
r0 = syz_mount_image$vfat(&(0x7f00000000c0)='vfat\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000280)=[{&(0x7f0000000000)="eb3c906d6b66732e66617400028001000240000004f801", 0x17}, {&(0x7f0000000140)="53595a4b414c4c45522020080000e780325132510000e780325100000000000041660069006c", 0x26, 0x600}], 0x0, &(0x7f00000001c0)={[{@iocharset={'iocharset', 0x3d, 'cp865'}}]})
mkdirat(r0, &(0x7f0000000040)='./file1\x00', 0x0)

[  308.109080] audit: type=1804 audit(1601002424.663:211): pid=19877 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/121/bus/file0" dev="sda1" ino=16213 res=1
[  308.236290] FAT-fs (loop3): Directory bread(block 6) failed
[  308.250190] audit: type=1800 audit(1601002424.753:212): pid=19887 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=16062 res=0
[  308.294056] FAT-fs (loop3): Directory bread(block 6) failed
02:53:47 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x119, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b69688214"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:53:47 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x60, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}]}}]}, 0x60}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:47 executing program 1 (fault-call:0 fault-nth:83):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:47 executing program 4:
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0)
tee(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0)

02:53:47 executing program 5:
perf_event_open(&(0x7f00000000c0)={0x1, 0x8f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_mtu(r0, 0x0, 0xa, &(0x7f0000000280)=0x3, 0xc6)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000003040)='ip6tnl0\x00', 0x10)
connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @multicast1}, 0x10)
openat$sequencer2(0xffffffffffffff9c, 0x0, 0x0, 0x0)
dup(0xffffffffffffffff)
sendmmsg(r0, &(0x7f00000038c0), 0x4000000000000a8, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, 0x0)

02:53:47 executing program 3:
r0 = socket(0x2, 0x2, 0x0)
ioctl$sock_SIOCDELRT(r0, 0x890c, &(0x7f0000000340)={0x0, @in={0x2, 0x0, @private}, @in={0x2, 0x0, @dev}, @sco, 0xd7, 0x0, 0x0, 0x0, 0x5})

02:53:47 executing program 3:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$smc(&(0x7f0000000100)='SMC_PNETID\x00')
sendmsg$SMC_PNETID_FLUSH(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000002c0)={0x14, r1, 0x1}, 0x14}}, 0x0)

[  310.676473] FAULT_INJECTION: forcing a failure.
[  310.676473] name failslab, interval 1, probability 0, space 0, times 0
[  310.727654] CPU: 1 PID: 19910 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  310.735915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  310.745269] Call Trace:
[  310.747860]  dump_stack+0x1b2/0x283
[  310.751489]  should_fail.cold+0x10a/0x154
[  310.755637]  should_failslab+0xd6/0x130
[  310.759612]  kmem_cache_alloc_trace+0x29a/0x3d0
[  310.764283]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  310.771123]  sget_userns+0x102/0xc10
[  310.774836]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  310.781674]  ? btrfs_kill_super+0x540/0x540
[  310.785995]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  310.792833]  ? btrfs_kill_super+0x540/0x540
[  310.797161]  sget+0xd1/0x110
[  310.800182]  btrfs_mount+0xbbe/0x1fe0
[  310.804004]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  310.809978]  ? rcu_lockdep_current_cpu_online+0xed/0x140
02:53:47 executing program 3:
getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, 0x0, &(0x7f0000000040))
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x44, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x44}}, 0x0)

[  310.813631] audit: type=1804 audit(1601002427.334:213): pid=19919 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/122/bus/file0" dev="sda1" ino=16625 res=1
[  310.815441]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  310.845056]  ? __lockdep_init_map+0x100/0x560
[  310.849549]  ? __lockdep_init_map+0x100/0x560
[  310.854045]  mount_fs+0x92/0x2a0
[  310.857410]  vfs_kern_mount.part.0+0x5b/0x470
[  310.861901]  vfs_kern_mount+0x3c/0x60
[  310.865700]  btrfs_mount+0x42a/0x1fe0
[  310.869498]  ? lock_downgrade+0x740/0x740
02:53:47 executing program 3:
perf_event_open(&(0x7f00000000c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = socket$inet6(0xa, 0x400000000001, 0x0)
close(r0)
r1 = socket$inet6_sctp(0xa, 0x801, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c)
getsockopt$inet_sctp6_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000000)={0x0, 0x0, 0x1, 0x5, 0x401, 0x7}, 0x0)
connect$inet6(r1, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
r2 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0)
ftruncate(r2, 0x200002)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r1, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
sendfile(r0, r2, 0x0, 0x80001d00c0d0)

[  310.873647]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  310.879622]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  310.885071]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  310.890085]  ? __lockdep_init_map+0x100/0x560
[  310.894582]  ? __lockdep_init_map+0x100/0x560
[  310.899079]  mount_fs+0x92/0x2a0
[  310.902438]  vfs_kern_mount.part.0+0x5b/0x470
[  310.906928]  do_mount+0xe53/0x2a00
[  310.910458]  ? do_raw_spin_unlock+0x164/0x220
[  310.914945]  ? copy_mount_string+0x40/0x40
[  310.919179]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  310.924202]  ? copy_mnt_ns+0xa30/0xa30
[  310.928092]  ? copy_mount_options+0x1fa/0x2f0
[  310.932579]  ? copy_mnt_ns+0xa30/0xa30
[  310.936460]  SyS_mount+0xa8/0x120
[  310.939906]  ? copy_mnt_ns+0xa30/0xa30
[  310.943791]  do_syscall_64+0x1d5/0x640
[  310.947681]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  310.952861] RIP: 0033:0x460bca
[  310.956133] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  310.965237] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
02:53:47 executing program 5:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x122, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b696882145cbcc9b5644ce7a25d"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:53:47 executing program 4:

02:53:47 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x60, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}]}}]}, 0x60}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  310.972769] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  310.980139] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  310.987402] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  310.994665] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  311.148709] audit: type=1804 audit(1601002427.704:214): pid=19945 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/123/bus/file0" dev="sda1" ino=16229 res=1
02:53:50 executing program 2:
prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff)
clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff)
r0 = gettid()
wait4(0x0, 0x0, 0x4000000a, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0)
ptrace$setopts(0x4206, r0, 0x0, 0x0)
process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f0000000000)=""/3, 0x3}], 0x3, 0x0, 0x0, 0x0)
tkill(r0, 0x40)
write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x119, &(0x7f0000000140)="5cf249b9740c8684445afd26b76af2f3c921bf3c0f339e57f4f21016a5b60a00088024c30e478947d190ad000000000000000000000064bfa6186165224897ba4ecb40aa071d905814c90761600032a3b88a1f000000970e85a63c9a4b0d8b9aad010000000000000002a7bef7fdffff9f8b01647a0200169c864e1d5f8179cba2e43112cfb22f021d3c34e36cc9509795b0e053c9d31e145c97aa793dd8ceb8281f3b812e14d71b59b83e4bc3b529f3ca0900000096e2c2a4fdca75813f78964c6fe77e39d125650da9ab14624d751e10f063962be791ca675617cc866ed67f34f39c92485b48cd8d1901000034e36d6d434409ea8d2905c48d2456252abbf71748433f88570ad2d50c2bb743c830069f192de24b69688214"}}], 0x1c)
r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1)
r2 = dup(r1)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)
ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080))
ptrace$cont(0x7, r0, 0x0, 0x0)

