ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 448.119782] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 02:47:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 448.127087] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 448.134670] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 448.141972] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 0000000000000006 [ 448.151842] CPU: 1 PID: 27609 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 448.159757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.169438] Call Trace: [ 448.172125] dump_stack+0x142/0x197 [ 448.175770] should_fail.cold+0x10f/0x159 [ 448.179951] should_failslab+0xdb/0x130 [ 448.184044] kmem_cache_alloc+0x2d7/0x780 [ 448.188208] ? retint_kernel+0x2d/0x2d [ 448.192109] __kernfs_new_node+0x70/0x480 [ 448.196276] kernfs_new_node+0x80/0xf0 [ 448.200177] kernfs_create_dir_ns+0x41/0x140 [ 448.204611] internal_create_group+0xea/0x7b0 [ 448.209153] sysfs_create_group+0x20/0x30 [ 448.213438] lo_ioctl+0x1162/0x1cd0 [ 448.217223] ? loop_probe+0x160/0x160 [ 448.221038] blkdev_ioctl+0x95f/0x1850 [ 448.224970] ? blkpg_ioctl+0x970/0x970 [ 448.228877] ? __might_sleep+0x93/0xb0 [ 448.232779] ? __fget+0x210/0x370 [ 448.236256] block_ioctl+0xde/0x120 [ 448.239921] ? blkdev_fallocate+0x3b0/0x3b0 [ 448.244430] do_vfs_ioctl+0x7ae/0x1060 [ 448.249373] ? selinux_file_mprotect+0x5d0/0x5d0 [ 448.254283] ? lock_downgrade+0x740/0x740 [ 448.258595] ? ioctl_preallocate+0x1c0/0x1c0 [ 448.259016] FAULT_INJECTION: forcing a failure. [ 448.259016] name failslab, interval 1, probability 0, space 0, times 0 [ 448.263840] ? __fget+0x237/0x370 [ 448.263858] ? security_file_ioctl+0x89/0xb0 [ 448.263873] SyS_ioctl+0x8f/0xc0 [ 448.263884] ? do_vfs_ioctl+0x1060/0x1060 [ 448.263897] do_syscall_64+0x1e8/0x640 [ 448.263905] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.263920] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 448.263927] RIP: 0033:0x45b227 [ 448.263939] RSP: 002b:00007f15753b7a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 448.317387] RAX: ffffffffffffffda RBX: 00007f15753b86d4 RCX: 000000000045b227 02:47:02 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) syz_mount_image$ntfs(&(0x7f0000000080)='ntfs\x00', &(0x7f00000000c0)='./file0/file0\x00', 0xf0e, 0x2, &(0x7f0000000380)=[{&(0x7f0000000100)="e25a6d200f2b7d8db193a771709caa464e44bc8ae76ddd64ae09d8e9689dc0b5361c5650a192aa947ca84dc624ba96efb18ec11b17a56be48643363e10aab16e2a02abefdca1ecdbf04f29218284b21b389a634d70df756dc89544a236e448aae886fd23ca700bc0254864e6e16633f4d5db3c2cdb7e4fc1bf70b0cb95c8900a3c68", 0x82, 0x6fa}, {&(0x7f0000000200)="2ccace01ca71cdea0385884c632104a480af1acb695ade36472ffac11586110fab8e06035a40b54bb3d448d11f26af10db80c30b8d9f12981d3d488b2a6c4b0dd2d2d4ae570e8512ab990877d4bca34654f7eeb628321b792ba8067899257780d668000cfbfed94df901dc17c422d1a727f7ec7273e0f3a5fe008621821fe869f36c4fb3286a7515f83a15cb0d8669e729699b5e0c1e8ecd70d7e6b16c137fc9e7efe51de4302e5d709e7c7604dba7c40b4d474f16e919c06e4b0e6fcfd58270758591363bd320934f0208e77184788b335108f7fc3107858d26335de6ec745d36f3fca15a6826dc", 0xe8, 0x8c43}], 0x4000, &(0x7f00000003c0)={[{@nls={'nls', 0x3d, 'ascii'}}, {@case_sensitive_no='case_sensitive=no'}, {@errors_recover='errors=recover'}, {@disable_sparse_yes='disable_sparse=yes'}, {@mft_zone_multiplier={'mft_zone_multiplier', 0x3d, 0xffffffffffffffff}}, {@disable_sparse_no='disable_sparse=no'}, {@case_sensitive_no='case_sensitive=no'}], [{@dont_measure='dont_measure'}, {@smackfsfloor={'smackfsfloor', 0x3d, 'btrfs\x00'}}]}) 02:47:02 executing program 1 (fault-call:3 fault-nth:7): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 448.324819] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 448.332876] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 448.340326] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 448.347592] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000c [ 448.355701] CPU: 0 PID: 27628 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 448.363747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 448.373222] Call Trace: [ 448.375831] dump_stack+0x142/0x197 [ 448.379668] should_fail.cold+0x10f/0x159 [ 448.383830] should_failslab+0xdb/0x130 [ 448.387804] __kmalloc+0x2f0/0x7a0 [ 448.391349] ? mark_held_locks+0xb1/0x100 [ 448.395495] ? __local_bh_enable_ip+0x99/0x1a0 [ 448.400082] ? sock_kmalloc+0x7f/0xc0 [ 448.403878] sock_kmalloc+0x7f/0xc0 [ 448.407503] hash_alloc_result.part.0+0x95/0x110 [ 448.412270] hash_recvmsg+0x515/0x890 [ 448.416085] ? hash_sendpage+0x9a0/0x9a0 [ 448.420166] sock_recvmsg_nosec+0x89/0xb0 [ 448.424345] ? __sock_tx_timestamp+0x90/0x90 [ 448.428768] ___sys_recvmsg+0x21f/0x4d0 [ 448.432742] ? ___sys_sendmsg+0x840/0x840 [ 448.436907] ? __fget+0x210/0x370 [ 448.440357] ? save_trace+0x290/0x290 [ 448.444172] ? __might_fault+0x110/0x1d0 [ 448.448224] ? find_held_lock+0x35/0x130 [ 448.452287] ? __might_fault+0x110/0x1d0 [ 448.456372] __sys_recvmmsg+0x226/0x6b0 [ 448.460537] ? SyS_recvmsg+0x50/0x50 [ 448.464243] ? lock_downgrade+0x740/0x740 [ 448.468390] ? __mutex_unlock_slowpath+0x71/0x800 [ 448.473300] ? check_preemption_disabled+0x3c/0x250 [ 448.478349] SyS_recvmmsg+0x125/0x140 [ 448.482167] ? __sys_recvmmsg+0x6b0/0x6b0 [ 448.486444] ? do_syscall_64+0x53/0x640 [ 448.490415] ? __sys_recvmmsg+0x6b0/0x6b0 [ 448.494572] do_syscall_64+0x1e8/0x640 [ 448.498451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 448.503304] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 448.508483] RIP: 0033:0x45b3b9 [ 448.511670] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 448.519375] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 448.526774] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 448.534046] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 448.541317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 448.548581] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 0000000000000007 [ 448.606881] BTRFS error (device loop4): superblock checksum mismatch [ 448.660354] BTRFS error (device loop4): open_ctree failed 02:47:05 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x1, 0x1, &(0x7f0000000080)=[{&(0x7f00000000c0)="8da4363ac0ed02000a0000000001004d010000210000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001f7720ba247f6de19a883949fd52628999c613e18cf0f5a96815e818784bafc30f82ff8666bab09d5c842a7f151ab91e58d87908ce623adeabe138d860300000000fd1b62e661ff2122ff037e63ea8a748e15ff97b44aca08bc812a655c6dcc6ad2087490a8f330bfcd8fb97a18f6e927dd98563bb8bceef26a8be167bed5dcfbf6a833bdb1b8c76f0681f93a852cfe8d721b60da9c469f6493a5", 0xcd, 0x10200}], 0x0, 0x0) 02:47:05 executing program 1 (fault-call:3 fault-nth:8): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:05 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xaaaaaaaaaaaacc5, &(0x7f0000000040)=[{&(0x7f0000000140)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a005101000000000001fffffff60000005f42485266535f4d3edbefc2d88ccd93bd55febeb599b5e6867292af58c8d32d85e8b78f029cfa56895737", 0x48, 0x10000}], 0x200881, 0x0) pipe2(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCDELRT(r2, 0x890c, &(0x7f0000000240)={0x0, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, @can={0x1d, 0x0}, @nfc={0x27, 0x1, 0x2, 0x7}, 0x4212, 0x0, 0x0, 0x0, 0x3, &(0x7f0000000200)='veth0_macvtap\x00', 0xdaa, 0x80000000}) ioctl$TUNSETIFINDEX(r0, 0x400454da, &(0x7f00000002c0)=r3) 02:47:05 executing program 4 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 450.651727] FAULT_INJECTION: forcing a failure. [ 450.651727] name failslab, interval 1, probability 0, space 0, times 0 [ 450.670504] FAULT_INJECTION: forcing a failure. [ 450.670504] name failslab, interval 1, probability 0, space 0, times 0 [ 450.695449] CPU: 1 PID: 27649 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 450.703704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.713100] Call Trace: [ 450.715712] dump_stack+0x142/0x197 [ 450.719367] should_fail.cold+0x10f/0x159 [ 450.723682] should_failslab+0xdb/0x130 [ 450.727673] __kmalloc+0x2f0/0x7a0 [ 450.731260] ? mark_held_locks+0xb1/0x100 [ 450.735426] ? __local_bh_enable_ip+0x99/0x1a0 [ 450.740024] ? sock_kmalloc+0x7f/0xc0 [ 450.743838] sock_kmalloc+0x7f/0xc0 [ 450.747468] hash_alloc_result.part.0+0x95/0x110 [ 450.752322] hash_recvmsg+0x515/0x890 [ 450.756141] ? hash_sendpage+0x9a0/0x9a0 [ 450.760196] sock_recvmsg_nosec+0x89/0xb0 [ 450.764484] ? __sock_tx_timestamp+0x90/0x90 [ 450.768903] ___sys_recvmsg+0x21f/0x4d0 [ 450.772890] ? ___sys_sendmsg+0x840/0x840 [ 450.777041] ? __fget+0x210/0x370 [ 450.780503] ? save_trace+0x290/0x290 [ 450.784319] ? __might_fault+0x110/0x1d0 [ 450.788413] ? find_held_lock+0x35/0x130 [ 450.792466] ? __might_fault+0x110/0x1d0 [ 450.796559] __sys_recvmmsg+0x226/0x6b0 [ 450.800550] ? SyS_recvmsg+0x50/0x50 [ 450.804294] ? lock_downgrade+0x740/0x740 [ 450.808455] ? __mutex_unlock_slowpath+0x71/0x800 [ 450.813293] ? check_preemption_disabled+0x3c/0x250 [ 450.818680] SyS_recvmmsg+0x125/0x140 [ 450.822476] ? __sys_recvmmsg+0x6b0/0x6b0 [ 450.826701] ? do_syscall_64+0x53/0x640 [ 450.830684] ? __sys_recvmmsg+0x6b0/0x6b0 [ 450.834828] do_syscall_64+0x1e8/0x640 [ 450.838863] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 450.843818] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 450.849002] RIP: 0033:0x45b3b9 02:47:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) chdir(&(0x7f0000000080)='./file0\x00') 02:47:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 450.852301] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 450.860016] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 450.867304] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 450.874577] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 450.881866] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 450.889236] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 0000000000000008 [ 450.917051] CPU: 1 PID: 27652 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 450.925152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 450.934609] Call Trace: [ 450.937224] dump_stack+0x142/0x197 [ 450.940876] should_fail.cold+0x10f/0x159 [ 450.945049] should_failslab+0xdb/0x130 [ 450.949036] kmem_cache_alloc+0x2d7/0x780 [ 450.953204] ? trace_hardirqs_on+0x10/0x10 [ 450.957456] ? save_trace+0x290/0x290 [ 450.961292] __kernfs_new_node+0x70/0x480 [ 450.965462] kernfs_new_node+0x80/0xf0 [ 450.969365] kernfs_create_dir_ns+0x41/0x140 [ 450.973791] internal_create_group+0xea/0x7b0 [ 450.978309] sysfs_create_group+0x20/0x30 [ 450.982503] lo_ioctl+0x1162/0x1cd0 [ 450.986163] ? loop_probe+0x160/0x160 [ 450.989986] blkdev_ioctl+0x95f/0x1850 [ 450.994036] ? blkpg_ioctl+0x970/0x970 [ 450.997939] ? __might_sleep+0x93/0xb0 [ 451.001831] ? __fget+0x210/0x370 [ 451.005324] block_ioctl+0xde/0x120 [ 451.008958] ? blkdev_fallocate+0x3b0/0x3b0 [ 451.013289] do_vfs_ioctl+0x7ae/0x1060 [ 451.017340] ? selinux_file_mprotect+0x5d0/0x5d0 [ 451.022114] ? lock_downgrade+0x740/0x740 [ 451.026276] ? ioctl_preallocate+0x1c0/0x1c0 [ 451.030695] ? __fget+0x237/0x370 [ 451.034175] ? security_file_ioctl+0x89/0xb0 [ 451.038592] SyS_ioctl+0x8f/0xc0 [ 451.041959] ? do_vfs_ioctl+0x1060/0x1060 [ 451.046112] do_syscall_64+0x1e8/0x640 [ 451.050692] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 451.055646] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 451.060829] RIP: 0033:0x45b227 02:47:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(0xffffffffffffffff, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:05 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(r1, 0xc05c5340, &(0x7f0000000080)={0x0, 0x7ff, 0x0, {0x5, 0x5}, 0x10001, 0x5}) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 02:47:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 451.064007] RSP: 002b:00007f15753b7a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 451.071722] RAX: ffffffffffffffda RBX: 00007f15753b86d4 RCX: 000000000045b227 [ 451.078988] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 451.086262] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 451.093526] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 451.101315] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000d 02:47:05 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x686f55f7, 0x0, &(0x7f0000000140), 0x0, 0x0) [ 451.247160] BTRFS error (device loop4): superblock checksum mismatch [ 451.294801] BTRFS error (device loop4): open_ctree failed 02:47:08 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:08 executing program 0: r0 = semget$private(0x0, 0x1, 0x0) semctl$SEM_STAT(r0, 0x0, 0x12, &(0x7f0000000000)=""/105) semop(r0, &(0x7f0000000100)=[{0x0, 0x7f, 0x800}, {0x0, 0x1000, 0x1800}, {0x4, 0x0, 0x800}, {0x3, 0x6}, {0x0, 0x5, 0x1800}, {0x4, 0x8, 0x1000}], 0x6) write$cgroup_type(0xffffffffffffffff, &(0x7f0000000080)='threaded\x00', 0x9) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x100000000000, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 02:47:08 executing program 1 (fault-call:3 fault-nth:9): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:08 executing program 4 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:08 executing program 5: r0 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000180)='/dev/vcsa\x00', 0x21c180, 0x0) ioctl$KDGETLED(r0, 0x4b31, &(0x7f0000000140)) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x100000000010000}], 0x200881, 0x0) 02:47:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:08 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000200)={0x0, 0xcb24, 0x3, 0xffffffffffffffff, 0x0, &(0x7f0000000180)={0x98090f, 0x5, [], @p_u32=&(0x7f0000000140)=0x4}}) recvfrom(r2, &(0x7f0000000240)=""/181, 0xb5, 0x10000, &(0x7f0000000380)=@ax25={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x4}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @bcast]}, 0x80) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$HCIINQUIRY(0xffffffffffffffff, 0x800448f0, &(0x7f0000000100)={0x4, 0x5, "1af6cf", 0x8, 0x7d}) openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x4100, 0x0) ioctl$BLKSECDISCARD(r4, 0x127d, &(0x7f0000000080)=0x9) [ 453.707557] FAULT_INJECTION: forcing a failure. [ 453.707557] name failslab, interval 1, probability 0, space 0, times 0 02:47:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 453.748822] FAULT_INJECTION: forcing a failure. [ 453.748822] name failslab, interval 1, probability 0, space 0, times 0 [ 453.812549] CPU: 0 PID: 27700 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 453.820872] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 453.830226] Call Trace: [ 453.832830] dump_stack+0x142/0x197 [ 453.836466] should_fail.cold+0x10f/0x159 [ 453.840725] should_failslab+0xdb/0x130 [ 453.844710] __kmalloc+0x2f0/0x7a0 [ 453.848265] ? mark_held_locks+0xb1/0x100 [ 453.852415] ? __local_bh_enable_ip+0x99/0x1a0 [ 453.857006] ? sock_kmalloc+0x7f/0xc0 [ 453.860797] sock_kmalloc+0x7f/0xc0 [ 453.864542] hash_alloc_result.part.0+0x95/0x110 [ 453.869289] hash_recvmsg+0x515/0x890 [ 453.873104] ? hash_sendpage+0x9a0/0x9a0 [ 453.877188] sock_recvmsg_nosec+0x89/0xb0 [ 453.881334] ? __sock_tx_timestamp+0x90/0x90 [ 453.885736] ___sys_recvmsg+0x21f/0x4d0 [ 453.889716] ? ___sys_sendmsg+0x840/0x840 [ 453.893865] ? __fget+0x210/0x370 [ 453.897329] ? save_trace+0x290/0x290 [ 453.901129] ? __might_fault+0x110/0x1d0 [ 453.905263] ? find_held_lock+0x35/0x130 [ 453.909324] ? __might_fault+0x110/0x1d0 [ 453.913400] __sys_recvmmsg+0x226/0x6b0 [ 453.917381] ? SyS_recvmsg+0x50/0x50 [ 453.921093] ? lock_downgrade+0x740/0x740 [ 453.925355] ? __mutex_unlock_slowpath+0x71/0x800 [ 453.930304] ? check_preemption_disabled+0x3c/0x250 [ 453.935321] SyS_recvmmsg+0x125/0x140 [ 453.939124] ? __sys_recvmmsg+0x6b0/0x6b0 [ 453.943270] ? do_syscall_64+0x53/0x640 [ 453.947244] ? __sys_recvmmsg+0x6b0/0x6b0 [ 453.951487] do_syscall_64+0x1e8/0x640 [ 453.955366] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 453.960233] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 453.965421] RIP: 0033:0x45b3b9 [ 453.968613] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 453.976447] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 453.983719] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 453.991081] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 453.998370] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 454.005656] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 0000000000000009 [ 454.020153] CPU: 0 PID: 27704 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 454.028074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 454.037437] Call Trace: [ 454.040048] dump_stack+0x142/0x197 [ 454.043701] should_fail.cold+0x10f/0x159 [ 454.047867] should_failslab+0xdb/0x130 [ 454.051865] kmem_cache_alloc+0x2d7/0x780 [ 454.056025] ? wait_for_completion+0x420/0x420 [ 454.060717] __kernfs_new_node+0x70/0x480 [ 454.064882] ? kernfs_activate+0x13a/0x190 [ 454.069132] kernfs_new_node+0x80/0xf0 [ 454.073139] __kernfs_create_file+0x46/0x323 [ 454.077563] sysfs_add_file_mode_ns+0x1e4/0x450 [ 454.082254] internal_create_group+0x232/0x7b0 [ 454.086859] sysfs_create_group+0x20/0x30 [ 454.091018] lo_ioctl+0x1162/0x1cd0 [ 454.094664] ? loop_probe+0x160/0x160 [ 454.098478] blkdev_ioctl+0x95f/0x1850 [ 454.102382] ? blkpg_ioctl+0x970/0x970 [ 454.106304] ? __might_sleep+0x93/0xb0 [ 454.110202] ? __fget+0x210/0x370 [ 454.113688] block_ioctl+0xde/0x120 02:47:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 454.117443] ? blkdev_fallocate+0x3b0/0x3b0 [ 454.121780] do_vfs_ioctl+0x7ae/0x1060 [ 454.125678] ? selinux_file_mprotect+0x5d0/0x5d0 [ 454.130441] ? lock_downgrade+0x740/0x740 [ 454.134608] ? ioctl_preallocate+0x1c0/0x1c0 [ 454.139038] ? __fget+0x237/0x370 [ 454.142522] ? security_file_ioctl+0x89/0xb0 [ 454.146950] SyS_ioctl+0x8f/0xc0 [ 454.150337] ? do_vfs_ioctl+0x1060/0x1060 [ 454.154500] do_syscall_64+0x1e8/0x640 [ 454.158509] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 454.163373] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:47:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:08 executing program 5: [ 454.168577] RIP: 0033:0x45b227 [ 454.171788] RSP: 002b:00007f15753b7a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 454.179495] RAX: ffffffffffffffda RBX: 00007f15753b86d4 RCX: 000000000045b227 [ 454.186872] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 454.194149] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 454.201426] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 454.208704] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000e [ 454.272424] BTRFS error (device loop4): superblock checksum mismatch [ 454.351203] BTRFS error (device loop4): open_ctree failed 02:47:11 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:11 executing program 1 (fault-call:3 fault-nth:10): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:11 executing program 0: openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080)='/dev/hwrng\x00', 0x200, 0x0) openat$mixer(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/mixer\x00', 0x10101, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$KVM_GET_LAPIC(r1, 0x8400ae8e, &(0x7f0000000800)={"f968a2a8d1710754686435c384b92ec36fd9080c9a406ef6414688c9ccfb67a1603d5bdb0f62b3b301e9255f02785d408f4c8c7202d3d174311798ca4bc1cb0a2b01f54d1db72ee38d6c356e304ebba4f5af43d181129ee0bdcef9c598567b916a9c7773caff3c1f5799025b3a743219f30715d1c39ab6f248406a6e0526a7c38e40cda801644b58e4a4c03f17796325971b66ebef3a3fcd8a165a36da39879362a68a07eb518c8ec0d876bf0d426201631ca125f70dd77350e8319ce4cbcbe06f8056ca33811e8d5e8e60c195b7e3af010338ba2fffcd9ecb7f53a0141024e3a0a0fb3bb7441f8750d6ff87e4f6c49ea4796add12c1aa9391153b05d71ad64f747b6b717961e471e0b88bf2b534e5e5f05737c4e2ba92e1603e74ccef925b330e497ed9756f1109d42b00577d530bab0e43d6ee437f52e72e77480993b0f00e92845830174107feada96d499542d4e71ae623a6a317bd88dab1f9c4c9e41fa3556a67823c4c92b53b6963fa89bd90e5be54001b912ff55c5f3f2d8e0721d2a9158b62d10f5457b9ae95e3d61235ab3e1270dd6fcea7d490508817c9342930cc083c2e7c5b3d259fa9d9900528f3f8db69383130bbce86374dfc3f61965c233b640f7e4235a7ea41060dec948575abada7de00aaecda8cfd7da14cf3fef95e4757d0936be443057ace0844bb719d4bf5bf9f1b52a885fdda52c6aac74ac72165175308a6bcdf233470ee19034f3dfd40a1a0c41625e503071663d9c0d3916a972b88a5f2d19f2fa576fccada3513ce9e353a5b65f9c103b67674f07b702e3f1c77666ac999b2c6cb9e6e1968bd35264e2aa41bc9d9b41a3c908a9bb6ecc56bcd4fbc8ef417ab6b25ed0f747e7ef8a88e7d5e7602c2ab42d3fcc4332ff5f05ef0231a30107d45e3f746859f3007646262f5a2fe65a5e0c888d046602e98de3fd73f07bdfb27fd8b62fd85f64818f0cd257b4c0eaf8efa1de26da39f285ca4846277e0abfb2ff8edddd04f587ad6c976174279e041dcec9a3281707cf2bb2c3939ed7586020e383271a23de0636c621ef663bdbc83a524119090283e1ff5f830ad9b49a706a33414beb3c986b809adc88481b978ffb49452731da28afecf1a1d6dc1f76bf8974473619676256f77b6406c9a6343d5f19f3efa24c99ddeea5af66e3f307513aa1949548c76fbd47134cce496e1437c8b444657e1d973f08293859bc99515942abe26faf41c7c50ead1ab5b25878171afaa8ccc6462dc6410da2cb7d7fb37ec71d3b517fffc1bb183019b6d34f9087390d02c126f8f8e33e0f872f4e64ed215a6acdf76323e8ff5706dc55abd63ad6112e4866514f64ac02d37932390e3ce4afc20b0584cd19d28e6ec8a43b778fb3c2b25554d1dfdde5f9ba8728ca3a54bf09533a548c864478e27666b4ba9cae555a9e3c982f9b907148d9c2f27"}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r7, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) sendmsg$BATADV_CMD_GET_DAT_CACHE(r7, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000003c0)={0x1c, r8, 0x31905e13403123b7, 0x0, 0x0, {0xa, 0x0, 0xf000}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}]}, 0x1c}, 0x1, 0x50000}, 0x0) sendmsg$BATADV_CMD_GET_ORIGINATORS(r6, &(0x7f0000000240)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x40082}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r8, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@BATADV_ATTR_ELP_INTERVAL={0x8, 0x3a, 0x5}, @BATADV_ATTR_NETWORK_CODING_ENABLED={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x16}, 0x4000000) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$PNPIPE_INITSTATE(r5, 0x113, 0x4, &(0x7f0000000100), &(0x7f0000000140)=0x4) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x7, 0x3, &(0x7f0000000780)=[{&(0x7f0000000500)="888f9193239da6312a8c1e00fb5a39e794b77a9047e05e16bb638e2a28e44c258d277df795c3230b751f36db7c6c8825cfeba6f6b87c7c765f20503970a0c92295b3388fe3cd46fa671ea86cd7d6bcae600c76", 0x0, 0x9}, {&(0x7f00000005c0)="1ddef4879c38ee1f0b69308bab799318ee0d282704db454540be4b8cafb16c331811e0b76fc4c3d53afe55b4c2a41c9dbadd09416aae1cf9d4d8a00e34fd40e930463f1b6acdc3e86674e5f6df3681a4fd085b", 0x0, 0x2}, {&(0x7f0000000680)="4aba5b041a272337a0e38a99d26cd968b819da38394b6523c5897a4901e9166258ed84712dddfb12050edface0cb4671dec7dbf97ce29201fe4c05f20022019338405cdabe63364bc52c16012c701813789a87ea18a3c22f7d7abb5285ed7c0f7b149fb61a6edcc364a9c3ac2876a946496291aa36ca14f8be959c44c2f8fc23f06e4aff4263d9be370c9dfea47e0d8b85d874a2cf9bfe752bdf9c9e74ce8a30bd75631ea54994ec3032122a63183e9e54c242efe55f6b069b9b17ff6449d172578323817b0807e23e6987483b7726fc570e3c997409c4ea175438d85f"}], 0x88000, 0x0) 02:47:11 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) r4 = syz_genetlink_get_family_id$team(&(0x7f0000000000)='team\x00') sendmsg$TEAM_CMD_OPTIONS_SET(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x58, r4, 0x1, 0x0, 0x0, {0x1, 0x6c00000000000000}, [{{0x8, 0x1, r3}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8}}}]}}]}, 0x58}}, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f00000002c0)={0x0, @broadcast, @multicast1}, &(0x7f0000000300)=0xc) sendmsg$TEAM_CMD_OPTIONS_GET(r1, &(0x7f0000000400)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x58, r4, 0x100, 0x70bd29, 0x25dfdbfc, {}, [{{0x8, 0x1, r5}, {0x3c, 0x2, 0x0, 0x1, [{0x38, 0x1, @mcast_rejoin_count={{0x24, 0x1, 'mcast_rejoin_count\x00'}, {0x5}, {0x8, 0x4, 0xfffffff9}}}]}}]}, 0x58}, 0x1, 0x0, 0x0, 0x400c001}, 0xc8d1) 02:47:11 executing program 4 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 456.786940] FAULT_INJECTION: forcing a failure. [ 456.786940] name failslab, interval 1, probability 0, space 0, times 0 [ 456.798870] FAULT_INJECTION: forcing a failure. [ 456.798870] name failslab, interval 1, probability 0, space 0, times 0 [ 456.817653] CPU: 1 PID: 27756 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 456.825576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 456.834940] Call Trace: [ 456.837560] dump_stack+0x142/0x197 [ 456.841207] should_fail.cold+0x10f/0x159 [ 456.845366] should_failslab+0xdb/0x130 [ 456.849633] kmem_cache_alloc+0x2d7/0x780 [ 456.853925] ? wait_for_completion+0x420/0x420 [ 456.858506] __kernfs_new_node+0x70/0x480 [ 456.862663] ? kernfs_activate+0x13a/0x190 [ 456.866894] kernfs_new_node+0x80/0xf0 [ 456.870816] __kernfs_create_file+0x46/0x323 [ 456.875221] sysfs_add_file_mode_ns+0x1e4/0x450 [ 456.879964] internal_create_group+0x232/0x7b0 [ 456.884568] sysfs_create_group+0x20/0x30 [ 456.888710] lo_ioctl+0x1162/0x1cd0 [ 456.892362] ? loop_probe+0x160/0x160 [ 456.896161] blkdev_ioctl+0x95f/0x1850 [ 456.900058] ? blkpg_ioctl+0x970/0x970 [ 456.903957] ? __might_sleep+0x93/0xb0 [ 456.907832] ? __fget+0x210/0x370 [ 456.911291] block_ioctl+0xde/0x120 [ 456.914930] ? blkdev_fallocate+0x3b0/0x3b0 [ 456.919247] do_vfs_ioctl+0x7ae/0x1060 [ 456.923162] ? selinux_file_mprotect+0x5d0/0x5d0 [ 456.927917] ? lock_downgrade+0x740/0x740 [ 456.932257] ? ioctl_preallocate+0x1c0/0x1c0 [ 456.936673] ? __fget+0x237/0x370 [ 456.940130] ? security_file_ioctl+0x89/0xb0 [ 456.944536] SyS_ioctl+0x8f/0xc0 [ 456.947985] ? do_vfs_ioctl+0x1060/0x1060 [ 456.952144] do_syscall_64+0x1e8/0x640 [ 456.956047] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 456.960923] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 456.966115] RIP: 0033:0x45b227 [ 456.969304] RSP: 002b:00007f15753b7a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 456.977015] RAX: ffffffffffffffda RBX: 00007f15753b86d4 RCX: 000000000045b227 02:47:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:11 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$sndseq(r1, &(0x7f00000000c0)=[{0x80, 0x6, 0x5, 0x81, @tick=0x3f82, {0x9, 0x5}, {0x8, 0xdd}, @raw32={[0x3, 0xffffffc1, 0x8]}}, {0x6, 0x40, 0x20, 0x38, @tick=0x6, {0x1f, 0x6}, {0x40, 0x3f}, @quote={{0x0, 0x8}, 0x93c9, &(0x7f0000000080)={0x8, 0xa5, 0x40, 0x5, @tick=0x7, {0x3f, 0x4}, {0x0, 0x7f}, @raw8={"478c761548424da99f62104d"}}}}], 0x38) [ 456.984409] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 456.991681] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 456.999060] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 457.006342] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000f 02:47:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, 0x0, 0x0) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 457.055246] CPU: 0 PID: 27755 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 457.063295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 457.072661] Call Trace: [ 457.075293] dump_stack+0x142/0x197 [ 457.078945] should_fail.cold+0x10f/0x159 [ 457.083121] should_failslab+0xdb/0x130 [ 457.087111] __kmalloc+0x2f0/0x7a0 [ 457.090672] ? mark_held_locks+0xb1/0x100 [ 457.094852] ? __local_bh_enable_ip+0x99/0x1a0 [ 457.099446] ? sock_kmalloc+0x7f/0xc0 [ 457.103259] sock_kmalloc+0x7f/0xc0 [ 457.106898] hash_alloc_result.part.0+0x95/0x110 [ 457.111676] hash_recvmsg+0x515/0x890 [ 457.115493] ? hash_sendpage+0x9a0/0x9a0 [ 457.119569] sock_recvmsg_nosec+0x89/0xb0 [ 457.123734] ? __sock_tx_timestamp+0x90/0x90 [ 457.128154] ___sys_recvmsg+0x21f/0x4d0 [ 457.132148] ? ___sys_sendmsg+0x840/0x840 [ 457.134535] print_req_error: I/O error, dev loop4, sector 128 [ 457.136306] ? __fget+0x210/0x370 [ 457.136319] ? save_trace+0x290/0x290 [ 457.136330] ? __might_fault+0x110/0x1d0 [ 457.136340] ? find_held_lock+0x35/0x130 [ 457.136348] ? __might_fault+0x110/0x1d0 [ 457.136377] __sys_recvmmsg+0x226/0x6b0 [ 457.136391] ? SyS_recvmsg+0x50/0x50 [ 457.136402] ? lock_downgrade+0x740/0x740 [ 457.173562] ? __mutex_unlock_slowpath+0x71/0x800 [ 457.178437] ? check_preemption_disabled+0x3c/0x250 [ 457.183458] SyS_recvmmsg+0x125/0x140 [ 457.187266] ? __sys_recvmmsg+0x6b0/0x6b0 [ 457.191407] ? do_syscall_64+0x53/0x640 [ 457.195542] ? __sys_recvmmsg+0x6b0/0x6b0 [ 457.199682] do_syscall_64+0x1e8/0x640 [ 457.203573] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 457.208433] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 457.213701] RIP: 0033:0x45b3b9 [ 457.216885] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 457.224682] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 457.231972] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 457.239387] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 457.246659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 02:47:11 executing program 0: ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000080)={0x3, 0x0, 0xb, 0x10, 0x59, &(0x7f0000000380)}) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 02:47:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 457.254283] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000a 02:47:12 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000280)=[{&(0x7f0000000300)="8da4363ac0d402000a0000000001004d010000000000000000007a000000000001f60180000048aefd9a000001000000000001ffffa3f60000005f42485266535f4d000000000000", 0x48, 0x10000}, {&(0x7f0000000080)="c7b18e8b2f2dad5c34cf3a833cdf57d7ae68add513c140665513e71375db8275cd312860e95d1d994e0287fb4dd5c2f4f2970595df01e1fb2ad692a8ee3b123c094efe5f3dccc180e1dd20418a05649ebbbe918f5c137722b80d6240226e1ca380f4ccaa690ef144d5b0770340be737cde1be8f854f5cde70c440e593ad515d517cc34527380637673620868b50d11ddaf6a4e841cef0525a049c84a80410661fddf93febfe2c6691add72f514d0509a95fd72fb420a6221ee83463e9fa84d2359abcccfeeb42368cbef9f320f6873a757f0cce70e1545501cb6000ce79552a3dd58dc34", 0xe4}, {&(0x7f0000000200)="a6837dcc268403fa1121b1f5bb65cd0384bc00bef4c16fbdc8d9dd6723c27ab658d27ebe9c8bc4ea18f18860cdfcf4c53cd519cefd20cae0c294dd82bfeb3a8dc96351facf71cacdb904965ca8c6", 0x4e, 0x2}, {&(0x7f0000000380)="79d9178d219d4854d3849a8a2db45199da5fa8efca7c99ed92e8dd30e89e99a17348e8a6ac878b6965925099a6504aa6e46b0de8f963cff20573499a3c90cca8f99f6966507b881893e6309f03e8961565c1139c13d82967b7d8e73383e1d8ecd7cdd6f8b42ac7fdeaccd19289039ab4fedf7eeca8d5eb38d73d139e97bd5d0e6e9939f19b01d8262869fcba9c5b1e6235a89b776c85e53340af86a126458ce7d61d8759043fa94f519fc24e367098ac91cd64f471b8cc27688ca721cc35b0a7783da8bb70c532d673bba63dab52", 0xce, 0x4}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$MON_IOCT_RING_SIZE(r1, 0x9204, 0x989bc) [ 457.344225] BTRFS error (device loop5): superblock checksum mismatch [ 457.380197] BTRFS error (device loop5): open_ctree failed [ 457.402166] BTRFS error (device loop5): superblock checksum mismatch [ 457.500295] BTRFS error (device loop5): open_ctree failed 02:47:14 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:14 executing program 1 (fault-call:3 fault-nth:11): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:14 executing program 0: r0 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x100, 0x0) write$P9_RREAD(r0, &(0x7f0000000040)={0x13, 0x75, 0x1, {0x8, "6110f8fcead2317a"}}, 0x13) 02:47:14 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) creat(&(0x7f0000000440)='./file0\x00', 0x222) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400280) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140)='l2tp\x00') r5 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000180)='/proc/self/net/pfkey\x00', 0x22, 0x0) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000300)='l2tp\x00') sendmsg$L2TP_CMD_TUNNEL_MODIFY(r5, &(0x7f0000000400)={&(0x7f0000000040), 0xc, &(0x7f00000003c0)={&(0x7f0000000340)={0x48, r6, 0x4, 0x70bd25, 0x25dfdbfb, {}, [@L2TP_ATTR_DEBUG={0x8, 0x11, 0x1}, @L2TP_ATTR_IP_SADDR={0x8, 0x18, @initdev={0xac, 0x1e, 0x0, 0x0}}, @L2TP_ATTR_IFNAME={0x14, 0x8, 'veth0_to_team\x00'}, @L2TP_ATTR_PROTO_VERSION={0x5, 0x7, 0x2}, @L2TP_ATTR_UDP_SPORT={0x6, 0x1a, 0x4e21}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x81) sendmsg$L2TP_CMD_TUNNEL_CREATE(r1, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x200, 0x70bd27, 0x25dfdbfc, {}, [@L2TP_ATTR_FD={0x8, 0x17, @l2tp6=r5}, @L2TP_ATTR_DEBUG={0x8}, @L2TP_ATTR_UDP_ZERO_CSUM6_RX={0x5, 0x22, 0x1}, @L2TP_ATTR_RECV_SEQ={0x5, 0x12, 0x80}]}, 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x0) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0xaaaaaaaaaaaac0d, &(0x7f00000002c0)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d0100007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000035f42485266535f4d00000000000000", 0x48, 0x10000}], 0x2000000, 0x0) 02:47:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:14 executing program 4 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 459.823540] FAULT_INJECTION: forcing a failure. [ 459.823540] name failslab, interval 1, probability 0, space 0, times 0 [ 459.834484] FAULT_INJECTION: forcing a failure. [ 459.834484] name failslab, interval 1, probability 0, space 0, times 0 [ 459.869968] CPU: 1 PID: 27810 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 459.878118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 459.887487] Call Trace: [ 459.890242] dump_stack+0x142/0x197 [ 459.893998] should_fail.cold+0x10f/0x159 [ 459.898155] should_failslab+0xdb/0x130 [ 459.902138] __kmalloc+0x2f0/0x7a0 [ 459.905677] ? mark_held_locks+0xb1/0x100 [ 459.909835] ? __local_bh_enable_ip+0x99/0x1a0 [ 459.914559] ? sock_kmalloc+0x7f/0xc0 [ 459.918375] sock_kmalloc+0x7f/0xc0 [ 459.922642] hash_alloc_result.part.0+0x95/0x110 [ 459.927510] hash_recvmsg+0x515/0x890 [ 459.931341] ? hash_sendpage+0x9a0/0x9a0 [ 459.935413] sock_recvmsg_nosec+0x89/0xb0 [ 459.939562] ? __sock_tx_timestamp+0x90/0x90 [ 459.943963] ___sys_recvmsg+0x21f/0x4d0 [ 459.947946] ? ___sys_sendmsg+0x840/0x840 [ 459.952104] ? __fget+0x210/0x370 [ 459.955731] ? save_trace+0x290/0x290 [ 459.959546] ? __might_fault+0x110/0x1d0 [ 459.963621] ? find_held_lock+0x35/0x130 [ 459.967712] ? __might_fault+0x110/0x1d0 [ 459.972379] __sys_recvmmsg+0x226/0x6b0 [ 459.976406] ? SyS_recvmsg+0x50/0x50 [ 459.980124] ? lock_downgrade+0x740/0x740 [ 459.984375] ? __mutex_unlock_slowpath+0x71/0x800 [ 459.989226] ? check_preemption_disabled+0x3c/0x250 [ 459.994250] SyS_recvmmsg+0x125/0x140 [ 459.998052] ? __sys_recvmmsg+0x6b0/0x6b0 [ 460.002201] ? do_syscall_64+0x53/0x640 [ 460.006170] ? __sys_recvmmsg+0x6b0/0x6b0 [ 460.010319] do_syscall_64+0x1e8/0x640 [ 460.014209] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.019055] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 460.024255] RIP: 0033:0x45b3b9 [ 460.027442] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 460.035256] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 460.042517] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 460.049821] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 460.057086] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 02:47:14 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) r0 = gettid() r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_FIOGETOWN(r2, 0x8903, &(0x7f0000000100)=0x0) wait4(r3, &(0x7f0000000140), 0x80000000, &(0x7f0000000200)) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) sched_getscheduler(r0) 02:47:14 executing program 0: prctl$PR_SET_TIMERSLACK(0x1d, 0x5) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000080)={r1, &(0x7f0000000000)="8a7abf76f664d22c1c27cc1d398077b7fea756e57df8d54e178fb9a79d5af35acc8d48e480cb2e5626b0270b8434d78e31414e", &(0x7f0000000040)=""/21}, 0x20) arch_prctl$ARCH_SET_GS(0x1001, &(0x7f00000000c0)) [ 460.064353] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000b [ 460.111662] CPU: 1 PID: 27817 Comm: syz-executor.4 Not tainted 4.14.170-syzkaller #0 [ 460.119579] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.128944] Call Trace: [ 460.131676] dump_stack+0x142/0x197 [ 460.135319] should_fail.cold+0x10f/0x159 [ 460.139497] should_failslab+0xdb/0x130 [ 460.143467] kmem_cache_alloc+0x2d7/0x780 [ 460.148434] ? wait_for_completion+0x420/0x420 [ 460.153035] __kernfs_new_node+0x70/0x480 [ 460.157225] ? kernfs_activate+0x13a/0x190 [ 460.161488] kernfs_new_node+0x80/0xf0 [ 460.165370] __kernfs_create_file+0x46/0x323 [ 460.169779] sysfs_add_file_mode_ns+0x1e4/0x450 [ 460.174504] internal_create_group+0x232/0x7b0 [ 460.179085] sysfs_create_group+0x20/0x30 [ 460.183259] lo_ioctl+0x1162/0x1cd0 [ 460.186899] ? loop_probe+0x160/0x160 [ 460.190702] blkdev_ioctl+0x95f/0x1850 [ 460.194594] ? blkpg_ioctl+0x970/0x970 [ 460.198619] ? __might_sleep+0x93/0xb0 [ 460.202501] ? __fget+0x210/0x370 [ 460.206077] block_ioctl+0xde/0x120 [ 460.209712] ? blkdev_fallocate+0x3b0/0x3b0 [ 460.214045] do_vfs_ioctl+0x7ae/0x1060 [ 460.217951] ? selinux_file_mprotect+0x5d0/0x5d0 [ 460.222806] ? lock_downgrade+0x740/0x740 [ 460.226959] ? ioctl_preallocate+0x1c0/0x1c0 [ 460.231361] ? __fget+0x237/0x370 [ 460.234831] ? security_file_ioctl+0x89/0xb0 [ 460.239258] SyS_ioctl+0x8f/0xc0 [ 460.242615] ? do_vfs_ioctl+0x1060/0x1060 [ 460.246765] do_syscall_64+0x1e8/0x640 [ 460.250656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.255504] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 460.260782] RIP: 0033:0x45b227 [ 460.263973] RSP: 002b:00007f15753b7a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 460.272033] RAX: ffffffffffffffda RBX: 00007f15753b86d4 RCX: 000000000045b227 [ 460.279318] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 460.286588] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 460.293875] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 460.301309] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000010 02:47:15 executing program 1 (fault-call:3 fault-nth:12): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 460.403564] BTRFS error (device loop5): superblock checksum mismatch 02:47:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KDGKBMETA(r1, 0x4b62, &(0x7f0000000080)) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) ioctl$VFIO_CHECK_EXTENSION(0xffffffffffffffff, 0x3b65, 0x7) ioctl$TUNSETOFFLOAD(r1, 0x400454d0, 0x1) 02:47:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 460.444966] BTRFS error (device loop5): open_ctree failed [ 460.457572] BTRFS error (device loop5): superblock checksum mismatch 02:47:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000400)={{0x1}}) write$FUSE_INIT(r1, &(0x7f0000000080)={0x50, 0xfffffffffffffff5, 0x8, {0x7, 0x1f, 0x7, 0x41, 0x8, 0x9, 0x3ff, 0x9}}, 0x50) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 460.520240] BTRFS error (device loop5): open_ctree failed [ 460.527552] FAULT_INJECTION: forcing a failure. [ 460.527552] name failslab, interval 1, probability 0, space 0, times 0 [ 460.550316] CPU: 0 PID: 27851 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 460.558243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 460.567618] Call Trace: [ 460.570236] dump_stack+0x142/0x197 [ 460.573892] should_fail.cold+0x10f/0x159 [ 460.578059] should_failslab+0xdb/0x130 [ 460.582066] __kmalloc+0x2f0/0x7a0 [ 460.585622] ? mark_held_locks+0xb1/0x100 [ 460.589780] ? __local_bh_enable_ip+0x99/0x1a0 [ 460.594456] ? sock_kmalloc+0x7f/0xc0 [ 460.598293] sock_kmalloc+0x7f/0xc0 [ 460.601933] hash_alloc_result.part.0+0x95/0x110 [ 460.606819] hash_recvmsg+0x515/0x890 [ 460.610639] ? hash_sendpage+0x9a0/0x9a0 [ 460.614722] sock_recvmsg_nosec+0x89/0xb0 [ 460.618911] ? __sock_tx_timestamp+0x90/0x90 [ 460.623342] ___sys_recvmsg+0x21f/0x4d0 [ 460.627344] ? ___sys_sendmsg+0x840/0x840 [ 460.631507] ? __fget+0x210/0x370 [ 460.634976] ? save_trace+0x290/0x290 [ 460.638786] ? __might_fault+0x110/0x1d0 [ 460.642854] ? find_held_lock+0x35/0x130 [ 460.647024] ? __might_fault+0x110/0x1d0 [ 460.651116] __sys_recvmmsg+0x226/0x6b0 [ 460.655182] ? SyS_recvmsg+0x50/0x50 [ 460.658929] ? lock_downgrade+0x740/0x740 [ 460.663098] ? __mutex_unlock_slowpath+0x71/0x800 [ 460.669654] ? check_preemption_disabled+0x3c/0x250 [ 460.674687] SyS_recvmmsg+0x125/0x140 [ 460.678501] ? __sys_recvmmsg+0x6b0/0x6b0 [ 460.682663] ? do_syscall_64+0x53/0x640 [ 460.686674] ? __sys_recvmmsg+0x6b0/0x6b0 [ 460.691013] do_syscall_64+0x1e8/0x640 [ 460.694913] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 460.699776] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 460.704975] RIP: 0033:0x45b3b9 [ 460.708171] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 460.715893] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 460.723157] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 460.730431] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 460.737831] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 460.745283] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000c 02:47:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:17 executing program 5: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205648, &(0x7f0000000180)={0xf000000, 0x5, 0x4, r2, 0x0, &(0x7f0000000140)={0x990a2f, 0x6, [], @value=0x2}}) r4 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000240)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LIST(r3, &(0x7f0000000540)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x40000}, 0xc, &(0x7f0000000500)={&(0x7f0000000280)={0x274, r4, 0x300, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CIPSOV4_A_MLSLVLLST={0x8c, 0x8, 0x0, 0x1, [{0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd5}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2e}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3a}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x71a7b956}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6e8d63ad}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x59}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x71d66660}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x39d7b122}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xf8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x32}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x75f6fff8}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xcd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x510de90f}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3636f4cc}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe5}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0x74, 0x8, 0x0, 0x1, [{0x2c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x1a}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xc2}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x6a728c0b}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x370532cb}]}, {0x44, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x4e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x18986b00}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x71f2b946}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb4}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xe8}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x79}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xd}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xdd}]}]}, @NLBL_CIPSOV4_A_MLSCATLST={0x6c, 0xc, 0x0, 0x1, [{0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x87e0}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3b1d}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x21c2eb75}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x560d}]}, {0x2c, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x34255ec2}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xee5c}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x4cbe0302}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x16b8ad39}, @NLBL_CIPSOV4_A_MLSCATLOC={0x8, 0x9, 0x2542c9d6}]}, {0x14, 0xb, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0xa652}, @NLBL_CIPSOV4_A_MLSCATREM={0x8, 0xa, 0x3365}]}]}, @NLBL_CIPSOV4_A_MLSLVLLST={0xf4, 0x8, 0x0, 0x1, [{0x24, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xa40db33}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x12}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7c7c3f44}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x61dbc10f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x650d936a}]}, {0x54, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xec}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x90}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x3e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x76b1946}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xb1}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x2e}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x5e94bd28}, @NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x5f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x492cceeb}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x1715852}]}, {0x14, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0xc643644}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3060193d}]}, {0x1c, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0xfd}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x711b3d9f}, @NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x7e3345dc}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x682129f3}]}, {0x4}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLLOC={0x8, 0x5, 0x3873f427}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x65}]}, {0xc, 0x7, 0x0, 0x1, [@NLBL_CIPSOV4_A_MLSLVLREM={0x8, 0x6, 0x27}]}]}]}, 0x274}, 0x1, 0x0, 0x0, 0x8000}, 0x44) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x1ff) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) 02:47:17 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:17 executing program 1 (fault-call:3 fault-nth:13): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:17 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r4}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000080)={r4, @in={{0x2, 0x4e20, @remote}}, [0x800, 0x10001, 0x5, 0x1, 0x0, 0x8, 0x9, 0x3, 0x1, 0xe0, 0x292, 0xfffffffffffffffc, 0x6, 0xfffffffffffffff9, 0x20]}, &(0x7f0000000180)=0x100) 02:47:17 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}}) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000980)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000009c0)={&(0x7f0000000b40)={0x94, r3, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_TAGLST={0x54, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x94}, 0x1, 0x0, 0x0, 0x4008000}, 0x40050) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f0000000240)=0x74ed4cc0, 0x4) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r3, 0x400, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 462.851019] FAULT_INJECTION: forcing a failure. [ 462.851019] name failslab, interval 1, probability 0, space 0, times 0 [ 462.877751] BTRFS error (device loop4): superblock checksum mismatch [ 462.886196] CPU: 1 PID: 27872 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 462.894128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 462.903501] Call Trace: [ 462.906119] dump_stack+0x142/0x197 [ 462.909775] should_fail.cold+0x10f/0x159 [ 462.914172] should_failslab+0xdb/0x130 [ 462.918163] __kmalloc+0x2f0/0x7a0 [ 462.921708] ? mark_held_locks+0xb1/0x100 [ 462.925953] ? __local_bh_enable_ip+0x99/0x1a0 [ 462.930553] ? sock_kmalloc+0x7f/0xc0 [ 462.934386] sock_kmalloc+0x7f/0xc0 [ 462.938133] hash_alloc_result.part.0+0x95/0x110 [ 462.942900] hash_recvmsg+0x515/0x890 [ 462.946716] ? hash_sendpage+0x9a0/0x9a0 [ 462.950889] sock_recvmsg_nosec+0x89/0xb0 [ 462.955041] ? __sock_tx_timestamp+0x90/0x90 [ 462.959456] ___sys_recvmsg+0x21f/0x4d0 [ 462.963499] ? ___sys_sendmsg+0x840/0x840 [ 462.967661] ? __fget+0x210/0x370 [ 462.971138] ? save_trace+0x290/0x290 [ 462.975030] ? __might_fault+0x110/0x1d0 [ 462.979094] ? find_held_lock+0x35/0x130 [ 462.983163] ? __might_fault+0x110/0x1d0 [ 462.987245] __sys_recvmmsg+0x226/0x6b0 [ 462.991239] ? SyS_recvmsg+0x50/0x50 [ 462.994983] ? lock_downgrade+0x740/0x740 [ 462.999149] ? __mutex_unlock_slowpath+0x71/0x800 [ 463.004183] ? check_preemption_disabled+0x3c/0x250 [ 463.009221] SyS_recvmmsg+0x125/0x140 [ 463.013042] ? __sys_recvmmsg+0x6b0/0x6b0 [ 463.017309] ? do_syscall_64+0x53/0x640 [ 463.021300] ? __sys_recvmmsg+0x6b0/0x6b0 [ 463.025605] do_syscall_64+0x1e8/0x640 [ 463.029507] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.034512] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 463.039718] RIP: 0033:0x45b3b9 [ 463.042912] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 02:47:17 executing program 0: 02:47:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 463.050639] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 463.057920] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 463.065326] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 463.072617] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 463.080013] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000d 02:47:17 executing program 1 (fault-call:3 fault-nth:14): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:17 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) syz_mount_image$ceph(&(0x7f00000000c0)='ceph\x00', &(0x7f0000000100)='./file0\x00', 0x5, 0x0, &(0x7f0000000180), 0x2900090, &(0x7f0000000200)='\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) connect$phonet_pipe(r1, &(0x7f0000000080)={0x23, 0x7f, 0x9, 0x81}, 0x10) r2 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDSETKEYCODE(r2, 0x4b4d, &(0x7f0000000140)={0x8, 0x1009}) [ 463.123952] BTRFS error (device loop4): open_ctree failed [ 463.135300] BTRFS error (device loop4): superblock checksum mismatch [ 463.154564] selinux_nlmsg_perm: 86 callbacks suppressed [ 463.154573] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=27875 comm=syz-executor.4 [ 463.221584] FAULT_INJECTION: forcing a failure. [ 463.221584] name failslab, interval 1, probability 0, space 0, times 0 [ 463.264177] CPU: 0 PID: 27906 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 463.272103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 463.281559] Call Trace: [ 463.284172] dump_stack+0x142/0x197 [ 463.287832] should_fail.cold+0x10f/0x159 [ 463.292009] should_failslab+0xdb/0x130 [ 463.296003] __kmalloc+0x2f0/0x7a0 [ 463.299568] ? mark_held_locks+0xb1/0x100 [ 463.303730] ? __local_bh_enable_ip+0x99/0x1a0 [ 463.308330] ? sock_kmalloc+0x7f/0xc0 02:47:17 executing program 0: recvfrom$l2tp6(0xffffffffffffffff, &(0x7f0000000080)=""/184, 0xb8, 0x12060, &(0x7f0000000140)={0xa, 0x0, 0x0, @empty}, 0x20) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) r4 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r5}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000500)={r5, 0x80}, &(0x7f0000000540)=0x8) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_MAXSEG(r8, 0x84, 0xd, &(0x7f0000000580)=@assoc_value={0x0, 0x6}, &(0x7f00000005c0)=0x8) getsockopt$inet_sctp_SCTP_STATUS(r2, 0x84, 0xe, &(0x7f0000000600)={r6, 0xffff, 0x800, 0x200, 0x2, 0x4, 0x9, 0x7f, {r9, @in={{0x2, 0x4e21, @empty}}, 0x7fffffff, 0x1ff, 0x9, 0x5, 0x1f}}, &(0x7f00000006c0)=0xb0) r10 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) sendto$unix(r10, &(0x7f0000000400)="3fb52ee5587fb4ec0f28f8f80c73904d2add9dc0c3e90f917b4c4625e508ed4c8917318f2416a4c94efd6f81cd13b066527ac8c7d4226f1f6f7bcf8c6c4e7d94727c33502c8901aab3ebe8ded18b6e904cd7a2c903925414851376d77a967720307892cf716fc87d7bd0bf97828cf60c61d988977128ab697212f5e82a8cf3e996a64c0e28deb69696d6b627f4936865ac1de52318d51083f67e130eb989604c07d2682105462a865c0199ded69fe51456fa7f098d55911f7bd5226815644640d860da6e36f307368dbd32174b18b9ccea3d4617f8e4687213ddeb78139e3562c5746215c534ca890eb61ea15091895e1e", 0xf1, 0x10, &(0x7f0000000300)=@abs={0x0, 0x0, 0x4e21}, 0x6e) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffffc, 0x1, &(0x7f0000000040)=[{&(0x7f0000000380)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e7cac7f6a2d1a1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d0000000000", 0x53, 0x10002}], 0x20c0828, 0x0) r11 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x73479f5d65a83e24) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000700), &(0x7f0000000740)=0x4) r13 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) ioctl$sock_inet6_udp_SIOCOUTQ(r13, 0x5411, &(0x7f00000002c0)) write$RDMA_USER_CM_CMD_CREATE_ID(r13, &(0x7f0000000a80)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000a40)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r3, &(0x7f0000000ac0)={0xe, 0x18, 0xfa00, @ib_path={&(0x7f0000000780)=[{0x32, 0x0, [0x81, 0x4, 0x7, 0x5, 0x7, 0xc0, 0x3, 0x100, 0x1, 0x9, 0x5, 0x172a, 0xfffffff7, 0x4, 0x2, 0x9]}, {0x1d, 0x0, [0xfffffff9, 0x8001, 0x8, 0x411fffdf, 0x4, 0xdde, 0x2dfa, 0x0, 0x2, 0x100, 0x9, 0x7, 0x6, 0x7, 0xca, 0x3]}, {0xa426c9e4f709907b, 0x0, [0x3, 0x7, 0x6, 0x1000, 0x2, 0x2, 0x400, 0xff, 0x6, 0x0, 0x2, 0x7, 0x3, 0x100, 0x40, 0x5]}, {0x33, 0x0, [0x1000, 0x7f, 0x0, 0x6, 0x7, 0x1, 0x101, 0x2, 0xa35, 0xfffffffe, 0x3, 0x8001, 0x7925, 0x2, 0x800, 0x6]}, {0x1, 0x0, [0x101, 0x1, 0x8, 0x10000, 0x5, 0x0, 0x0, 0x1, 0x1, 0x400, 0x40, 0x0, 0x80000000, 0x8, 0x3ff, 0x5]}, {0x22, 0x0, [0xa75, 0x5, 0x4b, 0x6, 0x1, 0xfffffffc, 0x3c1e, 0x6, 0x9, 0x3ff, 0xff, 0x2, 0x5, 0x0, 0x5, 0xfff]}, {0x5, 0x0, [0x1000, 0x4, 0x7, 0x3, 0x5ac, 0x3, 0x1, 0x200, 0x8f0, 0x4, 0x7f, 0x1, 0xffffffff, 0x40, 0x9, 0x6]}, {0x28, 0x0, [0x80, 0xfffffffd, 0xfffffffe, 0x0, 0x0, 0x0, 0x800, 0x1f, 0x7531a163, 0x3f, 0x2, 0xe927, 0x1, 0x9, 0xfffff801, 0x8001]}, {0x30, 0x0, [0x5, 0x778f, 0x4, 0x7fffffff, 0x94c8, 0x4e, 0x76d, 0x0, 0x9, 0x3, 0x0, 0x0, 0x7, 0x6, 0x4, 0x9]}], r14, 0x1, 0x1, 0x288}}, 0x20) ioctl$SNDRV_SEQ_IOCTL_CREATE_PORT(r11, 0xc0a85320, &(0x7f0000000200)={{0x1, 0x80}, 'port1\x00', 0x24, 0x0, 0x229, 0x800, 0x800, 0x5, 0xad, 0x0, 0x1}) 02:47:18 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket(0xf, 0x0, 0x0) sendmsg$IPCTNL_MSG_EXP_GET(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)={0x228, 0x1, 0x2, 0x101, 0x0, 0x0, {0xa, 0x0, 0x9}, [@CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, [], 0x25}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_EXPECT_NAT={0x88, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x48, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @dev={0xfe, 0x80, [], 0x1e}}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xc0}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xa2a077638b9dddfc}}]}, @CTA_EXPECT_NAT_DIR={0x8, 0x1, 0x1, 0x0, 0x1}, @CTA_EXPECT_NAT_TUPLE={0x2c, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @dev={0xac, 0x14, 0x14, 0x16}}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0xe}}]}]}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x3}, @CTA_EXPECT_NAT={0x118, 0xa, 0x0, 0x1, [@CTA_EXPECT_NAT_TUPLE={0x58, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}]}, @CTA_EXPECT_NAT_TUPLE={0xc, 0x2, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}]}, @CTA_EXPECT_NAT_TUPLE={0x10, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}, @CTA_EXPECT_NAT_TUPLE={0xa0, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x17}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x4}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @rand_addr="370a78fa2fcc290a65dded314919b441"}, {0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x8, 0x2, @empty}}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @remote}, {0x8, 0x2, @multicast2}}}]}]}, @CTA_EXPECT_HELP_NAME={0x9, 0x6, 'syz0\x00'}, @CTA_EXPECT_CLASS={0x8, 0x9, 0x1, 0x0, 0x1}, @CTA_EXPECT_TIMEOUT={0x8, 0x4, 0x1, 0x0, 0x1}, @CTA_EXPECT_FN={0x13, 0xb, 'callforwarding\x00'}]}, 0x228}, 0x1, 0x0, 0x0, 0x20000080}, 0x40688a4) 02:47:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x5) [ 463.312177] sock_kmalloc+0x7f/0xc0 [ 463.315815] hash_alloc_result.part.0+0x95/0x110 [ 463.320585] hash_recvmsg+0x515/0x890 [ 463.324518] ? hash_sendpage+0x9a0/0x9a0 [ 463.328600] sock_recvmsg_nosec+0x89/0xb0 [ 463.332763] ? __sock_tx_timestamp+0x90/0x90 [ 463.337187] ___sys_recvmsg+0x21f/0x4d0 [ 463.341201] ? ___sys_sendmsg+0x840/0x840 [ 463.345358] ? __fget+0x210/0x370 [ 463.348826] ? save_trace+0x290/0x290 [ 463.352643] ? __might_fault+0x110/0x1d0 [ 463.356722] ? find_held_lock+0x35/0x130 [ 463.360798] ? __might_fault+0x110/0x1d0 [ 463.364884] __sys_recvmmsg+0x226/0x6b0 [ 463.369143] ? SyS_recvmsg+0x50/0x50 [ 463.372858] ? lock_downgrade+0x740/0x740 [ 463.377011] ? __mutex_unlock_slowpath+0x71/0x800 [ 463.381980] ? check_preemption_disabled+0x3c/0x250 [ 463.387020] SyS_recvmmsg+0x125/0x140 [ 463.390901] ? __sys_recvmmsg+0x6b0/0x6b0 [ 463.395058] ? do_syscall_64+0x53/0x640 [ 463.399031] ? __sys_recvmmsg+0x6b0/0x6b0 [ 463.403196] do_syscall_64+0x1e8/0x640 [ 463.407105] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 463.411963] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 463.417270] RIP: 0033:0x45b3b9 [ 463.420447] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 463.428170] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 463.435467] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 463.442751] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 463.450043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 463.457320] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000e 02:47:18 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x40000002000, 0x2, &(0x7f0000000140)=[{&(0x7f0000000200)="ea9bfd091d7f77fa0d18a7e35d79e24c45762aeb8a4e66d2f706c58bf7eff68745c8cf357db3ed3fe4940bc6cb323a2114271c8598dcf6aa56362367c6dd18250167c86d15a7f2936b8f05fc3f667084ff0bd58df1a173b6219276f8b37d7108990710c55099efad7a4c2826bc310c0086cd4b2c03dca1be666d0b834f0be8743bd39dcb39240188dad0cc87e2b2477eca5de9c2576d7b8409e2bddca1bb3ad6c0cad76a73badb38f9f387f8ebae05d4a8e46b36c5e48e2e0570c2826f4ef1575e23c196c20a2366e22c24d944cd2d90356c13c286a534bf6b125ba69efe8e012eb9e150", 0xe4, 0xfffffffffffffffa}, {&(0x7f0000000380)="5347606bcf387b586643bca9191ebb0b2d9aa40200a6de1344f10e1dc1cbb8cd7c719cc4a891a6f889504f9e9b2a7e9445bd7c38ac3188cfcaa85363ffd426901f8ea3c74e64c1f41ccf9daa6ce9ca004d245560a967a9aa33d6b115ad00cedc73ecbace946ed0cd1182ec75a21ffecd0c6de0e15d1f54f642c1ca4d96a7424c96d23d4984a5c08a48c4dbf3035193d86cf5453c7817e194", 0x98, 0x80000000}], 0x1000412, 0x0) setsockopt$RDS_GET_MR_FOR_DEST(0xffffffffffffffff, 0x114, 0x7, &(0x7f0000000440)={@un=@abs={0x0, 0x0, 0x4e22}, {&(0x7f0000000040)=""/246, 0xf6}, &(0x7f0000000180), 0x5a}, 0xa0) [ 463.465344] BTRFS error (device loop4): open_ctree failed [ 463.486848] BTRFS error (device loop4): superblock checksum mismatch [ 463.580723] BTRFS error (device loop4): open_ctree failed [ 463.653068] BTRFS error (device loop4): superblock checksum mismatch [ 463.690773] BTRFS error (device loop4): open_ctree failed 02:47:20 executing program 1 (fault-call:3 fault-nth:15): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:20 executing program 2: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:20 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10200}], 0x0, 0x0) syz_mount_image$ocfs2(&(0x7f0000000080)='ocfs2\x00', &(0x7f00000000c0)='./file0\x00', 0x6, 0x2, &(0x7f0000000380)=[{&(0x7f0000000100)="66473147740426c6e81eb31025b436767094c6c2aa2d4339b258d33d085d6a9bac6202cdda4c9cbccb5e1fb893cb0a2528b307e1a70080cef038e45981e62a9a3d3fe7bf1dd1a4699278ee4d887df98e49025b47eeb92657880adf45a893c1545b333a3b8d59055317fa58a6f091776c78bc116fb239f5bbcd46dde3688eaa5af9e598e748f07b99cb149aec9b7316a1c77d104d82e602e82b91bb", 0x9b, 0x8}, {&(0x7f0000000200)="c50876b3b91fd5b6648a0f6344158814e62e5b3893e0c08b896e4d5a25d8dd285143417184fa33327ea106ca9340bea4e72317eee704f1d5a2ab558eff69b5194ac37ccb5750b10b5825925758893aa3513416466873c4c05c7476f76ce8e0117855a9ee14151287960032815030bf408bfe75043993daaaa45845e51f49d21733c450ab5cfc1b039befd74c33d0a445b5492d461bd43724c563753de428e033e1a186095527ad047dd5679fa8f6530bbc595be17936108a013e9c2718240cdd474091999565a1bab488980c92967aec53c8df54a86a140c1728449bfd6137780a35c512e25c64787ab395783cab28d65984a11685ea6a98261dd810", 0xfc, 0x82}], 0x4000, &(0x7f00000003c0)='btrfs\x00') 02:47:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000100), 0x200881, 0x0) ioctl$VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, &(0x7f0000000040)={0x8, 0x4, 0x4, 0x10000, 0x8, {0x0, 0x2710}, {0x4, 0x8, 0xfa, 0x57, 0x8, 0x20, "6513f204"}, 0x62, 0x4, @offset=0xffffffa6, 0x401, 0x0, 0xffffffffffffffff}) sendto$unix(r0, &(0x7f00000000c0)="da5d3a9b28c7d1c2d12be9291ec24204f7d1bbbaa4a70def85b68fd959a03cf07976c846e1036465ea139373c57e27835b5bf868da85b6f8cc6e982c90116afa68aa7a8bdcba8ddb605f6a7c4b6c2c68ae967509257a7f24f181dbf9138f4ec32d7313cf0c6d018917c294f3ef023d9ba99021df78953d8b7bf81c905d881b01648785799298b2391dc5853e5dcafa1569ee22", 0x93, 0x10801, &(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e) ioctl$KVM_SET_VAPIC_ADDR(r0, 0x4008ae93, &(0x7f0000000180)=0x1000) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) 02:47:20 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:20 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$sock_SIOCBRADDBR(r2, 0x89a0, &(0x7f0000000100)='vxcan1\x00') r3 = fcntl$dupfd(r0, 0x406, r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 465.907792] FAULT_INJECTION: forcing a failure. [ 465.907792] name failslab, interval 1, probability 0, space 0, times 0 [ 465.921211] BTRFS error (device loop4): superblock checksum mismatch [ 465.936685] CPU: 0 PID: 27946 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 465.944707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 465.954638] Call Trace: [ 465.957241] dump_stack+0x142/0x197 [ 465.960933] should_fail.cold+0x10f/0x159 [ 465.965105] should_failslab+0xdb/0x130 [ 465.969078] __kmalloc+0x2f0/0x7a0 [ 465.972626] ? mark_held_locks+0xb1/0x100 [ 465.976802] ? __local_bh_enable_ip+0x99/0x1a0 [ 465.981592] ? sock_kmalloc+0x7f/0xc0 [ 465.985388] sock_kmalloc+0x7f/0xc0 [ 465.989551] hash_alloc_result.part.0+0x95/0x110 [ 465.994304] hash_recvmsg+0x515/0x890 [ 465.998107] ? hash_sendpage+0x9a0/0x9a0 [ 466.002166] sock_recvmsg_nosec+0x89/0xb0 [ 466.006321] ? __sock_tx_timestamp+0x90/0x90 [ 466.010725] ___sys_recvmsg+0x21f/0x4d0 [ 466.014697] ? ___sys_sendmsg+0x840/0x840 [ 466.018855] ? __fget+0x210/0x370 [ 466.022306] ? save_trace+0x290/0x290 [ 466.026119] ? __might_fault+0x110/0x1d0 [ 466.030186] ? find_held_lock+0x35/0x130 [ 466.035481] ? __might_fault+0x110/0x1d0 [ 466.039561] __sys_recvmmsg+0x226/0x6b0 [ 466.043539] ? SyS_recvmsg+0x50/0x50 [ 466.047246] ? lock_downgrade+0x740/0x740 [ 466.051408] ? __mutex_unlock_slowpath+0x71/0x800 [ 466.056255] ? check_preemption_disabled+0x3c/0x250 [ 466.061280] SyS_recvmmsg+0x125/0x140 [ 466.065096] ? __sys_recvmmsg+0x6b0/0x6b0 [ 466.069239] ? do_syscall_64+0x53/0x640 [ 466.073217] ? __sys_recvmmsg+0x6b0/0x6b0 [ 466.077372] do_syscall_64+0x1e8/0x640 [ 466.081252] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.086108] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 466.091320] RIP: 0033:0x45b3b9 [ 466.094508] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b 02:47:20 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x3135000, 0x9, &(0x7f0000001800)=[{&(0x7f0000000080)="44ebce2f1f2750db8c037b401ff6e4938f4864a22b0def5bb745b337f2894128bac7fa576bf933e2ca11ea186b759fd0837b5a908cd7b9a1736d353010fb1c1b0c4dde1784ae4fcbdd5df2da59285bd585fde186bab94d6dffdd362a562708bd9fa46cc80c8ecaec5a7231e8eb7757795a46faa31397436b3a0f3e8453305d82a86254c39b27f2d29d88b9d39ff26dd5d347be74f7bce603a73ef97cb92d157c1073c834c4aaf34fc025143e5ab13545e1d39549d1fc9ac0127aea10957656467f176258e5ae9ad29e6038fadc773754bbcd2c1d677c106b5e2da195fc20f1cd541478536faa47945448f66c353f3704acb79c02", 0xf4, 0x7}, {&(0x7f0000000200)="42cea00d390d3f401a6575d363ba539222f339302add6f7c890edb6217f40000404896aa9db264ffc82d3a713470405a9a664ec1d5097a5383c6b85458bba8393c5bade723cab7add93193a14de232121d5427ea0320fe2380c3da3c4f3493763d9ed5f3b225370939ab4c10a6f73a81875f6c6d71316464c93c828636d53b84a93d95656b8e6dce90", 0x89, 0x66e}, {&(0x7f0000000380)="359715820cf81ce00d321b6f9fec97f09dcad2ef4a5964ce0819d44b84aec6e673305148988d9839e7d7ffff0000000000006c8ed7121e399b43b66685a769f158d07c90a1649682d5b3f6ab3d7f3b6e11cdba5d87e1a50088a201d81af45edb7599386921907bb34545f618f501e3c77001010000d766373e86e99859e81ba0219d744c1b925006b8e601854fc094d81097a71cad2cb87f4a21416fcb06e698763fab2a2e4250f1892a85fc659092581a205b50493087387e00"/200, 0xc8, 0x3}, {&(0x7f0000000480)="7c1c2eefee2e42a713b5c853afd39633836882fb89d935479ba7c8ecaa727411a09528392bbcd0c270655047c053ef1edc65e9e6e9fd5b685de78b01d22a60c5a0e442e4f49a91a66babea6f0e4af815f2c523c8b3750512b23c08f70a75dad6cfa413d5bd10a4", 0x67, 0x9}, {&(0x7f0000000500)="456d375915d16731eaaa61a4d552f5ebd9d7c7740133d0533c8b8954733baf7edd72a843e41578d17e9d8c042fe1fa55d3227357850d019ee63a6e03066a0bca1ab2d73f33edf75a01135001f0b30306975a1eb637aa86cfbd15d2102549d054c593d87558427939f9cc1623446226e5bcb4cadeebbc95009b62c6df758965383b25d07beb63c630ed", 0x89}, {&(0x7f00000005c0)="5e3366542d9b906395fd0be16681f416cb0297a6fa9e6b783d1e0a2aaac954f01b2cde201be7fa52076fb8cf18084645d8c2d3769ea38caf828917c820f981fcaf9c06002fa093c22fee0aaac9bd14ef7f87afa3044007745e6be3bae07ee64be9ce09a5ea5ad1ec2051235833437892d4464440d57839864d27a298fc7dcf52c7dad2a3e882a0f8d530c2f541cfa1be6ea10c5e8a8440c86f1d989b70e3db9c16cd107215d460d1", 0xa8, 0x1}, {&(0x7f0000000680)="a91bba95a3a8cea58f362022467aa7c401aafb6d62abc2c40a783aaf93b75639aa7088b2ee32c74beb663feb8507d087508f34a5a52fb6c95adffa54b9251d7c1b439829631655dd257b4fa80cd5014a66da3577ebdcfc93dee62e94260eedb0696fceeaf9", 0x65, 