02:53:50 executing program 4:
recvmmsg(0xffffffffffffffff, &(0x7f0000001d00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=""/212, 0xd4}}], 0x1, 0x0, 0x0)
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, 0x0, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000180)='net/netstat\x00')
preadv(r0, &(0x7f00000017c0), 0x103, 0x0, 0x0)

02:53:50 executing program 1 (fault-call:0 fault-nth:84):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:50 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x60, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x18, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}]}}]}, 0x60}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

02:53:50 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
r1 = dup(r0)
ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200)
r2 = socket(0x1000000010, 0x80002, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
r4 = socket(0x10, 0x803, 0x0)
sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0)
getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, <r5=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000fc0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff00000000090001006866736300000000080002"], 0x38}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000540)=@newtfilter={0x4c, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xfff3}, {}, {0x4}}, [@filter_kind_options=@f_fw={{0x7, 0x1, 'fw\x00'}, {0x20, 0x2, [@TCA_FW_INDEV={0x14, 0x3, 'vlan0\x00'}, @TCA_FW_CLASSID={0x8, 0x1, {0x0, 0x6}}]}}]}, 0x4c}}, 0x0)
sendmmsg$alg(r2, &(0x7f0000000200), 0x10efe10675dec16, 0x0)

[  313.676335] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  313.712429] FAULT_INJECTION: forcing a failure.
[  313.712429] name failslab, interval 1, probability 0, space 0, times 0
[  313.744873] CPU: 0 PID: 19963 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  313.753036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  313.762385] Call Trace:
[  313.764976]  dump_stack+0x1b2/0x283
[  313.768607]  should_fail.cold+0x10a/0x154
[  313.772762]  should_failslab+0xd6/0x130
[  313.776736]  kmem_cache_alloc+0x28e/0x3c0
[  313.780884]  alloc_buffer_head+0x20/0x110
[  313.785034]  alloc_page_buffers+0xb3/0x1f0
[  313.789269]  __getblk_slow+0x2d6/0x7a0
[  313.793158]  __bread_gfp+0x206/0x2e0
[  313.796867]  btrfs_read_dev_super+0x79/0x1f0
[  313.801272]  btrfs_get_bdev_and_sb+0xd3/0x2c0
[  313.805764]  __btrfs_open_devices+0x172/0xa30
[  313.810257]  ? find_device+0xf0/0xf0
[  313.813966]  ? btrfs_mount+0x9ee/0x1fe0
[  313.817932]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  313.821348] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'.
[  313.823375]  btrfs_open_devices+0x98/0xb0
[  313.823389]  btrfs_mount+0xb24/0x1fe0
[  313.823404]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  313.823421]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  313.823432]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  313.823445]  ? __lockdep_init_map+0x100/0x560
[  313.823454]  ? __lockdep_init_map+0x100/0x560
[  313.823465]  mount_fs+0x92/0x2a0
[  313.823477]  vfs_kern_mount.part.0+0x5b/0x470
[  313.823493]  vfs_kern_mount+0x3c/0x60
[  313.877047]  btrfs_mount+0x42a/0x1fe0
[  313.880842]  ? lock_downgrade+0x740/0x740
[  313.884987]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  313.890963]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  313.896412]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  313.901429]  ? __lockdep_init_map+0x100/0x560
[  313.905924]  ? __lockdep_init_map+0x100/0x560
[  313.910414]  mount_fs+0x92/0x2a0
[  313.913782]  vfs_kern_mount.part.0+0x5b/0x470
[  313.918276]  do_mount+0xe53/0x2a00
[  313.921818]  ? do_raw_spin_unlock+0x164/0x220
[  313.926323]  ? copy_mount_string+0x40/0x40
[  313.930554]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  313.935560]  ? copy_mnt_ns+0xa30/0xa30
[  313.939442]  ? copy_mount_options+0x1fa/0x2f0
[  313.943934]  ? copy_mnt_ns+0xa30/0xa30
[  313.946947] audit: type=1804 audit(1601002430.474:215): pid=19962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/124/bus/file0" dev="sda1" ino=16633 res=1
[  313.947813]  SyS_mount+0xa8/0x120
[  313.947822]  ? copy_mnt_ns+0xa30/0xa30
[  313.947835]  do_syscall_64+0x1d5/0x640
[  313.983632]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  313.988815] RIP: 0033:0x460bca
02:53:50 executing program 4:
perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000)='/dev/fuse\x00', 0x42, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x84842, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000140)='fuse\x00', 0x0, &(0x7f0000000200)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x8000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}})
read$FUSE(r0, &(0x7f00000021c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x0, 0x280820c}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000042c0), 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x84842, 0x0)
mlockall(0x1)
r3 = socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = fcntl$dupfd(r3, 0x0, r3)
read$FUSE(r2, &(0x7f00000021c0)={0x2020}, 0x200041e0)
syz_fuse_handle_req(r0, &(0x7f0000006380)="f7709f77945ec10b4eecea480cce6641402373da5e6d7f24014f7acee96be0135b59ce90b463223252169e036a4daf3dae250a1e6de526211d43d9512ae526730f553268794994fd54868ec480d09862b687b463a8fc5058903593b9bb4d50879635cbf67a9e7d1110fa0e8ef89dbd2abdae33183737b8c0b907f5cc74ad6ab0383f8240e091417d2816317f40abb64224f616136f93d932f2223ef42fa3c3155d53075d3eb1db73beb32bc364e3fc246d3dcaca2dc91a634815412bae915cdb1a6da7884559403b545235541ddac97d7b1ea8135539ebcfac1edfa2fee8cf78bb46da7644a8f9e42ae06ca7a188b83fa537b0962a10411b67fc4d7dfe9e95cce2aef82e75f4680b8ff9976b6569523b72a86bd3a8c96f30e85812fe33a610c2be0a3c1063e2ee864c6e8bbf331f2768accfea78700a7321e4af2db46fd162457e439369da2217992b77502b9b958df27bc086369963793854d7f8b00c537de3216898b8f2c1dd925049eef1ab57bb6f63b2d88850b49b3c54d71f545afafa16bd2d06ae501344987623890fdf9ac04b179d2131070a34cf143697b6642bf5da67437aaf5e78e7e6be85e44ad7b265d78d2baf92ee5ccb0a452eb32fb3fdd1a41abf3a68086acd20458af55c086f77c30bbbce4c19542f92ab1e68393ffa58b140586b49761aacdf6aeb7682561f01e0869f503c4a161fd405046d3e6523bd4071c09b7516e4e784f4d11706f1c2eb170e735e563c43317a5a9afad28511163cdb63660beb699f7b8a7eaf57d48517974ffa766fe8deab0cfb11562b9c281bce2493d08c40a259e0325c52124e303064c6fbae2826355e531543863030fef484621a381a945b6ec7253e20047e7294bd069442f72672e6dfe1ca17d75d8c6b16c931438cec72e6ee53f3db89a10a38a93cc84c7393773461db5074b4f5060dd0a04a069a7a9b078856a3fa1786fc8dab621ba622acafd0781b523ea097283afb0c59222a316c6ddc0554bcaccc70288e524ed7719fc02a86283b57690a7320af028efbaedd5bd158a9dc9ea8e4f53c7da7566cdbdd4f4d9f01a9dfa6251a355e338efc8eee258add8731c7d22161482b7e3c8bc83f30482f9935fcc5974d9d0685b5fba3b07d7f85cc8fef18ac4e8e915b8476bb44d7384c996921ae40a4fdd2dd2a70ba17e1c2d6ec67b8f7b45568c105d52afa9c82bdc1dc7fd951b1e4fc1212bf29231d8e41ed4dacafec9a823a672dceeee0e4048b5620373c53ab8f3553c842a5a6d914f8334d6d8a4af785f418e6b4aab3965f94ca9d80a74a5a034fb6edd0322696aa1060d82c7b104983f8889026819ffdf3d45c604e53066b03dfae13fad499e3894120c10944eaf752989daee4e172decca9c2b324a817a7c787e6bc59fc2884e358a1a9b14b3704cabe374d23c002b8112be68f409302d3dad0a4c02105cb54c4350c24e6f