0xffffffff}, {&(0x7f0000000700)="bf6a10b6ec9f0cf31630bb7ef5043eb0f989e8c92bc3853dc813b3d15190f93fe40f2cdd4e017ea0cce5dda00bb39cc585891355c9bd625079d01bfbad9a380dbd95dd56fba4de92f36f491c7121ab0d90527c7f6c368ca174340733bbf9ec44ddb5eca375db6c7901340949bd8cf3e0bcd1be71a43fbb89d17ffb6032174ef613fa01840e854e437e1ed16edbc9830b7e2dd4b20993333ac94965e4e889af9de3f13f80ea5ea97866df49ab994664912330096ee255833412f4afb4dadf85e5ad41128137fdb421021b8876ef945ec1b64f65c238778abba88748f86bfe849a1f72503db6f0af7117f3c360ea52ae76e0cb6418b175aad8d45694f1362f84d911f448c38d8421a3fe74300d6ee4a93e4a142fa48f62f84e6c4f2a88951848a1d7de469c930aaf41d2c8ae1698310683a51c4a51aec9ece167fcd3948e01ab4b4b2de846bc1deafde1dd6519078f01b901d360e0eea19f7dfe6bac68269ccb7461816ea85d8d51739cc63b76ec8b12f58a238daf77eb790f06b0b6926085acec61b9805b77a46f5b1d94aee96bdde10c0a03798934b28a8f4af27c3d5196a902f1ca17a2bbae7d8d0cb56ab70840bdf21675c686c42a3421b2ec2c704d3243e26076f7e341853e05d40bc9df76cf2054876cb0b38e96873861ca8aa50f8a04429d536532d2ab8d5e1b79be959e11d60000c98e0ad359997e16a629e38231cd553ae276608614206d9ddececfa1cae7db12bb64d0767cb7e9efe9da70f8f4eb79c69ba463493592ae17c72e24dc4e3d651ef222dec6f720041ff844febea40607cd0bf77fc999a6e87545e20228b51099fcb59db731b5958f71d979399dfc0ac123128a4d80fa95b5adbaeaa16c654dc5fe4a4a9a6be3ca1a874f988d07e6caf604b700dcb1f58c46f5e351c246fc4b3275750f4918daf5e82c39905c84a3ea9ea1e759742e12457dff940fee5efda43a556d4983d94750f2c213e926b0f4859ba703193b6130a43655bc36e9fc401200b31fe89c23fd0f1085cf6cfcf6c4c5344e89f0bf39ddd905573339666f9395837071056ec506e656a7805da61f4dafbaf1404978697cd2ff5d6052c22ae7c2f186435059b5094933614c92a9ae26b0941d253d9ccd2b9eb9047860c90456b6a2c92b5ddcdbd4f03a365fbf992261e95dd86e30d8ce756838f7e2582f506d1be7d33224a9f474727b3f09371931ad8e218d45792a3c52589404a1e6e81e463b54d552b719b078490204d8427fb9b40624a444e6dda41b259de3366631be0d696f134e09afa69ed7f442c877e0c3f248965f5ebccb6603d7d7c6915297ec855cec7202c84816cd8f44e9abfc358b2a7205bbc315a7102bbbecb8fd8ad6b2c3e90fbe35b29027db3faae60c4f976fa92d74b9347a604192592ca534b9d7d9d8d1d037c8132472c46d24f8d3718afc1996874e8714c01d4394f30c113765e7dc40c530b7c60da39e9d84ec89d19ff56eca23677e2791dff40f1e3e2b2b0978cf7a3700ced8cb33556300848f1e7054099853f62f5e308868320cb4f4f55eabf961ea266679033168f37fdf21c6db601dc256c94a92abbe15e110590dd8d8e41989a1ddf215f0a7f33c477ede12dedc0ac002f079b6014f432761c932fc1fcef71a2517c623acd4c51f4495283425d6c515377b0aced2494c874c3925caa095d48b454cfc15ed80fc9248b03fcbef94f6477ffffc504843ab823dfed34c699ad8ef7050065d818bdb45423c518a91bc7cb9edc6be116486b321358e38ce9594badba2e9c97d923a367b856535903e7ac47773b8913c4137b7416cb907c2cf88a053ebf4980aee086d355607f638e85a6c77e7c94af3283d47d4f2402373cedf076e7e42501a4a8fee0495eeab2722cd3e03c9c1f18e12a90d5aba33bdf58d04ea8d09c5fb9e24366ebfd98d119b15ac5ab4532a70dee380046751df31e4f1c2230e489a1aa448b40749425debb687fe94aea6c61b8ee31b45ac40bfdfa8163592ac892d4d5691d5407d5dc189cc1f81b855f294479ef1223dfd1627ee578492f2ace969a0b4c346bbc7c656713ffc4e23f6198ac5275140d99097ea9727e936d04b1cd2b61601c18cad86154053061ea1fd93b536e4019cb1782978a283499f26eccd3cd06eb7025ea864fd06189288dd513b01a694e496120e4117b8cd7dc4d7b0e97680d9530ec7fb2b17b63c4ef9faa60fae0a401b19c35aee5491cceaab437b351d7cdb1b047df2bbfe8fbae3770d7c28b2bcb05bdde81ba9c9a78201fb9f0e3b91d41500d71631538ea448f1a69a71dc90dabcbb68ca61ccebc57782f1ed20e40bf17d82811d8854dbb0d0d95f8d4676c6c1ac833cc425886d89f42f5679ccae759fe6c1387e4631cfdd50fd20cee6a3b98c7edefa074c3152b6e87718e3a27b580d4bd05916bcdd38eec9b8a255487634fc4b72d828cc21d42f4a2415d7c5d30ba0b5ce447c200f75fd7504f4f6d23b9689b76644e8ed77b9116022fe38c61459d8e3b9c6bcf50e51acc7590eb55d68d80aa2b7048aaae28ac8a6ad6614239d38169314e0295abf81e2a761730b57b0e6c6c81cfe9104fafe641fd726e96bf6160c8ccbf65f069640df238867653142f42ee061cf26b281f3cd254e9e52b066f12f4fea91586d81de5ae5fcc57212c6ccce164db81982eb5a5174d092fa8666749bc8c4299e2168c223add1ee69d4e92eff19bbca5510c9774e7fb0e1ce0b88c6e10c3b71415a143395abc26d5a438ea003b28fcf933979eec56b54e7aed7ac9e57b1b54dbae1d943edcc95d2cc36cceb37f0cbd4c1679c0e1cdf8cdbb09de391d844ff79226a290d8ab749b8c37e8cee9a84d014f1bce0ee1e13ab97a080ff89ed1b8da6c146ae018531e1da532b5a5cf8ca06f6c4d31dfca831594cbb9fc7088ccde973cc500153cac4f4d15c2dad635f67d3ed71c04556a8ccdd31be282966fdc789a8ac18193b526a3d78247c202cfa0d297c6f887e38c328c3af53336d1362e6e3bf778bb0870c5fae2bf08eb10c8614e5fca0998439acd8a9d3765b8846a5212414b4449aa1979f6eca380a3571b4b6e188848c75fa8e0e59156a9ff166091a1e39bc100f593132f6be5df6bd45773ce9238cea24bbb596a6627b95d462b60489a601e6c71e36b711ef598a67865a131980ae86cd9ebb6fbe82f2b142be69b972e95d16424ddff53f19212764a53d5b81c49faad8b202ba0dc28572f32cd55cbd4f5a228cbe3e1b34797e43398c07cb1594f2f39965eafd4ac47cce8468a8c8241cb3a10b0bc660d3ae9432d3c353ffa6113fed24319eeed9cc9730394e192eab4f0e803642ccadc0d404fabeb31e630b729624d12b9b7468763e38d6f910b3d4e5727ed92bff1d36790cbc0c78b51aea6d6a5915782dbac5c24e8ec6c79f9af40f575f1b67e00e4bb52a26414f0fc220b618ae42fec16ec657362e2041fd80ad408e1acd551e1775bf46ad9320466bea44ec3d03dc7f80d0496ec4e8ed9561ce42910dc97ea1b25b19744161a37803bca228ec40189307490b76c0fe034e1f3db7a11748f14c8d5e2757dcdf41d82483c7f9268d91cc90d70d25aaed46b179cdc21eb3de6d5ec42767051312f7de652b5088d41152299303e2512ae2913dbc18d076cc3786327fcf17fb49babb59739de6844fb027eb523c844c78c3ac075378c97c69faafe8e7a69d4a241fd3d3ea439d0cef6e5456774461540383acceac09cdb84526575d7d4fbca19995cfc316a998b88f7a815d5969f118d3c498469f8db6bd6cade03c228c21f0fcf1252e728866cf9db5c433be400add548d3e16986bcdce32e99568fee6ead4565b1a4f27fc1cc80d52917de2c6c9f2b4c0f606292a61cf9cc5103b2dabc1d71fd06e017a5e6edb154675574b86d274fc8807c59d1770e6c28ed7b702d28215ab31b2b930a8c1441712d7ffa6a2c8c64842e85cf65d40d70980bfc4c34e3503e2ef65829b9d5aac426f93030526a2fcda76c8fb680b2c3650f348093b825d6cb9b03da4563cc756436af3f6f001c2c83d072375cb5cfafcc79c901d2a6c5dacb11d010789181873541bfc69f5a92c0f3e50f52f90399dbf99aead708af1c2a58e908b78e441fcc151ab1054a742cb8a26013d98e7325d3ac49b41e23107fe23ec971898edb0cda3e29d4bce16ee2352294b0a54dac297e705df8171f49244049c07aca2220a01f2a05e8509d1742523ab4f6cce230d6f9aa23952afb45bd285ff2c7611f09795bbe514f2ca01effa4f9de67009f68ab6cdf77d2784a200b0f9b64b97c9e553301f29c14f467e5908b035ec2f33677136db116c30ee7465e9755a698953463b497edbe5ff3f950dbcf9eccf84c650dd2e6776c111465f1e9be45e7deeccb70b34197768874f5346f81d6bbcff5ce20ededf9f35b7805417589ea77fdf48f992562189596920f43891079af7cf7ad44b36cc52c179c1915daf3f22352f5a5be0c272d0ebd740746d42ec8720cd4891b4b7c9f9d8dd8f24be3d1545e25bb135cdb7aceaeb87931eb65477e7989e6b10b62d369e91863275b3394771fc1ef59778cf86565a36f8b655e7488848d658acf0c34618f7bb03588d16beb87a138278bcc5ff152397ab18a674a64a9873159fa7540168c551155723dff641c315e3915c595383bbb0e6c4adde0586f5623034b3226309be2a4e2c682e5f0c503b562f833a442ea3e912b43d589e36516fb37ea80be643ec212ceb56e4dbca5ad1ff25beb944aeec195ccc3192986c65428ce428f1f7a74f208921d55ca44f1d762f04a352f5f276345d231ddea1e190dbd6a53a6a60a1491d2c6f293c74f7ff796b172ef8793be6c57fe8345a89b5eb3097668817126518f512c3d1d9fb9dc4c52485580bfb34eccfcd90e6867a1d6957260e30c97e497a09b2007c620594e8a02883292a81529afb7cdca1c37798662cae2f3537683403cbc1ea78fa76d813c0ba99a9b214f1284c634524183cc0f613fab5d5f7899b5606c8b317ca603d623060c66c4b379fb49468047b7509424c17f0a529435f33042ca47908b27a0d3397853a35a5c2c18fc8fbc3528bd9af781e5f639f1edc7e81529e6e87c357cbac62604a1463f0fa36b7221ce5a582c23a63c789db8cb0c1d670bb5d7d2a49e3042e28e014471bb8f6959ee2298691907e51dda13b7f64612365a9c30d93390a6ae42111efb84646a088b2392c2328437cc5ca4846966e3b4d2c249d8318b807a4b7e8a29aa18f7bed684959bcef45b79d21a7326338aa30eb6d23e5e9852efafdb151b9645253d8b39bfeea9284fcfd64627573baf57c42cc5c8cd98be1e6adc7c1888ff1a708540c44402e2c658297a55b516f5172abedcfb87021823a5e1e1ba748c86c82e17522ea247e078eb1f9dcce4116f3a3e9c925e6091c3dc3e7066041af6874b099ba69fde2fa61503ac2e38b4475fe7cbeba7d922189d9114454c2fb961b299e34ff152d6b44e22e0eef3ec101089e16cbb64c4b0e45fbdce646d71df524e32f0f6b72bc34693b82b13e463463dc027751dae244c207118893e2cbd58061db80ae074b361ae71babc98a7a1d63ca1cd5fc3267cd73081e08ed82157beb88028a455a54aaf856301b851e4a319b10949148de9c76891fb5603e622dcd264b84592a2164499041c38a66bfd5d3578b24c5f49cf5e00b2827067bfb77cf7aa46b343162074b44c0341597d2de5f2710a7040d214a1f0711082803475cc9e0aa7a4ca698bc9c4856a8fd57c77641b57992ebcb5c7ed4eba0e00d239999", 0x1000, 0x514}, {&(0x7f0000001700)="abe0b45b4d320f70e4a0dde59d852ae75bf4d7294d839e25ed27136ee706e0d745a216d13a67bdb06c12b3398b05dee1820e436c701f9e876e53d6b5804ab44f89bb051e325ec8c31e684262139816353d1bb690e4d6cb6f9982c439e0a2de071593ea370b012b39207fb7ff305ae9a4a1aa737675eddb67772d0dd032e98ae959aea1ca27e6dc05c714b24c1cca1007758179ff894d7311b058b04a3f743a59b2a547f0bcb40b6e61cbe9ba4d870e0c9dd4fc94d1a3f7e446446a0b9424a719374b4f", 0xc3, 0x3ff}], 0xc0002, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 466.102225] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 466.109506] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 466.116771] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 466.124045] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 466.131325] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 000000000000000f 02:47:20 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000100)={0x7688, "0c1222e8e20b73c35b29527cf8c8ca49a588c61bf4475d7456487cc1567aed7b", 0x3}) 02:47:20 executing program 1 (fault-call:3 fault-nth:16): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/schedstat\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$fou(0x0) sendmsg$FOU_CMD_ADD(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x1c, r1, 0x0, 0x0, 0x0, {0x2}, [@FOU_ATTR_AF={0x5}]}, 0x1c}}, 0x0) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x8200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x38, r1, 0x100, 0x70bd2c, 0x25dfdbfc, {}, [@FOU_ATTR_PEER_V4={0x8, 0x8, @dev={0xac, 0x14, 0x14, 0x38}}, @FOU_ATTR_AF={0x5, 0x2, 0xa}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IPPROTO={0x5, 0x3, 0x8}, @FOU_ATTR_PEER_PORT={0x6, 0xa, 0x4e21}]}, 0x38}, 0x1, 0x0, 0x0, 0x800}, 0xc040005) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x801, 0x0) setsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000100)={0x6, 0x8, 0x4, 0x8401}, 0x10) [ 466.281189] BTRFS error (device loop4): open_ctree failed [ 466.298992] BTRFS error (device loop5): superblock checksum mismatch [ 466.310656] FAULT_INJECTION: forcing a failure. [ 466.310656] name failslab, interval 1, probability 0, space 0, times 0 [ 466.353032] CPU: 1 PID: 27974 Comm: syz-executor.1 Not tainted 4.14.170-syzkaller #0 [ 466.360961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 466.370315] Call Trace: [ 466.372920] dump_stack+0x142/0x197 [ 466.376564] should_fail.cold+0x10f/0x159 [ 466.380703] should_failslab+0xdb/0x130 [ 466.384676] __kmalloc+0x2f0/0x7a0 [ 466.388226] ? mark_held_locks+0xb1/0x100 [ 466.392518] ? __local_bh_enable_ip+0x99/0x1a0 [ 466.397105] ? sock_kmalloc+0x7f/0xc0 [ 466.401090] sock_kmalloc+0x7f/0xc0 [ 466.404719] hash_alloc_result.part.0+0x95/0x110 [ 466.409490] hash_recvmsg+0x515/0x890 [ 466.413288] ? hash_sendpage+0x9a0/0x9a0 [ 466.417364] sock_recvmsg_nosec+0x89/0xb0 [ 466.421542] ? __sock_tx_timestamp+0x90/0x90 [ 466.426054] ___sys_recvmsg+0x21f/0x4d0 [ 466.430054] ? ___sys_sendmsg+0x840/0x840 [ 466.434229] ? __fget+0x210/0x370 [ 466.437678] ? save_trace+0x290/0x290 [ 466.441481] ? __might_fault+0x110/0x1d0 [ 466.445566] ? find_held_lock+0x35/0x130 [ 466.449636] ? __might_fault+0x110/0x1d0 [ 466.453699] __sys_recvmmsg+0x226/0x6b0 [ 466.457693] ? SyS_recvmsg+0x50/0x50 [ 466.461397] ? lock_downgrade+0x740/0x740 [ 466.465566] ? __mutex_unlock_slowpath+0x71/0x800 [ 466.470500] ? check_preemption_disabled+0x3c/0x250 [ 466.475542] SyS_recvmmsg+0x125/0x140 [ 466.479366] ? __sys_recvmmsg+0x6b0/0x6b0 [ 466.483527] ? do_syscall_64+0x53/0x640 [ 466.487498] ? __sys_recvmmsg+0x6b0/0x6b0 [ 466.491635] do_syscall_64+0x1e8/0x640 [ 466.495513] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 466.500381] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 466.505586] RIP: 0033:0x45b3b9 [ 466.508855] RSP: 002b:00007f96effb4c78 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 466.516568] RAX: ffffffffffffffda RBX: 00007f96effb56d4 RCX: 000000000045b3b9 [ 466.523841] RDX: 0000000000000600 RSI: 0000000020003340 RDI: 0000000000000004 [ 466.531124] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 466.538400] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005 [ 466.545693] R13: 0000000000000891 R14: 00000000004c9fa1 R15: 0000000000000010 02:47:21 executing program 1 (fault-call:3 fault-nth:17): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 466.563880] BTRFS error (device loop5): open_ctree failed [ 466.580957] BTRFS error (device loop4): superblock checksum mismatch 02:47:21 executing program 0: ioctl$PERF_EVENT_IOC_MODIFY_ATTRIBUTES(0xffffffffffffffff, 0x4008240b, &(0x7f00000000c0)={0x1, 0x70, 0x20, 0xda, 0x1, 0xc9, 0x0, 0x7fffffff00000, 0x80000, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x3, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x101, 0x0, @perf_bp={&(0x7f0000000080), 0xc}, 0x100, 0x80, 0x4ef9, 0x4, 0x5, 0x83, 0x5}) syz_open_dev$tty20(0xc, 0x4, 0x1) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x4000000008, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = fcntl$getown(0xffffffffffffffff, 0x9) ptrace$cont(0x7, r0, 0x5e35, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = syz_genetlink_get_family_id$batadv(&(0x7f0000000180)='batadv\x00') sendmsg$BATADV_CMD_GET_HARDIF(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x28, r7, 0x1, 0x70bd2b, 0x25dfdbff, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5, 0x2a, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}]}, 0x28}}, 0x4008801) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RSTAT(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="880000007d010000006600ae06c0ffffff010200000006000000000000000000001000020000db000000010000000000000006006274726673001100637075736574657468316367726f7570404f4d70707030272e6367726f7570282947504c6e6f6465760600292ddf73204f3963e869faa4b5863828711c516997bcd4236801633ff385b2c25364b4d016aa5e8f251f570c63d2fbf8c485f084d359315c04a1db334437a0a6286851659553ddee4212b6e6a375b860f70cb33955b40e99b72bfef3ef6214feb1e536cf4235393965075d7bf05ce5cc6ae580776593838afc8e"], 0x6d) 02:47:21 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:21 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0x1, 0x4}, 0x6) socket$nl_route(0x10, 0x3, 0x0) [ 466.670649] BTRFS error (device loop4): open_ctree failed [ 466.705989] BTRFS error (device loop5): superblock checksum mismatch 02:47:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) dup3(r3, r1, 0x0) 02:47:21 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x600000000000000, 0xb41800) write$binfmt_script(r2, &(0x7f0000000040)={'#! ', './file0', [{0x20, 'sha3-384\x00'}, {0x20, 'em0[\xb1mime_typeppp1cpusetmime_type+mime_typeppp0em1{user-'}], 0xa, "cecb96d44abf4bc71a6147ed9b1444441c361073a5f826f7efad20452ebae2237692ff775d815fdecda45669ebecb7eaac0390ff5c48bf9b91743add61657348a06afcdb7e3f86beac58755bfff2ba6a2f2a7673783c963b6c92913adf19d12026a195aa36239439cf0820d68e23268ce491aa660c5a3a8de0274355ec6ae9a5c3f99c40748b359f6c91c8ae474914ab782d7705195b61a611f224cad96c2edf86d1"}, 0xf0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$packet_int(r4, 0x107, 0xe, &(0x7f0000000200), &(0x7f0000000240)=0x4) ioctl$PPPIOCSDEBUG(r4, 0x40047440, &(0x7f00000001c0)=0x1f) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 466.800836] BTRFS error (device loop5): open_ctree failed 02:47:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010002000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 02:47:21 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000280)={r5, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)=@bridge_newneigh={0x2c, 0x1c, 0x92bc694e7de8c902, 0x70bd28, 0x25dfdbfe, {0x2, 0x0, 0x0, r5, 0x8, 0xa0, 0x4}, [@NDA_SRC_VNI={0x8, 0xb, 0x6}, @NDA_DST_IPV4={0x8, 0x1, @remote}]}, 0x2c}, 0x1, 0x0, 0x0, 0x10}, 0x4000) 02:47:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PPPIOCATTCHAN(r3, 0x40047438, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 467.024348] BTRFS error (device loop5): superblock checksum mismatch 02:47:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fsetxattr$trusted_overlay_upper(r1, &(0x7f0000000080)='trusted.overlay.upper\x00', &(0x7f00000000c0)={0x0, 0xfb, 0xe1, 0x0, 0xdd, "71977ba557da965db5d0edec05543dfd", "7a9996a5fab7ecfea6b4390d8a7fb17a842081c2b516860d5a1230e815fecc4612e26fc12d0eff229cb085c923fb6c7dbf5778c2e354dd92ddfe9c7e088dd60f6fef632300124db24c7b39ebe7a4e9390d5754efdbe43aae6dc485f4076e2cc732af526bf35e5904207e31aebbb153726f5d02b5b4598b8746a20b635a12df9df1ccedf888aaae58d49641371704dc4f152469329f120ce95fbf46e0edb7fa140f2242958ad0fd46670420bc38e8e34c712ae8dfb46ef1fa635285e097a8f3b7acb7548847aa7d5dd9cd9aa7"}, 0xe1, 0x3) [ 467.099017] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 467.108551] BTRFS error (device loop5): open_ctree failed [ 467.149071] BTRFS error (device loop4): superblock checksum mismatch [ 467.199474] device veth23 entered promiscuous mode [ 467.209072] device veth23 left promiscuous mode [ 467.230259] BTRFS error (device loop4): open_ctree failed 02:47:21 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = fanotify_init(0x4, 0x400) fsetxattr$security_evm(r0, &(0x7f0000000180)='security.evm\x00', &(0x7f0000000200)=ANY=[@ANYBLOB="02713e1400003a01f079ab"], 0xe, 0x2) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fcntl$F_SET_RW_HINT(r3, 0x40c, &(0x7f0000000080)=0x4) r4 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SIOCX25SENDCALLACCPT(r4, 0x89e9) [ 467.301843] BTRFS error (device loop4): superblock checksum mismatch 02:47:22 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 467.370966] BTRFS error (device loop4): open_ctree failed [ 467.404494] BTRFS error (device loop4): superblock checksum mismatch 02:47:22 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, &(0x7f0000000180)={r1, &(0x7f0000000080)="c8594a9d0a93dc64c06f82e1ac3c4865aa2f47266b19a62a8a6b2ae89487bc0457d4672a12e74095460fc3f857bd026bfcfa55b9d3750d1c76466ab81c1aa95ee0626259f88e8196a3961996272e5e9c9819f7af0250bc8f22ffc6cf8ff862127c8654260275f30fb13a1225dfdee1b1a4044249cf3c4a43b0e220d810734e7f60ed97833ec167c832d2f3b1a0e2ada161f382c552b6c673ba9ea9a24e922e55ef7ed0317b36cb5b79b152663b0fef6d74c82f746cca40a1e0a4ee9e9b7d790abe036de9c382033578bcb9d5bdf592914f7787330f98daecf35f0e36481fc57dab0d61a30a90c474b53de120891fbb11c718d8bd1cd5252da28d920ddb0b", &(0x7f0000000380)=""/4096, 0x4}, 0x20) [ 467.415987] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.5'. [ 467.484724] device veth23 entered promiscuous mode [ 467.491783] device veth23 left promiscuous mode 02:47:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x1, &(0x7f0000000040)=[{&(0x7f0000000200)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5eac81509ce0431facef0740e2b4ded77d01a2e5d314b8974608a48ec195ff70ac9a0dec85736cb16320c074ad246c3e6c9f0c69570305891c26df541f5319b4763ce1af0a8c28b0a3a9cc1b0c1dd2039ad3e1618053ee0ed1cde574488cffda394866227f1187f731fd84792470b8a0f1ad0a6619c16e48042d5a916d5cfb7b8a509c0b16f6e48d28b2a0d28dac0b6dcaf5db5a0d7c7290cfb15e8168bfd9dd795a9360455f75e", 0xf3, 0x10000}], 0x1400, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 467.529549] BTRFS error (device loop4): open_ctree failed 02:47:24 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:24 executing program 0: r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x0, 0x489, &(0x7f0000000140)={{0x0, @broadcast, 0x4e29, 0x1, 'sed\x00', 0x36, 0x7f, 0x7}, {@empty, 0x4e22, 0x4, 0x3, 0x7fffffff, 0x2}}, 0x44) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) 02:47:24 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:24 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/ocfs2_control\x00', 0x600100, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0x14, &(0x7f0000000240)=@assoc_value, &(0x7f0000000280)=0x8) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_SIOCRTMSG(r2, 0x890d, &(0x7f0000000140)={0x0, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0x4e24, @loopback}, {0x2, 0x4e24, @empty}, 0xc, 0x0, 0x0, 0x0, 0x7ff, &(0x7f0000000100)='veth0\x00', 0x3, 0x800, 0x1}) 02:47:24 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000280)={r7, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r3, 0x8933, &(0x7f0000000000)={'batadv0\x00', r7}) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) 02:47:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) creat(&(0x7f0000000180)='./file0\x00', 0x80) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getpeername$l2tp6(r3, &(0x7f0000000100)={0xa, 0x0, 0x0, @local}, &(0x7f0000000140)=0x20) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 469.780453] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20009 [ 469.787524] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 469.817437] device veth37 entered promiscuous mode 02:47:24 executing program 2: timer_create(0x0, 0x0, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 469.827508] BTRFS error (device loop4): superblock checksum mismatch [ 469.853396] device veth37 left promiscuous mode [ 469.861054] IPVS: set_ctl: invalid protocol: 0 255.255.255.255:20009 [ 469.890158] BTRFS error (device loop4): open_ctree failed [ 469.899023] BTRFS error (device loop4): superblock checksum mismatch 02:47:24 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) removexattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=@known='system.sockprotoname\x00') 02:47:24 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:24 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) llistxattr(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)=""/28, 0x1c) [ 469.985074] BTRFS error (device loop4): open_ctree failed [ 470.028224] BTRFS error (device loop4): superblock checksum mismatch [ 470.090173] BTRFS error (device loop4): open_ctree failed [ 470.099198] BTRFS error (device loop4): superblock checksum mismatch 02:47:24 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) syz_mount_image$nfs(&(0x7f0000000080)='nfs\x00', &(0x7f00000000c0)='./file0\x00', 0x1, 0x6, &(0x7f0000002500)=[{&(0x7f0000000200)="5969c2b359ddb22201309ba3237124f25475b1d71c47e3911fcfb5b90426423800adeea3dff82f95d51a22a446c20ec3e0c4f1bf3b59ddb888ccd3f086ad82199e5f16540575468a6e6b2c27a833b225eebf464901945676089204f372b2c4441081f3e76013de26dc375f354b5a59973e7f98f52c9b94d21e550728e46452d423323a091a1c68ae8452a546402760a9a7b5211f64ee5402ace113e416fb9b71a612a07a4da4f94e75bb9bf52adaf7dcb66e01af533b31d38a6752bd92caa6ae332d5af603df6df6e5132ae9902438", 0xcf}, {&(0x7f0000000100)="ac8c8cd2980309efb20624c282b2903c5204191997b7e91675c77327d37d51b9aa63a1db6d1f3cf48e355fd91bd9e4b009b4a2c7d1da7732f739f43847a364fee1f46bd06ce6e6d45445ca64e900567d357a145d911c8136f836e9a08f9b4441ecb15a27d0e9180060b7662e561f152ad8aee903039e4bff5fd57fd96e06c27a3d75feda356cc889d7a0c4893cc053bf97c360cb150728eb6e7d19cd768579af8a665aebd039213fb968ce879f5d72d7a9f67529e6cc9c99a133f5ac52f6", 0xbe, 0x2547}, {&(0x7f0000000380)="f2b782c1d88c7b76fa66f94a81f0d2e2925229ebd3f9728cade45da7c33b252ac72d2483251b9d200e4d0595b16ac25ab30c7cf00b6c6de12e920b4a3f7eb263213f6f8b0749e7c76c9786b4c103660684bccf115e539514020b32dfb23f43eb378cda16647fdd1da59cb843ad5ac13f26089ad8a472736c09f74bc1af0361398b472d8e0a559bd0e01862bde5528240faacd39644eff73c55834ab004fb2f14f9db0855b02cb033c4cebdd4a3778791aadadd01", 0xb4, 0x8001}, {&(0x7f0000000440)="5c72ceb83f428cc8e3749c3fa59a7e58dded7b2b15766058073751b6931584192d6b236f2b0870567ea84460807c9016fc30039a2cbf47dab74f8f31c348196c7a1fb340920b01576b616ba4ab99c8d1fd2509a3b1feccc36de3f17e8d6aecbd33b517f21345104be7d89968e44392f31e95bd6947c51aafc1b06f3f63552e7a15bd977ee547850b28d51c668038518a67df5c0ad7608ff0f59eea744eab6bcbbc9fd7ad975d4a5e024ce489bda728098c3720a2a68d8a6a9fb0b1a80cef75d578017072546291dc83e069521d223552d43c0d3975126850c901285cb2b165c7d4048865bc2e86268141fb566e1b029a1a71f78721af86a76ad613d4a03cdc119706bcf183f6b6e63bab294a64dbabe3b754acc3f186e5f1c7c469070f1280652d32334690fe76b7d63cb165142432064f26a10d0fbaa4b5976a599f885066a8165de869c883df5d048ffd7935c6e7656bd9f5331a0111c3d1a9d66a7ee105915ad5c6cd2ceebe208304a6514aa27115a8a23331c08acb89fb713ef354b47db432d8fd8bf1e6238c866ba7e5684921cb14b7f08c2b373ea0ec5e158807a903c56e1cd1138d98391b6b6b99506d992c5b9d9f3229d6823144d08ffac9e7656b632eb7fe4dc629b2a607bfbefeaea2a0e098d2b57cef446efd49650efc5d6762b404385d4da80119b238906ec0e36672692dda884535cd8dd9bc964407884ecd41dd06a9836237130585887cb08ce3ea37d2d72cc58b5c9a2959a8b52096268bae44f1dff3f080913a8d97a48269cdf7d3e86e2cdf1a264365ae129235b0c4282e36631f7d15656bd065ca2f285c5df4dd2fa707c346ca0e81d1ac2d084aa14b44d83a923475a6caf4386de87c05fd3ae37fd600db438d47c657d4bb3966cebc9f81cb125e3931e0493240d2bf70e4ca79e53572294a39c1dadc169d6a2d82b69cebc7f883972c8faa015802c121d07a00ea77bf83125a5ba6fe5cea27ba5a566010b591466fe7cd181d69f8de0c7a5889f9ec214513e1d8745776ff2253dd1db59d2f509bc4744f97d266cc8e35aef2c993614334ad37f10e512204bd6b4e312f0905871fa37f2b8f26a02002aeb1575a79fda84f11eda1b3b63630889f02b96239424981271d381e09c3fad342cb785feb522a550559d15a3cb6f45733cf94cbd771d3e80ea04dc5a7aa680150b25e43a02deb412d9b0cd6a7799ecf64396e8be3ec988bb9fdb04a2dfaf692e3f584029884fe83bb5a9891b9a175f88e86626715b21d90dab9441d030939cf5e99d40cc522d82119dde678b48cdf5a10d68de1d6cd9f3bad2996c66ada8fd23015e72175e0fa1285a9ef6054d8c381a22762d5d5b044ec72d07adeaba5ae34ca2c70fe0343e652d03a71c98a5c5c4c938a2f8b61f677122c376d5fdffe5b676c75a8316d8ebc7bd303153cf6e8eed338387460e66574d0cde7535d7aeb72725698a9cfce3b2e5ea2d4c4fc1f2069076719148612774b6f79c394a8737435df2b3fe25134eebf38c6961a828317c0573aa5807d98489fd3561f0c09ebab76d7bea639c2a660b608b69b79095bebb1f14f1df43c4949b14e7841a1925e232a2bb34e70406310b124e853260af2e31b8cb96ea4c9f37878ef034c9525295d24dec686594ad6419237b71e1ff330963eea9486c70b6fe5a0ee8685ad4c43e4b43cb804b3bd89de90e505bbab687298e2d9737b5abf5c07156fb94f9d27cd3d54c87edd0ae1abd68c8779b997d1b367df150386ccf1ca15a21f83b184a3095c1bcd315e0314c0d420c24ced124a767d6889ea221194f9651253a762ad1695f8aa10a4b2385fd7a5e9862a298e52ba64122dccacf9ba8460819e4570ede16517ff7682c0a20e7233bd5f505138eb1f729788bc48f58081848984ad152eede84fa6f5062c6e13dedb7d4d0b482d5e2bf068e225efd542c72d7f5a88e22b9faa7bee60a2a7786d3af199c23b1af457c88facc92d6cb0aa83ad92d941217130cdecb65e5731ce8f1b1dcd7d48d4a7d2db1db558ae5b5131bba92aa1d804e3c69d99978e9df2ca67385b27cd8a935b54c6e2b31875269097a9216a49e3b605d963682ac5cff87ef3435b8ad0ca51e056c94235e24ee1442094c9676641bed69bdbed373daed8929214a337bbfd6a29392fe9b72ba3bf3fdae1600fcdece2b37c24054f999fd1448674f47897fc97c201ee587a4d3806870e101b925b57a5083af86898dc5a3caafcfe6bb252d9b739773ec2649300b14b0404ea46e997bdb118ea7ada03fe647a630e3d005d87c25224d5d723de2d7a8c557953ac4b355ea6a7499e62be7acfbfa37ef68c212e4dde4ac014835579b72e8ae586601286d0c367ccfd6ed70910bee59842e6586f5ca3f5478d43f103d7af66d8bbf0249d55de927d52f573fee71df89172b2e03c510d3eb24e8ae7ac922f13b1eaa9a00f2b25ba78f00d6667e667f3a85b46529d09c0f7bc7ef4e33373c1716bbb4a8e1d607709b4ed21fc68a82b1a6126001e8560b1063119d7cbc476e30277b491be40abb76c1de4256f2f577cc9b972461589984a251406dfc315f991a18e896431e69abf903e4221f92a42e833e59ca30c14ef77bba2d77d9c63262d7412a08b36035e5b43d3598f95f104c50cd825ad92d7a90727955303c4250ff873c92191a7bf34d9e71d80e8c79166d964fb62dad774c3b1600c5bcc2f6a748a44030094d2921c2f4462bf8a05161cc6a1bda2e5b064bebce2da63862b20ff91406a22c6936e9e498c44ee834a1d72eb8d425608fb6dcab30a82e6341b62d42ae42610cc3bc268f1b8b9a0af2d8f240069054bace5ba0383ee4a24ba3bd31890eaa03a3487730e398ee473dd4c150203dc8e39399263c43353276945d057bad9e7c48cc7d82268274e9fc9a874be8edd1c5d9f821c519c007d4ed1fd9a95c0ee26ea23bb29cb8e71ae8e3fcbaebb93edd5fc195a2e83c7f188d3742570da6f637cfc4d03e4caea8a52a8d9142c74f5b84117495c88a12c978a2c8b85325431dfa76ce8f399758a252c2de4eca29669966d6741b88e3f8236c74097cd20ce1975e97f8dbd327c7cfeaac9a538276b157089afb6526e89cb936d07c6528bb66121ca8b038c7d6e16d6a65cb46684909b629f7d6a7f4e56c0c21f6368cdb0c4aac764e1eea13d5a1372fca9e4a5afeb2278a9dbb232fb88a0b3b2cc3cf628e5bdafe5ef655e32b57e6b4fecb9fcc34c92fd282c8692a4e31703811c2764e024c468dc987f5dd7e74256b1a61cdc44b774b26a59776c042a30a6da9d2ab05407eda18f06063f91487757786e5c386480fdb39782317659328b862e2c8322ff227c04589146a8778ffad0a576f4708e18068ac5a3fd6b88457bf1bb6b7fa5d9a257f730f6a9079c335899b56f51fab58ad1fa9819b2fd7c32bfb03a320ca7019c270a25f7cb729e29fe12740a6190f863b64c5a862399d221f437a08247419b4d998a83293aec56cce40e67c7975c44907b6df9f039966326763d6bfa60798b94880f2bc10f113f832fa8df9f4b2f5e169e0ec2c6bbc516010c747f5875130f2375667ca96f84c517b7e5157157420c45ab5e6c88d516c3f1716045b373e41dc2ddd2674bf31a01422da348709f7282520f52aa32a07bcba19b4cd897da373f18e259d87b26b22e6d1ce9607a4c583f790757a7dbb2ecfa95cb66a19c28970c7d10e754d1b6b8e9676c1a6aa109cf370226599392cbd90b3bc24ef80fbcc4c748f1ed4e516bd58ef16dca918413f46367807355cf79c5593933d6e8876cec907578f8e5bbd5dbc80ba36e3f79febb639489fc063e51faf5651a87e5e930d16a67c63348a7890863bdac47e0799773b59106dba2cd85c38d83646f3bf24ccab1756f23dae1e3d30bee4ca26b50e6030ff52bf6776d799d51c1b9f7e8766d6bfe778b878e5084ed429200b63e24909d7f2594fe1632fcdd0d90ab25ecdcc4e2f86e6676ea70155284d9c818bdfa19f874b8257d4fd2cb4271c1054c06b03d4f362c1a743399d4ded5de1497f5bd3c8a2362918b348aae213bcf20ceb59d71753dfd28ed470c39e5a178001b535b99ece49e7b3914db645b9c016bee369206eaf3fc6a02f113f0a2c04d9173f415ec007c3cfb5c47c6bd7000bf974768bb3568fb51090f795c0f0b0dd190ab4444bfd16d8d280f7a16322e0e5491d19ac29cfedee099e28d4ce6c88af036c0feda59beea71f18bd74513124edfae68b25f1f70150d8837d14bd522f6e61c19de8ced01548270073c8cdf5f05cb9f86d577f8e89f36ff50ee43df17c64fd42e024a0765cfb4c4e60db1e9560f37caa03885662beb18af1828511f52aaf29f12ec8339097274dc606723077979fb1733121d73a58cfdc7513e5ee30bc5a06ae4eb52e09c65d53bdd3aee5feae0e25394ef6bd14cae98c90d35a40f7339f3b436400cdf7dbae95b95761c23fcd713d846cec63fb6aec170e28508f5659ec9a4b45ed504883d034e1534928ebb445b9a6a0bcf4c2b195f95d3d76d78ecdd1ca9f8c1b41375e103a9b0ea2c4809a0d93732486cdccc4e7d757de131cf1c967b6efc73a492d40004392d745825f2044c3e2fcfba9f2106db5e40dc431ba203bba93fedc65483d79581de074b112e5b29bc04a14b797e77cc7a55c31168a76aa839de00d3335b7d2932058e3f3dd57de0d7b917321c72cd95e80d8e97ba4d13bc7eaa1acff81cbcf1f352e5ae14acd60e62da05394dea7fe197b6414af61267c59d8284f920829ab8f43fbeb7fc35cc7f98535b59bede13f15cc92dbfdca27de09991b87f0850714297df3f31821d03e418a11205efd8eb206045058b6fa7d69f2c9541e8bfb46fd43ec0b4504a6627a415ab649b243bb5587781af0971649a58f38f274759708eaaebca5e858eb3bcfdea5e96332a51720af0f0bc2412ea82a1f48b8de158c06ac9b78958458c6b1d0169a48f7a8f86d06b072b4065fae64095c03344bbbb1c5d0237a5069ab31c629b0211fb232f4fd5e0a5fa3a16561f00ecd50049611ce60ca0dcf46cf54077fcfc7ad4a19cd2123b170cc0527508c8c5b4a0d59471f006e3be20c053a2aa082cc224310a393f0e294529c59ebad00b93f2284167f33ba16cefe9d34321aafbde074b72fa7ce1c0b99908e2829ecfc284a0ad9a9d63be8d93d7d86a7b1615ecd94781d2161eabf369215ac0315e842c0fa3f605244b0e614cc781c7680c04e8a3edd23fb3b48d4bb237257c1f985c1007918801fe45378a10f035b2700ef35246edece2fbf894080857b7206e6df8c8a671342b6b76b0e43bcd9f660ddf21e9fe5ae8c351cd980781dbac3c914dab2b35c2b6c87a9403cc891e813cbdce203f42daffcb0391e7d57bf2d60f127f8690380b94c4c60e9811527e908f278320f7f8371e1d6d252d6a64821dbd253b11d6f26bf9ee793370d2177544811978680c1504e370903392f7e242fffd036e44adc3d60112f85ebd17a3aa243010afe92c344ff7c98ce072b26ee745ace5abc815a417e64c462ed85feaec9f9721c0734da35c5ac5ccbad58b237ce56602356329a857f29ba20f3a68e55d74406e460b5a3b727dfc3f72368d43e37ec3125e1f6bae40705638d3362804a676e4341bcd288f9fe4e45abd234b7c6dba62724cb07032e07fa5620349064aa036f752f18bfcacbf1247305a4e9c059b13a4f17d87f7882bf029ac108107dcc09b618ddcb4d2cf4b6d1a639ecfb82401a030452e33bb97356a27135c01757f66bd3495a133438e23692af7f0600b1b436f4db4", 0x1000, 0x7}, {&(0x7f0000001440)="ffc5e698341c0b7503b2a72fd85c10886808b9413e1ea084e6145fa8a2d538272b4b4feff91ae70697b68ba649c6e8fc3527ae92f748a55e4767cfe918094f402aa8c77e524adbb1a22522c5121eec87e818401376f6acf20c2a8839014431ef37bdc0b94a433c3808ac3d90ebcc88fcd5e21d64ad0e2212fb3f519e4d63b3e5ef7a14a27d2cb7c1e4bd5afd73fab36ad31a94f0c10c88f88203de52c93d398247194ab62354d8357987388ab8b3b296c40ef6b228a5616856d61d9aa0a3c437933ebc9a6486637bb1f6662ae55b6aa3dd395c333e023dbbfae9ecbb64584c6c609b29e0a959b4103f38807aa88418651fa7650acc37872ba28e69d9b4c24fd5a1a8d59cd8bba97c2dd5226cfd81b1147897cd6773e0589dc3afdedcf18e248a1c6bd44360bf5a5d530753a183a2a13bb81220cbe2cf29fa861e47c4b2dd8aae0bcd38001088d8cce2685ec7213627bc6657132b006f0801edb4fc15300b0c65ba59eb5789ba77c66a74379d3ee5b4c123cab4a3fb4a413fa74d5a0166ecde815a92f9c10ed13f33c2e56c85ee442c40c5612c8289c2d99c6dadd2fe155946f998ab797edc61a3aab8f65181ae2403063c1da56d3208bada6bdcb1e1e1aa4f54a5ff76dc0f9ce6cfae6230590d1d9f03a9c9cc007ee34975dad062146b55b2a277146160d9b4e671d6c8127c5b493da72983e7a54d64bc265defa8b35a282a7b6968aeafaa032fd91d2d8b1699c6097f30ef45db38ec609bf9b5ccab98eeaa5d25fa9ea9280f41e67a7782ae275fa98829ec24f94400f09f8c86c2ebd7eec9b598b987a0329f04be9cb961d6e81c08829f6cd854447fd58d06500af6b5e4e226824cef47470ce50cb494e3d5714094756d749b2976293f5edac91dd973760cdf0d73b9aebde251d8f632f4a3c74ee914a80824f10ab430869a91cf848f3d8556e88de07fcd65747bc29072e51c01e02f12d9bfef758854b0d5402f52c5e0133ac3fdd6f0b16f40c387a96d9cae6aa62437c36323ea32aee10fff017dbcc1038f7ebe6b492c35a42d3234cdd50e1ec085bd0b04236d62ad6875b41adcb995cc84c1733a0af9269a35ae967a61670dbeee89601ad6550b6b85af3ac82bb95dfd9cbeec8aa9619b6811915fe0b20602918896822dddab65ca3cd06733e70674cb092452cccd53f9112fd80d006b70f054e85dfdc354d8b9cba74c0692159837f1a92a7408b110eefc036229bd087866f85abe50b46328a0a9a8bc9371d56496cab0e042b7fbe8d18792652d6ba17c14b1c5f22d3e9c7ee7ddd7f73df6a68052fdf5e1e1093579e38112eef858f0bbb7faecaefcb8e1efd667612fbfa5a3f029669b89fd3048aaed4ebe250cde6d3779a1360478a0d13af2aee710e2abd3898deb01b7308472f5296670c77b85efc2e801c8f1ab40f50c06d211db0532e32e55185830368ae085100c655fc636c900bc9b09a166e16d13b40105125f775c0bb76263ed003c2a723bdb1ae8e094d5495961a7658aec098cab1142e2f3744b07b8a5099df8e3079292d7a104e3e38f30431cf48d0bf71a320f1f6e1f81c15b939a6cbd510bad6e570792e8d4d81c2cdca2b62199704f419d7089f6b82fd455f623c31e555cf9dc72698724203e4198340d1ef39d043bfcfcd87113192719438f45ca497e7acd703c83a579905813dec288d49c61ba364eb54f708863f9ef0ed59ede7d389e4300edd4e31cf6139417e3859ed4102427a771e94b298842e651e34459aeaabe275eb38ccba41a0585722272a1940adc228f2626b001019600142d483fe956d12a0e5b818195a24deb4fe40f842b32ef26ff69d9c1e1a68e19fba914f75f07785693dc547788af7ffc25c6b1dc99275023265c201dea19e95e50964ce9e066d1d4193f31d94477b0c9826ac73d6215a21c506a3ffb4d551ebf9d24fdc8dd68c716f141cc45ce0599e228685188f51d6ce10279c38d42239d03d68ada3f740e2319b1dc06811b5599e1db5887ab5aa0833aa5423da6588b5326480dff1742466ad28ef60d0849211a928933e32e274742cea62a082af27f236eac16b332ff116a6b463cb153d3b121016874cdf89ccded016ba1977c9faf67e8f9adae357f16c81f1078f87bb157f4e4626695094bdce85ba5459063c2e210ab06c52067827613119c72a8399ef95a87bccc2735eee60fb21ae4c3e3b15547f1dc794bab0d286337d0edb898e6ee84fc51754b4bfbd7a74991858b3c886a5a5385b2b2b393caacc31950c391e4669ed820399815da8ba6c7e1201243b44aaa93f7d883206e989f83a26176a55a148be8c059c0066a44493529a542d2572e7cf5ede0cab576f55996543e55dd7522b7734c2feb82a5fffb2da65dee49640fcae4e894fd914952848acc371adeaa3b6ee2568b29f4a44e3d84059e167c27cbe27525239fa07f33f4b025adbcf0feca9b4f4a4eccd5cb6f60ab09b6c6a70c028677f78b37ec4ef9c7ca74d529bb9cdef1001c06cca2d28452c41ce9e90c95d8703773a830df88c5aa599728eb0af41bf6ef6e8f9abcc93dac62c6ebe3309c98e9685c5aaaa46e8c2910a0eec8e0d9c4e95fd461181fbb32500aa9b938e22129d5d6df96cefaf5b9ff05fd1d5130568df0cd76f85347bd6fec3be93f00c4937b67b3056978816bacb5b52362a1a7e50235f977075cae525dbf9fed7b23584ce82d8792d5501f0de29bdd127d1cca81d72aa2bc9fbc64dcc71980f3755b40f75e80070a9819cce877d4156cd83632c014d84d4fb0d160a6eb6fd5f40b326834c9fb0b075454075c6c642fc5d1e3e481c0ad0bde77ac95beeb15f62ae93bff149cce71d9248e41e3ee8912880f38e2fda5e461cf7f36918cd1336c0db27b8146f004390d1c1e0fe83c57e1ba29f1322daf6bfa6b57d65826cb9450839f52de891789a20522c19acd33a8f29e783fb6e1be9a52dc2a5346725b8e95b1376b689041ace20d8396973683526082a135ea39150d373c759f1ad6de14a44b8e8113126739f6929660d6bdd18188ad91789fbeed02237f2d9e66687a5ecf9ae74552fc2df31173c3b26ad7b5958f8da5140947d0e47ffcdd214cf7b52b2d629dbaa535dc2baf556f53502e888a33d1b60640a69537a141a2aef3578e3fb5357e1beb7c6aa7d025d2d140f9466e11366bb18d7cbfb1bc65c75abe4ba6a28ed408a33b12feb69beba92c238b1881693480c6b021cb0f1aa1c5a63341de1c306f76589df1c789cdf5cd117fe4115cffa4279025bdb5d35bc53710c35d26c15c7fd1a618fe0f24911e0bf8558b1a7bbafe409051a92567d3f1d2f78c0a2edfb2a9641f4bb9683591dd1416a13f3925036adbf308468141c9e9d926691c88486e496cadcac3aa4d81df6c5428e08038accd3698752e0857a7852d5329136933477491c11537a7565e7d2ad10cf3918affbe62c71f16e68cc8728be26e9d27c03e49c58835331ca6c415cbd71706f6bb284ab3cd103226a9a2a8a9b610bf1ac37473d17a99bb0d493c0ab924199f0d446218d62601eeb2641fd88281239eb8e65b8d59c4fd75aa474392b6e667a0e783b40cf1d225133da1723ba70d09eaa59975de90c0bd0fa2d319b3ba918eaa15f38809a6a919b1ca15d97dc72db76b53e6510bd78fc5efb9c0daaf193e6c30c156872e63b527d9ab1a0209cba1b640a011a6a3393fa4ed779640f87f14da7b934067c2e2461df09eca051114a5a37273a632b5e65c3af84bba4fe508e80fa6746903983a9eda792ea4b9d8b5c57af374d1bb4b1f14218cb7ab5cc947c7205dbc5cd1bfb348a3d4d1f93389d170436882263c3729ca5860c3c9994c092218f1ef8843df7eb0c14b4154e339b5e5aef51b9b06b6ccc7e0786b1d3c38087f74e241a37105eb703887be31c969a9208c94feddde4a5e29222ee1c3d7e38aed59d933477301a1630bcd5a294321b302de1dcc14e651c69608013eecf6e28ef73c9274d86a2be5d06653464314bc62aee91de9cb280624922584599b3aac4f0827fed9641cbcbc640b84a07526a10ad88a12d2502a8fd29ec8268f4706ac35ee2ccec20a462669ea6170fd9238069eb255b997c4b0dd1b7f38e47a6bc0d322938ab4cf724a5a460c1aefcba78086f6cc453668d0e9d43e539de99ec0c2c4d00b50956f2ecffcdc71be46f48b9c2fc1d3d14f3c6e0636dffe020b0a63d7489f72b07d8d8591172a3111d9a18cb37372723fa13a5ed1af8d49736c98c233508eddc52f2dc7683d4f41f5e8cf13a2698c3193de15881703c701a8e0de1daef33bb6141d1ffd9b41127d4009baaa3662c5f98a809a72913989d69728741f3e0ff9ca09d5d8f55f991ed7c92eabe094a0999eb75756e84b3ba67f8c749c834ecee07b4df6614ce3ff2c2580d8e97973bc2d73a6dfe435f17681b9dab6cce407dc8872797196865c1c62f7b105c70282adb93fd8d26738e8d6e627fa03441746f3982d5d6bad20cd5686343102f953e98701daffdd9a207d22ea0bfbd3b0a55799c462fc078cefff4c8a662c4804a1c98e65874cf1a616d1083c805f35dd34831c439c4e658fa331e97dfcefa0d61075ebed42e52323c03b7774642a5d94f072bc5b8219b30a3df60c4d67c2a110519be91508d13900e913885170cead942cdcea31ac8f4f3ae748cb4b6bd67ada12a67f637f1e96445b34c50b6add03d254f63f85deea7a09dd520fe94b21d87c5758f4f4a7c02470deac2b61fe4f354be8199d200d81f8fac8ee37acde064aa565ecf7ef6c104cd3409642284f54629bc15cfdaa864dd927583793da8d8734df1006bbdf668f45867cd822b36bf9f0f2bee410a5f5d14daad163cda74d7a404658d3a8a1814b4636d627f2e9acb98a9e34ff389028d9d842b7dc3987f6909b49d64761724f75cf57b77fd1ea528cbc8f0a4dff7c92550ffbec3c3bf29df05cc7163b22ce9955e62a40814c68b5e1690b96e3987f78f7b4966e1b82848e54f60414776888a1b88184f311345fea516162d3166bf5669d4068cfe6effa10b7c239305b9dbd02fbcbbe411e28ca4d77e0deb15a45f214fcac1cd6735ff71d447f9086c769b2c58024d8da8cdf595cb7b99bb0a7e7d1bad7eeecd91cfb6c57e71e48ee51a5cfb3eb968112cbb63955bfe567545828ae038a2f4a6f81a9bf69590f0cd12422f63407e74bb891c06972b5fb531e1fff85e83b673be516f6f97c99a5d1875f7daf5d4c2736f60d0a4c33c217c39527b324ef77ad931ad554186984a20411f12dab3608be0e342e5ef261ac5c8051b3cfd3ebc10b55b4d3e1c89c5854be12b8073e5564bd47e4c22363eca035730d09d3502c040206f797078199b8dbbdf51ee5737e5592d41490058d7f62049c5bae3cca84a9457183409c9a8b3356022b617bf34158435639d82270594595f7bd4c9e390c688b6ff02a9b24b9ee4df0549d4888d8381f6c584ee8c3227ad870024223eccb788a62cfe6da471bfec80b3699bdefa3f3d7d8ff616e6c3a047b4a25d883525e03267ecadd17220fd09af70dd4bca7cc9acf8b7f358d139d6d2b630311aa01e1af10c49dc87b0c8a4a3153ac1313a7460cac46e71077f549b2e58dea247f8a305647ef252eb9e9537e687db08d1620343c4bed295cfea36ccc2063600f9bb4f810301645c709eb7a968c6d860c9335633147872dd6874dc28c4a13a3225efc10a30f8faab26a71de2de78d47b6ab549b723bd82dea80b43a24560fbd2dae0e4c579849b14d18fb1e1babdbe3bd218b405301fcf1542aee2748c361502ade0e485053", 0x1000, 0x8}, {&(0x7f0000002440)="0dab32e01b378ff292cbf03c93510523f9e3d4ed1cc0808ccf8e87dad27618187eede76acac5a54dfd7e730445c5997d609c21a28f238de45ba6beef5b7e24fd3eaca6c396854e2ac2679cf2a86599efae4b5153c7d1a478b7a6ffde2caa571cfdb22b6dc36f810687eb507d21d7c344e6e1fb94e5cd7e34f88562e37dcedd67fbd4de90f33276c7d759bbdb670fa839e6bdd6d83b1aaa6486ba6ed21c67fc7bd9f1878306d0bbdf5be8a806317ba076eaab8c85927b", 0xb6, 0x6}], 0x2200000, &(0x7f00000025c0)='btrfs\x00') 02:47:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) statx(r2, &(0x7f0000000140)='./file0\x00', 0x2000, 0x0, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r6 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r6, r4, r5) chown(&(0x7f0000000100)='./file0\x00', r3, r5) r7 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) [ 470.200657] BTRFS error (device loop4): open_ctree failed [ 470.225404] BTRFS error (device loop4): superblock checksum mismatch [ 470.305211] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 470.314308] BTRFS error (device loop4): open_ctree failed [ 470.369115] BTRFS error (device loop4): superblock checksum mismatch [ 470.424581] BTRFS error (device loop4): open_ctree failed 02:47:27 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$VIDIOC_DQBUF(0xffffffffffffffff, 0xc0585611, &(0x7f00000000c0)={0x1000, 0x5, 0x4, 0x1000, 0x1a8f, {r0, r1/1000+10000}, {0x3, 0x1, 0x7, 0x9, 0x3f, 0xff, "b5053047"}, 0xffff, 0x2, @userptr=0x9, 0x29, 0x0, r2}) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f0000000380)=@filter={'filter\x00', 0xe, 0x4, 0x3a8, 0x208, 0x0, 0x208, 0x0, 0xd0, 0x2d8, 0x2d8, 0x2d8, 0x2d8, 0x2d8, 0x4, &(0x7f0000000140), {[{{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}, {{@uncond, 0x0, 0xf8, 0x138, 0x0, {}, [@common=@eui64={{0x28, 'eui64\x00'}}, @common=@hl={{0x28, 'hl\x00'}, {0x3, 0x6d}}]}, @common=@inet=@TCPOPTSTRIP={0x40, 'TCPOPTSTRIP\x00', 0x0, {[0x81, 0x10001, 0x87, 0x7, 0x8000, 0xff, 0x0, 0x7fff]}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE2={0x28, 'NFQUEUE\x00', 0x2, {0x2, 0x2, 0x2}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) 02:47:27 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x101000, 0x1c1) symlinkat(&(0x7f0000000040)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00') r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x406, r3) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000)='/dev/kvm\x00', 0x4000, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r6}}, 0x48) socket$inet6_tcp(0xa, 0x1, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r6}}, 0x48) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @rand_addr="0015fc24173b46202c5400"}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r8}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r8}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r5, &(0x7f00000001c0)={0x15, 0x110, 0xfa00, {r8, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @local}, @ib={0x1b, 0x1, 0x8001, {"4404b16ad810271f67db0a9d81a05501"}, 0x6, 0x8, 0x3ff}}}, 0x118) 02:47:27 executing program 5: r0 = syz_open_dev$mice(&(0x7f0000000100)='/dev/input/mice\x00', 0x0, 0x400) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f0000000140)={0x1, 0x20, 0x5, 0x0, 0x1}) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000200)='highspeed\x00', 0xa) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x200881, 0x0) 02:47:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x640, 0x0) mmap$usbmon(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x4010, r4, 0xfffffffffffffffd) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000200)={0x2, 0xa, 0x4, 0x1000000, 0x1, {}, {0x4, 0x8, 0x7f, 0x7, 0x9, 0x7f, 'n\x00W&'}, 0x77, 0x4, @offset=0x3f, 0x7, 0x0, r6}) ioctl$RTC_WIE_OFF(r7, 0x7010) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:27 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000140)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}, {&(0x7f0000000080)="0d999dbeaa7c1dbc88c541a722909fc7cf55626b12c952d4008e6355080bf55635061eea3b924201622e16200ef551606c7ee78ea60b07e28a6ea0574958a2191ce372da8680e2a554879f3fedd355b1eba38b609934edad046043c5dccd0ec8c758d4e0baf3940b566fa327c4ddc914356829e801a5a45fe65a214fbbb0dc6876e9ba32b9e732e368425a5636d70e8340742f64982cfb03a9483f79fda7c505", 0xa0, 0x1000}], 0x0, 0x0) [ 472.839865] BTRFS error (device loop4): superblock checksum mismatch 02:47:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r1, 0xc06c4124, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) setsockopt$inet6_tcp_TLS_TX(r1, 0x6, 0x1, &(0x7f0000000100)=@gcm_256={{0x304}, "4a8e7b33e5cce0b8", "32b0dfaa3416d0d9ed0cba417b350ca41ff5cfc8d7a3f9c5782f51e093a84986", "0085e69c", "94026335f98214e8"}, 0x38) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 472.891040] BTRFS error (device loop4): open_ctree failed [ 472.908888] BTRFS error (device loop4): superblock checksum mismatch 02:47:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x2, 0xf4000) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r6) r7 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r7, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r6, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r8}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000140)={r8, 0x3}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000200)={r9, @in6={{0xa, 0x4e23, 0xe5a, @loopback, 0x81}}, 0x2, 0x3}, &(0x7f00000002c0)=0x90) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x7ff) 02:47:27 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 473.004836] BTRFS error (device loop4): open_ctree failed 02:47:27 executing program 0: syz_mount_image$btrfs(&(0x7f0000000100)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000140)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a005f5ffa0400000001fffffff60000005f52485266535f4d64abdc052bc6fca8448653ec7593bc00a2db82400b12e95e725cd284e2c67f934a", 0x69, 0x10000}], 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x84800) stat(&(0x7f0000000400)='./file0\x00', &(0x7f0000000440)) r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000180)='devlink\x00') r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000200)='/dev/qat_adf_ctl\x00', 0x2c0c0, 0x0) r3 = getpid() r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$DRM_IOCTL_VERSION(r7, 0xc0406400, &(0x7f00000034c0)={0x5, 0x1f, 0x5, 0x1000, &(0x7f00000004c0)=""/4096, 0x1000, &(0x7f00000014c0)=""/4096, 0x1000, &(0x7f00000024c0)=""/4096}) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) sendmsg$DEVLINK_CMD_RELOAD(r0, &(0x7f00000003c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000380)={&(0x7f0000000240)={0x13c, r1, 0x100, 0x70bd2a, 0x25dfdbfe, {}, [{@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@nsim={{0xe, 0x1, 'netdevsim\x00'}, {0xf, 0x2, {'netdevsim', 0x0}}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r2}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x1}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_PID={0x8, 0x8b, r3}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r5}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_ID={0x8, 0x8c, 0x3}}, {@pci={{0x8, 0x1, 'pci\x00'}, {0x11, 0x2, '0000:00:10.0\x00'}}, @DEVLINK_ATTR_NETNS_FD={0x8, 0x8a, r9}}]}, 0x13c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) [ 473.081696] BTRFS error (device loop4): superblock checksum mismatch [ 473.140569] BTRFS error (device loop4): open_ctree failed [ 473.154536] BTRFS error (device loop5): superblock checksum mismatch 02:47:27 executing program 0: lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x2) 02:47:27 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000140)='/dev/vcs\x00', 0x640, 0x0) mmap$usbmon(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000e, 0x4010, r4, 0xfffffffffffffffd) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000000200)={0x2, 0xa, 0x4, 0x1000000, 0x1, {}, {0x4, 0x8, 0x7f, 0x7, 0x9, 0x7f, 'n\x00W&'}, 0x77, 0x4, @offset=0x3f, 0x7, 0x0, r6}) ioctl$RTC_WIE_OFF(r7, 0x7010) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r3, 0x84, 0x12, &(0x7f0000000100)=0x6, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:27 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000001380)=[{&(0x7f00000000c0)="bc09bbaec7debb75b8250f10", 0xc, 0x3}, {&(0x7f0000000200)="8c11719468043b5630660e586fd3806e2810c5f6d62229c48195eded1fa2b1d87d8f65c9e15deefa10c9bb698e9e148c025646adaa24d2e34dd9b9b0dc004940110eef6ba33f6369a19bd524b992e81abc3aa999fe0b0294004472595f1662d8364a9735f2826831a27dfd7d4bf5f6a525aaad72ab48617bcf7fa81fadb8c93e21bd70e9b2ef3ef5334e1dcb065959df11c237cea1df589fc8ee739858892a4b4345ddc84bae73d4dc98743e0a11f25bf9ae5d9ef6b71568dd9e6a7b8c74d00b12", 0xc1, 0x4}, {&(0x7f0000000100)="203c4c00512032a8ee64208ef8fb8f1ffc2c88b1af3e5ecec635ecda7f8a55a0e781f145a377b43ad6b1691d89e0a2f2eef0ba6269a277a48e01111e7f5e59a57a6fde4735a41ce3c43621d243972c56b48922fd7c75aeb3e7be2a830245401819b0b1f9ca64ba1cb46d6d2d058090ac4c52792198566df6bb188b713581e059d4482c112a52a9ff6f162934", 0x8c, 0x5}, {&(0x7f0000001400)="70b22f0fea886fe8cc2d5eabae01c1de27eb7e7e1cec64972e45db1dcf78319dff89670191c09aa8e0417689be8702e971277285edcf53be19fb8f689909e8dea129df7087c3973561463b3ccd9b4eabc19a9b6952d17b934b488e54841ee8a0ff1121bcc0af2733f9e91b01b2d93778523519da47c9369adf7b5c86dc27228dedcdfb2d270a89e630c5187078989caad97ec080a3b2bc762852cb0236198a01b1a3880bd0bcec75586e13e5fd0f8c726a91a690baa8bc830b9e63d0567f656c6957ef579c4cd159966ab9074d4e344c9ceff920515790eb4cb96199756aa1d68307de46c8721e0279b38a3639b91d5531f60b26dd41733e9a82f59994fd6ef2f003ecdeba71047e2d709366e0450bbe3ef0215820af7f450af6f2e0409befe181d8c3fc0e81b646f51d3fece78ae1bf3b13166a57d86d44cdb225c4637737deeaba688493dc3bf6fe7d6431036e2da27089439bab315d964163db3c8140f4adc22472d1b3e9066d16b47a30d1829c3496f5b747666e22d27b5a64ea805bf9e4301c743a98b8b3e98a1e708fd4faf328e747ac0df05ed82ac68864e05fec30f53403c903c5807a07249c27a89bab579412a3fe81b92d5ae32d6dd7f083678b19e73a9cb85dfc160b261dfceff192cb65be8a8a9746006d5f5292fad8047ad7e6fbda4dc8e787436b6bd70f0281f65ce679fbbb191c7adc3c8c59557d25297380bfd36eb0b5de5392bef8db9a1403dcb5279520cfa3f193d7c1c59cea1b6967083ab39fd440deda024750370af9f04de8abe593dfb07ceee34b75aeec383904025892800c257063df7a4e937e98aba449093c6368f4aa066f3234f89be452d99d55a0992d241a192ac49f0e8a3e421e1c9941a38fbe178034b2f1d149a9031f9bbdfdf7480701170214f1e4227282456a0ba3a1610aeb77cde41a870998bdd89451c7b734d18794397102c5327bad98f290cf6d1bd54114c54fb2f0acc6834b57a6345fbf31e16153cc486e89cabae0de4f0014e4829397f58682a4d8171320b933b9b8b1a1cfe69d256a027370a124b065bb5bf07aa3fd6cbe36d9451b0bf80d8a02078cd509f034ab9f3e528db29cdd116664295871625f3022c9321a7970460c17ecbc1c744a29417bcce9384fb604f734d4f02cd1ca27bca9eaac759ac6d1ef8a2b5c52cf7e6897d5ace7a5568f35f964b85d4d99affe616fe8277c079e954cf61b1ed9f82833dfc59bd8e0f010178e76f9badda3602320b67f4e252d239ff55c3db110755e7652f1deb8d48ac35baed4684f217546e4b439b6479aa9612f257328353e45e1754b494b8a78c560491e956362652e1ed59d4d3e4772705a5b1603a12105dbae2a7ac9e3c22e62b8e14d5d7cc62e53b3dcae3033efe4c39e11fac33bac9d357d2114f71278d30a3c0700e0c7a8107afaad26894a615fa19658b42fbf2171f5ab2208e5de74f072a00bb08984c0ba30ec1da28290c2ba18cc8317ae1ec1256e7d897d2d11bac4e6de2ed196ae33bc89d49cbc3c53d0631036b1de45fdbb77703c35fecbab6ba3d18140ccaaa448d62e0c0bc2ed52d21118d64f0968146d3ca12b6df63d0afc2b59bcc62a6cc6be0f6ccfeaf87bafb64248f94bca2d4b3998b8a5a77457c0793f7215cf85883cee2dff59a9eb00dd16f1d98d1bed2ee08dbf8454c03348b84ff33ff26b6b88db1cdf45b414aa43e530dd5163b5e9b8c2877d7e58e275acd77d8a918cf39cb99260398610601c4b138cc54dfd76df44a684c84556c8ce9353a571292eaab59b2545971403613c9b01aa35ac9f8eceb814982fa4b46cafecbcc60ef8932728224b946286bafad5f891a5f83cca473f0f48b5a11b83b866110c5a7c9bf61b842c93a055bc64040c210529cee5a011e889484f02a327f906beafc47188c19b6d3a36785f75dcfa6bd711c6779bde0b42d3367951c663b7ab0040e084adf5e7b56d926cdf9f005c8fc06f25769b9fc9dd1728e2335a961165c465e806f84cf0809e1e770a62df62515f0336130543055ab0e48fbeac67f07f98e7826d800f8780a58b2e266f82b6301b6f345692d43f6187a7b515087894da451cc620ee69f12be2729f2adda27998f4fbfdaaae318150da6aa3d597fc6251fa04e81788a9ac4a4793c7fa0e290b0185daed4fd358531dddd1648a798a4eab8726797096f5be23321b7ac74e7a52b9ee342f366953a92ac943507010b135c4b8babf07b01e17a4bcd6770955f832e99900f01e1badf0dfbfd830d6d2de78fb1e99d9340aeda1f2af3158cafc504e83511f0f6508e175cb2d5ba86d0a98e5df4a4c013918a68e94c694f1aa3ee4053a3bc3fbf850310d96d32fb7da5d287d89a17b340c54ca71608b4ae56b07f7524eb995c9f83caa2b367e5a96e84698dd2dfccaa707954610b0fef9bbbdcab72addd26af89b43d018f09413c7cf52dc79f33b189a8e1258feab2745b721e5f3710f8afb5f0f1939331f761c0b57d08516d0596d3a70c07eb60a8dc898a22e40e7632f11f5c2a5a496da2ad5534c4ecf5c53b9d4ce2c413ec4dcf9fab0a93f8e349190b804cbd34bdf76e5b998f81f31efff916bbec0c35df063bc297cd68171cd80d845800d0527fe5c4b419ebc5f1ec7c53c3f72194dc5628c04057044d9341b14fdc8cf85d499bc59064861fc7f68003b3f172e08f82f099716c1bd2e28056dde71f0453e035fe69edd7b360c2ef74a1646963f96ee6cb539297484743e61349e8fca4919ac66b3faa8db4c889300fe10fd7d0652b9d818666df6b90bc54104b53ec24242e6a188e4e7784a812182622a1db2efa6912b85868200f366cfae6c3963608e362edc3616d4097911b8f75836757301585c0abad23dee266e3732d676d48f8140b4c6d867ee1c87440a1ebf804ab27f76d12d243c6559fcc2cf050078c2ee2a6101809f4b83ae10b922d36979ae57d8f234c576c2e985e4769a98cae3fa8e166cf244aecace5ffe13d2e4c3c884c15d08b6b17146ef133bade56a1f4ca0298e4572a1e3405e6990eace28dfa33b7739657a92bcee74800faf76d122ee6f6e4e975ba259d3db6732cee05dca269830f7f65d1b04a27554858c0460e0e41636b55b43df4b7512594a5753b75d533868ff54064d59622b00a649d8e1834f300de20e332fa345c11564c3a4aa204e0140fc5ae875364e78d822886626bd9eee18aa40d79ec158b53adb508f4d370db5976ce3009f3cc260b97580090a4512cb3f6b3d028741382dd3d66d061460d2407b971787c476d760aada52fc34fc91ea434dc246e91db9502d294e9f49f83b905d7d3dba002cc7913ad0f5ac93e3f3740d66f22b68e4eddef4ddb4fbb169235135fed7eba84f3b9366022d54ba47f2da7a8302ad4d8b9b1b43608a7c42bdd9206f56d083367ddc3b0e12cf7803ba705b3f420cb15a09a2a70d792fe065d0b35a2d2f11f44b0616fd573db43faddea26c183efd1d5b774fe41310e4aacb251c2389500220a66c507a829e248b6ecc5a1c07edd3edc3a75fab8cfd25b2d81cc3675e15db3e3dc7ba077f448cc91288923e467fffb9cf1413caafe4507fb03d03352eaf99ac8dd8eacc39af1ab2c4ebc6d8feb1194ab399e49dad420980071b438fd29125161bedae2ee6df9cae0ac99f9583be7db80fa85d50ab2cfbd55f5f1a43daeadfeecc709fb94394f9fc0b835b9c1f93ab19f01601d10a4c88ec05c959667565c2fde53a22dc056214e7d2273db3d376b29dc4103d581aab0c4b133b92a559f15430d189f1f518052f8f7cba80c84ad057502382018a4bc734a3e27c68c7333276d1281cf3278b8314c8aa49cb41709a2156a216d476fc6b109802766264c921f5af8ea167631fc0f64eca17c646b2cec3a403e6cab90b6d6d4c6b1108d1556d6865a9b11ce0bb3b74f6d4c78c31b5f5717e9811a2213a4d24ea933921c3363ddc1bbe7289684f3ce8b16094543aea89f379f802ea43179002d20f17232ed853b867a316c4e543f71aeb04574b5072e1c554b960afc493aa8346cf59cbe091dda6f2ee5e21357233922292fd4d33ee1ac17daf2525da95942346341938f30902944b56b277bb478a559231179598d2b3684a3e1d67f5b372692948a568b94aebfd76139b70e7326da84148a526d5f31c373e4d8ada1f1e66a47987b84bdd46878a577dea143c5a4074c886d5f0752e265ddeb615fbe705407ec631ce9b003f4886caa5dea93b7829bfcbdff550dde7ccce423b2abdaac3a93d390ca437359d8252fa21e021d9ccdae67006dc6d4714611ec36f4c582959ea1cd9c78721b961c7eabd84ae0efa5fee8dd2c936a53a01345a37920d569d7934e6b4d77cb8dd8bedaa99e6487d6de23b1c719e6a332b1cab407b0e03c251e268a9f308c7bea9664d1f031c74682e09207395cf6198125f919776060229d11ac3b3425f96327be288c64f559af15f89af47e831faf237a4224d48e43a5025fd500b5cad74a66729f8c98338ed4c4ed54f2073f2e73aeb77c7a30d1f71eb1b132e4207a162e900bfd20a04aeed441db31763b0fce3546a70f1a07b6e7ebb1e89e22c7992e03c66dbf0234319d8f2014a1a2751ee6f826e77f2e54adae336c4e78575d306719aaace3cfda0cc2c1fd5b0f238baf48c6d8105f4d3757c236b6ca1017ec8ec6fa4a1798a3346e06274e4ac6db3c72392c99254821d8dd359250a65708690482c9a6f5bf6e3e8d9fa70755e6f83b1cb9dc36aab4e91ae7fb10288da4f878883a63c89988511ea2c2be37d8c565f7ebb94f9749fd8cbb814be95a27c2e0a06cef024ce4f3cac55e88f6a790d037414d7b4d01d05d501bf5140de09ef8c8256ff5529ca8a5d8af05fa920931c183b0fb4f9c51849ef4d83e4e7b2dff85896efccbec7ccc91eba926b41a75e4fa651d405ee95d71a814fb929d3c7dab2d75d98c934d65d6d053cf62de53903a9de755e9028780f19433b626181cea573b3436ff65629cc597469f9e64acb69318fc7bd782c478dc6067a4a2ba64c3d3c556bc0723f69b308904c5060905fc6ad15ca059edde4d2c7d769ea5cdb4a79242b34e595be9309dada4cc36b7d949d33253c65859909823c2a391e1296a5331e9ba98f5502d260ecfd49b38ea18acf63c0bf8e64f0ee50ebb748813785543d67a9302605dc4e5a3b8a964f6722b9f5900901d33d742a2503a9733f633e2de3adf4b74b9090915c0aaf6ee708cfadc0440cfe20c133804675cbd898f321fa03fcc60b43d672a22c6669f269f74c16bbff6cee655164d0275e6194c0959513c12103e8b16b386a775fe1d0a5541b325189f9bf8f93bb6b7b80ba4d21317e0a3753b43b23d33790a207e2c67350aed0a3f5942636573142a194fd81896bd166df987397681f622d075fd00a29386fc4ff55a00568a4c6aadaa4a90bbacf1cafe9a9da8f5ce5da43bfc3eb1b83c34edc94934c7c2255172d0afbc02527a6a2417c23a9f843d72043d7be39ca054b326b552657559d1cc284d755bf73c5d6f90e2cd1e288abfd099268da1ffe28e3ab6901ab1a7054b9cf6fa2dc591769a98c2d1f65169949ffd7e4851ce6924d3ad4b48b5330a582e854fa3dab9c5dee980a58880fcc9582c7fdbc19cb87b505c4d79e87595b44c7d8cfe74205322106288cee93ea0a72bd55753320630ab67d50ff0e21c49617c0653c556f4d61a022e6322422dd0b50bfe4bd86f5d80aabacca5211274f8fc4ef1c9850d9915465ab5b028ec8fc8b84f3f41ffd0cbf4e90edca1230b585e9489c57b5394889af8a33fd00", 0x1000, 0x81}], 0x1284841, 0x0) open$dir(&(0x7f0000000040)='./file0\x00', 0x2400, 0x1) [ 473.212266] BTRFS error (device loop5): open_ctree failed [ 473.238362] BTRFS error (device loop4): superblock checksum mismatch [ 473.330661] BTRFS error (device loop4): open_ctree failed [ 473.473524] print_req_error: I/O error, dev loop4, sector 128 [ 473.486538] BTRFS error (device loop5): superblock checksum mismatch [ 473.530310] BTRFS error (device loop5): open_ctree failed 02:47:30 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:30 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r6, 0x0, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(r5, 0xc0286405, &(0x7f0000000040)={0x2, 0x4d3, {r6}, {0xee01}, 0x1, 0xfffffffffffff355}) sendmsg$nl_netfilter(r3, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10008200}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="d00200000d0a010428bd7000fbdbdf2502000001e7b6f38f1092c5d4e576126e7d876fe10fd1136d8e49df9bbed09e7d2e7e5230deeb20ab3cbaa830e258a479d90c16da12ee855f4621a06dc1ac451991f752d74dde04a7ab08bfce2f6bcb30120e870616ac4336e35fb3559c35e56df42c7b8123f88eb4290d872cb998c3c55fdd901538b02078d82215595d04e0fd9cb96d6ab5c3e68952ce0bca1b2071961a381ad0203b4645148d1dda707e2094aa51c8fd1a26390b8fe3be51cd6d3140e5cfa8869692cf5d8a8677466d69d793e72a01798008002700e000000109002000686173680000000008004200", @ANYRES32=r7, @ANYBLOB='\b\x00\b\x00', @ANYRES32, @ANYBLOB="1400470083f3948e2b528307815b49b1563e4d9ed95416dcbfe8efbd9cabd9b49cb04e89615f4c2e0c3a2346e509e57c0dc59a402b0640b884d866979dd842402476f270bf79ebfcee814a174fbaf7a5df4e4f580f532a077194398f2aeef9cb120a20573bfc8f46ace1198b3b345e1d5c69592acba2bf7968c19fad19bfa38b5edbfadca386d94195fd3575c3b228658321f2fd505f4f4c856a1a4b83fb4aaae066d892be924d518d8374ebeaa1b9e728d9963ddc0312010b8ce143acf28b9426fc7b259bf4444ff4f1ec16ca1fd6d54806a7382083cb002628a80802fe66fbf7558dc9428137d798eb684c3e8887c5da6408000f0004000000080057009d03000000000800610000000000c6005500915a4528700b77c0527304c041d2028c1db7278df0ae270f35850d9d0d9c225f2a6d8fd6ad2a3e246793f9daf35365c19fd513bfd5254ddcd2077c7405b3d8dc24ed2c79f08e257edb918cf49239dc5b78bf8557ef4f8dc7d2a6ea7e953bd9bf815c3b18663e6401007e71872d5675adb2427367f20d04a1b99af90cf205dfad1cc27779cce0473503b0ab2324903e91e9da2165cc20997028e71e7d8bb3b53efcaf6b9332b2c1f57d8e3756bcd1ca8c49191661907df2c72f6fe24f799ed23b06330000000000"], 0x2d0}, 0x1, 0x0, 0x0, 0x40000}, 0x40080) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:30 executing program 0: r0 = accept(0xffffffffffffffff, 0x0, &(0x7f0000000100)) socket$netlink(0x10, 0x3, 0x16) getsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000140), &(0x7f0000000180)=0x4) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_STATUS(0xffffffffffffffff, 0xc05c5340, &(0x7f0000000080)={0x9, 0xa2, 0x0, {0x4002bc}, 0xc3, 0x8}) 02:47:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r6 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r6, 0x107, 0x1, &(0x7f0000000280)={r5, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x20}}, 0x0) r7 = socket$netlink(0x10, 0x3, 0x0) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r9, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r8, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r10, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r11 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r11, 0x107, 0x1, &(0x7f0000000280)={r10, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r10}}, 0x20}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000180)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)=@mpls_delroute={0xbc, 0x19, 0x100, 0x70bd29, 0x25dfdbfe, {0x1c, 0x10, 0x14, 0x0, 0xfe, 0x3, 0xc8, 0xa, 0x300}, [@RTA_OIF={0x8, 0x4, r5}, @RTA_MULTIPATH={0xc, 0x9, {0x8, 0xfb, 0x20, r10}}, @RTA_OIF={0x8}, @RTA_NEWDST={0x84, 0x13, [{0x1}, {0xfffff, 0x0, 0x1}, {0x1, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x636a}, {0x2}, {0x4}, {0x2}, {0x401, 0x0, 0x1}, {0x5d4}, {0x7, 0x0, 0x1}, {0x1}, {0x3, 0x0, 0x1}, {0xaa}, {}, {0x62, 0x0, 0x1}, {0x2}, {0x8ff, 0x0, 0x1}, {0x2}, {0x8}, {}, {0x200}, {0x6, 0x0, 0x1}, {0x2f, 0x0, 0x1}, {0x8ba, 0x0, 0x1}, {0x5423, 0x0, 0x1}, {0x5, 0x0, 0x1}, {0x6, 0x0, 0x1}, {0x0, 0x0, 0x1}, {0x3, 0x0, 0x1}, {0x7b7}, {0x6}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x54}, 0x4000000) 02:47:30 executing program 5: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r2, 0x8914, &(0x7f0000000140)={'syzkaller1\x00', {0x7}}) r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000980)='NLBL_CIPSOv4\x00') sendmsg$NLBL_CIPSOV4_C_LIST(r2, &(0x7f0000000a00)={&(0x7f0000000940)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000009c0)={&(0x7f0000000b40)={0x94, r3, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@NLBL_CIPSOV4_A_TAGLST={0x1c, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_TAGLST={0x54, 0x4, 0x0, 0x1, [{0x5, 0x3, 0x6}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x7}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x2}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x1}, {0x5, 0x3, 0x5}, {0x5, 0x3, 0x7}]}, @NLBL_CIPSOV4_A_MTYPE={0x8, 0x2, 0x2}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0xffffffffffffffff}]}, 0x94}, 0x1, 0x0, 0x0, 0x4008000}, 0x40050) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$netlink_NETLINK_CAP_ACK(r5, 0x10e, 0xa, &(0x7f0000000240)=0x74ed4cc0, 0x4) sendmsg$NLBL_CIPSOV4_C_LIST(r1, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, r3, 0x400, 0x70bd25, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x20000050}, 0x8000) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:30 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) prctl$PR_GET_ENDIAN(0x13, &(0x7f0000000080)) [ 475.867292] BTRFS error (device loop5): superblock checksum mismatch [ 475.925692] BTRFS error (device loop5): open_ctree failed [ 475.937671] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 475.939420] BTRFS error (device loop5): superblock checksum mismatch 02:47:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$NBD_SET_SIZE(r1, 0xab02, 0xaf4) socket$can_bcm(0x1d, 0x2, 0x2) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) [ 476.013840] device veth9 entered promiscuous mode [ 476.026296] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pig=28234 comm=syz-executor.5 [ 476.027237] device veth9 left promiscuous mode 02:47:30 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 476.106044] BTRFS error (device loop5): open_ctree failed [ 476.111936] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 02:47:30 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000000)=@buf={0x1000, &(0x7f00000001c0)="856da46e3b07beb3ac33e7862deead1b7f721fbfaefca4c3590315f9896a8b91427952b381e601b0a1c91f4a1a9a65124f4e9b8f9df30c38eb9551227c9cde97a8ebfb609dbdc5a5402ea1f76d2b07d3a1522d2742767971925e0fcab40dcf39b608e091bd448990910911c571b091fa4c6528c0683a228cdba08b2922411e531199bbee50727cbe1e592638d71437a72e34849d49906cc513e0ec4843fab968b62497de3fe65da067e7b2758919bec633e9b5b1b3db3be2a2b5ad5341a7c6a35a844cf474af943b0984f29d9df8833f195a810c9e374979752884c453822971997e1cd3ffd23973b9f6ea564c47c0d13fa25206d43ea5322919055bfb274272bba9f22982f044e9e080c3992a4bfc452ab83621c4510ddd3700e5fa32ee5dab26f31cd9d83bc41a2cd691edf748416296ac570382decadd9cf113a4a6b55631803e758f181f11ef0ca29e670b5ad2a36ebf25dcdfe0aad1697ff13ea71df67fb066ffb4e9e3eb8f5becfcd42aa7a0f5369bd30b401010594705eed442e68488295c7320da9aae95ec943db142f9970b8a5806b40f4f4a0fd76a37eb2b658bb9da69c4080d30f3d623e963580ae18e5878572a29696132688235df365498efe6c86c567dcf35d1b940b06e19d7efe9a4a94fb3fe5c391084bf2bf55f91074fc832ae2f3f46d9331084250e418248b2f3cd99f06b069832906207c57a29bb009428b3b2b0bd8e9b91d420b99689548d34eb014cb467c95049fe35e0c524805265a274a2498a2a32cf3358c4975e5201c057691842cba60d2caaf64c6deb4699a4bdb4124015b9da2ca1f4ac4e11f0652ab512d6a76ab1a4f3b5d932253493625711122e60e39e94560451051f2d543976f1cf26aeb18da6449370e5853fb538e26f884e54f142c1b123674f096fa8f9d4d6c4ec1014e7d39a2a3eb7ba4d219140f685b8a471d5f48a3d7861a41632392c0b0890077f87a2863432b41866d91b456059e9e86ef2f1c37293fa50e7e5933c4bf02cbeb7f2c1ad59ccd9915af643fa3d653e0371d9f72fdee664cc74c9af7dfdb74b78cfb29e47f1716e523c3bb1681865772f5164389978147c4f94e881337ddd65658cf8703d478174fb3d4ff7e8b938f6c163fc0559cdf1d37ebea8bf6cbf23804181d3a3a8f8b81d181a87c39b3e743c17140519c722944c99b4ac17d94610bbe67fbaec0445a74fa776546221d4a73c5998af9b857378735c7130d88c104834f3b2f17bcb57e94c380e8a0060690da8fee975a7d31b245edccd8018ce8fc78cd133bc1f5da3360bf5bfc6d979134b53053025d6e03cc8a5c21420c5ff001c6298841ba65e0a2fb708c20db1e9930abd79ea6a16fd723107dfbf06cf51e0346429f97f4c39c961683d376b6dbc98be1007596587ae42977d1c8bf201cd5344194d53bbe9cf9915d28f32ff828ae7c1bf59a9c389c23054ca7933cb9429c0438fe09084cdbbce574bd1e883ce4a9fd35a359b5db1b1edb59a4beb27f3a1376d3653fb7481c584c25165860e70f11aef62c61ab5e428ce07f9a060cc7a91342fdf43b047967ccee80f7654b4403f8df8c079741a4cc025ff3dd9fc04884d22215ba422e8f89aba543e97ddc3957a00b291bf1de4c1ae241b81aa8b104a58ca815074a5f6a252ca68914a236724d583a107a18b0ee8c15150851de624f08e8ce9f2beb7d4198cb96feed9567777d7122f7c46371971aaaf104ee45dfc83a3b9b9b86e0691afa96e57b74794f8e93fda2f88566cba316fa1186bd7e5303f438084cf24ee2cffb2ecf951cb3e1c32f8530ce88b2247462648fbbae9c26b2c8d9377c83ee04b49bef5e56c30524f10f582a92cfdd382473f4ec9a832b67cbf1a3acc9212275c0a0b7dc747f4422e2231067571a72cf3a35face88fc62e358c6ea865673279b9fcd6993c5935dc113593f7ab5e31a8e8e00e904b38a35fd6e7bd1df35e4c71e557934299fb7b28f4ec428518e2bea02841c68c8dd3fc3f9c2f559d81f41393c08db96741349b314fab89cc07996479bfbdc5e6170145f73a406be63f88865b78122e68a1f8fc714846c535c8428b6d52598c042ccc5f0a2e04881f47222e38b2e4c894fc485c6e5e5cecb161b8a2e4ae64cacdcc3485c7acc678066601bb128b17d5a6ac0e2a9dbeaa528fd48aff4ac40c3c7b91bc65eb041c3314b6a46da6c9a65156ff037df67355bf9850f0b3a9f649bbeffcc42b3722a0f029e7d3257d1fbc11a1b606df9e233858d94bd3eb78af0b4ca2fbe3d2e643fc757520c3c46315c33d757e78c1c5b0c0733068be11f5037b2d2a63b58c00703bf6d6868ceeb576a4af66dc1c20262d2087917828f9aa23964548dce5e6a21c9523afbc6bde3322edc689ddf3590bb08e494400480ec878e95cc061e19567ace0dfb8ac4a49ab0f3b8cadf58d56fa3779cd63a7b8fca1a839382ea57bf400fa9668e6906c657366ec14e143c4a923a0a9053ab1063f13fa6108e415a6d46cb8b6276d01d65d9986002f335f1757eceb824a1a0e078cc9fb4d69252cc9f44f8e4d363c829341d46450c6ac696b12dd63db2f6291fcdb8618745561a5e3617979170e7951bff74458a0b713a743582321617a20b23d3fdfae8f5d290c8eeb10de67b9dda870c2187861f746f3c621ef193c50815eabe60baa3c0b382f673a2df23e53eaf8a79e5c3fc17112979408db1165bd9f02846070fdb6f2780e0fd29ce6485b53238a5056b52f130c90d12714c44d9b99206497d1d78199ae18a3218f971f37afac32c1c8c44e83981a97bea79d3fd78b16def3328c1eccd7e698ed2de1f596c0c2f42ae2f83b7bd22920a4e8ec3c1b81c94f0d8db42c79a2b440044653f646862ec49a00a1b3c84a18b0d8231842832e06664f1c574ce74635a40e912d56688aa2956305dc29b50b1e283a3d955383fe7e0d01932ef155f378c97541e1ebfb7684c0358e6ae00851aa0251bfd666c87032f3a4a5a9236d84472c0b05ea9a68e1216d50cbf783360938372baaba30f68e67a8ba8625b5dc890259b1250c4c510626cb52afb2fb920a3cac5eae82b1d6a4daac5095a6fbb16dd6c2cb2b7c028fa57328027f2d0e57a97feeaef6d53e21a6270e03006202d20ef062b76b1139c3bc5de5c8ad9415f71727da69d14f0a4fa06ebd27c443f178e64ea6972ee293165e18059469d63b84a9f406bf1a4d69870ee9bc9e4d783e8458b70fc3c07e10ecd8eca783307a7ab656950e4bb5d49d3a47cf3d8c12e9fd74292cae188403f7fa2f7950125f58e3f9dcd48c9e460bfaba10439f360b3e15585b86132935d3fe39146be380678042d299b821ec16eae726ad7dc3d42fef73c51ef87e6e0a76fdd4c9468f8d2ba6d857cc9b9e18f78835b477e8ae374c1861a962d32c86baf8f06d7821a87c1fd7eb6146f5153715013bafe20302526a23075d37ee9e26d8c5912b2863d1f0a9355e0e58b12fe6ed8cf72241e3b208b00f8a3863376bfe8c5e8f1bca17e9277c615a48c6d41252d1a861bb226743f172e9a04d267f61075b0fa2f548480d1a6786b5030f7a5782a993a03318e37876921fc9b492b8c7a3a662a9bdaa993a13537d8b4b1429df24870e1aa90c3c84795bb21429cefab69ee3d40c4ce779900551606c968fc0ea55b6c4db83110d6c829e7d24bbe075c1b9803ba2bb7d046d812f47bae7817b2afb1571ef7f036479703594f9e587d9bd673f0c316e557218c475e3b8bedeced0a1874cf92bdb2f96ace4778e1e8c71a930454ef1bf560d4cb31376cd6cc78b0e6a1c0d7befeb86233baa102ddfda0f6b561900fdb233a33890bd4b2c590739405efc3e8e015d1c087799cca3e25685bd35d187f5d843ae337eff344594709a6315b9bd541d8272d2704c323ee44b2086385e1ef967e1edb9f2a36e7cab8ad3dd108a0de546d0f498a2c1623822dad24682ffab2246a740e5f8a3a07673338166bd79e58450e4b99d3a75554f9a3b77e14b35c1d2d607f204320d70a92b51a96487edee24adbaa5a1554942d853e5355818384ada399b16a1d658da02cdafe735dc07eac2b0a53aa2bbf96ecc129f903feb7a265dc76caae7aaebb04b507a9624723cdc47783d92ff2aae7358e2ea8ce755a57f4728a42b42f604c8716bf31910ef3b40080102f54458f228ce29f3dab4433d1b478f5bcf068bbcede2c697fbfc81400027ab30f777678030104a5185a84ad4fa125747eda9331e7123707ef59eb4bd073b6dc0f1e6809660dea7679d211d0da92acd3f2beff147389384d960579b3999cddc6ae3402416aacbb49928f9b5d61b390daaa1e441d81f7190d40ab9340ff6cd6429594895072dd9daaa9e80f31b08004e67cee0199bcf9e156f4dc9b2f3967df43e4ae3771badbed0abb3b1c09790e36cf5c7c008dcfe46e8ce3cb802acd97ef31d148c33f6218e9586768adb3fb0a76d4adf4df53885b9e03b7eb5c7fa94cf6a04f023425cffd9194b3134074749292ef1ce98508a1b0ae7a2d4e29e198102583611ade074298351e0b4d2912bddfc86057077739fad104fa41ed6cab42d9a4af3d5403c1fb5d26a9f54633c8d716f7c1d48bced4b38eeee1922273097cd25ed87de9a8daaac90b0e12825e402aec7917a0da5faf664cda63375073e2b8999155462669a0175176e9445b7709c374c017fa373fd6f4204d2eed987f5f4641c972ab3197e0e7b01c71592408bbb04ce10125dd848ca4cc14a740eb439b0702683c1393e2c4bdab3e936f68527d0edfd5ee2f83d86e6985849a389c33bce7dd7b3608e6a816a142121bb15beb7adcf1f2534020c2fd46c94c216ec3404c0c3008b26e71ac34b8820f5571ccaea88cc6ad65c082231b3052b2ac3afb921f56bf6e4d39224e293636eef1dfbed1ae8f4bb9e6fd8e706bb76f633381690d97bee8ea2c0a72b70e26bbfafe0e30950f012f406f5db7f2bec6b064d00c4c79f18d4e9ac0f1c726a61a31ad97a0077cdafdef6ca19c9d49f561b1783c9f21861240bb0c987be659723c48dc080e8b845597319f5e55aed2387e33baf6990c6f771c3e27cf9f70bf42d7f8c565897245bf007bc6485d3e637f031eb80bcb446fd92f6728f02f8dd6ea9a8f429e8962cc2e3da3e65aeb02a8665df5e8d4a8d92bfc19eca6842221c5331b14cf2729c3e9957078b825545cf42a0dca5f62c7449cdad7a33487f7d98135dae473f6096e0500cc112685a0601b593e99e8f4221cfbe8006c0a82140803edf71d6d6dd747050b1d9d7ebab939a00e1da4c3d2bd5fd9af366e7d8b2fb0cdd28490b7caac3f2d08a225bd9810d9d64f69b4cfb2e95aa04e5c07df8f7181edc2bc684517f34cc0ee94203db7aa76dfd856b8abdae5c9f914eb1372ddbc6aa48c8d96df8389b83433f2191b53afe320545331332de57b26d72f4bd0cca25960dd95a4ddb03cdcc5469e03f00c5b5e5562c1c6da67880c7bb2915f443421f6190e480e1cda8e29849ac5988ec9ca8f3d3d3764e279ef0d4574b7cf092c8154b2bfb7c4df3d201fe2ef70da0490bb51f8b9635843bcbf99233fd749eb5356ec4debda1a3bb896cff04d27b8b46a557c562601ef8bb4e15d090c03245d3a198334d9046d3d486c849a0ab7e64a3a15ec666d638bb795fa1b03ecd898c387a1615051503fc0752ea8dab6a138c1bdabe2be14abd0b2169dfc7b2938bae82c19bd0e9ec1690a418f87f33d04f97da011a4ad1e256f048013855c279df26d76d9f8a0061f45ba7b99c778785094fa606c3cd65bebf0da50ec975fe32cec352"}) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x7d) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:47:30 