3b7588bf1c28ae321eaebb930cf0c3b607acff20663eab8a593320c518eba8f9205350f11a9c1530115f7e00f2aa335c92e1305ffcfeac7cdecd6f1b6a33710ec77ce428484712d66bad137b6c8da5aa51d1b7196d981a14a40df8406b292f385cb149cfc0a86701566674e089b88487f34fdb0bf16ca94d9da4a837f15d5cf8f11d9c226844d3eb18d848420f344a3992772125319abb641ea56f03fc626f092f67a8b6716b29cf8585cf5fe25a35f5dab0e3e075ba3c84116fb6cbbf99a8153d179ffc1e64356f1fa0bca6823ebd8e1a176636962cff271cee5c5bafcb68fad4921e070c4ae08cd8fa0b94534f11e66403d129a5e8253bd3a9dc09a8189895819ff618532bf6743b17a243d515e63868bdf9287fd1bad0d525759953624c8e82debf88159b2c22945535d9379c911f89c7856be1438bd02df70c939b80741ddad245082a72556a2ab3c2390b84c17b6119103a0b8126dbc55e05b153ef9a12cc67f649c14160c698a7127b39fe88fb91d19b2a381c08114c6e3e6d3d42b77602c838c421a9a414f1eb182d0197ff67dcfb5d79404afbdf9c96f475a0d5afc9a4d7cdad458eed6b1de6c13b11c46004243db779e7ad6dbbf15e69ee34bd2524cf72e49a5352992a9251a86c3dc30d7d5fe61ae538928e8fdca0e04fdb5917523d8266b7b4f1679a5082e798f587c5ed9084c70965e94e12f643ab0191e606c2eb0c3359a2b8504f3bb2e721cfbcfdd90c31cde10992c9400273bbc45fe5ba34d7ede773036e2fd1fec1f001c495accdf8ff572de3eb2aeebad29acfe3d2b1448fd67368d0c37f8bfbbf09bafc8f99a44b187f4f443c82b21f66f722fb59f40ce0f9d83c52b9b3358a80e102b21795a1cfcb986c787ccbb9f9c96c2b66d2f7a94ef2c2a5b65d5c2970ba6f3107609f4a67432835c2ce1682d260f6826072a6b6d4b113a5b06311677ca01260f3567ff1ab6be13b455f93916906273c5430fcccb57e0d78224ebec422763ee3a6b94528749a7ee5f70c9036cf3a99a9c98abc0e8aec18733a0c7da76814f2ff741582a9d96eb798426065764fcf86e40b6490f545494b48749fa8d398c5938d6bc7dbe183deecb913ef4c61aef27ea6bb77c23af09c3dec453f01d8e0cf1a3df30d73d44c4e147d9ff2853cb05b1d9fcd2d80815016f65368c477f3e8b676ee1ef5b9154850f02951060f5335d7b8b1c395151b443130d27b4aa0cdd9c1badc38e1825cbaea22480e1d8a986b001a4464fea618707f43bdf7949f500f3f9293b7f7f28170d45eb3e9422d7a107d5dfab18b8e7a2cbc4b42a818384136a49a021721fe07dff4fb2f26e74ee6b5725166409d794c69a1a5b27cb6263c387b81612add3c9e9e509845843a6ffb2250d37c365e3f57f0ad6e908fab119211e7679b41c8e298f9e85558be25ec0a4e6c9aa3d523ef3771971bfd272fcb736d10fa98a87b78c532fcc322f5e24baa21f2a3c84a90ec9b546869400bad19dec3575ebc69c8e512210b81667ed3cede89d10ee5871a6fb166b2f5c96f079cd5bf97f41327930b210627106c4cb6d77e3793b808c425b8a4118bbaa2d1a1454b162cf9886ec17e215d12223a65348ab33185861ab1f3166a4a925d25a63def895a5b01deea11bcaf17c79d27a922834a32aa0f8676793c7257e44d3f7768de19292a385a7a4b3fc992abfb9f8f3ada57b83dc7955c0b2edef1a8214dd8ea2cc9679685137dd63f3918020e2e2f38602005a4a6e84422867b9160f65e92e053d0b58191eadcd5a8a69b18e3216ea63df3f31869c81de88fc75a1d9e15cbdf8d68ba50cd8dfa55259aa362c2615ccab13489844d5ed995383e334074f561a4a67e1060e64a818fc96135d34e604cabe3d9195cf1283725c7700e397ecb72fc8b36f38cd0830b19b439101e4b3839c48ddc95367bff87b888407a517f94fbe58a7033db1123c0a0074c730e34ce821e12f43d84d3b4f0310c6ecd8afe7779671d7b825bb3892825c762b86f0ffd182b6aafd477fadf0c7a931cb61e2b05fc11267bf0a9882e7c2f8e84d3480d9e4576cc03f0e1dbfbef9f66840ad37e76da3ff8a419730a0076de67e9b913f03f5b637287d981eafa1223feafb86bcff5b2ce987f6fa8386ee036a3f75fe014ef90b05a744e038c43766b5fd552e66b9b4996f774988d2a70fa0bf05fbc453cc4fd0ab642db1bc71e1b63919f3c49254f177306f9b00af5782c0633d68ecb85f93fc1afd8dee3dd1ca8b0d7ba0ea463de0b6e3e05c080f832e129cec16853923cf15f06d9a38e20a5a6fa5125d03c1b72680547eafd9fdf246af08dcb4d4d746577478fbc72d7a36bb4bd3b5ba4dc5e407babfcd64b8c413d7dd5433d6a4ee17d5b4835a74c81414a9397d73e15ae387f04a5012a37c88b226207aba933d68a67bcd38f5e0fb8b24c4434c3a0109deaef4f9ab1d230ea6a4acd6db0c3962d0de3bb64e33a29af8dcbf39d48a27c1649a66d4aecdce2db60c50bcec31677559369184608db197f2ebed81ca8fbeb9d2f8c486ec9839e765df69ea634f2815e75eac613febfa26012767c28eae207ed9315bf19c42de9602f44f45a9cb9913a67548787a30c9e56f3399ab281c537751a28d98392655a60ceb9f2515772d2f1d5d2843952312e2a59061b60f128def6795e0c8eb7b12a710c1afacc84f498a29d683d1949c17f3aeeb8b9a32eb10bb242d61a2db5902d592224fb8e1e713ef33caaec6f8516333ca4886345555166e91a6469d67f39241d144c6457c0f74c60e662439281a660b3c802eafa5825fab36b764d4753b33920dc72ec4b7136be556c7d0d528eef67049f5a7bd9cc7e4e94a4874ad8d06595ed38a5f1cafff1018c1351d1d7eab144edba6d4f9eeb7924a25b9f7a3eb20984919d9ade66a18c33f92b65031472ca657a724d86053a3fc60fc5502acec81822bc609954e402a406081cfe7931a1adbfc45a3168e30a451561302a131ff702b4d6c5d3603ea9d1b54c64aad93407e078d6b435154236ba594e8d2f798bbdface489b43120bc0bd7e1bcb6658c2c192ccf18f278e9c5bb14dbdf1a4eb3412f9dc64a31abefd79bd7c91bb7297c9f694840a75cae5d3482d15a2d148092a6545972b7f95a23206bda509260bb370a012b744c2bb46b57da12367d35e778b7d7f463fd8230368b5a5636f28e2cddd03c69adc9c913027a726130c95d818fa38ca7ba8421d3fcf0736cd3001ffcf80701cf6d737cc3dd8f905af39fb2806d2f22289d0001c74eb482f4faf0a1863099cc1b236edd1cfa206b21a2ed86affb4e6a3a4dfb54fab46c8c06cd3e370b50e08e1b7a08864269d867eba5fae8a49560e9479209966002c09719ab8ca58702bfb0071d3859df0193a956ed4d8ad19a2c79656c6dd42eb5a44b808df394333683b605ad0cf176bfcfdc89b01317a802cf0ab02fc3673822b55fcfba512792c9e40a150cfae4dcd40b2b12296ba95063a2f50f552b4682c4d461b1efb7555816b5b836ff0319af6935ae5b41e67329a7b21da93c36fcd87cbba1653c0d00077b14cfcba24f891d62219c157b6354300837d211fbcf1881f5e98d6195fb782479e106c072020b56285107e2fd7947bc64ec9a43a0b239c140ec0456685ac3eba988952e641d2eb16cd0132d2bb25576fc6bcd5e29eb9da2d40e8b50776abe5cd7ea45da8442a311977c51755015b3e4995739edef0567a3f169e980addb1705224175372339de904eb952e13f648449722258fa21f7e53f4a1956e8e9a39dbb18c6d2d10d9146358158a0ab7ce3f54120b705e1ccb7a13fb7e9103d0b80faaac31cab07f6d2d9f668c707b5e3bdf259923a1057816a31e8c771267fd974193d90e1a9837a987d9ba52f7af599c1aeed13f6619cc0b334396b750c9017f84cff56c0dfecc12faee59e37cf7d44575bb448abb19616d4fa79f4fdf96631328dd0d0717f12b9587d76b577bbe78eaa7b0acace3b79776b5d2e77942c57745e347ec766170e90cc66a5191bff3ad49d423ba2817cf92be74e653cc6274a20bade324638d57a27f2fea01d4670bc1ad5ec4d006492ff5fa616a0010be824766f12acec9b26a7606cc8453382c3dd1f5f5c85354569123824002c44d0ae4cd2e1ebb4e33e3d7b69fe14e05fb53af9d66f53990a830120cd618cfaa10e5f6deab4ef4522afd380ea52f90b181fd5b538f424900aac643d118c33dbb6ffe0b2428844f51943412d8fda4a327b71c814cd6345b3690a4716f04fc7323ff1af08e82ef5e571c9fb0fa9b22af40948febda32ea14ecf61700eb02967d09bfd078ace6cea259952c0be90fab1ce841f1022d2da82f173c580d43effdb424b1729aa9fe40292c082043a7c901bc76426ef6e3de788db31e50f54458ca4e360bb803b48d5a4be50724c1f48b504b086d9dca3ae74eae76a1849d14a4074f389aba805b793f9662f072405026afc3ef108ede69dbd2c769886dfc75a9a2e093137d92b38e34a050eca73cd3067d56dfd58fedaff2857e720b09d676607a1e8eeeb06b26494cc2b844f5e856271732477f384af839e98889d5c9cc28651f6eb74029f839150f947d180e48776ef1c829509e12016c6d1b717713e6325751a944cd259b1b86b1f5e793cdb55a73784498be09c2cebdd70159c77abc7c64af2e2de1a860a3e9dd8646b7a6866e1891fcf97a2b3ea47c0c57c5fa9a94129c2e27940ab9fe996eb1813d21d48fb6dbc9b8071c50dc26b4ed21588211fc5edb1ca873c70b606678ae7de9c10d2d083f372421a3038c592a38aec69020862f4432ef9ae7f400ed53b44bb58e92b022ac8b62a6b459337af339dc3346a809b715f9974d21e606244d23cf4dcb0956f93c14047243172adc97a1fed868bc49fb57ecc123425a21e94dd5b9d1ff52bc45965a7be2f5ea8218750e2cc8f174fbd2c7811742f5f17fa1f954b8423c403fd2e4e96296e37e0bfe2edd52e8c3b921dac771c61524455b401017ab5f655eca76139557a4a87cc30210b052ae17a5ca8b634322657ea4d87e0da2392c470f8951ac0560a01b4d0befe632ee311d0b87af31465d6cf7854f5738cb5debfa1d7381c74f45eea08c06d4ddc9e811d1a33394a35