executing program 5: syz_mount_image$btrfs(&(0x7f0000000180)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040), 0x88, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000100)='/dev/hwrng\x00', 0x400000, 0x0) timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 476.190508] device veth9 entered promiscuous mode 02:47:30 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) msgget(0x3, 0x82) [ 476.264514] device veth9 left promiscuous mode 02:47:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) socket$inet(0x2, 0x80001, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0x14, &(0x7f0000000100)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r3}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={r3}, &(0x7f00000000c0)=0x8) 02:47:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$UFFDIO_WAKE(r1, 0x8010aa02, &(0x7f0000000100)={&(0x7f0000ffb000/0x2000)=nil, 0x2000}) 02:47:31 executing program 0: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x20800, 0x0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/loop-control\x00', 0x800, 0x0) connect$bt_sco(r0, &(0x7f00000000c0), 0x8) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) write$FUSE_POLL(0xffffffffffffffff, &(0x7f0000000140)={0x18, 0x0, 0x2, {0x40}}, 0x18) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) [ 476.467384] BTRFS error (device loop4): superblock checksum mismatch 02:47:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$CAN_RAW_FD_FRAMES(r1, 0x65, 0x5, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 02:47:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x8000, 0x0, &(0x7f0000000040), 0x0, 0x0) [ 476.540256] BTRFS error (device loop4): open_ctree failed [ 476.598457] BTRFS error (device loop4): superblock checksum mismatch 02:47:31 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) r2 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r2, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r3) syz_mount_image$vfat(&(0x7f0000000080)='vfat\x00', &(0x7f00000000c0)='./file0\x00', 0x3, 0x7, &(0x7f0000000680)=[{&(0x7f0000000100)="c7e29d7c39470db51f135a85e65dcbe5aac40a3d0b2994e5fdcc783df17587ab66519f1deec494e9554060918b518a8e115618b5b48b0c9d08c72fc5f32e2e495336af8add1e11418c42f85d2a85aef258226f24c8c05f4e2b5153beace3a5a8201aaa4dcb00a18e53bf0744c9e58f2efaeb82cd37b526ce8202065265068cb519332009fb548c38db6ddaa0a3a559ec0142c38bd563545ae180d7abb04cb641251a", 0xa2, 0x10000}, {&(0x7f0000000200)="214a1aad8508c31283cf02bc780cfe1e546fd4bdb1794d58a1d0327df89f618416a7f7e4ed57ea0b5ce9ef0c", 0x2c, 0x80}, {&(0x7f0000000240)="1a4697ffc84b91fbd159b4d24815a3f046a63ded830c05981f2215082856dd0dcd74cbf34dc214dda69a68220bbaebf812bf7f5f112ba3291e23ebdfd767a7d146b41450207a432cd50221e0817a693ccfd4a04fb61156560211e18318cf1093d63c6ff874ae36bdb911ddc43f7c3762e1537bb2cdea498960bec0d622a9e38921e252f215e7bbe93e267f19", 0x8c}, {&(0x7f0000000380)="b69e144eccb5e87cbcf24081b5b749bf1b69b1508148c922750bd47daa59d275738e8a01f0ee2688a43cf7ebc435e769ed09fe18b3f4a0c1c8fb6a928cb7700e2b8dc6f24ce995f6210c7f1c6d0fc478209ef1950131a3cb9bd0c29885afc37090c546de74047c6bd3d2b64ccd093b671be919b0c534a4fecb1479080df9837d7d5f774586da5f22ef252536da177ba2580314d6ba848c1679abbe3856db4f3367fbf79f2c86fad9f4420b59b9d96163b36dc7d6c8bb9199f5", 0xb9, 0x400}, {&(0x7f0000000440)="735ba4412807667d160f552e2f9859e09ad75ddeb6f2a0928938fd2ab547721126230f9c552b1ffe447ecfb4f9daa0699cbb44a733ee8e8e4e2b205d1ca9ccb9b6b764718f6a55ad94b2074900d0a20bde75df5807720ace4959366a43555d", 0x5f, 0x5a8a}, {&(0x7f00000004c0)="088877e4b6ffd1835e1a74d57afd5f670f8df547b7195a52d65fd74669e81615df57b8119d7e4dce3716cf24251cf701eaa5c4eb47a2a1f7e867373080b403e3a280034fa86c33207e18a9d657d41479d7a26c90c1fc69f15c76815b3ff12fd6d5669798865b77a366d0f40da7f7e937b9aa1a381a6401322a29594ac8f3f916d9270d", 0x83, 0x5}, {&(0x7f0000000580)="7edec64b2c16b5a3c96ee200bad91d321c1326103748215f4cfec6bfb8272eed56ccf8ac2354fdd93a34307803afe0853493006d07542c4aecca2519ab8f461a57412331bdc3dee0df9d04be8c879b1b0fdbc0d543627c41d85fd5a2bcd797e5ebf8a724823402be5a5627a41dbff8f7271705e10ab952ab18791216350ea555f1ae5a4d1bbd35d572c16d17be925980c4575e9ce0b25a2474b130f53fda6cb90a1f887cd371511b106eb0b2cc19831f938b16669dadb93364e055f8f32240b189ac3b5532ae3c74f576de336d240fa4a04e12", 0xd3, 0x3}], 0x0, &(0x7f0000000740)={[{@shortname_win95='shortname=win95'}, {@shortname_mixed='shortname=mixed'}, {@rodir='rodir'}, {@fat=@flush='flush'}, {@fat=@gid={'gid', 0x3d, 0xffffffffffffffff}}], [{@euid_eq={'euid', 0x3d, r1}}, {@hash='hash'}, {@dont_appraise='dont_appraise'}, {@fowner_lt={'fowner<', r3}}]}) [ 476.670231] BTRFS error (device loop4): open_ctree failed 02:47:31 executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) r5 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r5, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r4, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r6}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000000)={r6}, &(0x7f0000000040)=0x8) 02:47:33 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:33 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x8, 0x1, &(0x7f0000000040)=[{&(0x7f0000000200)="8da4363ac0ed02005a6876f8ffffff5d6b7d0a0000000001004d010000000000000000007a000000000001f60180000048ae001e1b00b10ef014ba438dd12382419341a552ee2efd9a0000040000000000014c06bf318d9aae52915a590c978f3781ee414a4faba6d72ef5cacea5dd6ef947e681c3308948db651b10ce84148ac957c9", 0x47, 0x200000008000}], 0x2000000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvram\x00', 0x400, 0x0) fanotify_mark(r1, 0x2, 0x10, r2, &(0x7f00000000c0)='./file0\x00') r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r5, 0x0, 0x0) fcntl$lock(r4, 0x4e, &(0x7f0000000140)={0x2, 0x3, 0x7fff, 0x8, r5}) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) syz_open_procfs(r3, &(0x7f0000000100)='net/sockstat6\x00') 02:47:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) r8 = accept4(r7, 0x0, 0x0, 0x0) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x1}, 0x1c) recvmmsg(r8, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) 02:47:33 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0xffffffffffffffff, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:33 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$IPCTNL_MSG_CT_GET_DYING(r3, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x14, 0x6, 0x1, 0x5, 0x0, 0x0, {0x3, 0x0, 0x2}, [""]}, 0x14}, 0x1, 0x0, 0x0, 0x4040}, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:33 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:33 executing program 0: r0 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ubi_ctrl\x00', 0x10000, 0x0) ioctl(r0, 0x5, &(0x7f0000000380)="e60dcf4cfc4f1060dab782acf1da56bfaee71f7f165832a4e2c402ae55d99d8a956231367acc1ff946d8fbaab52301c1051e8065aa5a96628346886546b94e5cbd1d531ab958363b9bf99e1d68f6") syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$EVIOCSREP(r2, 0x40084503, &(0x7f0000000080)=[0x2, 0x3]) prctl$PR_SET_MM(0x23, 0x5, &(0x7f0000fff000/0x1000)=nil) 02:47:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendto$rxrpc(r1, &(0x7f0000000000)="c0d800998ca4e9902cb4fea5dd81712630dcc93f98fa1d84d4ee264cde4af5b0b683d073ee68d928e5db4d805ee0249c1a67cca176b41243618604ef5b580fce61624bff72b3698c6a10be1233d024001ad3e1e53ad363a8eece15e4b92b3b590730a0287af3ccfb1ba4daec748b486fa340da45816221bfc3", 0x79, 0x4800, &(0x7f0000000080)=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e21, 0x3, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x1a}}, 0x24) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:33 executing program 5 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 479.221008] BTRFS error (device loop4): superblock checksum mismatch 02:47:34 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0xffffffffffffffff, 0x1, &(0x7f0000000080)=[{&(0x7f0000000380)="3431f375faf3b52427db16a2aaa5dd4709c25699caca4004a9b100634d496a2174ce5a4bfd06bae71727a360d5cda3a6a51a1ef2a53988db6914500bbdc20cd839f818ddd32f4a062353647f463b4b1a970e34ee67bdc0c9e86cbbbc017afcd18da441e7d6555e2f5d649bad0b8dcfb4af265fee6531197785f85145eac84e6fa78eaa1cde77a7aafdfd5583cc737a3ccccd2aabfc196511ac55bd708cd5c3bfdeb98ea174aab961636c8c6ff536e85953f609a2c379d42ee98d15674101e14b0b1ada035fd143af44720aa65cc262a5368ad0a50ad39c040eefbae32656a56e1337eecfa30a1e09ce885416eedfbec9f63275b80aac7069123674b9d5d452b9af6979a6fa8bdc211b6b31ed43ed9fb53a96593a25b63969e23cd1991d8895b94f689d5c690791d63886a5671691c3df3e7735e40730b7168f7c520d92b0fc4daf54c1bbbada666a9d987e1e6af5a54c0998fd83dcaaa2ad56a7e9744823b5e8bb2337c02f4f4f5e61403cf11375705f2e94e801d63b118c478290d3b89230194841d01becdd834587f1672c1e5307447c301deb45b8d07e156f6de256f5033fc1907d11fc35668f3d2073b328df844731125538a6c2a7f49e2372f094b7a749e790b646fb0593f04c2420567f908b303119ea2600aee1a38afbf4b798361922531eaa50bb630540e7d3f2683900f43004756824496f2a1750a784fecc11e17fce14b3da636543d3ec58bedaff8e23af76cdbd936052c217bc150a4e563acf84b1b9a6a26bbfa086a8719030dc50289a1e52180cad61b50ae5e211182684eaa3ca6bf0e5395d913a414c915a2e3683f8779193c8e39bd859ccad4884b1583bd97efc0df77792cfc9886c49941a256bbeab12bc028b7053f91061a38a3b7e96e52e88e0e608902328b4ebe365a05c38d5346733765475b9ec59d8fc25ee2a2c403d940ef01b8fbef4d279efb41ea2109a4df67fe5cebdfe4efcf9dd752e24b111eb72fa2b8d04f1045939d17e7e636b566f467e1b78157c19e89e690a1ece0033bfdc36c99ea859dea0df7fc12a1273e6f07ec9a7692075b296a4437e3efcbfd2e99217dccf02d08d84dd177a35b46b3476d8b6775337932d6002bf00dbe1da2eca51d11c65a3010689c7bc6611b9df050f825eb17507c3af766255b68682be3bd10c21bb17cb6b849339f8fff8e44ee0d64023fb91aac6a370b505672f81ef3362f0388d53bfbcf3c5fd9b8c71510e7670d73733adb0fbb2065906671cafdfbb27486e26091c468c80b5c9b91bff5dd55d646de716bfa7b2a406f875169da9e829f522ed51bbdf5785d8f6661b947735d83a18ea9bbd3c159bbcee37d8d38bccbe85b6ae351e1b608f38eaf1eb9f84e0a6d474d1679e913986e90d8911ae7db49740626bf9fb5a040a50ca885e25137c63dcc87b816e276f4e0ec2d6b62d5134766d90c6dccfafb3d309586c5ec243f1e53ecabd9f76f76eb0f6cdab31dcfe52c52c1fb27ce727e05181583f9066120c48b477d1cb46478c027e7e549d2bdb3324b9d219147b48ab8268ca8fb67bb2c3b13a306b2a41e3bc2b1738c411d9641df5891a8761d47db2fc2f9005f6523166011f8498df15d67908cf4cf2c641d6bf2f167aa2f24e37a423968ae3b74449fd0d3f541b88bf272c6e91cef03e05a228404e49a744a7fae8ff366127ab9a95207abdbe06892915ab05cd5ca8bf566df532e5328f7d6a87c582e550085d439136de7b87411f89182bc232c2266f8184b26886ba7c618ac645246a4fade54984b11bcbb7b7e1b2e8b4dc0775b9b38b66501171cce30b4063f9e83dc3e078c7c89f2af5535e83da1eacacb07f869010d32f63df6a58c2917b51a881754b0f9d336e99444897c7f900107ebb8c770e9099d1e87e7d16792424e86b8140a9661011cbb2ed613b3a8a2dde50c6e7088b764d9b55c817ff6dfbcf679943926d797c0edaf5ac006dbef401deb4bb306be7d081fbb7d23ce93ce11c6040c4355eaba647e5428dc7f0aab5fdad06794c1165767f1b092efb6ce7f443bb656791c6d58ce67968644ada520b4b6a9e059e90a89bcef811b24b11c5461cdaa9a159cefacdcdddcd6918e040781c8d1e894d6cb83cffb97e4da1915e651599e18becde25cd57e116d66ed03b093c6b4c1ddf664a8f32ada73eb80873c0096e8dd36e914d2ac03e8b295c68a04755feb5d7749bb303938624e1a4887d9f3bade497a16a2515f07a04d7b0d1f654ca023bb50b86fa8d51caaffbaf419322fd0b604943eb9d220dfdadb1f9fe85a09372f72e57f6d7b845873942b43d0bea3d00e8a83246cbcf6733da2086b776656a7f5e67efc34977ced307145f7d55e5d4525f0dfbc0d2f9ddc9af2fa3072f836d1edfbf19d38987d96b9f14a7dc6cf3617f15d108038c173a31563a9925adcbb06fd39d2ca29f3aa9db0383ebabafcfbd479a2e0a94e3da02cf18954b2a279cbf25a9f593200fd08dfcf4480c0a2e771d4023a96c05b1023a0cf9d3682a508691842aaf7c2ae4c8f6982f607db37835f13ba2ad448a01e0b0ac6b65454232886c0f3be97b2de7bb20f324bdb8d9d3270cd8e406e0d1df453a7202ac23c31196cafde0a7bd11eca9c75800be54125bbd99ee6c8a63f1d07e3e6d9566b290f37cd6da12d602f67603721e6e7a94053fe89a7cb0ba0fd0be9f576f7d8da138182a96e9b0672fc3569fffcb1344784848f1b61201d3b2fe607ce667174fac267656f6530dec840a516ccac6472d461d2c546cd9a01f687fe39a538c580050e16699d1b145fdda947adab38ff96d3a07217d334ab2650ba51ead159e8803f1a99fb0ae7203ca9af26564d5baa2547e870c43fd00eadf543fc657b6d089bb38b7c02b2423ba70bad17c301e433bf440501e9442f7ecbc7552b7ca415ffc793acfbec4a09040403eed26cfd9c15eb6770a884e6216b095b876fbb498ee5c3c9df952f0b42b623172980edeffb8bfa33d81292730ac88cc85e2de438bde2e6e8f901c9829e60c4bf1ae80022ce6ac4e6f2551fdea64ad816750213641fe47cae2354c95e750542455c3d452267c5121161fd753d77b8152d254d8461903a3c4156f9c12f3f1c80d5aac8bb2479563c7903f497462569c51d7222c5f697877412ccbbdc0c76308f8163f3829218cce0d3e5ccca39aba5a7843a564e10d8db07f24b06d8bfd91b1a129541ded811cb3e781468f74030e7fff8b6cec422d85ea455cae0b7962dcbf03b2ddc7a0c256e43198a4aa22aa3af4c37447e9b661747ed51aed1ccf031595185e158c60a644e2e825ea9f7b0b3bbf4bd521c7289ff156aae19ea748740c0c44b5c84688b18c366947cb706f31d8d5ce37239b49ebf88c28ce8e08bbac5b5b05f769abd5dbbb3fac2207c50dd3cc9350d6f28f30ae974cf191a1adbe0c264e29ae4f0b422a66bc00a3b65c596dcc5634f634090ec4282974e528b6a250b7223e63befea09f19c2f7d6712d36015f7c2bfe2a2aca1fddfc155884bb204e752d9f484d259f7ed8f20b466bb4583d771d17c8d4df90989f1a70455787628d4b22893b994463ad20d128c86da2249efe6563a089d10355996b5f0ef89c86c811fa0409ddd9b60875b230638902775202fb288396771a2c1b563513ff3e7cd3f038ce58ee219c465be2b8dd3b6b4f19b67ba0be7dc2a1ff2e48d392c49a4dee0f06593e3b859de24146d432ede2a4485eeb60837c1ffd583b486f2008f79592ec498fa0b354b98c27eccc79ec234ab29917d057ae34ec34d835797be0cc669e140cd13efcc168f10d4dc4fc19f010d4bdbb069fa904a33087a359faf5a61185d0fdc9cd051308c683cc67f60e4fe64ed984a82142018a7fcd885187f309571c0dab6dd97e2c57b1cb2c6b3ba981a684fcf695ef6984679dc6a3d54193009ba8919c73db9c26050ce9c1308f1dab5fde0e9df4de14e05e6650e4e79864809515660bbf102c3c1999b860fc9f576cfedc6463d126353c422f80b6defc2049cadb5afa1168bbbf99a7fb289592dfa2d9362e697b74bccf2e2af6db07684bc668e1ca58a4f5db6a44beb315c91922399e5c6d0f92c62a7db322cc87a3823d66448108629e3d4a1ce1533d6ce014ca2aa2d086afbdd78a69b62e0bfd06ba95bc266047b175e5e40fda3017c05a631a5cd8a25d60e2f30624605a48b72e63a361641ce10171cfe532b53066f0ea256a65d7e95a9e35ed684efe0153ac9af5fec9fc41a9df7c12cc17dd45be79aa594d00dd23b05e815f69afdbeefebdbd0de9688eccd225a4e4faabaecd59c6468b9ded6d67fec593a8e4aaeb2e355ea65845bffc17004d00b2ddb47f782948bb59c59b81f592910aea3bf65bf695ceb8805a77bb730a03ab1f4cd4bb1a218cfd49b0788642f872c3e6474b5838c16b6eec1a42302459b8a515b81f7d4ffc1fa3740b6f6466462ef92ec6dfc0dd2a1223c2b6a801b05672186f9fe08628d5fdea2c85b5b9467d30e534b46549fda9737fdf5347fe93085508abf827af1210c3da4225e4d5dddce770f3a8850f0979ea521ffe684ae7a8b79e1d79a307a2a01de91b4548aac3084185eeefe28bf178d610f31d00f7c333ea3fe84222db26ed1f258718497b95587a362b46b94cb57b38f58b25b49ff12f819c7d21d1a1e83cc2b9d6fdf93d4b88d9c44ee99edc3570b3c03c31af723d65c89399bbed716efb9c54b4a82c0ed59ba96f42b467334c017acfae621cb78fa0006b881692a827220109620200fcb86a9ff315a3b47181bef7cd904a4c2117de6c4d5f0d4d5842f9f1fb8b9779203fc14d96b9f51786cd34e4b808f4a085cb72063f256adf79783d26b17b2fb585661328984dace21007dfb4f90b764f9013418f99a0f44e0c45253f065f822c7e2dfc83c9c47b2751a6ed172c25088dc5a03580dd4c5eec43c21f430475589dc4b8f63b7ec89a2cc6d42a449f27828ac9b225a67fd00ad135c85d59eadb1ebfd07e73f0c1ca51f850e723f4d9ba443faac347ce601a3a21e96376d59c0fe7fd56fc511175a3a2822ce99f6b265c3862161e4df9a9aa809fce43265bd92ba20999ccdc9ab5fbe8baeec41b9592537ea46db8b517bb3c5a91adf2c6abd41daf403f67ed215fd438f181a6e4df0ef3ca90cdcedd0e84edc15282cb4704826b7db7b320dd7214310af87b8ea0a049414b9390218dc200736d748faf16ef3d7da37696175d7cf07a1cc6d60f46f5a70cf3ea298f69bf47e52267fd3193dcfea983fc9189860475e0ec4d86ceb0932c20a1b350d7e5a19982e4f8774ec5908c37956df40ccf2eafa32b1ec96ed54305bb1d594e1b2a0faa1da921559cd1147025dc3bd046e30adb333554cedf3cdd383e221d52d8d37b9bbaf1010a60aafd36ff9e191c86abb7c109a04a2b634ec9f59b7832e5ffb4f02eee47a924cd0689876ba5e2261e5fd2e7988d0b904619364ff62b99ccccb71c82f71ec4e0dbe4401dab9cfa3ac533ec4202f5a647282abb37f9d14e316fe98a9f81a6d9dabd699db60cec07dc55a8a25d6d8c9d88f37e0841b41af0f519e8700cd01e7c66762bf455f26d59692bcafc04b4daa1c1902ae59da09a5b053617c805070dc4eef8105058a90defa2932f5dd4ea9994e8bb28606d48f5a51470f5d364822e458f80bfac1fc399c1f312257b5a8f996bc6ab327d9881d81a3967130e541a83a596079486be3471a2c06243c25d5700b9283450ca1fe6756d4f12d57cabd0824299f31f433cbb6aa14a4e5c9d3f16e243a7f778d7233f8c64ba520788031ff6e40d4aa6", 0x1000}], 0x48, 0x0) [ 479.290573] BTRFS error (device loop4): open_ctree failed [ 479.321090] FAULT_INJECTION: forcing a failure. [ 479.321090] name failslab, interval 1, probability 0, space 0, times 0 [ 479.368424] CPU: 0 PID: 28342 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 479.376665] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 479.386657] Call Trace: [ 479.389547] dump_stack+0x142/0x197 [ 479.393212] should_fail.cold+0x10f/0x159 [ 479.397815] should_failslab+0xdb/0x130 [ 479.401819] __kmalloc+0x2f0/0x7a0 [ 479.405382] ? __sb_end_write+0xc1/0x100 [ 479.409490] ? strnlen_user+0x12f/0x1a0 [ 479.413634] ? SyS_memfd_create+0xba/0x3a0 [ 479.418273] SyS_memfd_create+0xba/0x3a0 [ 479.422594] ? shmem_fcntl+0x130/0x130 [ 479.426652] ? do_syscall_64+0x53/0x640 [ 479.431160] ? shmem_fcntl+0x130/0x130 [ 479.435166] do_syscall_64+0x1e8/0x640 [ 479.439069] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 479.444126] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 479.449775] RIP: 0033:0x45b3b9 [ 479.453243] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 479.461002] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 02:47:34 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = accept4$tipc(0xffffffffffffffff, &(0x7f0000000480), &(0x7f00000004c0)=0x10, 0x800) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000500)={'batadv_slave_1\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xf5, 0x3e, &(0x7f0000000080)="6e954bc5dfa3f269c3d4ed9f04126db5fb1740bc78e7d4f06eab04cfbefa61ea46be819494077d24df0abefec7cb1ef7284b83815e2e4103d2c379288ffaee6f0325294f514ddd0c5ae0ae4f5734e3bdb3bdd2b49e6cf48b0d41820cbd47d396db121f4386395e468893883cfe034de0dac2f358779d3ef98e6bd3d81f43223adabe80a2b34a953d1b5f30c0abcbeb00a9c5f2e30a056f7aaad32f2009ee6a572ae280d425efc804281adc9a70fb3bf76e3296e4048970e059b4ddfd3c93b11f9b3229218aa87fbffeebbb114f74a3e306f6d5174b5d981d08104a874b63dd6fba792ff0f51f240f59916c88050eb9ad81718981b6", &(0x7f0000000180)=""/62, 0x81, 0x0, 0x87, 0xd4, &(0x7f0000000200)="5814ebe54f62eb70aa4f6381cb8d45c6b57856a013d94737a311cad842358a08d3ebbb5833d9d5fbcf550206bd997b07cd6939559da7c84f425987f3624450dd28ff73b04d75eb289fc903affb9fd1952185fc37e9dae99ca1f9e59e4e607d8a7f74ef37958ab86be826c22a69e4ced1a0450b86892e058eb0be4473f8d49b124aac7ef7f84417", &(0x7f0000000380)="708f2b302a172f6623ff21d733c50fde39025fe5dbf5c3ad63efda23ebe121ff2475fb5bc4c155ad7dd9daca6ac6b845c238109696fca44a5fea0b9634cf52c42e55e5a0a0c22e6187f6754114a8b9141c7e976a48f877eca87bcd8bddac88d0f6a70ffd9e62cd9eaa4a85b98fd504c4ea2086e7d4e6e88498d5d0afd4d5c7e7694be080fe67e99bd7483d501b13a4fb1a836841fa94d98bf50270951be02bc2540794acd6d4573089fb6e151c7cf2482d25454afe355ad4f23c75938cd599e8acc6419b813bb963312c7a67836977b070b3b9f0"}, 0x40) 02:47:34 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000300)=[{&(0x7f0000000280)="70d86ce5a05929e5292e69f29679742b45b2567b0ba71da7cca2786feaf9e04f24e7c55a41c0c3b4f6beace2a46fc4165911c22ecba1e3306ab3439c28a6c51e47d294b527ccd94ca9cd9c6c5f70ab3de3d7a5dbaee39ff3cbb4a4b4c67dc2bdfc387c", 0x63}], 0x202885, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$BLKBSZSET(r3, 0x40081271, &(0x7f0000000340)=0x800) r4 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) r5 = dup(r4) r6 = syz_genetlink_get_family_id$nbd(&(0x7f00000000c0)='nbd\x00') sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x14, r6, 0x100, 0x70bd2d, 0x25dfdbfb}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x8000) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SG_GET_REQUEST_TABLE(r8, 0x2286, &(0x7f0000000380)) ioctl$BLKTRACESTOP(r1, 0x1275, 0x0) ioctl$VIDIOC_ENUMAUDOUT(r4, 0xc0345642, &(0x7f0000000240)={0x0, "bfff50eaf68da064bdfc3c6e2011e8f7325e9020842577bb5be339893c04be92"}) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r10, 0x0, r10) tee(r0, r10, 0x5, 0xa) r11 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) r13 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_G_CROP(r13, 0xc038563b, &(0x7f0000000200)={0x0, 0x0, {0xea, 0x8, 0x80, 0xaa}}) ioctl$PERF_EVENT_IOC_DISABLE(r11, 0x2401, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x1) [ 479.468671] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 479.475965] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 479.483406] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 479.490992] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000000 02:47:36 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:36 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:36 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) socket$nl_crypto(0x10, 0x3, 0x15) 02:47:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r12 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r12, 0x107, 0x1, &(0x7f0000000280)={r11, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x20}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r7, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', r11}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'gretap0\x00', r13}) ioctl$VIDIOC_DQBUF(r2, 0xc0585611, &(0x7f0000000040)={0x0, 0xa, 0x4, 0x2000, 0x800, {r3, r4/1000+10000}, {0x1, 0xc, 0x0, 0x7, 0x9b, 0x20, "695dd7ee"}, 0x1, 0x3, @fd=r6, 0xfffffffb}) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r14 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r14, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r15 = socket$inet6_tcp(0xa, 0x1, 0x0) r16 = fcntl$dupfd(r15, 0x0, r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) 02:47:36 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r3, 0x84, 0x21, &(0x7f0000000100)=0x3, 0x4) 02:47:36 executing program 5 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 482.198646] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 482.219578] BTRFS error (device loop4): superblock checksum mismatch [ 482.225398] FAULT_INJECTION: forcing a failure. [ 482.225398] name failslab, interval 1, probability 0, space 0, times 0 02:47:36 executing program 0: syz_mount_image$btrfs(&(0x7f0000000040)='btrfs\x00', &(0x7f0000000080)='./file0/file0\x00', 0xffffffffffffffff, 0x0, &(0x7f0000000140), 0x10000, 0x0) [ 482.279930] device veth37 entered promiscuous mode [ 482.292043] device veth37 left promiscuous mode [ 482.293399] CPU: 1 PID: 28371 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 482.305764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.315418] Call Trace: [ 482.318046] dump_stack+0x142/0x197 [ 482.321695] should_fail.cold+0x10f/0x159 [ 482.326575] should_failslab+0xdb/0x130 [ 482.330819] kmem_cache_alloc+0x2d7/0x780 [ 482.334999] ? __alloc_fd+0x1d4/0x4a0 [ 482.338921] __d_alloc+0x2d/0x9f0 [ 482.342402] ? lock_downgrade+0x740/0x740 [ 482.347106] d_alloc_pseudo+0x1e/0x30 [ 482.351379] __shmem_file_setup.part.0+0xd8/0x400 [ 482.356332] ? __alloc_fd+0x1d4/0x4a0 [ 482.360156] ? shmem_fill_super+0x8c0/0x8c0 [ 482.364972] SyS_memfd_create+0x1f9/0x3a0 [ 482.369320] ? shmem_fcntl+0x130/0x130 [ 482.373474] ? do_syscall_64+0x53/0x640 [ 482.377554] ? shmem_fcntl+0x130/0x130 [ 482.381616] do_syscall_64+0x1e8/0x640 [ 482.385669] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.390757] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 482.395980] RIP: 0033:0x45b3b9 [ 482.399218] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 482.407299] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 [ 482.414904] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 482.422474] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 02:47:37 executing program 5 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:37 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x2c, 0x7, 0xa, 0x5, 0x0, 0x0, {0xc, 0x0, 0x7}, [@NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4900}, 0x4000000) r3 = fcntl$dupfd(r2, 0x0, r2) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r5}}, 0x48) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r7}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r7}}, 0x48) r8 = fcntl$dupfd(r4, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x4) bind$netrom(r3, &(0x7f0000000280)={{0x3, @null, 0x7}, [@bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ioctl$SG_GET_SCSI_ID(r3, 0x2276, &(0x7f0000000080)) recvfrom$unix(r0, &(0x7f0000000180)=""/4, 0x4, 0x1, &(0x7f0000000200)=@abs={0x1, 0x0, 0x4e23}, 0x6e) [ 482.430174] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 482.437882] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000001 [ 482.460343] BTRFS error (device loop4): open_ctree failed [ 482.495671] FAULT_INJECTION: forcing a failure. [ 482.495671] name failslab, interval 1, probability 0, space 0, times 0 [ 482.508971] CPU: 1 PID: 28392 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 482.517819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.527756] Call Trace: [ 482.530479] dump_stack+0x142/0x197 [ 482.534228] should_fail.cold+0x10f/0x159 [ 482.538763] should_failslab+0xdb/0x130 02:47:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 482.543269] kmem_cache_alloc+0x2d7/0x780 [ 482.547536] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 482.553136] ? rcu_read_lock_sched_held+0x110/0x130 [ 482.558329] ? shmem_destroy_callback+0xa0/0xa0 [ 482.563568] shmem_alloc_inode+0x1c/0x50 [ 482.567850] alloc_inode+0x64/0x180 [ 482.571664] new_inode_pseudo+0x19/0xf0 [ 482.575886] new_inode+0x1f/0x40 [ 482.579451] shmem_get_inode+0x75/0x750 [ 482.583748] __shmem_file_setup.part.0+0x111/0x400 [ 482.589068] ? __alloc_fd+0x1d4/0x4a0 [ 482.593171] ? shmem_fill_super+0x8c0/0x8c0 [ 482.598009] SyS_memfd_create+0x1f9/0x3a0 [ 482.602391] ? shmem_fcntl+0x130/0x130 [ 482.606299] ? do_syscall_64+0x53/0x640 [ 482.610436] ? shmem_fcntl+0x130/0x130 [ 482.614759] do_syscall_64+0x1e8/0x640 [ 482.618973] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.624265] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 482.629725] RIP: 0033:0x45b3b9 [ 482.633185] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 482.641202] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 [ 482.648901] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 482.656402] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 482.664157] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 482.672134] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000002 02:47:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:37 executing program 5 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 482.713419] BTRFS error (device loop4): superblock checksum mismatch [ 482.770855] BTRFS error (device loop4): open_ctree failed [ 482.807327] FAULT_INJECTION: forcing a failure. [ 482.807327] name failslab, interval 1, probability 0, space 0, times 0 [ 482.828444] CPU: 1 PID: 28415 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 482.836633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 482.846431] Call Trace: [ 482.849211] dump_stack+0x142/0x197 [ 482.852913] should_fail.cold+0x10f/0x159 [ 482.857262] should_failslab+0xdb/0x130 [ 482.861265] kmem_cache_alloc+0x2d7/0x780 [ 482.865762] ? shmem_alloc_inode+0x1c/0x50 [ 482.870019] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 482.875923] selinux_inode_alloc_security+0xb6/0x2a0 [ 482.881048] security_inode_alloc+0x94/0xd0 [ 482.885682] inode_init_always+0x552/0xaf0 [ 482.890057] alloc_inode+0x81/0x180 [ 482.894082] new_inode_pseudo+0x19/0xf0 [ 482.898318] new_inode+0x1f/0x40 [ 482.901733] shmem_get_inode+0x75/0x750 [ 482.906035] __shmem_file_setup.part.0+0x111/0x400 [ 482.911625] ? __alloc_fd+0x1d4/0x4a0 [ 482.915728] ? shmem_fill_super+0x8c0/0x8c0 [ 482.920064] SyS_memfd_create+0x1f9/0x3a0 [ 482.924275] ? shmem_fcntl+0x130/0x130 [ 482.928302] ? do_syscall_64+0x53/0x640 [ 482.932576] ? shmem_fcntl+0x130/0x130 [ 482.936603] do_syscall_64+0x1e8/0x640 [ 482.941890] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 482.947009] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 482.952370] RIP: 0033:0x45b3b9 [ 482.955907] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 482.964015] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 [ 482.971462] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 482.978864] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 482.986920] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 482.994213] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000003 [ 484.321432] NOHZ: local_softirq_pending 08 02:47:39 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:39 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0xaaaaaaaaaaaac1e, &(0x7f00000002c0)=[{&(0x7f0000000200)="f762dd7311a309269a689eb22fe532111516e266e66afa81a5a34899b3ab64efd10a178436838eeeb9fcfab60cad79816cfb46cdc4f27f39d2bf849f309e652edfbc615610f556c4c5a624cfff88c523151a5b10137203122ea4a6b44cc64de0219dfee224a7776cd46cf2715d491cd5f5bc29a2dea430171d3129b637b8dd0907e31d", 0x0, 0x2e}], 0x0, 0x0) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f00000000c0)) 02:47:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_ENUMAUDIO(r2, 0xc0345641, &(0x7f0000000000)={0x6eb4, "32e2a92a0c6772640c86c996866683017f716ae4359c8d4a463d0c9451763998", 0x1, 0x1}) r3 = accept4(r0, 0x0, 0x0, 0x0) ioctl$VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000040)={0x0, 0xc, 0x0, "2524bbd317430f3599ef3ae71ae8171a295aa27bee5cac6d0135d76bee131e8d", 0x36314d4e}) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:47:39 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) syz_mount_image$hfs(&(0x7f0000000100)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x8, 0xa, &(0x7f0000000780)=[{&(0x7f0000000200)="b25856ffd8aa2bd7ed7183a4c3143ab95d112b1541c22011661ea423b0d7abbdb4fd7a1b379ec0d2e03a570dc89c5989c64b77064745eed4ce1106d48b6150b8305c5ff8df48680ef0a71ab5bc5408a08f9d29f85456c0865a237e9c62e8c6c3f2a90ac4e150be49ed76171efe2b9206e467474078c2da63", 0x78, 0x6}, {&(0x7f0000000280)="6c1de2440a1711a1fbf44551270063fe54ba9657580e0486267d8334c78c716b984316126a790f5d620b2f407329f4245a03e5ae9ff373587fbf35b6721c47126dae147af5c900da573939a368295e0ac6ba61fd12f1a86a1abe4d4af488e3f5f2a0c0ea851fc1a7b6ffa060f902e77e2d400f196261f0920c58da30ac53cc97acebdef7fdb545ab2cf8378210083cb56276ad626b127d81bde16cb116f8d7fa77ad275d91842ce5334f3f75287695e1dd402c36c904995cda379f1a49dd91483d9a", 0xc2, 0x80000000}, {&(0x7f0000000380)="805c76962b0e13fe0e2a3e06b9d7cc039f376b8118b9b8bd36148431227dfdf6971dc418cdcde540312e3283eddb8cf5def63e9ba8e4f1d31ad0a2f1ad7636dfd4f5a5dbc48826aeb5257c5c0f1d549cf179d6075bb5a91163c26eefe8067d57d6ce9ff95000e0a87addee9d7436ebd8325ce9c8c0f2b4eed192d63403d005094b916e07370e48771866a2c7b5ceb42fa25e7bb0bbe34457667a971dfb33e294e79cedd351b1df35de1c2f6eb8f6ef6dc6b0", 0xb2, 0x3}, {&(0x7f0000000440)="ad9c09d04270eddcca4be723cec6a28a3d76a20240dbf738a102434d954e548db8fc2f0523638e27845e00db0d0b122a4dbefdb69d23f084dc2f174433f8cff1f94bcb0b9b7dc9e40444d3c19450681fa0da99b0413dd58e42da550fdd", 0x5d, 0x8}, {&(0x7f00000004c0)="a7484fa8624ba63a76cae3d377d6a543889ca21a48f470d581ca5f5c69cdf355cd15e402a79398256f3069d9611691c57c883cb45f57f594f4e585a6946de46affc46f52aecddfa8ea52d20ab7192f754229fbf338b766bc42aaea6c5b2dace762ad02f731887ccea559fc2e4a55b1970277ba6e568e317455f08c82307744c3a9140656a2c17904757a9caf747e1d4478b6175b730e586c94c8f19f572b8cd0c32530e1efa465263860723a5121f4888f78265ff9125e54d2e24198543d51fa3b797e5f61000d0a07f74b667e606649c371ae82af6854f37bcdf59849", 0xdd, 0x192a}, {&(0x7f00000005c0)="8543113252e9ddd76376ae7638d1db80ad724865d5e686c5a978bfe5977f90b8858bc8d410645628bf13fa66a039461ee89d287457a4bbd893c811cb90ded64d16ad0128", 0x44, 0xfffffffffffff801}, {&(0x7f0000000180)="dcd6c0ff415895d26f011f2e08982af68203a7f3f3afe59a27bb360364a6bd2fe69860a888e78fe93bac7238c119b8508433a183db189fdf", 0x38, 0x5}, {&(0x7f0000000640)="cd3060c07874cdd13c0328cde24cb0133252ba9a03a6b2fe8c87611746057f2daa1d2fad87dd5e1e646624c1d08de6fb6c5e594c3c", 0x35, 0x2}, {&(0x7f0000000680)="9b588ccbb76458db263205118525c48d99c3b8ce00496c9c49fba73a1bf220ae6b1bdddb12bbf14e5f5dc5fd9c5b9a2c57584a6f83b905d2b1ab11c7b8c75ba32404332b53f8270820a1bfce5bba1f48515378c21ff4aa464ffc85dc78e8c6a0a0b161e8dbcc2606d91881d13f6a7a8c4e3b7ec5a1155329fac77533545a59fc834cedfaa8220946e59efa732c0dc44a57513473b3fa7026281ee1322e83b13ef4bd4b738005606910f1db845078ce0486abc6f2646a5c63437b00be", 0xbc, 0x9e86}, {&(0x7f0000000740)="fe01e044e592", 0x6, 0x200}], 0x20004, &(0x7f0000000880)={[{@iocharset={'iocharset', 0x3d, 'iso8859-15'}}, {@codepage={'codepage', 0x3d, 'koi8-u'}}, {@creator={'creator', 0x3d, "aa3a1fe3"}}, {@codepage={'codepage', 0x3d, 'macgreek'}}, {@file_umask={'file_umask', 0x3d, 0x1}}, {@uid={'uid', 0x3d, 0xee01}}, {@umask={'umask', 0x3d, 0x1}}, {@umask={'umask'}}], [{@smackfstransmute={'smackfstransmute', 0x3d, 'btrfs\x00'}}, {@fsuuid={'fsuuid', 0x3d, {[0x35, 0x31, 0x61, 0x63, 0x96cab60889b9cd45, 0x66, 0x62, 0x51], 0x2d, [0x66, 0x0, 0x31, 0x39], 0x2d, [0x34, 0x34, 0x6d53948b567bc6fb, 0x38], 0x2d, [0x3d, 0x4, 0x31, 0x62], 0x2d, [0x39, 0x66, 0x38, 0x30, 0x37, 0x37, 0x30, 0x38]}}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'btrfs\x00'}}, {@obj_type={'obj_type', 0x3d, 'btrfs\x00'}}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:39 executing program 5 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 485.264323] FAULT_INJECTION: forcing a failure. [ 485.264323] name failslab, interval 1, probability 0, space 0, times 0 [ 485.303449] BTRFS error (device loop4): superblock checksum mismatch [ 485.339543] CPU: 0 PID: 28434 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 485.347890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 485.358036] Call Trace: [ 485.360690] dump_stack+0x142/0x197 [ 485.364326] should_fail.cold+0x10f/0x159 [ 485.368598] should_failslab+0xdb/0x130 [ 485.372588] kmem_cache_alloc+0x2d7/0x780 [ 485.376843] ? lock_downgrade+0x740/0x740 [ 485.381088] get_empty_filp+0x8c/0x3f0 [ 485.385006] alloc_file+0x23/0x440 [ 485.388852] __shmem_file_setup.part.0+0x1b1/0x400 [ 485.393924] ? __alloc_fd+0x1d4/0x4a0 [ 485.397869] ? shmem_fill_super+0x8c0/0x8c0 [ 485.402497] SyS_memfd_create+0x1f9/0x3a0 [ 485.406665] ? shmem_fcntl+0x130/0x130 [ 485.410566] ? do_syscall_64+0x53/0x640 [ 485.414927] ? shmem_fcntl+0x130/0x130 [ 485.418823] do_syscall_64+0x1e8/0x640 [ 485.422909] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 485.427767] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 485.433131] RIP: 0033:0x45b3b9 [ 485.436426] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 485.444741] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 [ 485.452429] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 485.459805] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 485.467255] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 485.474681] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000004 [ 485.500837] BTRFS error (device loop4): open_ctree failed [ 485.580188] BTRFS error (device loop4): superblock checksum mismatch [ 485.644064] BTRFS error (device loop4): open_ctree failed 02:47:40 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_dev$cec(&(0x7f0000000100)='/dev/cec#\x00', 0x3, 0x2) ioctl$VIDIOC_S_OUTPUT(r2, 0xc004562f, &(0x7f0000000140)=0x5) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 485.848969] BTRFS error (device loop4): superblock checksum mismatch 02:47:40 executing program 5 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 485.944979] BTRFS error (device loop4): open_ctree failed [ 486.016648] FAULT_INJECTION: forcing a failure. [ 486.016648] name failslab, interval 1, probability 0, space 0, times 0 [ 486.018245] BTRFS error (device loop4): superblock checksum mismatch [ 486.077509] CPU: 0 PID: 28468 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 486.085776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.095351] Call Trace: [ 486.098270] dump_stack+0x142/0x197 [ 486.102018] should_fail.cold+0x10f/0x159 [ 486.106314] should_failslab+0xdb/0x130 [ 486.110446] kmem_cache_alloc+0x2d7/0x780 [ 486.115083] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 486.121154] ? check_preemption_disabled+0x3c/0x250 [ 486.126437] selinux_file_alloc_security+0xb4/0x190 [ 486.131600] security_file_alloc+0x6d/0xa0 [ 486.135984] get_empty_filp+0x162/0x3f0 [ 486.140051] alloc_file+0x23/0x440 [ 486.143910] __shmem_file_setup.part.0+0x1b1/0x400 [ 486.149224] ? __alloc_fd+0x1d4/0x4a0 [ 486.153279] ? shmem_fill_super+0x8c0/0x8c0 [ 486.157961] SyS_memfd_create+0x1f9/0x3a0 [ 486.162396] ? shmem_fcntl+0x130/0x130 [ 486.166297] ? do_syscall_64+0x53/0x640 [ 486.170425] ? shmem_fcntl+0x130/0x130 [ 486.174578] do_syscall_64+0x1e8/0x640 [ 486.178719] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 486.183714] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 486.189231] RIP: 0033:0x45b3b9 [ 486.192426] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 486.200229] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b3b9 [ 486.208008] RDX: 0000000020000058 RSI: 0000000000000000 RDI: 00000000004c0458 [ 486.215302] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 02:47:40 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) mq_getsetattr(0xffffffffffffffff, 0x0, &(0x7f0000000180)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:47:40 executing program 5 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 486.223306] R10: 0000000000010000 R11: 0000000000000246 R12: 0000000000000003 [ 486.230844] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000005 [ 486.300758] BTRFS error (device loop4): open_ctree failed [ 486.347742] FAULT_INJECTION: forcing a failure. [ 486.347742] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 486.380624] CPU: 0 PID: 28479 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 486.388920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 486.398875] Call Trace: [ 486.401510] dump_stack+0x142/0x197 [ 486.405485] should_fail.cold+0x10f/0x159 [ 486.409859] ? __might_sleep+0x93/0xb0 [ 486.413918] __alloc_pages_nodemask+0x1d6/0x7a0 [ 486.418848] ? __alloc_pages_slowpath+0x2930/0x2930 [ 486.424008] ? lock_downgrade+0x740/0x740 [ 486.428554] alloc_pages_vma+0xc9/0x4c0 [ 486.432567] shmem_alloc_page+0xf6/0x1a0 [ 486.436742] ? shmem_swapin+0x1a0/0x1a0 [ 486.440918] ? cred_has_capability+0x142/0x290 [ 486.445538] ? find_held_lock+0x35/0x130 [ 486.449711] ? check_preemption_disabled+0x3c/0x250 [ 486.455180] ? __this_cpu_preempt_check+0x1d/0x30 [ 486.460343] ? percpu_counter_add_batch+0x112/0x160 [ 486.465392] ? __vm_enough_memory+0x26a/0x490 [ 486.470099] shmem_alloc_and_acct_page+0x12a/0x680 [ 486.475065] shmem_getpage_gfp+0x3e7/0x2870 [ 486.479422] ? shmem_mfill_atomic_pte+0x17e0/0x17e0 [ 486.484707] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 486.490043] shmem_write_begin+0xfd/0x1b0 [ 486.494218] ? trace_hardirqs_on_caller+0x400/0x590 [ 486.499445] generic_perform_write+0x1f8/0x480 [ 486.504061] ? page_endio+0x530/0x530 [ 486.508100] ? current_time+0xb0/0xb0 [ 486.512085] ? generic_file_write_iter+0x9a/0x660 [ 486.517019] __generic_file_write_iter+0x239/0x5b0 [ 486.522284] generic_file_write_iter+0x303/0x660 [ 486.527090] __vfs_write+0x4a7/0x6b0 [ 486.531103] ? selinux_file_open+0x420/0x420 [ 486.535882] ? kernel_read+0x120/0x120 [ 486.539817] ? check_preemption_disabled+0x3c/0x250 [ 486.545017] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 486.550492] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 486.555362] ? __sb_start_write+0x153/0x2f0 [ 486.560925] vfs_write+0x198/0x500 [ 486.564796] SyS_pwrite64+0x115/0x140 [ 486.568658] ? SyS_pread64+0x140/0x140 [ 486.572676] ? do_syscall_64+0x53/0x640 [ 486.576672] ? SyS_pread64+0x140/0x140 [ 486.580589] do_syscall_64+0x1e8/0x640 [ 486.584501] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 486.589589] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 486.595077] RIP: 0033:0x4151b7 02:47:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(0x0, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 486.598279] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 486.606238] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 00000000004151b7 [ 486.613526] RDX: 0000000000000048 RSI: 0000000020000080 RDI: 0000000000000004 [ 486.620811] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 486.628094] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000003 [ 486.635555] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000006 02:47:42 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:42 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_genetlink_get_family_id$nbd(&(0x7f0000000140)='nbd\x00') sendmsg$NBD_CMD_RECONFIGURE(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="00022cbd70000000000000002700000001b6e5692b8b42ff45a51335f6e600000000"], 0x2c}, 0x1, 0x0, 0x0, 0x20000040}, 0x10) r4 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) accept4$ax25(r6, &(0x7f0000000280)={{0x3, @netrom}, [@bcast, @default, @null, @default, @remote, @netrom, @bcast, @default]}, &(0x7f0000000300)=0x48, 0x800) 02:47:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r2}}, 0x48) fsetxattr$trusted_overlay_redirect(r1, &(0x7f0000000000)='trusted.overlay.redirect\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x1) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:47:42 executing program 5 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:42 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) accept$inet(r1, 0x0, &(0x7f00000000c0)) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000080)=0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r2, 0x9, &(0x7f0000000200)=""/227) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000480)='wireguard\x00') sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000200)=ANY=[@ANYRES16=r9], 0x1}}, 0x0) sendmsg$WG_CMD_GET_DEVICE(r8, &(0x7f00000005c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000580)={&(0x7f0000001380)={0xc10, r9, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@WGDEVICE_A_PRIVATE_KEY={0x24}, @WGDEVICE_A_PEERS={0x1ac, 0x8, 0x0, 0x1, [{0x1a8, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x19c, 0x9, 0x0, 0x1, [{0xac, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x2e}}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0xe}}, {0x5, 0x3, 0x3}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x3c}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0xffffffe0}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x9}]}]}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a='\xa0\\\xa8Ol\x9c\x8e8S\xe2\xfdzp\xae\x0f\xb2\x0f\xa1R`\f\xb0\bE\x17O\b\ao\x8dxC'}, @WGDEVICE_A_PEERS={0xa00, 0x8, 0x0, 0x1, [{0x38, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_FLAGS={0x8, 0x3, 0x2}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "6a49e6bbda64481b02e1a5474afbfac94984aa9d448732d3668782ed74cbf590"}]}, {0x78, 0x0, 0x0, 0x1, [@WGPEER_A_PROTOCOL_VERSION={0x8}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e23, 0x7, @rand_addr="acb286d2cfe82843d1ec9fb50a458dac", 0xdb}}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "e8f22e0b121c5ac7cfed70d0270c79d13fb80590cae9b40802f48851913ff18a"}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @broadcast}}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e23, @local}}]}, {0x88c, 0x0, 0x0, 0x1, [@WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e21, 0x4, @remote, 0x354}}, @WGPEER_A_ALLOWEDIPS={0x56c, 0x9, 0x0, 0x1, [{0x4c, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x16}}, {0x5}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr="0801146ba8073fd85fe25d76df328302"}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}]}, {0x124, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x30}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, {0x5, 0x3, 0x3}}]}, {0x100, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x17}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr="a766f2e40a9f4498553aee9506c6ee67"}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={[], [], @loopback}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}]}, {0x58, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}]}, {0x1c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x20}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}]}, {0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0x4c, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @dev={0xac, 0x14, 0x14, 0x35}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @empty}, {0x5, 0x3, 0x2}}]}, {0xc4, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x14d}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x9, 0x0}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x7}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "7302de814716df33e214ce7c830f2b396f4db481609c7aba4443ce332479c6b0"}, @WGPEER_A_ALLOWEDIPS={0x2d0, 0x9, 0x0, 0x1, [{0xe8, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x7}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @loopback}, {0x5, 0x3, 0x4}}]}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr="e26fcf4ffe7ec1cd88216bf501cc5a74"}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @rand_addr=0x3}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @dev={0xfe, 0x80, [], 0x29}}, {0x5, 0x3, 0x2}}]}, {0x40, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, {0x5, 0x3, 0x3}}, @ipv4={{0x6}, {0x8, 0x2, @broadcast}, {0x5, 0x3, 0x3}}]}, {0xdc, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @mcast2}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @rand_addr="0b26317e312abd36253ce6cd23e75813"}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @local}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @mcast1}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x7f}]}, {0x4c, 0x0, 0x0, 0x1, [@WGPEER_A_FLAGS={0x8, 0x3, 0x5}, @WGPEER_A_ENDPOINT4={0x14, 0x4, {0x2, 0x4e20, @loopback}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x401}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "b625fccc7ed2054f8543ee37d9558b65a96fb60e41d9ad7033d62f840e8948f3"}]}, {0x74, 0x0, 0x0, 0x1, [@WGPEER_A_PUBLIC_KEY={0x24, 0x1, @b_g='\xd1s(\x99\xf6\x11\xcd\x89\x94\x03M\x7fA=\xc9Wc\x0eT\x93\xc2\x85\xac\xa4\x00e\xcbc\x11\xbeik'}, @WGPEER_A_ENDPOINT6={0x20, 0x4, {0xa, 0x4e20, 0x101, @mcast1, 0xaff}}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0x40}, @WGPEER_A_PUBLIC_KEY={0x24}]}]}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e21}]}, 0xc10}, 0x1, 0x0, 0x0, 0x24000881}, 0x8000000) setsockopt$CAN_RAW_FD_FRAMES(r6, 0x65, 0x5, &(0x7f0000000100)=0x1, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$netlink_NETLINK_NO_ENOBUFS(r4, 0x10e, 0x5, &(0x7f0000000140)=0x7, 0x4) [ 488.278383] FAULT_INJECTION: forcing a failure. [ 488.278383] name failslab, interval 1, probability 0, space 0, times 0 [ 488.289647] CPU: 1 PID: 28502 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 488.297536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.306899] Call Trace: [ 488.309507] dump_stack+0x142/0x197 [ 488.313205] should_fail.cold+0x10f/0x159 [ 488.317399] should_failslab+0xdb/0x130 [ 488.321388] kmem_cache_alloc+0x47/0x780 [ 488.325458] ? __alloc_pages_slowpath+0x2930/0x2930 [ 488.330526] ? lock_downgrade+0x740/0x740 [ 488.334698] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 488.340339] __radix_tree_create+0x337/0x4d0 [ 488.344760] __radix_tree_insert+0xab/0x570 [ 488.349185] ? __radix_tree_create+0x4d0/0x4d0 [ 488.353783] shmem_add_to_page_cache+0x5a4/0x860 [ 488.358745] ? shmem_unused_huge_scan+0xa0/0xa0 [ 488.363659] ? __radix_tree_preload+0x1d2/0x260 [ 488.368339] shmem_getpage_gfp+0x17cc/0x2870 [ 488.372783] ? shmem_mfill_atomic_pte+0x17e0/0x17e0 [ 488.377862] ? iov_iter_fault_in_readable+0x1da/0x3c0 [ 488.383073] shmem_write_begin+0xfd/0x1b0 [ 488.387230] ? trace_hardirqs_on_caller+0x400/0x590 [ 488.392265] generic_perform_write+0x1f8/0x480 [ 488.396847] ? page_endio+0x530/0x530 [ 488.400639] ? current_time+0xb0/0xb0 [ 488.404456] ? generic_file_write_iter+0x9a/0x660 [ 488.409554] __generic_file_write_iter+0x239/0x5b0 [ 488.414668] generic_file_write_iter+0x303/0x660 [ 488.419435] __vfs_write+0x4a7/0x6b0 [ 488.423144] ? selinux_file_open+0x420/0x420 [ 488.427564] ? kernel_read+0x120/0x120 [ 488.431523] ? check_preemption_disabled+0x3c/0x250 [ 488.436551] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 488.442004] ? rcu_sync_lockdep_assert+0x6d/0xb0 [ 488.446774] ? __sb_start_write+0x153/0x2f0 [ 488.451105] vfs_write+0x198/0x500 [ 488.454694] SyS_pwrite64+0x115/0x140 [ 488.458585] ? SyS_pread64+0x140/0x140 [ 488.462663] ? do_syscall_64+0x53/0x640 [ 488.466647] ? SyS_pread64+0x140/0x140 [ 488.470540] do_syscall_64+0x1e8/0x640 [ 488.474875] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 488.479734] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 488.484929] RIP: 0033:0x4151b7 [ 488.488108] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 488.495818] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 00000000004151b7 [ 488.503136] RDX: 0000000000000048 RSI: 0000000020000080 RDI: 0000000000000004 [ 488.510458] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 0000000000000001 [ 488.517828] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000003 [ 488.525126] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000007 02:47:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) clock_gettime(0x0, &(0x7f0000000080)={0x0, 0x0}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000100)={0x5, 0x7, 0x4, 0x40000, 0xa3ad, {r0, r1/1000+10000}, {0x2, 0x0, 0x6, 0x0, 0xff, 0x5, "9ad52625"}, 0x8, 0x1, @planes=&(0x7f00000000c0)={0x74, 0x8, @userptr, 0x1}, 0x9, 0x0, r3}) ioctl$SNDRV_TIMER_IOCTL_SELECT(r4, 0x40345410, &(0x7f0000000180)={{0x3, 0x1, 0x1, 0x1, 0x1}}) [ 488.574406] BTRFS error (device loop4): superblock checksum mismatch 02:47:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_DROP(0xffffffffffffffff, 0x4143, 0x0) [ 488.633495] BTRFS error (device loop4): open_ctree failed 02:47:43 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000180)='./file0/file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$midi(r3, &(0x7f00000001c0)="bdb99ccd0f0ace0954191d15f09879c1c82271a7684898472a5b46ac02a5699c08349813dded6d85de66c6fb2df559f0159a56739fd2428a5cd4eacdb863a96db51d623642b91e12d4000827d99b5af19c860d62ef2699a51c5dafbfee79ff0768762729330597987c5861b6baf5c34b28a9038569de0bd0f4e316e186734de07e6af14cd932140039e65399408501360d73f27f190758a9a5321c98c37b7890f8b41ab01db687aba472000001c066000000ed72e911ba0000000000004b8c2a", 0xc0) 02:47:43 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0xf93}], 0x0, 0x0) 02:47:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:43 executing program 5 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 488.855710] FAULT_INJECTION: forcing a failure. [ 488.855710] name failslab, interval 1, probability 0, space 0, times 0 [ 488.911233] CPU: 0 PID: 28549 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 488.919166] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 488.928618] Call Trace: [ 488.931230] dump_stack+0x142/0x197 [ 488.934886] should_fail.cold+0x10f/0x159 [ 488.939258] should_failslab+0xdb/0x130 [ 488.943251] kmem_cache_alloc+0x2d7/0x780 [ 488.947414] ? vfs_write+0x25f/0x500 [ 488.951146] getname_flags+0xcb/0x580 [ 488.954957] ? check_preemption_disabled+0x3c/0x250 [ 488.959986] getname+0x1a/0x20 [ 488.963187] do_sys_open+0x1e7/0x430 [ 488.966907] ? filp_open+0x70/0x70 [ 488.970444] ? fput+0xd4/0x150 [ 488.973644] ? SyS_pwrite64+0xca/0x140 [ 488.977533] SyS_open+0x2d/0x40 [ 488.980805] ? do_sys_open+0x430/0x430 [ 488.984687] do_syscall_64+0x1e8/0x640 [ 488.988698] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 488.993558] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 488.998749] RIP: 0033:0x415151 [ 489.001943] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 489.009649] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 0000000000415151 [ 489.017048] RDX: 00007f6b0e361b0a RSI: 0000000000000002 RDI: 00007f6b0e361b00 [ 489.024329] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 489.031602] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003 [ 489.038877] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000008 02:47:45 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:45 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) rmdir(&(0x7f0000000080)='./file0\x00') r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) fsync(r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380)='nl80211\x00') sendmsg$NL80211_CMD_JOIN_MESH(r3, &(0x7f00000004c0)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0x50, r4, 0x400, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_MESH_CONFIG={0x34, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_HWMP_ROOT_INTERVAL={0x6, 0x18, 0x40}, @NL80211_MESHCONF_TTL={0x5}, @NL80211_MESHCONF_SYNC_OFFSET_MAX_NEIGHBOR={0x8, 0x15, 0x5e}, @NL80211_MESHCONF_ELEMENT_TTL={0x5, 0xf, 0x8}, @NL80211_MESHCONF_RSSI_THRESHOLD={0x8, 0x14, 0xffffffffffffffee}, @NL80211_MESHCONF_PATH_REFRESH_TIME={0x8, 0x9, 0x5}]}, @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, 0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x1}, 0x35388b7e59b5b82b) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r8}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r8}}, 0x48) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r9, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r10}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r9, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r10}}, 0x48) write$RDMA_USER_CM_CMD_BIND(r7, &(0x7f0000000100)={0x14, 0x88, 0xfa00, {r10, 0x2c, 0x0, @in6={0xa, 0x4e20, 0x6, @dev={0xfe, 0x80, [], 0x22}, 0x200}}}, 0x90) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_SUBSCRIBE_EVENT(r6, 0x4020565a, &(0x7f00000000c0)={0x800100b, 0x6, 0x1}) 02:47:45 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000380)='/dev/snapshot\x00', 0x8000, 0x0) ioctl$IMCLEAR_L2(r2, 0x80044946, &(0x7f00000003c0)=0x4) ioctl$sock_kcm_SIOCKCMUNATTACH(0xffffffffffffffff, 0x89e1, &(0x7f0000000100)={r1}) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000180)=0x1) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x5a482, 0x0) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x10000000004ef4) recvfrom$l2tp(0xffffffffffffffff, &(0x7f0000000200)=""/59, 0x3b, 0x41, &(0x7f0000000240)={0x2, 0x0, @loopback}, 0x10) pipe2(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80000) ioctl$sock_SIOCGIFCONF(r3, 0x8912, &(0x7f0000000340)=@buf={0x4a, &(0x7f00000002c0)="5180dfce9cd89afb766c83e5196a5b79b9e12e7cd93605e4eeab344ba1dd4110547b3b292b2ee52182d5b4bfdcb977586a62e5f7e64336c59be1e974364bad419e82adb4eb5380f3a01b"}) 02:47:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:45 executing program 5 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}, 0x8f8}], 0x1, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 491.328533] FAULT_INJECTION: forcing a failure. [ 491.328533] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 491.340478] CPU: 1 PID: 28570 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 491.348379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.348384] Call Trace: [ 491.348403] dump_stack+0x142/0x197 [ 491.348423] should_fail.cold+0x10f/0x159 [ 491.348440] __alloc_pages_nodemask+0x1d6/0x7a0 [ 491.348452] ? fs_reclaim_acquire+0x20/0x20 [ 491.348466] ? __alloc_pages_slowpath+0x2930/0x2930 [ 491.348489] cache_grow_begin+0x80/0x400 [ 491.348504] kmem_cache_alloc+0x6a6/0x780 [ 491.348513] ? vfs_write+0x25f/0x500 [ 491.348530] getname_flags+0xcb/0x580 [ 491.348539] ? check_preemption_disabled+0x3c/0x250 [ 491.348552] getname+0x1a/0x20 [ 491.348567] do_sys_open+0x1e7/0x430 [ 491.348581] ? filp_open+0x70/0x70 [ 491.348589] ? fput+0xd4/0x150 [ 491.348599] ? SyS_pwrite64+0xca/0x140 [ 491.348614] SyS_open+0x2d/0x40 [ 491.348624] ? do_sys_open+0x430/0x430 [ 491.348638] do_syscall_64+0x1e8/0x640 [ 491.348650] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 491.348669] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 491.348677] RIP: 0033:0x415151 [ 491.348683] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 491.348694] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 0000000000415151 [ 491.348700] RDX: 00007f6b0e361b0a RSI: 0000000000000002 RDI: 00007f6b0e361b00 02:47:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) recvmmsg(0xffffffffffffffff, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) ioctl$KVM_SET_XSAVE(0xffffffffffffffff, 0x5000aea5, &(0x7f00000001c0)={[0x6, 0x7fffffff, 0x7f, 0x6, 0x8, 0xffffffff, 0x9, 0x10001, 0x74e32d49, 0x9, 0x6, 0x0, 0x4, 0x80, 0x4, 0x1000, 0x3, 0x6e1884bd, 0x8001, 0x400, 0xd96, 0x101, 0x1a1, 0x401, 0xfffffce2, 0x1, 0x9, 0x101, 0x6, 0x5, 0x1, 0x3, 0x5, 0xffffffff, 0x2, 0x5bd, 0x7, 0x8, 0x0, 0x6, 0xdc7b, 0x1, 0x8, 0x10000, 0x6, 0x20, 0x9, 0x8, 0x40, 0x7, 0x4, 0x1ff, 0x2, 0x3f, 0xff, 0x1000, 0x1, 0x9, 0x57, 0x4, 0x9, 0x3d, 0xff, 0x1, 0x1, 0x7, 0x6, 0x7, 0x81, 0x3ff, 0x2, 0x1, 0x80000001, 0x732a03aa, 0x0, 0x9, 0x1, 0x9, 0x6, 0x55, 0xb224, 0x401, 0x849, 0x3ff, 0x6, 0x6, 0x8, 0x5, 0x8, 0xd223, 0x7fffffff, 0x3ff00, 0x0, 0x9, 0x8, 0x40, 0x6, 0x7, 0xfd, 0x0, 0x6, 0x0, 0x4797, 0x7, 0x4, 0x7, 0x40, 0x8, 0x2, 0x100, 0x8, 0xff, 0x8, 0x4, 0x5e, 0xec, 0x7, 0x10001, 0x9, 0xffff, 0x7, 0x3ff, 0x3, 0x100, 0xe2, 0x3, 0x3, 0xf7c5, 0xe87d, 0x0, 0x3, 0x200002, 0x9, 0x22a, 0x5, 0x0, 0x1, 0xab9, 0x5, 0x101, 0x10000, 0x2, 0x81, 0x2e, 0x100, 0x1ff, 0x40, 0x7, 0xfffffff7, 0x2, 0x100, 0xca, 0x4, 0x742ea654, 0x10000, 0xfffffffb, 0xeb, 0x80000000, 0x8, 0x7, 0x2, 0xfff, 0x4, 0xff, 0xfffffffc, 0x3ca9, 0x3, 0x6, 0x0, 0x3, 0x5, 0x9, 0x7fffffff, 0x200, 0x40, 0xfffffff8, 0x6, 0x136, 0x7, 0x2, 0x6, 0x6, 0x80000000, 0x7f, 0x9, 0x3b, 0xed, 0x8f9a, 0x6, 0x1, 0x0, 0x1, 0x400, 0x4, 0x7e9, 0x4, 0x9, 0x6, 0x69d1, 0x77, 0x10001, 0x1, 0x1, 0xd1, 0xffffffff, 0x0, 0x8, 0x5, 0xfff, 0x400, 0x6, 0x2, 0x5, 0x5, 0x0, 0xfffff800, 0x4, 0x80000001, 0x2, 0x3f, 0x7fffffff, 0x4, 0x2, 0xfffffff7, 0x8, 0x0, 0x9, 0x2, 0x200, 0x1, 0x2, 0x6, 0x7, 0x400, 0x7, 0x101, 0x7, 0x0, 0x5, 0x1, 0x1ff, 0x6, 0x3, 0x7, 0x9, 0x8, 0x20, 0x1, 0x3, 0x8001, 0xd40, 0xc71a, 0x7fff, 0xb74a, 0x6, 0x1, 0x200, 0x3, 0x2, 0xfffffc01, 0x0, 0x10000, 0x1, 0x7, 0x46992f59, 0x1b313fd2, 0x1, 0x74dd, 0x7ff, 0x1, 0x40, 0x10001, 0x7, 0x401, 0x8, 0x5, 0x0, 0x7, 0xae, 0x1be000, 0x400, 0x2, 0x4, 0xfffffffe, 0x8, 0x7, 0x0, 0x3ff, 0x101, 0x3, 0x6, 0x7fff, 0x7f, 0xff79, 0x7, 0xcee, 0x400, 0x80000001, 0x8001, 0x4, 0x9, 0x6, 0xe70b, 0x3, 0x1, 0x7ff, 0xf0f, 0xc664ec0, 0x3, 0x2, 0x1f, 0x80000001, 0x7f, 0x81, 0x2, 0x1f, 0x3f, 0xca0, 0x1, 0x8, 0x5, 0x4, 0x2, 0x1, 0x4, 0x7f, 0x400, 0x6, 0x1ff, 0x2, 0x8, 0xffffff80, 0x6, 0x7, 0xc42, 0x2, 0x3, 0x3, 0x0, 0x4, 0x4, 0x3, 0xcf, 0xffff, 0x5, 0x4d5, 0xfffffffe, 0x7, 0x5, 0xe38, 0x8, 0x5, 0x5, 0x7ff, 0x1, 0xc05, 0x4, 0x7, 0xadd2, 0x7, 0x81, 0x5, 0x0, 0x8, 0x2, 0x100, 0x1, 0x338, 0x6, 0x3, 0xfffffffa, 0x80000001, 0x4, 0x1cdb, 0x7ff, 0x7, 0x0, 0x800, 0xbb, 0x6, 0x7f, 0x101, 0x401, 0x200, 0x2, 0x699d, 0x2, 0x7, 0x5, 0x1be0000, 0x2, 0x7fff, 0x3ff, 0x69, 0x25a, 0x80000001, 0x2, 0x101, 0x6, 0x101, 0x20002, 0x3, 0x6, 0x1, 0xfffffffc, 0x0, 0x4, 0x6, 0x7fff, 0xd47, 0xffffff01, 0xa5, 0x3ff, 0x6330, 0x400, 0xffff8000, 0x3, 0x5, 0xfffffffc, 0x63, 0x5b5beb16, 0xf12, 0x0, 0x8, 0x3ff, 0x5, 0x3, 0x200, 0x1, 0x3, 0xfffffff9, 0x7, 0x80000001, 0x6, 0x40, 0x5, 0x7b78fad5, 0x2, 0x7ff, 0x3f, 0xe7f, 0x1ff, 0x8, 0x101, 0x6, 0x1f, 0x0, 0x401, 0x200, 0x7, 0x80, 0xc81a, 0x823e, 0x0, 0x5, 0x1ff, 0x3, 0x6, 0xffffff01, 0x100, 0xa7, 0x6, 0x8001, 0x8, 0xfffffffe, 0x8, 0x5, 0x800, 0x80000000, 0xffff, 0x200, 0x200, 0x282, 0x8, 0xff, 0x2b39, 0x5, 0x7ff, 0xff6f, 0xcf, 0xf80, 0xa44e, 0xb20, 0x4, 0x0, 0x5, 0x5, 0xbb96, 0xc6, 0x10001, 0x8, 0x3, 0x9, 0x9, 0x8b5, 0x800, 0x9, 0x80000000, 0x7, 0x80, 0x9, 0x1, 0xffffffff, 0x3ff, 0x100, 0xff, 0x3, 0x3b, 0x2, 0x8, 0x100, 0xff, 0x0, 0x7, 0x8, 0x4, 0x81, 0x100, 0x6, 0x1, 0x9, 0x1, 0x1, 0x3, 0x3, 0x5, 0xab, 0x0, 0x7, 0x10000, 0x5, 0x1, 0x80000000, 0x4, 0x7ff, 0x3, 0x4ee0, 0x80000000, 0x30, 0x3, 0x2, 0x8000, 0x8, 0x1, 0xb2, 0xfffffff9, 0x1, 0xbf9e, 0x200, 0x6, 0x7, 0xf9c, 0x9, 0x5, 0x40, 0x0, 0x7f00000, 0x1, 0xc4a, 0xfffffbff, 0x1, 0x2, 0x80000001, 0x2, 0x3, 0xfff, 0x9a, 0xc466, 0x3, 0x7, 0xff, 0x5, 0x3, 0x3, 0x7fffffff, 0x8000, 0xfffffff7, 0x7, 0x8000, 0x3, 0x100, 0x1000, 0x0, 0x1, 0xfffffe00, 0x7, 0x3, 0xe18332aa, 0xeec, 0xec, 0xffff098a, 0x6, 0x4, 0x1, 0x80000000, 0x3f, 0x4, 0x5, 0x7, 0x6, 0x7, 0xdb6, 0x6, 0xffff, 0x2, 0x3, 0x80, 0xffff, 0x1d2, 0x41, 0x9, 0x2, 0x2000000, 0x1, 0x7ff, 0x8001, 0x8, 0x80000000, 0x16e6e5f7, 0x1ea7, 0x10001, 0x0, 0x8, 0x80, 0xffffffff, 0x9, 0x7fffffff, 0x7, 0x4, 0xffffffff, 0xcf5b, 0x6, 0xf51d, 0x8, 0x9, 0xffffffff, 0x0, 0xfff, 0xfffffff7, 0x8, 0x2, 0x797, 0x7, 0x1, 0x7ff, 0x1, 0x100, 0x5ef9, 0x7fffffff, 0x400, 0x800, 0x7fffffff, 0x7, 0x5c66, 0x7f, 0x4, 0x9, 0xda4ea9a, 0x0, 0xf9, 0xfffff028, 0x9, 0x0, 0xde, 0x5, 0x800, 0x4e4e, 0x6cf3, 0x5, 0xfffffffd, 0xfff, 0x21c2593, 0x0, 0x0, 0x10001, 0x9, 0x7fff, 0x7, 0x6, 0x3, 0x0, 0x7, 0xb3a2, 0x6, 0x10000, 0x1, 0x4, 0xffff, 0x9, 0x9, 0x1f, 0x5977, 0x1, 0x81, 0x1000, 0x65323dc7, 0xad6, 0x70, 0x10001, 0x0, 0x3f, 0x6, 0x7, 0x3ff, 0x5d1, 0x10000, 0xc437, 0x3, 0x2, 0x80, 0x3, 0x8000, 0x4, 0x7, 0x9, 0x8, 0x80000000, 0x9abd, 0x100, 0x7fff, 0x1, 0x100, 0x7fffffff, 0x2, 0x6, 0x0, 0x800, 0x401, 0xbc, 0x2b2, 0x1f, 0x10001, 0x9, 0x8fc2, 0x8, 0x8, 0x1, 0x0, 0x80, 0x1f, 0x2, 0x7ff, 0x7, 0x5, 0x0, 0x1, 0x1, 0x80000001, 0x115c00, 0x2, 0x800000, 0x1, 0x7fffffff, 0xffffffff, 0x1, 0x54fe, 0x6, 0x4, 0x7f, 0x20, 0x80, 0x3, 0x4, 0x5ac0, 0x42d7, 0x6, 0x37b, 0x3, 0x8, 0x8, 0x1, 0x6, 0x5, 0x0, 0x375a, 0x200, 0x10000, 0x200, 0x2, 0xcdf78e7, 0xff000000, 0x8, 0x6, 0x7f, 0x100, 0x8, 0x1f, 0x101, 0x6, 0x0, 0x7, 0x80000000, 0x80000001, 0x5, 0x81, 0x5, 0x7, 0x8, 0x6, 0x6, 0x0, 0x4, 0x3, 0x9, 0x0, 0x0, 0x9, 0x9, 0x0, 0x5, 0x7, 0xfff, 0x6, 0x6405, 0x1, 0x6, 0x400, 0x6, 0x8000000, 0x8, 0x9, 0x9, 0x3f, 0x9, 0x6, 0xffffffff, 0x83f9de0f, 0x1, 0x5, 0x98c, 0x4, 0x0, 0x7, 0xfffffffa, 0xff, 0x3f, 0x10000, 0x6, 0x10000, 0x6, 0xfa, 0x0, 0x3, 0xffffff80, 0xffffff81, 0x5, 0xff, 0xfffffffc, 0x2, 0x4, 0x6, 0x3, 0x0, 0x6, 0x8000, 0x0, 0x1, 0x8001, 0x5, 0x66, 0xdb, 0x3, 0x800, 0x5, 0x7ff, 0x6, 0xffff, 0xffffffff, 0x0, 0x4, 0x4d, 0x62f, 0x0, 0xffffffff, 0x3, 0x4, 0xffff0001, 0x3f, 0x0, 0x1000, 0x2, 0x8, 0xff, 0x1, 0x6, 0x0, 0x100, 0xfffffffd, 0x800, 0x1, 0x80, 0xf06, 0xfc000000, 0x3ff, 0xfffffff7, 0x1, 0x0, 0x81, 0x2, 0x8, 0x7, 0x1, 0x10000, 0x2, 0x4, 0xfff, 0x5, 0x4, 0x3, 0x1, 0x3, 0x2, 0x1, 0x5f, 0xffff, 0x9, 0xffff7fff, 0xfffffff7, 0x7, 0x3, 0x2, 0x0, 0x0, 0x1, 0x1000, 0x4, 0x1, 0x878a, 0x0, 0x9, 0x7, 0x9, 0x3b50, 0x7f, 0x20, 0x1, 0x80, 0x3, 0x200, 0x0, 0x20, 0x5, 0x0, 0x1000, 0xff, 0x3, 0x1, 0xf8000000, 0x8, 0x7f, 0x8, 0x1, 0x0, 0x6, 0x1034, 0x8, 0xfffffffa, 0x401, 0x1, 0x81e, 0x7, 0x8000, 0x4, 0x933, 0x9, 0xffffffff, 0x7, 0x5, 0x2, 0x800, 0x0, 0x9, 0x3, 0x937, 0x9, 0x9, 0x80000000, 0x1969, 0x1ff, 0x5, 0xffffffff, 0x81, 0xe6aa, 0x7fff, 0x292686e2, 0xffffffff, 0x80, 0x401, 0x0, 0x3, 0x5, 0x1, 0xfd3, 0x80000001, 0x303, 0x52bc6a87, 0x81, 0x4, 0x800, 0x8, 0xffffff00, 0xffffffe1, 0x365, 0x0, 0x3, 0x6, 0x8, 0x8, 0x5, 0x0, 0x4, 0x3, 0x6, 0x5, 0xfffffffc, 0x7, 0x8001, 0xeb, 0x5b, 0x7, 0x1, 0x6, 0x690000, 0x883]}) r1 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x40040, 0x0) ioctl$sock_inet6_tcp_SIOCOUTQ(r1, 0x5411, &(0x7f00000000c0)) ioctl$SIOCGSTAMP(0xffffffffffffffff, 0x8906, &(0x7f0000000040)) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:46 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r1 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r0, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r2}, &(0x7f0000000240)=0x8) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, &(0x7f0000000080)={r2, 0x3, 0x9, [0x1f, 0x3, 0x200, 0x2, 0x3ff, 0x6, 0x1000, 0x8, 0x188]}, 0x1a) [ 491.348706] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 491.348712] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003 [ 491.348718] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000009 [ 491.357246] BTRFS error (device loop4): superblock checksum mismatch 02:47:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$IPT_SO_SET_REPLACE(r4, 0x0, 0x40, &(0x7f00000001c0)=@filter={'filter\x00', 0xe, 0x4, 0x2f8, 0xd0, 0x0, 0xd0, 0x0, 0xd0, 0x260, 0x260, 0x260, 0x260, 0x260, 0x4, &(0x7f0000000080), {[{{@uncond, 0x0, 0x70, 0xd0}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@local, [0xffffff00, 0xff000000, 0xff000000, 0xffffff00], 0x4e24, 0x4e22, 0x4e23, 0x4e22, 0x9, 0x8, 0x20, 0x375, 0x4}}}, {{@ip={@local, @broadcast, 0xff000000, 0x0, 'veth0\x00', 'veth0_to_team\x00', {}, {}, 0x11, 0x2, 0x6}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @dev={[], 0x2a}, 0x7, 0x8, [0x3d, 0x1f, 0xb, 0x1b, 0x35, 0x3a, 0x12, 0xd, 0x1e, 0x31, 0x8, 0x29, 0x3a, 0xf, 0x3e, 0x3f], 0x1, 0x3, 0x400}}}, {{@ip={@local, @multicast2, 0xffffff00, 0xff, 'batadv_slave_1\x00', 'bridge_slave_0\x00', {0xff}, {0xff}, 0x84, 0x2, 0x18}, 0x0, 0x98, 0xc0, 0x0, {}, [@common=@icmp={{0x28, 'icmp\x00'}, {0x12, "b87d"}}]}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x3}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x358) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_S_EDID(r6, 0xc0285629, &(0x7f0000000040)={0x0, 0x6210, 0x9, [], &(0x7f0000000000)=0x1}) 02:47:46 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r1) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180)={0x0, 0x0}, &(0x7f00000005c0)=0xc) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r4) getresuid(&(0x7f0000000600), &(0x7f0000000640), &(0x7f0000000680)=0x0) syz_mount_image$btrfs(&(0x7f0000000080)='btrfs\x00', &(0x7f00000000c0)='\x00', 0x100, 0x4, &(0x7f0000000540)=[{&(0x7f0000000200)="a6283a04aa9c882154bd8b3b1d86c1d17729c8efd85f70fd6bde05039527250154cfd3fa42ec468d707016f47c41f41f97b07857d2a5d947c73e59a902555a5b16e8411bab3614d0332b1d3d0720e2b2828c60939f60d6a00748ca82d4107649115e08ed5683d09752c1e07def68331d087938072b2f9010b37dede53d75b8eafd34994a473d3212da6de93d879603d3d851fe56137779615ef2e3703e7ee346352d773f9f425eeaef737212047e033add1f78406f0916851e95709b095907a6ec0087fc2724f4c4b7f40c99f2015692def5dcff599c49e82bc03402fc2ab2386c5fdf6c3e424da64f2d81ddfb81a2fd4a60fe", 0xf3, 0xc114}, {&(0x7f0000000380)="45106c0e2e634283723232a51db6b14b3ade51e171541e99f453cbe93297a4465415624f667f49c148f19ae5bc7ca86d271a0cd9486c7cdffb883e8ee2d721f3deaa8e442b1feabc3e529ef58e27b00b1ea23729c145dbf14c121cc3523af97c3ca3d09242243a4df4d717cd1329b68a6ef45edb80d645a9c72e5714462f536e66b882a09df399312de750e3f5cd129bc4446f8302b7687e8c3063284540d8e6c7f4c795e63ebaf99e0c7dccee89feb753a19be94e6c4c149004df49e035304dc42cfd3296cccabeb3458eb03a050c7227caa4c475688cf5c3072419067988e61ab5a7a6d2483df31c21186b71f7ac71", 