efdb7121cdf5f1603343df8431c87718a5d4cf3b2e593508d8b63f0d1e82f9ebc40d4022ba06327cc8233f29c0995da512b318bfa212e9582cb880d9bd6a02050a014294ef321bb2c65e4638a4fd2c8c27fd9ac28c9e49cdae6dd9eb05dafb38a4a003a56dba826e386f5fd3ab0d54b92f53ec11c850927fc4c5b669c67505ce59306ad86460b480b711d4b31c512829b7037d1c45b5b84c0be40a038b5e975c57c860476318a22df2e4f90009c38481e519b9511e54dc59e89a6593bc53ae03224466513930c5ed3689793f00be192a58a919db9ad1267962c0ee60327ee710accb0da037610ef8aaff63f6582f691096fbdfb1996abc4443cd4ffe04fcad3608413044b978d86d3a18bdf86fdb70cf7e7bbb0e4db9d36176d0ba8a4cf81369fa84ee55466df70e6d4431a873000c19bb5caff30c01c7f7f928cde86bea5c401e525fb8a938fd016bffd5c9d52b279e867bc64f575b80eec74e7f66fe92aef613636e50c8f32831ab4b7eabbc89ce6d7bbfd03b6b005e0c5ba27268369f5083b2ded32c1f9e8cd73a1daee26cf03dbbf9c476fd0f14935244eb7b544f8db1c19d8a21de7e8a88f540e8949f721f20d7a47cfad3f52d93c11a796fbe9fbe415194193e5c70b33237f70790905816b856c252a30e72c081a8bac6a1c9fd2c372b9f870831d6ba6671fd8684f25e60cc7e3a1a02ed5f1a4fe426373bf61404a68571e93f35659b6c37f939233ca6663603b053c8fc74da84dd971b9319a1260fa2f5d66609962e93f7f33a40b22066b86a74fb38bf1444d025f27f14e922661471ef8ad503e97f8e7dd6b9c9a420885e519e085a1f26f7149b82881908021f601679f79c944549bcb431a7d2b12f75aa54cae39f9caafefc01e7eb589d2eb574937abbe18b419d7d27309acb330293456337cb9d753e08f7b890bbf76c4d6ef548bc3b5965302bc65ab08a2420527c1ad8be374cae7cc858376219d39a7a6d58c478a721678e789bcc317a4d1acbf47870a4802a07ac0332f7fdad7156065de511862c2a076e264138b98e7abd1a2555ef2e1ca44ee68f06725508891051f6bd24479a616606024841c8203744b999868b9f2b3b5e8a42f454d25fcddf8f5569594716a4022c3ac8ba67115b93d8bb50684b0fb100dabca7f6b7e29b723007776435829c6f21223d7a2556766d198c76ab6cce3b6e6da5c4d14a26b7cda1cebe6792ce4c1498fe644fb4408189e472efde923506ea4d18aa3284ec311fa942dfa5d8b939e509a10c69461993cc9d3ace2fef29afee8d0894764ffd82371d5ed363b5968447ad3c0962b86584cc97740d7bc3838ab1c1b0198ea830f122b200722d3c2c8815a2a5f90382e1c58f2348dbd38449e28c67ed85f66ea3e383b91c782a4e77ad4aa538db6d15ab90dd464318ded6fd293a1b0279852335e3c94bcce6f37950fb23d96f84465aeaa8fc2f71ce61a1416e579399c363bb37ded602fbea1ba5de87ab12bc7aeb5c62f026f648ab2babea2517c3ade2828109da58c010e6efef544088ba412ea57d3cd4fad3fd85b17e386ffc8a700664b2604c8a71c011e894ac03a109d9ddbe0b6d625d33d7d16fba5bcbc1ee1cdcfc6a475a23aff414e5b4f83e9d18e10f9e6dc49e518561ad53a110794d2ad9c7fee95a03b632b2acbebac42c996e1b856b2f18a2a3bf7cb0726c10b6aa3ec2d78bebd26e86ecf78b87736017cffa7d654b357be120985c553d11dbc932139ea6e1efdb7ef34598db568e66d42429e414b5903ad6e616ff7faff6ecedec529cf16b280c18dd4c3c8cd5192f625965e15c29104855364565a4a52ac5ff78eb31a6e7602e84226a87364708c2a9fdcf2f66f5dd0951aacb7b6c8f9bd0e534ae44b47799cdb8f683db5a3258d6f1943e04e59b11fbc6f57d16ff150c94a22717c1b483ad064c25f09022cc4ce09e76fed2b2ce84e9a50623f84cb013d00b8ee3fd2eaf1ed84df2b29d3119865f5df8fbb6d7440ec6da33deff5c60f466f91959c0d7c7800937cf59fdc6e2d53e809a6f6754ed545fc71c42a95d198df6329a3f32ecd091e7e643727ee34241b9244ea9a2118ccc6d5b52f8dbd61dbc7a4b65e8a4b0e937669a8a6377022df74ac0d2d42008edfa83a71c2e14c8cb7f3e54612cbe5b64b31371f445ea6235467b339b285bffaad0acd9af5159b84f58a3e0230a7e6f055a016a0737b893e0d1b2dba11de53529c825bea86a455bba90eb4f10ea5425d498c18c0bc643a5bb07491a8b6d89b1c92329aaff3a9cb9302f81100d97b78a09d1f5c512c26409796608b77c969c070f6e55037c97bef2c30ebb373110c2356e0663c0a7010d13f18f9b7b1d4a5de88b110efe433a5dc9dd03ac7621a6de39584de91e9b43c5ef4cb435eeb45b8865540355030acddeaf451a453a0b0a76cb064ea1e939dc5491f2c591973c741cf1f73ef4451a1b43ed9d9e0c7b126b869e7cd326900a470dc08a15fb176346f7431dadd6b820ec10cba33d7097ebac9c1ff147fe39d9cedad2828facd8c37cb22a8b7d55b63170f55ccf45fc25715d00e7eb7c3f32c5a7dce02bb07073daa170caa4813b2102648cf6a5bc9ae5ef3fc4c6240447190340469cea21650f79f5ff0ab60e6fa8a30a45f29ca7f4356c275ef4dad63b07f73cc672d26091db75eff3e19b51272b0b786609333f6580a3ad3c83673df3776d04cd05fa86b7b8066076b71377580d8b226d9daec174cf2a62ffd48259ca04821e949021b3f540b5268c794a5314de9cb143dafce0575c06750f0c125b507bf39bf0abfc25b9bc39ddbc4450f0f3a70c312905a5c2d11f7b39a3cb0fd08be6f8b74c5d74fdfb0477c942caac42ae596e0aa36db5f10e1571231ebfc327e5a6111eb2f2a0e1be0b0752018973500f1b7c832cf36078c24717f66983bb72649829af53389e89694bce146f8cb358d7922ba07dfa9da6fbd65b7f5159010b1bc6847967b9eeef7c6db90f48b1c1a7ab63481809111b2876c73c375064bdca8064ee8d6d7b3817db8f5dc82709c586afea5850f415ca7641b5e6f45ff93b9dbc2f62c40c47dbe61a069d88e3664c8dfc9be2b35f8896e6d5c8a35b864b50d50364d3cec828a4f7dcff3cb314c9f7ab03c93e1fd8c5bfa2c303d76cb0954b401927a000babc400497d3f3a37c1f7a685ecc12b28db4b9b75debccfb132a4bb3b19ba91a441a94403eef6ad8222edd1dcecf215580296020731cab55029a189561499d34faef21eadfc370f98872c2192aef73f0cdf80de61cc9157d1e08d7153a49f7d1151fb9f110febc34e760c1afb87eb36c9df1d6aa047cb655b3ec5fdae8e2d93861070f98bd5f1c53c26f07d7c43cb295440af75e87671a552e39f9bfe1853222eb8ba0c8013944ee61dbe21281b1d4e3ea3dc0353d4ded5db0128504b97491353120c63bea1c5656be047a77bebe93efbab10375cb0946624e076a93a6ffdc284f4aa9fcf54ebda3653d5abf7da76f19c165d0982d48279ba8ee9f33b2fb060491aa26517e39f2cb4d4ce7726b249f070aeefca6843a813026e45c6ddfccd1e0b8883a7170644c43b227a2a3c03cbd17b8f3dc0910685169ada487a72251eeb6e6a1dd5661294337cf4cee2d74fdfbe00ff6d07847e63880059bcd12951e8b649cca1dc6a355a7d2c26ef8cabd467b21d6bbe28b108b385ffff7304d96b03500c912efd2af7c45f81f5f2f0e3357ec7da616f81ead2f823a128696ec7dd65a6587e5ecb56a8fba1bdea28909da5e085e164b046310182fad711d4e46abaa61281c88c729810c615ce9636b5c96e4150e2fcec6c111469ba8b0c010963d4338fba8a8a080e384198e1410af15f7ee18e5396b721fc331860e072207da236b35dd94fa7dab288a114ea46e754f1d0b4bfa1a5b216706652e52c489e9a3a1cee8ab4fe5d416ac22c2649673715909c27f31684f6e103913bfd28e02fca507940b86405cebb8084d1c6532a5508b716070c67ba544a1593895f4cc1a8d075415feb69d50fb674c3a89b59f80032cdfa8d1181856817bb16f50bafd0e21aa656661bf3b6bfc207a7a645a8edc15ff1cb706b6292a3263ef5ad1479338f59058d08ce76dc801d8e11e280badd5a0c0dcf1c6285d95cc087e7f0dd823b6b7c353d22f1e7ed03c1461cc4c170e33cd06c45f17fe1af233cca638611449493d533f701d77163f6784202d995e17b797d4d2f0d87d05a00728e8fdda47c70ecf919a2a110371da3474580720e8eae934888cf84f1f1a5530baf815e7c16129732ec4af417c1be0970b845dbced563f00a86135bda35c525aa020f285116b00071858e6eacf7b124b635ff7b62410e8c27a4c76adcdec10f5180130e8c554d2d8038677650171a2f6c3da4c04e340b48df92cf41d08a499f680a2cd6ab099fcede2f8b1888aa052c7f2dffdb203e19fb1e2e6237e19b218740c89cce311ff168437500a6eec570780938c3291a19482656a8d53b19bde3d4148bf1a9f2ea67ae835df675662f27b5b6f5e2652d0471c81740acef306d9605b4ca09a2c4c0f3f8063b6fa5fe01109c5e348eb318074785771ab2cedc48d0f5e15b3a368ace5aea415aa2d566063f25571b7a218b9e95117aaf0a389284e763e448c88b49205392fe032ed206ca8e27fb1c65a72d125cc860913dabe714be1a2a85120066cad66d53dec9a30664bfdd33e25398199211b15fe0770cb243bee320e95e506be4617c3e5e6825342c769bc1da3127f8d34c922f60ed2727f5d9209fc28099ec86c29572fc7159f6ced79b0a2a2653100230a55f7a578e2f1d90f6301069ed04106de45b976f2aabe769ed17d59a53116b74fa2f598c0d1e9919ca8d9cc21265ebc218ab9808b094eebd9a48d8349cf3faeaaa7c8ddb07f6eb874f70cdfafe050de69c6e7da6c8d2f71d581d6c604f4bb29243e9d1bbcb0890b436cb43d1a33c4b96a08af4137135a8c8fe74034dcaf1581856f800771", 0x2000, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000000c0)={0x78, 0x0, 0x0, {0x0, 0x0, 0x0, {0x0, 0x800000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
dup2(r4, r0)