0xf0, 0x1}, {&(0x7f0000000100)="37d0447728b3e840bf8c77e07ece6cda101edf17427b39fe5c539c3cbe2787a7717aa6a7ad0ab4e89508b6c04ce8bf13ffb6992e0c0d049ec40f283e7c756b6aa5a347b25cabeb63377cb61b0510f4a04e29ba45db77c96b4ba589b02ae11dcfa0734270cf426cfec5ca722d6be16413", 0x70}, {&(0x7f0000000480)="4db4cc98811b84ab4b5fb61dd1a950dc8bc2c432d6c3c28c36389f6e09c271478dfd68faf870987279f525aa8df7226df7db2db19faeed7c4ec05b81664c60ba994a802728859f909aa654474ec299740164ffa4d7a5f01cace2c5bfc7d09e636acda6353ac1fb5bce67c27b95777bc45d24fe3e0ebca6be079d740d578e108cbaf306a5fce5bfb7547a13fbdbb0758fb89a67b9b1a7bcaa755faa42577ba7b6221ede05b74f87e4f2f8a58e7a219b82e0ea5ddb9964e21c4c5e", 0xba, 0x9f3}], 0x31444, &(0x7f00000006c0)={[{@commit={'commit', 0x3d, 0x401}}, {@check_int_print_mask={'check_int_print_mask', 0x3d, 0x101}}, {@nospace_cache='nospace_cache'}, {@clear_cache='clear_cache'}, {@clear_cache='clear_cache'}, {@rescan_uuid_tree='rescan_uuid_tree'}, {@noinode_cache='noinode_cache'}, {@nobarrier='nobarrier'}], [{@defcontext={'defcontext', 0x3d, 'root'}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@smackfsroot={'smackfsroot', 0x3d, 'selinuxnodev'}}, {@uid_eq={'uid', 0x3d, r1}}, {@euid_eq={'euid', 0x3d, r2}}, {@fowner_gt={'fowner>', r4}}, {@uid_gt={'uid>', r5}}, {@subj_type={'subj_type'}}]}) [ 491.600862] BTRFS error (device loop4): open_ctree failed 02:47:46 executing program 5 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:46 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$SO_VM_SOCKETS_BUFFER_MIN_SIZE(r3, 0x28, 0x1, &(0x7f0000000080)=0x1, 0x8) recvmmsg(r1, &(0x7f0000000980)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f00000001c0)=""/228, 0xe4}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f00000003c0)=""/203, 0xcb}, {&(0x7f00000004c0)=""/216, 0xd8}, {&(0x7f0000000100)=""/54, 0x36}, {&(0x7f00000005c0)=""/192, 0xc0}, {&(0x7f0000000680)=""/253, 0xfd}, {&(0x7f0000000780)=""/188, 0xbc}], 0x8, &(0x7f00000008c0)=""/130, 0x82}, 0x5}], 0x1, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r1, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 491.709567] BTRFS error (device loop4): superblock checksum mismatch [ 491.756787] FAULT_INJECTION: forcing a failure. [ 491.756787] name failslab, interval 1, probability 0, space 0, times 0 [ 491.777310] BTRFS error (device loop4): open_ctree failed [ 491.786847] CPU: 1 PID: 28605 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 491.794885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 491.804247] Call Trace: [ 491.806892] dump_stack+0x142/0x197 [ 491.810547] should_fail.cold+0x10f/0x159 [ 491.814726] should_failslab+0xdb/0x130 [ 491.818700] kmem_cache_alloc+0x2d7/0x780 [ 491.822944] ? save_stack+0xa9/0xd0 [ 491.826567] get_empty_filp+0x8c/0x3f0 [ 491.830558] path_openat+0x96/0x3e50 [ 491.834267] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 491.839638] ? trace_hardirqs_on+0x10/0x10 [ 491.843987] ? check_preemption_disabled+0x3c/0x250 [ 491.849026] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 491.853697] ? find_held_lock+0x35/0x130 [ 491.857787] ? save_trace+0x290/0x290 [ 491.861609] ? __alloc_fd+0x1d4/0x4a0 [ 491.865426] do_filp_open+0x18e/0x250 [ 491.869230] ? may_open_dev+0xe0/0xe0 [ 491.873062] ? lock_downgrade+0x740/0x740 [ 491.877213] ? do_raw_spin_unlock+0x174/0x260 [ 491.881719] ? _raw_spin_unlock+0x2d/0x50 [ 491.885887] ? __alloc_fd+0x1d4/0x4a0 [ 491.889731] do_sys_open+0x2c5/0x430 [ 491.894438] ? filp_open+0x70/0x70 [ 491.898004] ? fput+0xd4/0x150 [ 491.901208] ? SyS_pwrite64+0xca/0x140 [ 491.905101] SyS_open+0x2d/0x40 [ 491.908505] ? do_sys_open+0x430/0x430 [ 491.912399] do_syscall_64+0x1e8/0x640 [ 491.917332] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 491.922175] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 491.927372] RIP: 0033:0x415151 [ 491.930557] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 491.938275] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 0000000000415151 [ 491.945557] RDX: 00007f6b0e361b0a RSI: 0000000000000002 RDI: 00007f6b0e361b00 [ 491.952943] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 491.960210] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003 [ 491.967480] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000a [ 493.911049] NOHZ: local_softirq_pending 08 02:47:49 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, 0x0, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:49 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) prctl$PR_GET_FPEMU(0x9, &(0x7f0000000080)) 02:47:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f00000001c0)={0x3, 0x0, &(0x7f0000000000)=""/60, &(0x7f0000000040)=""/169, &(0x7f0000000100)=""/2, 0x6000}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = accept4(r3, 0x0, 0x0, 0x800) recvmmsg(r4, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x2400, 0x9) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 02:47:49 executing program 5 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:49 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$bt_l2cap(r2, &(0x7f0000000200)={0x1f, 0xffc1, @any, 0x100, 0x2}, 0xe) r3 = fcntl$dupfd(r0, 0x0, r0) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000140)={0x7, 0x4a42, 0x3, 0x0, 0x0, [{{r4}, 0x4}, {{r0}, 0xffffffffffffda40}, {{r0}, 0x6}]}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:49 executing program 0: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000000c0)="8d2893d344400748680c3ed90f02000a00009c09af0ba66b79dd41442af9cb17be52000001004d010000000000010000007a000000000001f60180200048bab81e1b00b10efd9a000001005ff70000000001fffffff60000005f42485266535f4d00000000000000", 0x68, 0x10000}], 0x0, 0x0) 02:47:49 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400202) [ 494.364347] FAULT_INJECTION: forcing a failure. [ 494.364347] name failslab, interval 1, probability 0, space 0, times 0 [ 494.395723] BTRFS error (device loop4): superblock checksum mismatch [ 494.433625] CPU: 0 PID: 28624 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 494.441699] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.451073] Call Trace: [ 494.453682] dump_stack+0x142/0x197 [ 494.457323] should_fail.cold+0x10f/0x159 [ 494.461493] should_failslab+0xdb/0x130 [ 494.465576] kmem_cache_alloc+0x2d7/0x780 [ 494.469827] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 494.475452] ? check_preemption_disabled+0x3c/0x250 [ 494.480623] selinux_file_alloc_security+0xb4/0x190 [ 494.485641] security_file_alloc+0x6d/0xa0 [ 494.489898] get_empty_filp+0x162/0x3f0 [ 494.493987] path_openat+0x96/0x3e50 [ 494.497721] ? entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.503109] ? trace_hardirqs_on+0x10/0x10 [ 494.507336] ? check_preemption_disabled+0x3c/0x250 [ 494.512359] ? path_lookupat.isra.0+0x7b0/0x7b0 [ 494.517043] ? find_held_lock+0x35/0x130 [ 494.521117] ? save_trace+0x290/0x290 [ 494.525067] ? __alloc_fd+0x1d4/0x4a0 [ 494.528885] do_filp_open+0x18e/0x250 [ 494.532778] ? may_open_dev+0xe0/0xe0 [ 494.536589] ? lock_downgrade+0x740/0x740 [ 494.540754] ? do_raw_spin_unlock+0x174/0x260 [ 494.545246] ? _raw_spin_unlock+0x2d/0x50 [ 494.549523] ? __alloc_fd+0x1d4/0x4a0 [ 494.553323] do_sys_open+0x2c5/0x430 [ 494.557056] ? filp_open+0x70/0x70 [ 494.560614] ? fput+0xd4/0x150 [ 494.563827] ? SyS_pwrite64+0xca/0x140 [ 494.567731] SyS_open+0x2d/0x40 [ 494.571007] ? do_sys_open+0x430/0x430 [ 494.574908] do_syscall_64+0x1e8/0x640 [ 494.578798] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.583670] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.588864] RIP: 0033:0x415151 [ 494.592041] RSP: 002b:00007f6b0e361a60 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 494.599853] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 0000000000415151 [ 494.607221] RDX: 00007f6b0e361b0a RSI: 0000000000000002 RDI: 00007f6b0e361b00 [ 494.614558] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 494.621847] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000003 02:47:49 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = accept4(0xffffffffffffffff, &(0x7f0000000080)=@l2={0x1f, 0x0, @fixed}, &(0x7f0000000100)=0x80, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r4, 0x84, 0xc, &(0x7f00000002c0)=0xfffffffc, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SIOCGETLINKNAME(r6, 0x89e0, &(0x7f0000000240)) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r2, 0x84, 0x6d, &(0x7f0000000140)={0x0, 0x7, "59a82c14d31f0e"}, &(0x7f0000000180)=0xf) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={r7, 0x7}, 0x8) [ 494.629122] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000b 02:47:49 executing program 5 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:49 executing program 0: unshare(0x100) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) shmctl$IPC_RMID(r0, 0x0) shmctl$SHM_LOCK(r0, 0xb) [ 494.736078] FAULT_INJECTION: forcing a failure. [ 494.736078] name failslab, interval 1, probability 0, space 0, times 0 [ 494.754673] CPU: 1 PID: 28649 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 494.762597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 494.772053] Call Trace: [ 494.774655] dump_stack+0x142/0x197 [ 494.778298] should_fail.cold+0x10f/0x159 [ 494.782467] should_failslab+0xdb/0x130 [ 494.786472] kmem_cache_alloc_trace+0x2e9/0x790 [ 494.791156] ? __lockdep_init_map+0x10c/0x570 [ 494.795694] ? loop_get_status64+0x120/0x120 [ 494.800111] __kthread_create_on_node+0xe3/0x3e0 [ 494.804882] ? kthread_park+0x140/0x140 [ 494.808969] ? __fget+0x210/0x370 [ 494.812446] ? loop_get_status64+0x120/0x120 [ 494.816865] kthread_create_on_node+0xa8/0xd0 [ 494.821398] ? __kthread_create_on_node+0x3e0/0x3e0 [ 494.826445] ? __lockdep_init_map+0x10c/0x570 [ 494.830949] lo_ioctl+0xce3/0x1cd0 [ 494.834491] ? debug_check_no_obj_freed+0x2aa/0x7b7 [ 494.839509] ? loop_probe+0x160/0x160 [ 494.843346] blkdev_ioctl+0x95f/0x1850 [ 494.847250] ? blkpg_ioctl+0x970/0x970 [ 494.851139] ? __might_sleep+0x93/0xb0 [ 494.855041] ? __fget+0x210/0x370 [ 494.858489] block_ioctl+0xde/0x120 [ 494.862109] ? blkdev_fallocate+0x3b0/0x3b0 [ 494.866516] do_vfs_ioctl+0x7ae/0x1060 [ 494.870408] ? selinux_file_mprotect+0x5d0/0x5d0 [ 494.875185] ? lock_downgrade+0x740/0x740 [ 494.879350] ? ioctl_preallocate+0x1c0/0x1c0 [ 494.883769] ? __fget+0x237/0x370 [ 494.887225] ? security_file_ioctl+0x89/0xb0 [ 494.891633] SyS_ioctl+0x8f/0xc0 [ 494.895006] ? do_vfs_ioctl+0x1060/0x1060 [ 494.899178] do_syscall_64+0x1e8/0x640 [ 494.903072] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 494.914206] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 494.919417] RIP: 0033:0x45b227 [ 494.922606] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 494.930319] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 494.937592] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 494.944862] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 494.952132] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 494.959417] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000c 02:47:49 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000003400)='/selinux/mls\x00', 0x0, 0x0) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000003480)='nl80211\x00') getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000003700)={@mcast2, 0x0}, &(0x7f0000003740)=0x14) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000003840)={&(0x7f0000003440)={0x10, 0x0, 0x0, 0x4800}, 0xc, &(0x7f0000003800)={&(0x7f0000003780)={0x58, r1, 0x20fc31bba1839c36, 0x70bd2a, 0x25dfdbfe, {}, [@NL80211_ATTR_WDEV={0xc, 0x99, {0xfffffff9}}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x3}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r2}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x8001, 0x2}}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x401, 0xffffffffffffffff}}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x58}, 0x1, 0x0, 0x0, 0x20004000}, 0x5) [ 494.968209] audit: type=1800 audit(1581562069.655:89): pid=28651 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=163842 res=0 [ 495.040716] BTRFS error (device loop4): open_ctree failed [ 495.133438] BTRFS error (device loop4): superblock checksum mismatch [ 495.190524] BTRFS error (device loop4): open_ctree failed 02:47:52 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:52 executing program 0: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000300)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x200000, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0x9) 02:47:52 executing program 5 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:52 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000f00)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_ACCEPT(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000180)={0x14, r4, 0x0, 0x70bd26, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) sendmsg$NLBL_UNLABEL_C_ACCEPT(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x94, r4, 0x10, 0x70bd26, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @multicast1}, @NLBL_UNLABEL_A_SECCTX={0x32, 0x7, 'unconfined_u:system_r:insmod_t:s0-s0:c0.c1023\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @empty}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @mcast1}]}, 0x94}, 0x1, 0x0, 0x0, 0x40000}, 0x2000a000) 02:47:52 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048ae0080000000000000000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x3b00c01, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:52 executing program 0: r0 = socket$unix(0x1, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r2, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, 'Uz\x00', 0x24, 0x6, 0x0, @empty={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x9, 0x2, 0x0, 0x0, 0x0, {[@window={0x3, 0x3, 0x81}, @timestamp={0x8, 0xa}]}}}}}}}}, 0x0) [ 497.416532] FAULT_INJECTION: forcing a failure. [ 497.416532] name failslab, interval 1, probability 0, space 0, times 0 [ 497.442271] CPU: 1 PID: 28682 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 497.450204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 497.459564] Call Trace: [ 497.462167] dump_stack+0x142/0x197 [ 497.465813] should_fail.cold+0x10f/0x159 [ 497.470115] should_failslab+0xdb/0x130 [ 497.474099] kmem_cache_alloc+0x2d7/0x780 [ 497.478271] ? trace_hardirqs_on+0x10/0x10 [ 497.482614] ? save_trace+0x290/0x290 [ 497.486434] __kernfs_new_node+0x70/0x480 [ 497.490604] kernfs_new_node+0x80/0xf0 [ 497.494687] kernfs_create_dir_ns+0x41/0x140 [ 497.499122] internal_create_group+0xea/0x7b0 [ 497.503638] sysfs_create_group+0x20/0x30 [ 497.507780] lo_ioctl+0x1162/0x1cd0 [ 497.511413] ? loop_probe+0x160/0x160 [ 497.515231] blkdev_ioctl+0x95f/0x1850 [ 497.519118] ? blkpg_ioctl+0x970/0x970 [ 497.523004] ? __might_sleep+0x93/0xb0 [ 497.526892] ? __fget+0x210/0x370 [ 497.530349] block_ioctl+0xde/0x120 [ 497.533972] ? blkdev_fallocate+0x3b0/0x3b0 [ 497.538420] do_vfs_ioctl+0x7ae/0x1060 [ 497.542322] ? selinux_file_mprotect+0x5d0/0x5d0 [ 497.547193] ? lock_downgrade+0x740/0x740 [ 497.551337] ? ioctl_preallocate+0x1c0/0x1c0 [ 497.555764] ? __fget+0x237/0x370 [ 497.559221] ? security_file_ioctl+0x89/0xb0 [ 497.563624] SyS_ioctl+0x8f/0xc0 [ 497.567004] ? do_vfs_ioctl+0x1060/0x1060 [ 497.571157] do_syscall_64+0x1e8/0x640 [ 497.575055] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 497.579917] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 497.585128] RIP: 0033:0x45b227 [ 497.588315] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 497.596028] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 497.603302] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 02:47:52 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:52 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r0, 0x0, 0x483, &(0x7f0000000100), &(0x7f0000000180)=0x68) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 497.610573] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 497.617838] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 497.625223] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000d 02:47:52 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 497.679563] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 497.690360] TCP: tcp_parse_options: Illegal window scaling value 129 > 14 received [ 497.705820] BTRFS error (device loop4): superblock checksum mismatch 02:47:52 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:52 executing program 0: [ 497.795257] syz-executor.0 (28699) used greatest stack depth: 21680 bytes left [ 497.810832] BTRFS error (device loop4): open_ctree failed 02:47:52 executing program 0: 02:47:52 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$SO_TIMESTAMP(r1, 0x1, 0x1d, &(0x7f0000000000), &(0x7f0000000040)=0x4) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) dup3(r4, r6, 0x0) r7 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r7, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) r12 = fcntl$dupfd(r11, 0x0, r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$VIDIOC_QBUF(r10, 0xc058560f, &(0x7f00000000c0)={0x6, 0x3, 0x4, 0x40, 0x20, {}, {0x1, 0x8, 0x5, 0xf8, 0x4, 0x7f, "f7737acb"}, 0x0, 0x3, @planes=&(0x7f0000000080)={0x3, 0x2, @fd=r12, 0x8}, 0x1000, 0x0, r6}) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0xc00200) r14 = fcntl$dupfd(r2, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) [ 497.874525] BTRFS error (device loop4): superblock checksum mismatch [ 497.910957] BTRFS error (device loop4): open_ctree failed 02:47:52 executing program 5 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:52 executing program 0: 02:47:52 executing program 4: r0 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000100)='/dev/nvme-fabrics\x00', 0x20c800, 0x0) getsockopt$inet_sctp6_SCTP_HMAC_IDENT(r0, 0x84, 0x16, &(0x7f0000000140)=ANY=[@ANYBLOB="cd"], &(0x7f0000000180)=0x6) syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000600)='/dev/dlm-monitor\x00', 0x100, 0x0) r4 = socket$kcm(0x10, 0x2, 0x10) r5 = syz_genetlink_get_family_id$ipvs(&(0x7f00000001c0)='IPVS\x00') sendmsg$IPVS_CMD_NEW_DAEMON(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)={0x18, r5, 0x1, 0x0, 0x0, {0xa}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}}, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r3, &(0x7f0000000780)={&(0x7f0000000640), 0xc, &(0x7f0000000740)={&(0x7f0000000680)={0x90, r5, 0x100, 0x70bd28, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0xc9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_WEIGHT={0x8, 0x4, 0x9}, @IPVS_DEST_ATTR_FWD_METHOD={0x8}, @IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0xa}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e22}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x1}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x3}]}, @IPVS_CMD_ATTR_DAEMON={0x30, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @loopback}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, [], 0x1, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xff}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x8040}, 0x20000000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clock_gettime(0x1, &(0x7f0000000200)) [ 498.078934] FAULT_INJECTION: forcing a failure. [ 498.078934] name failslab, interval 1, probability 0, space 0, times 0 [ 498.098249] BTRFS error (device loop4): superblock checksum mismatch [ 498.103196] CPU: 1 PID: 28740 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 498.112845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 498.122327] Call Trace: [ 498.124947] dump_stack+0x142/0x197 [ 498.128600] should_fail.cold+0x10f/0x159 [ 498.133018] should_failslab+0xdb/0x130 [ 498.137194] kmem_cache_alloc+0x2d7/0x780 [ 498.141465] ? wait_for_completion+0x420/0x420 [ 498.148328] __kernfs_new_node+0x70/0x480 [ 498.152513] ? kernfs_activate+0x13a/0x190 [ 498.156758] kernfs_new_node+0x80/0xf0 [ 498.160667] __kernfs_create_file+0x46/0x323 [ 498.165117] sysfs_add_file_mode_ns+0x1e4/0x450 [ 498.169806] internal_create_group+0x232/0x7b0 [ 498.174513] sysfs_create_group+0x20/0x30 [ 498.178826] lo_ioctl+0x1162/0x1cd0 [ 498.182469] ? loop_probe+0x160/0x160 [ 498.186270] blkdev_ioctl+0x95f/0x1850 [ 498.190158] ? blkpg_ioctl+0x970/0x970 [ 498.194077] ? __might_sleep+0x93/0xb0 [ 498.197960] ? __fget+0x210/0x370 [ 498.201411] block_ioctl+0xde/0x120 [ 498.205052] ? blkdev_fallocate+0x3b0/0x3b0 [ 498.209455] do_vfs_ioctl+0x7ae/0x1060 [ 498.213355] ? selinux_file_mprotect+0x5d0/0x5d0 [ 498.218126] ? lock_downgrade+0x740/0x740 [ 498.222279] ? ioctl_preallocate+0x1c0/0x1c0 [ 498.226703] ? __fget+0x237/0x370 [ 498.230153] ? security_file_ioctl+0x89/0xb0 [ 498.234569] SyS_ioctl+0x8f/0xc0 [ 498.238036] ? do_vfs_ioctl+0x1060/0x1060 [ 498.242191] do_syscall_64+0x1e8/0x640 [ 498.246095] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 498.250941] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 498.256413] RIP: 0033:0x45b227 [ 498.259594] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 498.267310] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 498.274709] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 498.282137] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 498.289403] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 498.296807] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000e [ 498.350187] BTRFS error (device loop4): open_ctree failed [ 498.423522] BTRFS error (device loop4): superblock checksum mismatch [ 498.464508] BTRFS error (device loop4): open_ctree failed 02:47:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(0xffffffffffffffff, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:55 executing program 0: 02:47:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r0, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:47:55 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:55 executing program 5 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:55 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000040), 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FS_IOC_FSSETXATTR(0xffffffffffffffff, 0x401c5820, &(0x7f0000000300)={0x2, 0x8, 0x8001, 0x0, 0x7}) r2 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200)='TIPC\x00') sendmsg$TIPC_CMD_GET_REMOTE_MNG(r1, &(0x7f00000002c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)={0x1c, r2, 0x100, 0x70bd27, 0x25dfdbfb, {}, ["", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x20000041}, 0x8040001) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) mknod$loop(&(0x7f0000000040)='./file0\x00', 0x8, 0x0) getsockopt$inet_sctp_SCTP_PARTIAL_DELIVERY_POINT(0xffffffffffffffff, 0x84, 0x13, &(0x7f0000000080)={0x0, 0x7}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f0000000100)=@sack_info={r5, 0x6, 0x8}, &(0x7f0000000140)=0xc) 02:47:55 executing program 0: [ 500.434164] FAULT_INJECTION: forcing a failure. [ 500.434164] name failslab, interval 1, probability 0, space 0, times 0 [ 500.476155] CPU: 0 PID: 28769 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 500.484085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 500.493727] Call Trace: [ 500.496332] dump_stack+0x142/0x197 [ 500.499997] should_fail.cold+0x10f/0x159 [ 500.504171] should_failslab+0xdb/0x130 [ 500.508171] kmem_cache_alloc+0x2d7/0x780 [ 500.512332] ? wait_for_completion+0x420/0x420 [ 500.517059] __kernfs_new_node+0x70/0x480 [ 500.521218] ? kernfs_activate+0x13a/0x190 [ 500.525480] kernfs_new_node+0x80/0xf0 [ 500.529387] __kernfs_create_file+0x46/0x323 [ 500.533893] sysfs_add_file_mode_ns+0x1e4/0x450 [ 500.538570] internal_create_group+0x232/0x7b0 [ 500.543211] sysfs_create_group+0x20/0x30 [ 500.547366] lo_ioctl+0x1162/0x1cd0 [ 500.551000] ? loop_probe+0x160/0x160 [ 500.554818] blkdev_ioctl+0x95f/0x1850 [ 500.558717] ? blkpg_ioctl+0x970/0x970 [ 500.562761] ? __might_sleep+0x93/0xb0 [ 500.566746] ? __fget+0x210/0x370 [ 500.570222] block_ioctl+0xde/0x120 [ 500.573858] ? blkdev_fallocate+0x3b0/0x3b0 [ 500.578321] do_vfs_ioctl+0x7ae/0x1060 [ 500.582600] ? selinux_file_mprotect+0x5d0/0x5d0 [ 500.587369] ? lock_downgrade+0x740/0x740 [ 500.591542] ? ioctl_preallocate+0x1c0/0x1c0 [ 500.595978] ? __fget+0x237/0x370 [ 500.599451] ? security_file_ioctl+0x89/0xb0 [ 500.603988] SyS_ioctl+0x8f/0xc0 [ 500.607529] ? do_vfs_ioctl+0x1060/0x1060 [ 500.611693] do_syscall_64+0x1e8/0x640 [ 500.615584] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 500.620447] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:47:55 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$SG_GET_VERSION_NUM(r4, 0x2282, &(0x7f0000000100)) r5 = syz_open_dev$loop(&(0x7f0000000140)='/dev/loop#\x00', 0x2, 0x4080) fcntl$notify(r5, 0x402, 0x8000000f) 02:47:55 executing program 0: [ 500.625674] RIP: 0033:0x45b227 [ 500.628864] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 500.636670] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 500.643945] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 500.651344] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 500.659086] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 500.666490] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000000f 02:47:55 executing program 0: 02:47:55 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x0, 0x0, 0x45}, 0x10}], 0x1, 0x40000020, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:47:55 executing program 0: [ 500.739560] BTRFS error (device loop4): superblock checksum mismatch [ 500.810907] BTRFS error (device loop4): open_ctree failed 02:47:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:47:58 executing program 0: 02:47:58 executing program 5 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 02:47:58 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000100), &(0x7f0000000140)=0xe) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in=@dev, @in6=@mcast1}}, {{@in=@local}, 0x0, @in=@local}}, &(0x7f0000000180)=0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:47:58 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:47:58 executing program 0: [ 503.453272] FAULT_INJECTION: forcing a failure. [ 503.453272] name failslab, interval 1, probability 0, space 0, times 0 [ 503.481462] BTRFS error (device loop4): superblock checksum mismatch [ 503.509456] CPU: 0 PID: 28808 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 503.517417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 503.526789] Call Trace: [ 503.529402] dump_stack+0x142/0x197 [ 503.533209] should_fail.cold+0x10f/0x159 [ 503.537414] should_failslab+0xdb/0x130 [ 503.541410] kmem_cache_alloc+0x2d7/0x780 [ 503.545577] ? wait_for_completion+0x420/0x420 [ 503.550181] __kernfs_new_node+0x70/0x480 [ 503.554333] ? kernfs_activate+0x13a/0x190 [ 503.558675] kernfs_new_node+0x80/0xf0 [ 503.562573] __kernfs_create_file+0x46/0x323 [ 503.567086] sysfs_add_file_mode_ns+0x1e4/0x450 [ 503.571782] internal_create_group+0x232/0x7b0 [ 503.576382] sysfs_create_group+0x20/0x30 [ 503.580601] lo_ioctl+0x1162/0x1cd0 [ 503.584241] ? loop_probe+0x160/0x160 [ 503.588056] blkdev_ioctl+0x95f/0x1850 [ 503.592088] ? blkpg_ioctl+0x970/0x970 [ 503.595992] ? __might_sleep+0x93/0xb0 [ 503.599926] ? __fget+0x210/0x370 [ 503.603397] block_ioctl+0xde/0x120 02:47:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 503.607156] ? blkdev_fallocate+0x3b0/0x3b0 [ 503.611493] do_vfs_ioctl+0x7ae/0x1060 [ 503.615411] ? selinux_file_mprotect+0x5d0/0x5d0 [ 503.620186] ? lock_downgrade+0x740/0x740 [ 503.624353] ? ioctl_preallocate+0x1c0/0x1c0 [ 503.628813] ? __fget+0x237/0x370 [ 503.632396] ? security_file_ioctl+0x89/0xb0 [ 503.636813] SyS_ioctl+0x8f/0xc0 [ 503.640222] ? do_vfs_ioctl+0x1060/0x1060 [ 503.644385] do_syscall_64+0x1e8/0x640 [ 503.648315] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 503.653193] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:47:58 executing program 0: [ 503.658393] RIP: 0033:0x45b227 [ 503.661623] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 503.669362] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 503.676642] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 503.683925] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 503.691209] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 503.698491] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000010 02:47:58 executing program 0: 02:47:58 executing program 0: ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x4d4, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0xfdc}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) [ 503.730231] BTRFS error (device loop4): open_ctree failed [ 503.794150] print_req_error: I/O error, dev loop4, sector 128 [ 503.823242] BTRFS error (device loop4): superblock checksum mismatch 02:47:58 executing program 5 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 503.870544] BTRFS error (device loop4): open_ctree failed 02:47:58 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000400)='TIPC\x00') sendmsg$TIPC_CMD_SHOW_PORTS(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280)={0x1c, r6, 0x1}, 0x1c}}, 0x0) sendmsg$TIPC_CMD_SHOW_PORTS(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x1c, r6, 0x400, 0x70bd27, 0x0, {}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4004041}, 0x10) r7 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) 02:47:58 executing program 0: r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000e5b000)={0x2, 0x4e20, @multicast1}, 0x10) connect$inet(r0, &(0x7f0000ccb000)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000f3ff950000030000000000000086a0ef063f58e57c4f3c163bbfe9e67ef9d59029fd336949c2aba9c74e66b880084c4bdc9d0654d67f0094d26a9eacb2ae39233f04941f2de3ff93ab089ac2e26dee3436872155ce0c710cdaeeff0f0000a4667f3616195c7312002048bf8f117b014e35b249a3ca000c81d6ddd903a3083406d3746b10dd8184a31d3cc4c07ada5c3e09f8f1adca6fcec858ce4d3a0f71ff49c44b002b09838ed3f00f85f9aadf857c9ddd4fc597b504446837cb4c6b751f6bd320ab4313188efd042ebd9de054d8491bb2b34a76cd38fad707eb570b8ffa4aded2ceb14797e4ff14d18316005fcd5f42b695a3aef3a55cf873b59eb4c31793d3dc74d1376e5c6dc8be4ec2bc40bb2a145cd8109dc4a87862733ae7402b9c405d2356adc6ede27076371d2fec75e68b814cf1cee942d2415f6cf826b0a3f643bca3152d6233063a3e6422872582115b492c4d451b363aeba857ccfcb52a8b421c2ad679c305dc16b17165929ec0f583d618fa60feec8d7c34c85ad9aeb8b74286952ad83806b6063baf98967d37ca55c62f66ece2c689d0977d610100377bea00000000000000000000d405670e2c732e9835bc3831c3c6d74845fec84c5fdb85a1701de3f0a80c1f3754c7b844fa02d2c711860c31121b0df2442505756c8202d84961148e1171285917bd4d55362f44ed98deccfa1196a3e051315da4715a610318f053b299ee88c862d7b53da6ad29de64287b701cf31b63fa0bdd5cbf5c433cc4a31f18235c8d89da48fda5130551c327dd39197ae1e62ba3a4dcf9107e138e00f87afcee3a64ef5c04e05fd1e8c27047354d7e239b015ebed3e56e94371d4bc5756d7920b227cd6373feddf7717d9f960fc66c0b09306fa00d492def7ec437ddf70d039f7f95549132267eb21f5989dd772781be1a7ac8eea65e2e4b9f3653b50b00870c7f9c4eba35b1c53fd46240964c0cf0eef189e78ef270fe7ddf0482408b4329fe79c6375520859cf35dbc3e1fe032284683bce6cd7ac015accbc309c1039254f559af91c1cfaf6b0faaf305a3b82f00000000054648895130088ea079346942fce447fadc300310835f72b8b334cfd7b57844c8f901e975ead2077185dfbe9722f4e269e3ea0c81c4b0c970a9055fbaaec09f7491f9cb6eb9f70d860dc89284571b25d0057e52f41117b4d673899642d886b3d9edc140a4e1b44daa26b764196767b81fdccf1e5d413e4f1312ecef96d1dfcf0fcdfc5c1f48340000000000000000ba71b0bf012fdc6aecd3042f831839120b6eb86445408423ec618d5cbe4047de665b1c2f559c0dbe9ddbd42d5b7fdc749bc5beea096a8800000000000000"], &(0x7f00002bf000)='syzkaller\x00', 0x4, 0x436, &(0x7f0000000040)=""/183}, 0x48) r2 = socket$kcm(0x29, 0x1000000000002, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f000031aff8)={r0, r1}) sendmmsg$inet(r2, &(0x7f0000001bc0)=[{{0x0, 0x3400, &(0x7f0000000180)=[{&(0x7f0000000040)="b7", 0x20000}], 0x1, 0x0, 0x0, 0x3}}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f0000000540)='Z', 0x100000}], 0x1}}], 0x729, 0x0) [ 504.001245] FAULT_INJECTION: forcing a failure. [ 504.001245] name failslab, interval 1, probability 0, space 0, times 0 [ 504.029995] CPU: 1 PID: 28844 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 504.037924] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.047290] Call Trace: [ 504.049899] dump_stack+0x142/0x197 [ 504.053566] should_fail.cold+0x10f/0x159 [ 504.057893] should_failslab+0xdb/0x130 [ 504.062017] kmem_cache_alloc+0x2d7/0x780 [ 504.066284] ? wait_for_completion+0x420/0x420 [ 504.070937] __kernfs_new_node+0x70/0x480 [ 504.075103] ? kernfs_activate+0x13a/0x190 [ 504.079358] kernfs_new_node+0x80/0xf0 [ 504.083267] __kernfs_create_file+0x46/0x323 [ 504.087696] sysfs_add_file_mode_ns+0x1e4/0x450 [ 504.092395] internal_create_group+0x232/0x7b0 [ 504.096993] sysfs_create_group+0x20/0x30 [ 504.101143] lo_ioctl+0x1162/0x1cd0 [ 504.104876] ? loop_probe+0x160/0x160 [ 504.108702] blkdev_ioctl+0x95f/0x1850 [ 504.112596] ? blkpg_ioctl+0x970/0x970 [ 504.116501] ? __might_sleep+0x93/0xb0 [ 504.121536] ? __fget+0x210/0x370 [ 504.125123] block_ioctl+0xde/0x120 [ 504.128757] ? blkdev_fallocate+0x3b0/0x3b0 [ 504.133140] do_vfs_ioctl+0x7ae/0x1060 [ 504.137040] ? selinux_file_mprotect+0x5d0/0x5d0 [ 504.141793] ? lock_downgrade+0x740/0x740 [ 504.145955] ? ioctl_preallocate+0x1c0/0x1c0 [ 504.150373] ? __fget+0x237/0x370 [ 504.153850] ? security_file_ioctl+0x89/0xb0 [ 504.158279] SyS_ioctl+0x8f/0xc0 [ 504.161638] ? do_vfs_ioctl+0x1060/0x1060 [ 504.165777] do_syscall_64+0x1e8/0x640 [ 504.169849] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 504.174757] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 504.179955] RIP: 0033:0x45b227 [ 504.183158] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 504.190873] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 02:47:58 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 504.198151] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 504.205428] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 504.212704] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 504.220204] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000011 02:47:59 executing program 5 