02:53:50 executing program 3:
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0x4)
bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10)
sendto$inet(r0, &(0x7f0000000200), 0xfffffffffffffeb4, 0x20008011, &(0x7f0000db4ff0)={0x2, 0x4e20, @loopback=0xac14140d}, 0x10)
recvfrom(r0, &(0x7f0000000100)=""/94, 0xffffffffffffff5e, 0x10100, 0x0, 0x258000)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = dup2(r1, r1)
openat$bsg(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$IOCTL_START_ACCEL_DEV(0xffffffffffffffff, 0x40096102, 0x0)
ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200)

[  313.991998] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  313.999699] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  314.006965] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  314.014234] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  314.021502] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
02:53:50 executing program 5:
syz_mount_image$f2fs(&(0x7f0000000000)='f2fs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x6, &(0x7f0000000200)=[{&(0x7f0000010500)="1020f5f201000b0009000000030000000c000000090000000100000001000000000000000040000000000000180000001f0000000200000002000000020000000100000018000000000200000002000000060000000a0000000e000000100000030000000100000002", 0x69, 0x1400}, {&(0x7f0000010a00)="6d1ddf7900000000001000000000000002000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xa6, 0x200000}, {&(0x7f0000010b00)="00000000000000000000000000000000000000000000000000000000aec1e113", 0x20, 0x200fe0}, {&(0x7f0000011600)="00000000000000000000000000000000000000000000000000000001000000006d1ddf7900000000001000000000000002000000000000000d0000001000000012000000170000001600000015000000ffffffffffffffffffffffffffffffffffffffff01000000000000000000000000000000140000000100000000000000ffffffffffffffffffffffffffffffffffffffff010000000000000000000000000000008501000006000000010000000100000001000000040000004000000040000000fc0f", 0xc6, 0x204fe0}, {&(0x7f0000011700)="00000000000000000000000000000000000000000000000000000000aec1e113", 0x20, 0x205fe0}, {0x0, 0x0, 0x3e00000}], 0x0, &(0x7f0000012400))

02:53:50 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x64, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x1c, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x4}]}}]}, 0x64}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  314.028524] audit: type=1800 audit(1601002430.574:216): pid=19980 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="file0" dev="sda1" ino=16634 res=0
[  314.028766] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  314.138169] BTRFS error (device loop1): support for check_integrity* not compiled in!
[  314.186581] f2fs_msg: 10 callbacks suppressed
[  314.186591] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  314.199013] BTRFS error (device loop1): open_ctree failed
02:53:50 executing program 1 (fault-call:0 fault-nth:85):
syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="90e42e8500000000000000000000000000000000000000000000000000000000f90cac8b044b4fa88bee4b8d3da88dc2000001000000000001000000000000005f42485266535f4d07000000000000000000500000000000001010000000000000000000000000000000000000000000000000010000000000d0000000000000060000000000000001000000000000000010000000100000001000000010000061000000040000000000000000000000000000000000000000000000450300000000000000000000000100000000000000000000010000000000007200000000000010000000100000001000000000000000000000000000000000000000000000000000000000000000001a8885d61aee4febb69bd33546bd0e04f90cac8b044b4fa88bee4b8d3da88dc2", 0x12b, 0x10000}, {&(0x7f0000010200)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x00\a', 0x14, 0x10220}, {&(0x7f0000010300)="00000000000000000000000001000000000000e40000100000000000000040000000000002000000000000000000010000000000020000000000000000100000001000000010000001000000010000000000000000001000000000001a8885d61aee4febb69bd33546bd0e04", 0x6c, 0x10320}, {&(0x7f0000010400)="000000000000000000000000105000000000000500000000000000001010000000000004000000000000000020500000000000050000000000000000005000000000000400000000000000007050000000000004000000000000000080500000000000040000000000000000000001000000000080000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f050000000000006000000000000000010100000000000040000000000000000b0500000000000060000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d0000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000005000000000000700000000000000001010000000000004000000000000000010500000000000070000000000000000d050000000000006000000000000000000510000000000060000000000000000605000000000000600000000000000000000010000000000d000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000050500000000000040000000000000000101000000000000400000000000000006050000000000004000000000000000000500000000000040000000000000000705000000000000400000000000000008050000000000004000000000000000000000100000000008000000000000001", 0x274, 0x10b20}], 0x0, &(0x7f0000000140)={[{@noinode_cache='noinode_cache'}, {@check_int_data='check_int_data'}]})

02:53:50 executing program 0:
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
openat$binder_debug(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/debug/binder/stats\x00', 0x0, 0x0)
mkdir(&(0x7f0000000240)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0'])
socket(0x200000000000011, 0x3, 0x0)
socket(0x200000000000011, 0x3, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=@newchain={0x64, 0x64, 0x0, 0x0, 0x0, {}, [@TCA_RATE={0x6}, @TCA_CHAIN={0x8}, @TCA_CHAIN={0x8}, @filter_kind_options=@f_rsvp6={{0xa, 0x1, 'rsvp6\x00'}, {0x1c, 0x2, [@TCA_RSVP_SRC={0x14, 0x3, @private2}, @TCA_RSVP_POLICE={0x4}]}}]}, 0x64}}, 0x0)
chdir(&(0x7f00000002c0)='./bus\x00')
open(&(0x7f0000000040)='./file0\x00', 0x141042, 0x0)
r0 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000003c0)={0x0, 0x0, 0x3e, 0x0, 0x0, [{}]})

[  314.272667] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  314.289010] audit: type=1804 audit(1601002430.844:217): pid=19995 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/125/bus/file0" dev="sda1" ino=16307 res=1
[  314.294998] F2FS-fs (loop5): invalid crc value
02:53:51 executing program 3:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
sendmmsg$inet(r0, &(0x7f0000002c00)=[{{&(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x1c, 0x0, 0x7, {[@rr={0x7, 0x3, 0x8a}, @noop, @end, @ra={0x94, 0x4}]}}}], 0x20}}], 0x1, 0x0)

[  314.398876] F2FS-fs (loop5): SIT is corrupted node# 0 vs 1
[  314.417890] F2FS-fs (loop5): Failed to initialize F2FS segment manager
[  314.430065] FAULT_INJECTION: forcing a failure.
[  314.430065] name failslab, interval 1, probability 0, space 0, times 0
[  314.440774] F2FS-fs (loop5): Magic Mismatch, valid(0xf2f52010) - read(0x0)
[  314.467540] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  314.471325] audit: type=1804 audit(1601002431.024:218): pid=20006 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="invalid_pcr" cause="open_writers" comm="syz-executor.0" name="/root/syzkaller-testdir881736082/syzkaller.FsQwTz/126/bus/file0" dev="sda1" ino=16142 res=1
[  314.480676] F2FS-fs (loop5): invalid crc value
[  314.522039] F2FS-fs (loop5): SIT is corrupted node# 0 vs 1
[  314.527933] CPU: 1 PID: 20007 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  314.531307] F2FS-fs (loop5): Failed to initialize F2FS segment manager
[  314.535820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.535825] Call Trace:
[  314.535845]  dump_stack+0x1b2/0x283
[  314.535862]  should_fail.cold+0x10a/0x154
[  314.535876]  should_failslab+0xd6/0x130
[  314.535887]  __kmalloc+0x2c1/0x400
[  314.535897]  ? register_shrinker+0x1ab/0x220
[  314.535909]  register_shrinker+0x1ab/0x220
[  314.535920]  sget_userns+0x9aa/0xc10
[  314.535931]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  314.535945]  ? btrfs_kill_super+0x540/0x540
[  314.535962]  ? dlm_send_remote_unlock_request.constprop.0.cold+0x1d/0x1d
[  314.535971]  ? btrfs_kill_super+0x540/0x540
[  314.535980]  sget+0xd1/0x110
[  314.535997]  btrfs_mount+0xbbe/0x1fe0
[  314.611291]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  314.617264]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  314.622707]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  314.627707]  ? __lockdep_init_map+0x100/0x560
[  314.632181]  ? __lockdep_init_map+0x100/0x560
[  314.637321]  mount_fs+0x92/0x2a0
[  314.640771]  vfs_kern_mount.part.0+0x5b/0x470
[  314.646381]  vfs_kern_mount+0x3c/0x60
[  314.650295]  btrfs_mount+0x42a/0x1fe0
[  314.654080]  ? lock_downgrade+0x740/0x740
[  314.658211]  ? _find_next_bit+0xdb/0x100
[  314.662256]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  314.668221]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  314.673665]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  314.678666]  ? __lockdep_init_map+0x100/0x560
[  314.683140]  ? __lockdep_init_map+0x100/0x560
[  314.687615]  mount_fs+0x92/0x2a0
[  314.690970]  vfs_kern_mount.part.0+0x5b/0x470
[  314.695482]  do_mount+0xe53/0x2a00
[  314.699003]  ? do_raw_spin_unlock+0x164/0x220
[  314.703486]  ? copy_mount_string+0x40/0x40
[  314.707701]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  314.712696]  ? copy_mnt_ns+0xa30/0xa30
[  314.716562]  ? copy_mount_options+0x1fa/0x2f0
[  314.721036]  ? copy_mnt_ns+0xa30/0xa30
[  314.724905]  SyS_mount+0xa8/0x120
[  314.728338]  ? copy_mnt_ns+0xa30/0xa30
[  314.732203]  do_syscall_64+0x1d5/0x640
[  314.736108]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  314.741297] RIP: 0033:0x460bca
[  314.744471] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  314.752157] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  314.759491] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  314.766740] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  314.773989] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  314.781245] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  314.802236] audit: type=1800 audit(1601002431.354:219): pid=19984 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op="collect_data" cause="failed(directio)" comm="syz-executor.4" name="/" dev="fuse" ino=1 res=0
[  314.907216] ==================================================================
[  314.914936] BUG: KASAN: use-after-free in btrfs_mount+0x1c3f/0x1fe0
[  314.921338] Read of size 8 at addr ffff888097d5bed8 by task syz-executor.1/20007
[  314.928865] 
[  314.930495] CPU: 0 PID: 20007 Comm: syz-executor.1 Not tainted 4.14.198-syzkaller #0
[  314.938362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  314.947695] Call Trace:
[  314.950270]  dump_stack+0x1b2/0x283
[  314.953881]  print_address_description.cold+0x54/0x1d3
[  314.959139]  kasan_report_error.cold+0x8a/0x194
[  314.963787]  ? btrfs_mount+0x1c3f/0x1fe0
[  314.967827]  __asan_report_load8_noabort+0x68/0x70
[  314.972752]  ? btrfs_mount+0x1c3f/0x1fe0
[  314.976792]  btrfs_mount+0x1c3f/0x1fe0
[  314.980663]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  314.986637]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  314.992067]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  314.997082]  ? __lockdep_init_map+0x100/0x560
[  315.001560]  ? __lockdep_init_map+0x100/0x560
[  315.006053]  mount_fs+0x92/0x2a0
[  315.009400]  vfs_kern_mount.part.0+0x5b/0x470
[  315.013877]  vfs_kern_mount+0x3c/0x60
[  315.017660]  btrfs_mount+0x42a/0x1fe0
[  315.021474]  ? lock_downgrade+0x740/0x740
[  315.025605]  ? _find_next_bit+0xdb/0x100
[  315.029750]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  315.035709]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  315.041253]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  315.046253]  ? __lockdep_init_map+0x100/0x560
[  315.050729]  ? __lockdep_init_map+0x100/0x560
[  315.055219]  mount_fs+0x92/0x2a0
[  315.058566]  vfs_kern_mount.part.0+0x5b/0x470
[  315.063058]  do_mount+0xe53/0x2a00
[  315.066598]  ? do_raw_spin_unlock+0x164/0x220
[  315.071075]  ? copy_mount_string+0x40/0x40
[  315.075290]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  315.080284]  ? copy_mnt_ns+0xa30/0xa30
[  315.084150]  ? copy_mount_options+0x1fa/0x2f0
[  315.088638]  ? copy_mnt_ns+0xa30/0xa30
[  315.092526]  SyS_mount+0xa8/0x120
[  315.095959]  ? copy_mnt_ns+0xa30/0xa30
[  315.099834]  do_syscall_64+0x1d5/0x640
[  315.103707]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  315.108888] RIP: 0033:0x460bca
[  315.112066] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  315.119755] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  315.127026] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  315.134307] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  315.141578] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  315.148839] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  315.156185] 
[  315.157792] Allocated by task 20007:
[  315.161491]  kasan_kmalloc+0xeb/0x160
[  315.165269]  __kmalloc_node+0x4c/0x70
[  315.169049]  kvmalloc_node+0x88/0xd0
[  315.172740]  btrfs_mount+0x911/0x1fe0
[  315.176521]  mount_fs+0x92/0x2a0
[  315.179881]  vfs_kern_mount.part.0+0x5b/0x470
[  315.184353]  vfs_kern_mount+0x3c/0x60
[  315.188132]  btrfs_mount+0x42a/0x1fe0
[  315.191927]  mount_fs+0x92/0x2a0
[  315.195296]  vfs_kern_mount.part.0+0x5b/0x470
[  315.199774]  do_mount+0xe53/0x2a00
[  315.203293]  SyS_mount+0xa8/0x120
[  315.206725]  do_syscall_64+0x1d5/0x640
[  315.210605]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  315.215770] 
[  315.217375] Freed by task 20007:
[  315.220722]  kasan_slab_free+0xc3/0x1a0
[  315.224678]  kfree+0xc9/0x250
[  315.227762]  kvfree+0x45/0x50
[  315.230853]  deactivate_locked_super+0x6c/0xd0
[  315.235419]  sget_userns+0x9c4/0xc10
[  315.239112]  sget+0xd1/0x110
[  315.242111]  btrfs_mount+0xbbe/0x1fe0
[  315.245892]  mount_fs+0x92/0x2a0
[  315.249244]  vfs_kern_mount.part.0+0x5b/0x470
[  315.253714]  vfs_kern_mount+0x3c/0x60
[  315.257493]  btrfs_mount+0x42a/0x1fe0
[  315.261281]  mount_fs+0x92/0x2a0
[  315.264630]  vfs_kern_mount.part.0+0x5b/0x470
[  315.269105]  do_mount+0xe53/0x2a00
[  315.272632]  SyS_mount+0xa8/0x120
[  315.276076]  do_syscall_64+0x1d5/0x640
[  315.279949]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  315.285115] 
[  315.286722] The buggy address belongs to the object at ffff888097d5a640
[  315.286722]  which belongs to the cache kmalloc-16384 of size 16384
[  315.299711] The buggy address is located 6296 bytes inside of
[  315.299711]  16384-byte region [ffff888097d5a640, ffff888097d5e640)
[  315.311845] The buggy address belongs to the page:
[  315.316755] page:ffffea00025f5600 count:1 mapcount:0 mapping:ffff888097d5a640 index:0x0 compound_mapcount: 0
[  315.326715] flags: 0xfffe0000008100(slab|head)
[  315.331293] raw: 00fffe0000008100 ffff888097d5a640 0000000000000000 0000000100000001
[  315.339262] raw: ffffea00013a5c20 ffffea0000d38a20 ffff88812fe48200 0000000000000000
[  315.347137] page dumped because: kasan: bad access detected
[  315.352825] 
[  315.354434] Memory state around the buggy address:
[  315.359340]  ffff888097d5bd80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  315.366691]  ffff888097d5be00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  315.374029] >ffff888097d5be80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  315.381367]                                                     ^
[  315.387573]  ffff888097d5bf00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  315.394910]  ffff888097d5bf80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  315.402259] ==================================================================
[  315.409603] Disabling lock debugging due to kernel taint
[  315.430409] Kernel panic - not syncing: panic_on_warn set ...
[  315.430409] 
[  315.437812] CPU: 1 PID: 20007 Comm: syz-executor.1 Tainted: G    B           4.14.198-syzkaller #0
[  315.446905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  315.456245] Call Trace:
[  315.458817]  dump_stack+0x1b2/0x283
[  315.462498]  panic+0x1f9/0x42d
[  315.465667]  ? add_taint.cold+0x16/0x16
[  315.469636]  ? ___preempt_schedule+0x16/0x18
[  315.474027]  kasan_end_report+0x43/0x49
[  315.477985]  kasan_report_error.cold+0xa7/0x194
[  315.482648]  ? btrfs_mount+0x1c3f/0x1fe0
[  315.486685]  __asan_report_load8_noabort+0x68/0x70
[  315.491589]  ? btrfs_mount+0x1c3f/0x1fe0
[  315.495636]  btrfs_mount+0x1c3f/0x1fe0
[  315.499501]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  315.505450]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  315.510873]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  315.515875]  ? __lockdep_init_map+0x100/0x560
[  315.520354]  ? __lockdep_init_map+0x100/0x560
[  315.525050]  mount_fs+0x92/0x2a0
[  315.528647]  vfs_kern_mount.part.0+0x5b/0x470
[  315.533120]  vfs_kern_mount+0x3c/0x60
[  315.536957]  btrfs_mount+0x42a/0x1fe0
[  315.540834]  ? lock_downgrade+0x740/0x740
[  315.544964]  ? _find_next_bit+0xdb/0x100
[  315.549005]  ? btrfs_get_subvol_name_from_objectid+0x8b0/0x8b0
[  315.554959]  ? rcu_lockdep_current_cpu_online+0xed/0x140
[  315.560392]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  315.565432]  ? __lockdep_init_map+0x100/0x560
[  315.572752]  ? __lockdep_init_map+0x100/0x560
[  315.577231]  mount_fs+0x92/0x2a0
[  315.580580]  vfs_kern_mount.part.0+0x5b/0x470
[  315.585052]  do_mount+0xe53/0x2a00
[  315.588579]  ? do_raw_spin_unlock+0x164/0x220
[  315.593055]  ? copy_mount_string+0x40/0x40
[  315.597265]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  315.602272]  ? copy_mnt_ns+0xa30/0xa30
[  315.606136]  ? copy_mount_options+0x1fa/0x2f0
[  315.610605]  ? copy_mnt_ns+0xa30/0xa30
[  315.614727]  SyS_mount+0xa8/0x120
[  315.618155]  ? copy_mnt_ns+0xa30/0xa30
[  315.622016]  do_syscall_64+0x1d5/0x640
[  315.625882]  entry_SYSCALL_64_after_hwframe+0x46/0xbb
[  315.631043] RIP: 0033:0x460bca
[  315.634207] RSP: 002b:00007fc7fa8cfa88 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5
[  315.642845] RAX: ffffffffffffffda RBX: 00007fc7fa8cfb20 RCX: 0000000000460bca
[  315.650106] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fc7fa8cfae0
[  315.657354] RBP: 00007fc7fa8cfae0 R08: 00007fc7fa8cfb20 R09: 0000000020000000
[  315.664596] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000
[  315.671909] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020000140
[  315.680324] Kernel Offset: disabled
[  315.683935] Rebooting in 86400 seconds..