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:47:59 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x80400, 0x0) connect$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711, @hyper}, 0x10) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 504.418100] FAULT_INJECTION: forcing a failure. [ 504.418100] name failslab, interval 1, probability 0, space 0, times 0 [ 504.434246] CPU: 0 PID: 28860 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 504.442169] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.451677] Call Trace: [ 504.454458] dump_stack+0x142/0x197 [ 504.458117] should_fail.cold+0x10f/0x159 [ 504.462292] should_failslab+0xdb/0x130 [ 504.466290] kmem_cache_alloc+0x2d7/0x780 [ 504.470462] ? wait_for_completion+0x420/0x420 [ 504.475069] __kernfs_new_node+0x70/0x480 [ 504.479347] ? kernfs_activate+0x13a/0x190 [ 504.483658] kernfs_new_node+0x80/0xf0 [ 504.487570] __kernfs_create_file+0x46/0x323 [ 504.492032] sysfs_add_file_mode_ns+0x1e4/0x450 [ 504.496739] internal_create_group+0x232/0x7b0 [ 504.501677] sysfs_create_group+0x20/0x30 [ 504.505844] lo_ioctl+0x1162/0x1cd0 [ 504.509497] ? loop_probe+0x160/0x160 [ 504.513351] blkdev_ioctl+0x95f/0x1850 [ 504.517252] ? blkpg_ioctl+0x970/0x970 [ 504.521342] ? __might_sleep+0x93/0xb0 [ 504.525449] ? __fget+0x210/0x370 [ 504.529055] block_ioctl+0xde/0x120 [ 504.532695] ? blkdev_fallocate+0x3b0/0x3b0 [ 504.537032] do_vfs_ioctl+0x7ae/0x1060 [ 504.540936] ? selinux_file_mprotect+0x5d0/0x5d0 [ 504.545883] ? lock_downgrade+0x740/0x740 [ 504.550159] ? ioctl_preallocate+0x1c0/0x1c0 [ 504.554678] ? __fget+0x237/0x370 [ 504.558162] ? security_file_ioctl+0x89/0xb0 [ 504.562596] SyS_ioctl+0x8f/0xc0 02:47:59 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/mls\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f0000001a80)=0x0) r7 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r7, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r8) fstat(0xffffffffffffffff, &(0x7f0000001ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r10, 0x0, r10) ioctl$sock_SIOCGPGRP(r10, 0x8904, &(0x7f0000005000)=0x0) r12 = geteuid() r13 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r13, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r13, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r14}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r13, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r14}}, 0x48) r15 = socket$inet6_tcp(0xa, 0x1, 0x0) r16 = fcntl$dupfd(r15, 0x0, r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) r17 = socket$inet6_tcp(0xa, 0x1, 0x0) r18 = fcntl$dupfd(r17, 0x0, r17) ioctl$PERF_EVENT_IOC_ENABLE(r18, 0x8912, 0x400200) r19 = accept4$alg(r18, 0x0, 0x0, 0x80000) r20 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r20, 0x0, r20) ioctl$sock_FIOGETOWN(r0, 0x8903, &(0x7f0000005040)=0x0) r22 = socket$inet6_tcp(0xa, 0x1, 0x0) r23 = fcntl$dupfd(r22, 0x0, r22) ioctl$PERF_EVENT_IOC_ENABLE(r23, 0x8912, 0x400200) getsockopt$sock_cred(r23, 0x1, 0x11, &(0x7f0000005080)={0x0, 0x0}, &(0x7f00000050c0)=0xc) r25 = getgid() r26 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r26, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r26, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r27}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r26, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r27}}, 0x48) r28 = inotify_init1(0x80800) r29 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r29, 0x0, r29) r30 = socket$inet6_tcp(0xa, 0x1, 0x0) r31 = fcntl$dupfd(r30, 0x0, r30) ioctl$PERF_EVENT_IOC_ENABLE(r31, 0x8912, 0x400200) r32 = gettid() ptrace$setopts(0x4206, r32, 0x0, 0x0) tkill(r32, 0x3c) ptrace$cont(0x18, r32, 0x0, 0x0) ptrace$setregs(0xd, r32, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r32, 0x0, 0x0) r33 = syz_open_procfs(r32, &(0x7f0000005100)='net/ip_vs_stats\x00') r34 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r34, 0x0, r34) r35 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r35, 0x0, r35) r36 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r36, 0x0, r36) r37 = socket$inet6_tcp(0xa, 0x1, 0x0) r38 = fcntl$dupfd(r37, 0x0, r37) ioctl$PERF_EVENT_IOC_ENABLE(r38, 0x8912, 0x400200) r39 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r39, 0x0, r39) r40 = socket$inet6_tcp(0xa, 0x1, 0x0) r41 = fcntl$dupfd(r40, 0x0, r40) ioctl$PERF_EVENT_IOC_ENABLE(r41, 0x8912, 0x400200) r42 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r42, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r42, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r43}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r42, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r43}}, 0x48) r44 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r44, 0x0, r44) r45 = signalfd(r44, &(0x7f0000005880)={[0xef84]}, 0x8) r46 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r46, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r46, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r47}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r46, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r47}}, 0x48) r48 = accept4(r0, &(0x7f00000058c0)=@in={0x2, 0x0, @broadcast}, &(0x7f0000005940)=0x80, 0x800) r49 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r50 = gettid() ptrace$setopts(0x4206, r50, 0x0, 0x0) tkill(r50, 0x3c) ptrace$cont(0x18, r50, 0x0, 0x0) ptrace$setregs(0xd, r50, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r50, 0x0, 0x0) r51 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r51, 0x0, r51) getsockopt$inet6_IPV6_XFRM_POLICY(r51, 0x29, 0x23, &(0x7f0000005980)={{{@in6=@ipv4={[], [], @dev}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6}, 0x0, @in=@empty}}, &(0x7f0000005a80)=0xe8) r53 = getgid() r54 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r54, 0x0, r54) r55 = syz_open_dev$video4linux(&(0x7f0000005ac0)='/dev/v4l-subdev#\x00', 0x51c, 0x80240) r56 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r56, 0x0, r56) r57 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r57, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r57, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r58}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r57, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r58}}, 0x48) r59 = syz_open_dev$sndpcmp(&(0x7f0000005b00)='/dev/snd/pcmC#D#p\x00', 0x6, 0xb0102) r60 = socket$inet6_tcp(0xa, 0x1, 0x0) r61 = fcntl$dupfd(r60, 0x0, r60) ioctl$PERF_EVENT_IOC_ENABLE(r61, 0x8912, 0x400200) r62 = syz_open_dev$midi(&(0x7f0000005b40)='/dev/midi#\x00', 0x0, 0x40000) lstat(&(0x7f0000005b80)='./file0\x00', &(0x7f0000005bc0)={0x0, 0x0, 0x0, 0x0, 0x0}) r64 = getegid() r65 = socket$inet6_tcp(0xa, 0x1, 0x0) r66 = fcntl$dupfd(r65, 0x0, r65) ioctl$PERF_EVENT_IOC_ENABLE(r66, 0x8912, 0x400200) r67 = accept4$tipc(r66, &(0x7f0000005c40)=@id, &(0x7f0000005c80)=0x10, 0x800) r68 = syz_open_dev$swradio(&(0x7f0000005cc0)='/dev/swradio#\x00', 0x0, 0x2) r69 = socket$unix(0x1, 0x1, 0x0) r70 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r70, 0x0, r70) r71 = syz_open_dev$vbi(&(0x7f0000005d00)='/dev/vbi#\x00', 0x2, 0x2) r72 = socket$inet6_tcp(0xa, 0x1, 0x0) r73 = fcntl$dupfd(r72, 0x0, r72) ioctl$PERF_EVENT_IOC_ENABLE(r73, 0x8912, 0x400200) r74 = accept4$llc(r73, &(0x7f0000005d40)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @dev}, &(0x7f0000005d80)=0x10, 0x80000) r75 = gettid() ptrace$setopts(0x4206, r75, 0x0, 0x0) tkill(r75, 0x3c) ptrace$cont(0x18, r75, 0x0, 0x0) ptrace$setregs(0xd, r75, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r75, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r78 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r78, r76, r77) r79 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r79, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r79, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r80}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r79, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r80}}, 0x48) r81 = socket$inet6_tcp(0xa, 0x1, 0x0) r82 = fcntl$dupfd(r81, 0x0, r81) ioctl$PERF_EVENT_IOC_ENABLE(r82, 0x8912, 0x400200) r83 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r83, 0x0, r83) r84 = openat$full(0xffffffffffffff9c, &(0x7f00000066c0)='/dev/full\x00', 0x42f00, 0x0) socketpair(0xa, 0x2, 0x9, &(0x7f0000006700)={0xffffffffffffffff, 0xffffffffffffffff}) r86 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r86, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r86, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r87}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r86, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r87}}, 0x48) r88 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r88, 0x0, r88) r89 = socket$inet6_tcp(0xa, 0x1, 0x0) r90 = fcntl$dupfd(r89, 0x0, r89) ioctl$PERF_EVENT_IOC_ENABLE(r90, 0x8912, 0x400200) r91 = openat$full(0xffffffffffffff9c, &(0x7f0000006980)='/dev/full\x00', 0x521040, 0x0) r92 = socket$inet6_tcp(0xa, 0x1, 0x0) r93 = fcntl$dupfd(r92, 0x0, r92) ioctl$PERF_EVENT_IOC_ENABLE(r93, 0x8912, 0x400200) ioctl$VIDIOC_QUERYBUF(0xffffffffffffffff, 0xc0585609, &(0x7f0000006a00)={0x1f, 0xa, 0x4, 0xc22c8cf008ec83f5, 0x3ff, {}, {0x3, 0x2, 0x51, 0x1, 0x9, 0x20, "20459cf1"}, 0x0, 0x2, @planes=&(0x7f00000069c0)={0x6, 0x10000, @userptr=0x7, 0x1ff}, 0x4, 0x0, 0xffffffffffffffff}) r95 = socket$inet6_tcp(0xa, 0x1, 0x0) r96 = fcntl$dupfd(r95, 0x0, r95) ioctl$PERF_EVENT_IOC_ENABLE(r96, 0x8912, 0x400200) r97 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r97, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r97, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r98}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r97, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r98}}, 0x48) r99 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) r100 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r100, 0x0, r100) fcntl$getownex(r100, 0x10, &(0x7f0000007100)={0x0, 0x0}) r102 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r102, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r103) getgroups(0x1, &(0x7f0000007140)=[0xee01]) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000007180)=0x0) r106 = socket$inet6_tcp(0xa, 0x1, 0x0) r107 = fcntl$dupfd(r106, 0x0, r106) ioctl$PERF_EVENT_IOC_ENABLE(r107, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r107, 0xb704, &(0x7f00000071c0)=0x0) statx(0xffffffffffffffff, &(0x7f0000007200)='./file0\x00', 0x6000, 0x200, &(0x7f0000007240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r110 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r110, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r110, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r111}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r110, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r111}}, 0x48) r112 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r112, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r112, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r113}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r112, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r113}}, 0x48) r114 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r114, 0x0, r114) r115 = socket$inet6_tcp(0xa, 0x1, 0x0) r116 = fcntl$dupfd(r115, 0x0, r115) ioctl$PERF_EVENT_IOC_ENABLE(r116, 0x8912, 0x400200) r117 = openat$rtc(0xffffffffffffff9c, &(0x7f0000007340)='/dev/rtc0\x00', 0x4800, 0x0) r118 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r118, 0x0, r118) r119 = fcntl$getown(r118, 0x9) newfstatat(0xffffffffffffff9c, &(0x7f0000007380)='./file0\x00', &(0x7f00000073c0)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x800) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r123 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r123, r121, r122) r124 = fcntl$getown(r0, 0x9) r125 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r125, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r126) fstat(r0, &(0x7f0000007440)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f00000074c0)=0x0) r129 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r129, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r130) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r133 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r133, r131, r132) r134 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r134, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r135) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r138 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r138, r136, r137) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r141 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r141, r139, r140) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, 0x0) r144 = add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe) keyctl$chown(0x4, r144, r142, r143) getgroups(0x7, &(0x7f0000007500)=[0xee01, r137, 0x0, r140, 0x0, 0xee00, r143]) r146 = syz_open_dev$midi(&(0x7f0000007540)='/dev/midi#\x00', 0x414, 0x4000) r147 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r147, 0x0, r147) r148 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r148, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r148, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r149}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r148, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r149}}, 0x48) [ 504.565987] ? do_vfs_ioctl+0x1060/0x1060 [ 504.570193] do_syscall_64+0x1e8/0x640 [ 504.574193] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 504.579152] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 504.584403] RIP: 0033:0x45b227 [ 504.587602] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 504.595328] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 504.602904] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 504.610328] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a sendmmsg$unix(r1, &(0x7f0000007840)=[{&(0x7f0000000140)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f0000000600)=[{&(0x7f0000000200)="184deb07e5884f782d6e0b9c32a9865320af89fd7f1f2bcf5e32bba08019259a53b1df83d3b76a1278a531b1e7eda2a7f3bf483e1bfa0c7c20da2bfaba65425894c589d59dfbbc355a202f40c7b3b06c7e2cb3d5daee568f98a5725e811c95792c602d407783c44d7a327931bc7578e551a6d4dac3102a86080004727325e1ef94d4a21353b67c1cfb59405ee9b2b0e131181523127665c86c2e7b179cce4a1c8e505e959362e5fddd2cbba61a3515f8fb6f58edd82e0991cb9bede4f9b0f3e168b358e765b115fb3d", 0xc9}, {&(0x7f0000000300)="b03a3aae388f90f922bbbf2de0214cadf8f6d4ee6949c0fa427e32267dfea7b960e7bb4794f6", 0x26}, {&(0x7f0000000340)}, {&(0x7f0000000380)="319797cd03a27e395e0f6a8475abaeb01b80204d1c83e93dfaae9a6688c4a41be9525827cdda1b35c0e4f87fb490d08253ec343a2d7ceb65cf603182ed231ed7f9dd7ccb207e0abae43c77b2793cabc6ccfc9a8bcb0e411ad1e063d620e042bbc2ad03f4845c44c5535585a93b4bd872d642af55eb64736c806335a00f9f38dec789b6b849945b029fb0d07b2f667027dc6ff18b862e49e4f0541db79fda5482e36b", 0xa2}, {&(0x7f0000000440)="e1922cf49da2b28a6145af2019ac897fcc21379103f023ecddee292014aa16931f3fac9cacbd0ffbb1b14f002b0911a9f1125d5b157bffc2e564c268d2bfcd280363da76", 0x44}, {&(0x7f00000004c0)="550297ba40d197578a99d481524cf0", 0xf}, {&(0x7f0000000500)="d394d73240735a76715422edd4bb786293dfb8417422afd97f5203a85efdaf283e9da17136fd5985e95b69891a1e3b9813dd6752451724a5f5df45a5681122ea84138f6c372f53b48ac2642fafc403698efea39d6e4d300a69df3998c2c3dfe3343b6d7d895dcb33d85a68bce7495e7059702acd49359d0aaf6574dc5305c8671b36a491e22f6e10ffc61e5fe7095879b2b084f83b9da6ec3b4fc1e7efeb753ce29001086aacf0c887ddaa7a29bab35c0faea213ac9aa8f44d1159a7727ca0e1f0dd5492772da615454d98be4467a7b12a685b9946668b0b049053718681", 0xde}], 0x7, 0x0, 0x0, 0x80}, {&(0x7f0000000680)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000001a00)=[{&(0x7f0000000700)="a831a980d9e594f28c15ec85bbca04e8bce83426d4b563d1b0e1848a", 0x1c}, {&(0x7f0000000740)="c093d95aa9706e6dc47bdbacea81f35e7ba5266ed2a2bae7055c90c3aec5237cf60b97e737943321eaf9833cd9fbc6f3feb4ff3e0ef8935f2905a0aa8f55110111362597160ffb1eb82977694b350bbf953a6b72f0af44c7eea31c386f8d9350bc8dcaa5e1b470d2090222700d038b43c282f41610b9406f496d5c079599e96e23d9cc0fac5a76ce274fe2d42d7650ac8e00c45b1bb1a6208b399a68282003af8d9b9436bb31e358be0d504a9bf517d25c", 0xb1}, {&(0x7f0000000800)="f6edb9a166de50adc77854c61f04e762921982c6b1cd5f5307df90f2f2115290fbe60da44123ecb6e7904c1429429024", 0x30}, {&(0x7f0000000840)="d1fb4fb5c8a90ac0e5cbee9d758a1205d931953ea04dca6aea1d95456800470c4766c2d4ce6179cefcc66ba96c79e81d0a19828ad65e9bd1f48985b6cf5fe50015fc815b52a812888c4fb5d8bfea9b6eaa13c409d83f71b606c5960c89d7e27ae5ab1a2e5f8863e9e93451aa800d", 0x6e}, {&(0x7f00000008c0)="0c8de5efcbde15c3010a5c1a4b700248704ca1cc61ad2b35c1f38a242a", 0x1d}, {&(0x7f0000000900)="5b23215e0820e0f295089919bb06998515b17e7ff219ac79db5a081fc3361cdbfed714e63ebb75f349fd4ef5668590dfb84efc794b5d5c702d17f95f69938c4b14a656afbaf56642a0a6dca53aa5522e7dbae31914e2aff8580233567391dfa02598d7b7ccb99014eb2daff87c3636cf8b300f62f2ca204e1c93ee80ed325d184c240a6824b9b963f87789466ad7235e80a411de823ea8bf7d95c2ec7d4695a406ab297c7f8ce12a950cd234787e78707ca003aafb955521f92802ec59408c321325501090aa72a435805f5998cf2f613628b18e930a769fc3ad", 0xda}, {&(0x7f0000000a00)="8d454c968c9fb8056414aa7c0eac53f17cf62899e73acf70bf3d916828782fbc055807a4000f5091842a224059dac2b85eecfad3de60fb59ce14dfa79546a7124f65c38bb55c0ed4031bbdaf00f21f2fbf54d50575405f1c497b0b2eb56f3ea4ab4d7e83d5876b07dfad18fdf7bddb14da65954e371664b2463828c495bced5f7b159c9bdac179b2fe51d2d22411dfb0e96006f0086d042e1c651f14af89caa92357c10825993882f67aade9b0c9a9b2d18a1c269d6fa65e3c8c150a00a87f3324788a3dd152d957d605c8c364f85505000c477265fe315c0f7ed43be89ccd1b8522ba946957eb3b48aa7e638a4cad6cc8128781c9edfa1b518f3e93d2f6e96b9ea961f675c8fe59fef594340916cb7a6ad4ac0e6b5b0031d360da16257b263b0e8710aa24bd986a42b4c7161ff7d815bc1b5488ff53b863191179d71918c55d2608ffbfdcb7a06c0fd5d975b31f1e8a8d3511ddb915e471bdec500f598100a793dd6062ea640c3e310d7c158bcfbbaea6f3bdcb24a2e81933146f0c881ce8a524b4c1b970951f859339ce315dae78f4f8002a4e1a59b4925e772c2dda44d516cdc55fdd05eeabbfa310af1c63a5ef503a030f10059fe495de66a7c5e310333d3e1d9fc27d4c2a9bc47e2cbbe7a6e3258652f64521ea67bc06cf5dcaf7bb6be7e5a132df4a1dcbeaed246a01eae119045155aeeaa3cb4ab65b96c612520b3adfcae15eac8c3211b3d4b588b61c1960c08ffd290608544a3d02be7229f7f59411100fda5738e7da8d13fdf6e7e859f3a4b47e03b1adcfb92ec063aeef180b5118a1ee2f7ad910e463d5be46fa3672b1948d873f28706b4baae3af998740e57eabcfd9cb9e7c721a498668695ebcac727c9ebb76489db9d5cc7bc376a48ebb8cc006ae97beda74336d435555c8e64ad446921f88a0196beeee9972e0637805c1c85abb8ce0aa282db8ae1c272d1ffa73946ba3cad41e650af43aae3f648ca1499a9db886e59870a7c443f7649f82be240da3d46cd6d8e1fe70d4ed42c178d4055e3a23eed0079a9c650ed9a181dcd76c5548ec913a4c4e4ce8500c39198ab58b3c5b135ed483db4d4030098077dbfbbd0b6ae607fb1b33914e3fe9bf885e9b4c84391a3afb58e2ab2142ca82d7214cfb941d578240566a43ea0be739df84b57579c66e126c08980a01d83ec7383cc578192a2970f968d32b35f3145118f020de503eee7eb5f16fc5499f77e3a29e0b5fe9807ce837f97da4eea9607e8ed9e2e88003ae659a053524178042da959c66d049dc5b37971193d74d7ebd2d6ee1aba8fb4f92de6557b9d7fec373e89383968f4ffd6b9945f58f99eba5fe2b80ae20a20671cc05b4392ba33c02b7c4ca344850f08e5b83ab87808adbd8b203edbb6a6448c1648ddc6bf76692a9a21fa070f1c8fe5f6571082abb2dfbdd3b067cc5b1ee391aa7ca9729f70ef0f800299cbe7a06c6406b23637468712ca7d7ce63870e39fc2909a9844745ce56cc6ca5a62f41c0d3d72f5f5ce5bf9fb2f09f957a928d34e0355037cc5d2155310f75e924c09db9c6cf7559b637524f65989e50194376a542fb89d5fd2c7a87ffea7bca6d3250e06d4d67f486093bacc70812a0db97321d6ff85ad3211ed40ab8ec9f4866e8cd869dff075f126abe64e47b2f32f2a1ee7f72380bd610a7f5f7ad0bc4b764e1934035838fba4ed1a264baad5cfb287901425f28c90915b810d81f540e5ce72d219c40c1e814a36e0ef71fff785c5285c008579e25195e20bbeece302e7bea3890b0f6684a04a7475ae500048a0697a632b923b9eb461c305873dc1704682676384659dce47ce8fc33ec499f3765b63e0815a47ec650bcd41c2cb4230c765022ab1cdcd095e0826646b6a3430e2d1e7b34a0fbf6c50066f78225ad8b91217152fee27cccc78a841aa909a53d488f74da4cda14d92d49dc9285937f6f18162c1401820f290284f130bdc8c7e9a90429097ed5198888634d69b45def928be9c22793c73bc77b9a2a8b62bf169f257ecc1c5d474d0b127467ab74c03c2342676eb81908aa9ba8043ee4d32aeac15ddda784bfe37e240244abbe96ec043291ff9a34d9eac2db110003935cfe8280d29d36ca15a2a0ee268319d892267862d90ef8b95609e5b3d6bc2af2f8096c8b5d9c5c95e18c008846af5c611f59a974ec1e892e3581b78e53313bacca4318da42851746183fb725e299b513a070ef00630299fe8ff8a3ff0272d83d5ff7056727fa32bb86f4de405e714b79cdd8604662af9e0f4433ff6168cd2b22257d03e8920ee6234038fd23975eb37c299902a666e54eeee0121a80fd90bd4403b13b563e7c9d3b4efdac19d287cc37ff1394338e50346bca52ac49e7e4490c08664d8f27057c4f5c74fc8bfe47f84be193ce8c89493f6ad52416c364c8acbafada58db735babe55e5c033371a630b86bd315668cca0ff8652d30e619894de76b5ef416d36c97cc5148e31daf331fd79d14ea21c839850450b2a1a84d39edd83c77a1a794ccb0e738c841f089e6641fe9a5153143c27df0d6160f8f439580fec6da06066f15978b7195aa809869e94c85e99827372ab239e359009f3a8507c30bbf70675cb6885a07e697c8196192932b2d2733e31132c26c7d5c284506b8a65fcdddea4cfa55d0c967edeaa784fe839601940751b9841f699a15e19f7f5be76872383a0b1d2357038491e1d1ba65d971b8d547cd8f9f48572ace41f954ee12eda257a361accb680bc548724a4edbcb32b6f2dfb099577a31d841c4168262a15586d1161bfd238c44eafe430c415b324d7a4a71f19f70ac686d8505b762d7ee8032bcbf6ab6d48ecd7fb5b84966f202445af080ff95942a948d105eb7d9bf8197b3b410a09455e34b9ebeb41cb5e56198799ae40f0385c9efe264eaf4c8cb384ad367720eea463dd3553b11d4ee5316eaca0c9705094970753370bc809bfc454b076a6bc46ef4c7db84472722535e99ea84214a76556fde64ec9a6d8544538a9c98b985d040a7134e6c06a3d7a168d7ff0941c908d6288b5280f6401be230c8c7afdbd78d69ff9d5e21c0f77a5593fb5858739c3ca41bb250a6849453a9f7c4d07620fc41ff4a253d356b2db345cebbeb4de9ba53ffbc109c0a26b04075700049359e84ed96bc98b32efcd823cafe8b3b572d38fb6aeb049f5f6afcd4ca865fe389d188ee8edbbea91487588d8499d60115664b0f9f219ee07ac89c9c9373fa6991e918857be5f09e90180ea5b024a015653f3d5adffe2b086161237dc96fe03cf1540d3fbae8e326f216d5912580360b6039f43d1ee3ac6a033c549a22d5be74dfe0df049cd69bb958511fef9f739a5a362833a44a72457a7d2c9561102c9b108b2bb616263ca8a6a6dc2454ea643c30b1c9fc474d307d2a5efc4938589f2eb10510b1dfa0619920fc018ea9052fb5b25fd612023fa2e3f65fc1fa7d81189fbbc8c0cf52c4fe2299e76f9df5e53c22f2f8aa030d74c2b6a2995eb0336beb2e88c93835b4a8d0867789f5cd353ef80601dd3df03d71b62632c8109c577eb267fe749238551fc1ef8931413cb639a4f717b9d09e178dd732e8785580ac7b97867959b8c7f8db072d6429ec12eb785ea5b05b7099b1ddf616c8df552e9107527a27e67c5b3a7d6b431606a56e64d8fbbd5a866246adaf665151acf8ce3768130169c81fa4aa11acb02b1fbb86bb8d241a196560e07598c76a28c9b608f9af210a4d0f46c8c7fa2ebde43831494b4772c514ab6f3bb99cf02c8b0a90d1ec1f22ae109724d8e78e8b03d3656fd0378c6f8af8be9d15bb2910d6cd91b8822aa64b7abc1cca9b80f7077d673e87e44edb1b0323dd123625c2a3630f3354f5e14970d9baab7e7a43b5881023a83c35519b43ea37ca93410bdd3423066dc911b06506bfb6ddb5ca593d0f1547f2bf8bf1eb7a0abf7111cfdd70d111960dc594e5adfe746d38b5129e62b3156853a508c57a3682d462130bc7b4eca4388ad92c875c79a7db4fe05d306e76a945c4b778f890938dd1541f78c626820ba381037938ea37df462b0f51d5886e1065d8048552d13e1516d0132f43ccaf8d2bf4bc58192e878eab027de65b5a8865fb40d85cb81d5037708d4ca0a8c626361f465bae13bb27aeb669b8aff5a27f161ea1e022f76d562d0e4a8c61f6ca3af5060fba0af30d4be46ad99da2b292c4c92f1eb1a8219e40a5b0e54f6fe5f33c82fb94d3e8f47a772c8f4f93295d626a4909ec58a9df4585a08b83a8c6c87333b26f1ff1758ef1caf5f0477c72e16d77551f08fc7316e01bb91f8cf0b70afb21067409ec3d0d0a8a36d37f416393dc936bf905abbb7a22d0f06d173bc387601855afc604d874b1a8bf4b0c98c7b4973a642d2e580f6a80637b85183f1ecfe695a97256600ff7aaf79102648d749787150b3ce4bdbab3dce24f9817ca26deadbb5788bb59b001e958b86ecf970b0b4bfa13b61706a7d177d438ea1c9c2fc352715045506f6a640b98771eece9871e140a3c3dc4b4c0870e78823519b0665f5cf3d1c2166f178a0a6ec0f52eef3772a37b6514c295759717276449cab9133a79fded93e627aa5843a98eb4f7ae176a13b121ba2cde1e2f663f8cd7ff8a4dc54d8ef5549abd44c802f49638af5b8f5453770618dff02901fd7cc2b48e5d389bf14445e6d88a2619615bd8d6e92770af12798944fced3b18290dad13e6b66625363fa29f4efb8d04ebfb8b9ceb927f790f713bfeecfc5574b89be08ade4da4a5e9ba41d1f73f0975713f19583ae3995bdffbdc9b32e251fa71b5b70213336ae56999ac190179a267b15150874e2a688991c223aa2dc41f2b386c2c1b81db5ec0f7ef329e90448e034a1faf88ca7acc9e3afcb715fdc968faf89869cc3d64afaea11fadbe403eedabbeeebfad446a85efcd6c58aac79cc1e8c91f8490095d32042230a659d01aaea31fa6d266c7b1146dc2dff82e6c43e0c8a87b191b019857de914ad06716dbf1d95715f6f690ae7fef4564ac9734bcb4b11e2f03e0c410525a8f487d15d2e9e3364ce1e79c52300fca60bb73639781acc559070bbe26590d64eb94741d18e5e1b590559cfca70f13c99080488ff7f7dbd38a8b860e44b25af2acc2e05bf0618a473fae8c2807512f111c3eda49ce6a55ea902b5ea548f2ed947de570e5886fef5b84a888374377c74678d492b1c4bdf4c438a2bf68c312b1c8a1e771eaaf0639d0d4f7b839b34990f6fb5b1d61f79faf0e67c5a4c7c8e84ab233e36e0d760cc113f2899bce5ab1fb37c3ac5c927bfaf1c98d0e86d7776b4832aa24f41403779eab41818e542715687efe36e7be6078eb26775890ef02f67567de1324499dd6a7eb602099050488b66be8ce87951bd7620052d94a0fa6f70ddce31627c3064c46bf1fdf2531cffc83f5d6f55c40ab4781fb5db12bb255656b89c74d4f5a8b41d9ef6ee7bb036c3dc321150d4ea1fc371548f51c2d9b87f5d5605786d5e24c3bbfddc720c4356ad407ad6ab2dabf4c1a6388c302631b8540ec20556124b3d4f583b745690148cdb9a1ff0e06296cd3c388186932bb6eedaa9dfd861b73e0ad52c1dfc0c33eabfa428bc13adde65de6047bf26bb582978757ee79b13c2d14a00114214e801ddfab614429ae107fa0f0c80733c8a98caf01c49665d06fc65e0c1e62a31bdd95d501e0f4daf4cecf22d822a3d6176d9c0f2f86d55f6e31d47702ef7c364526e05a69cf95af639529221306d09f84caecd76ab436588b968cc8d3098221ee12878f792be6da483cc1ee60c8", 0x1000}], 0x7, &(0x7f0000001b40)=[@rights={{0x14, 0x1, 0x1, [r3]}}, @cred={{0x1c, 0x1, 0x2, {r6, r8, r9}}}], 0x38}, {&(0x7f0000001b80)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000004f40)=[{&(0x7f0000001c00)="8e60d91f1faae3289a0a08e13788f3a809ee4b5c74ad62d6b9d3fe6465a10f9af04f042b5d73c9fef8179266aae248d9dd32d2780516dc91031ef6d471962f11fed3234751898aae93247df292cd4a97e108c72d7000ee0af639411c24eda65a8ed3ed920d1d153dc9faa468975afbe78bfdaa56a2df79ee67e582", 0x7b}, {&(0x7f0000001c80)}, {&(0x7f0000001cc0)="03f1cc8fd087e2c6e4aa5fd70665ff16a34d7035b3e181585308c144e95e0e92e69d878971eec8a101158b249b66d069f9ce63c2492999a152e9a3716480585bc5c3ea935817353698bd54d61425804d9eb232e9a6cfa38da91601215560ff2929ffd9eea727927001f0716fb055a9a57d03c53b68cf413cd7635e360cde0f4cbf076cff2ea13c8085a052142246a1c96342941af32d44e32ee97b2bd84ca2112bc4cfc2ae53ae03ae49ba31f0d5fa9d2de2744ed6", 0xb5}, {&(0x7f0000001d80)="7844180611aeb3bab091828ce317153f314bd453bed2ae59b0393889075bf9f419431bb4ef08f62a966ec9275031abc5000b32448261b1403c7d1d484380b14e115b12cfb9739df1589c3c576816c190ef36f3ec00a4142fa77258f896b30e97eddffd2b0cd948024ad8528157f2f15921afd2cebb8bc5b42d1be9644343a1b5803f0fb8035f8a3cd2f109a416f87ab8c2733bad2f716742e880d4c8e2d9b3f097d10ecefd2449b1f7294be6bb83b8d5747674b42a6901c5d88db69ccda09c9a777bf3afa25adfb6f14119e5e887090b4bdaf23b1676ab100fb492f50957e3f565530aa83378f2fd75b477435f84aab27bac8c47e47a383a17f37673f818cb344c54afc50d9899bf09ab099eab3fc1c1278146b95496261361d2ee9e623515f9a21411b99939600e32cf58e26d30f503fdfb7aa3a89812e476f3e3768a27eb7fc36571d3541d51004467db91124279c8e07706f4179250d0c3d1a15233fa19df87c4a7891b12a2e752eec3e18345463314df72ca76a4bb50c97848536f61e82b9b3ed4bf74161a98a1bf290779810d9c59e8d769b3ebeb87e62893e91e04605f3a7c5fd594bb276b33b50fa550c59f989af7a91533fc3bedfe685efec73cdb0bde36bb5e1339fbe8626017278b95429daf03a08e1673c3d8855404630e81285bf4ee4b56bb6fd170d3fa47ea0d3e8d7cb2ba2a1ecdb4c691b0a89d1d13031254c87dcde2a7e4a46239f1e21e9a8a89cd24bdc45f1ab73e16c3cee6726dec7b982485b7529864e2e61aced21d3f9fb59b99f52934003a03c450c6ea4c10b11323ec782653f04aa93da945b691ca392b99c87e9761a94eba7fe2b9b6b27d91cdf20cf97d17a2ca4d0061465e8469493a4b2b5c18665bca6b53208a78cb3d7c3a6076309461d36cce51bf93a099851b27e936ce82572025565616bf086c872acf1ef76bb791dc50dc4424237ffcffdf954f962d685f79a8ebcede8cada6585f5c8d779823b6ee7bff86c551e9b6f1b996fdbbb10576e9d8ed28034bc45a6b2d4bc2ddbebba4eea0af95ca8ff91a5b893aebce309c7ac823b2b9f0a8c32ac4c02f254ec18827431765bdbafc8e59a1cbd986ca3d31f84ba9a97deff08eafbf36250049176d66b9fa6e2f58ddb4cff976f7c67216c1cec84374f29aacc3db7423941befa49d5dacf2387978c80a49d0ba638fd079c00bcd2984c1311fb9aeaa966d77ed7843a5f9420dc42bec5861f13e53f57352b2d2adc9ddaed350e5c1ba7f42dc5f3c15b1a0bcd99e22796de5fb3280375bf1d43cfae6514445a20a2ac1709bea4ea7a2d67472259bbef2501aaf00f3b095fd60ce242c21a015c576b3f618bf1d133db684721c903dbda16d31eb9f92716ce9639a5ba9ccc9fe0ea45918dae4323b8f71798c04718fe82d523edb79c9a4aab4286e8fd92796be5d78171fbbe974672d063036ef8fe66f004d13f06459c91df8d6bc247e04642519fa55957dd7b7bd859b443147920cdd0618194501d4d404e9a583da7dd3f3835c40c35122d2ecb5be6d7d3e99b348ede297d01a02a047d619c26b117283e92116e61d4ce20f2c0c9d5c67ef728bbeb2133e533934639135b1d75e5c3859d193125ec64d6dd7787b2ba44b3690aff87ca66d24606f1bdcd2897015eba3802a650cc57d960f566db08244c587a424fa8afb34d464ec0a6469e5084b242ff2085474a5cdac7df2ffa913140399712d83e6734adffd3163ea792ba4114edd6fb1c8366daaad25ff09a2014b370629fb8c5c9ea82a743fc31b00bee7929ee25a884ef199da69ab98c010624505bf6c1d4bb93e5978f6b50b7fa1cf8d80d921be6d721ca6a6734cf1d16241afc5382304c9b50fcfec0f2c7a9269c2fb851d1e709658a161834691c4b193bf8d932389139d827c769c4c8b0da01c513935a1f053a4f0b10d5b914927ef085f410682772f3ee5b06f87e92569d9693e95a71199ef7baf41c3fd8a5e35aca8a2189159ca67b1af47e1573d45344a8f3df96d8eab8349a54082e148f58b0a806fe61c08231df8f26f569638fa9e26e6708d12ee0c66551a43aadf6bd163f7dcac8b028e32f31df4add6970c007265525ce5c2cc772001d3cc35045f3f0ec3278fdd44cd287c922a351b69dd2d5d5bfa763e461d586d402e67c9699a102a12c3a3945b04c47d197a9f0c49da5c5b2ebe71306932e00c33112ff25090b6d21fbd5853ff9c6a5f7c0fe04e924505be5ebac5db0a6e05ec03d85a68e8c6f35eb622da3b88898ead58c3aae03dfc0f356f65bc2d1c6d4b1fd1fafb93955836ff74ce2381702530d7c2a43ec4fdc0ea1345e7df1b658486db5557e0060404c0dd275f0582c6efa3a5cc82c75a09ff5e3339964e25f20f2cbeeb0eef0b32790f31e908fcba370742f3702c3c109ce3e93d612343dbf88f8b0d3e0ed98da2794727abc442d87d847acb19695897e413ce6398a9b30be83ae804863053732404e378ed90f6a71c537c6f9ca741f096747a1ce04c97a5c8e84e52e19ff0b3b278349b0edd3f3bc5ea4253f83c633c2d55a47493f8cbeeb98bf7cdd28e1f6db8c6cd5c0441d374cadb5f64f3a75b0fef82f4a14c4b616aa2dd0c1b28b27c8bfbb8450f606006fde2336a9149a18084dd278a0f5f74096cda6ae416fc4a5d8549e895d046d1abc1ed898a97d91054738a4b63b5a1445ba35b92e39d49df4be5384ab1bb758797a454898950916427cc15317f5247e95a8a9fe55f39fd6ee44aa19ac30fc7f923e1487c22c94167858c58bd87af4e3b41325b285ae7e4223998a2e60bd846c065495d6fbfcaf2ef7e6176c8e22191e95aeaea1674f67a5a2d562142487b0c3bc14564b2a29ab3ce11aab069392d072b8a6436c8d7c614dd2923398bff849c5033b4adec05464551f586ecad175b817e6b512ad151986e3be642a7ffb99c504083ce7dec7f15c28064b679b83933ae6027964141fb6137bfdc606e2f90b8c9dc28a538ca5a9e455ecee6692915a00ad79e4d1a3aa1abbfb16be91fed519cd2020965719fe8fd909b56a660a644c38fb80215f3cd95bda80903a504411d8373f9975b3fc5f160ad2a2ddd2b3e080f763b62a11359768c28ebcc0f92098f35752225e2132e92b8fca84f2147b1d033758326404e949cf4c43cfb1be48ebcfb7d71bdb2578cff1d8c23e736588dfa51c025dccbcee44b1421d2f5836637a60980966c21d98dbb407941b53655807682115a60b45491718da8a3d94324bf9b233503e5c26b79bc48f251eec60622c961a8e02b2b4439f944551ede98ff34d5c320c457e9d6a59c6a01c7d2ca5576625145044b6b0965f0064515f388bb5c3127c4a50744e9beb1980979b072d4e94b70046181f18d861c3b3d3511805f9dc4237e4a1264385d8e99e723ed993ec361e4949ef1c3f0696dbb8bb0090e6c2d024804622ccdf0533189640418f227f9e36aced4643a394ce019122ab52995704d69707d3844d57eeabf2ea970a9361c18efa97e8e004df7448f02592d980adc821705214413c9d92b750519af866648445e3fd91418443b2a49fcd7081f800a4870d857ca30545735dc79489f0ab4e58aeef3db200c0638c7b9af5d8c57d118903e7b353ca930775ab2f52d2f3100ab6fea5e773541eac660a06a2be990ad12fb0f220d2a899b0303ec33d37f5561e25566ad7aae41ff4a9b17c42f1df40d9ef16e8c0749b01eacffa4d456bfa4f2f58a38524e093e0cc184c675329ceafed36de8c038152edd93cd618d33bbfe2e76f946a2e99b3d3689f5fcd5cd659498f760b124186c6eaf6f7e2f3bf06782c7a660b1a92cf86e0eecb4694941648721b8b1ac46f77a9c0493ea2677e0101e53aa1058410eca537f7729aa709a928f9687b9eaf2b3e3009f36f5d52b58008d3f4ea011cf073638e15f97d37e08beb4c884cbb758d73554de359bd7732ab5335d891abfab3bf9de89cae45ec845583113441aff1018be343a99f0c361fe7fd408a14b06c1a2758b3dcc6b1feff14914c0bda7ed5c1b298dcdeae3edc45162421da764bb35fed9f86ee61825bf2856e58c07ecd6fd199c88cfbb8b155879657274842103c9edbb9e418f39a747ae9ae4648d18c03c371075b7c809771764f9a30cc73416c8ec635a68d7d722806ccbbb32033a1a0afad272e2d3f3f6c3a898bb0afb49a6b6708376d3a075c4442f7923dff8cd2556b171e22cbf85bde3f9b438706d28b60dc8e8082221cf285b89616fbc18ce8fa2537303b00e1110cd5e33d153f86c4d88e476d3690cf2808634676dbb4197a573fcd4278b13e8fcd897fae6adabee9a8bbc116ea0be4fae0128544aa4abf28a3de480cf5c748a120739ef8e4e2c33c47d9e190b2b7f28f31d8e9789b18bb9512706b63f65684170389e77af5c041ce7c771346dc9f733e0c4cd70e24c66183c12ff2f2d50a3c3916e5e320acb17f5dfb11e26a2c096753b72e5d1378a05c29c380596eb159c422ed576e09b90d37876377279fb3b186973a301f4a7b607d75724f375fe5d6bc30af6ffc22c9d876ae794b93cd2bd7eeab725e09ca55afc6ad6adff20a122d3444a1b04d36b1869311f7360ef7da3b186fbf07fe3b20cde55e9ee23f7c69bef835c5b17878fe6b65f71783e91a98ca50ae7de33f2cbc9b4a99065f5522542e83c2e71edb72f131cf340d16c6ae313407d313d3c1e1c9e5e583591065816018be5c78f1147a8f5b50333980737ff46851efbac9ac9861607162677609fb9422055544c1d1cd6d8519c88585d3e979efc3cc079f753403328bc74befcc512a364cfa70a7901cd6b6625c3780cddb9f835028cd7c68f464fe51606f86f52603cb15ad63af1b9d9d9d60b833eae91d3b781bb31201e8aa05938c1d49261ff47e61e052ec40543124f1ac30c56fdece4e5759082324de54f34895d670131410b8e499343318b5211297bff33c3699e62315c7b8bf8b5e937f930296d5784d5a646ac289d5fea22f07a41f41ed6527d5f9d721203c826d3b99320d0696b4bb1747c7f9cce8f76eefdc7135a6000e96c26c5b8ac805dea109628e04149f1424f97a398fe602bf1758f89c71566fd7a0e7a38d0b34051f08004c0c444a6870c0be80d5896eb5ae06c1c7e83559f0aed3308c534a1db88b38ad7186ff610842d84caab87f8145773de00ec22c34730d06a66d1f313d0d05fc4a5785ef063a7f8db3a2d83480ac5c655de7282aa93a5117b7ee064a57865d17b6b6492273289f4edf63cf9f2f4d098cee7a5751f8845c6cfc83f1afecafb34e78f796757d50c852a3c87a806fee06558b0662a690f8627d302a20384062802c2dd16eb1738395a54b3fe748b5002d851790b71a661dfd18010bfaf20cc9e5491d8f8519819114b50dbcb617c09038a537041fd086523a81d6ef36737c2ae2b1c49f931e9075f218b8ff90a02c884315628005900b4a9e0c0f3482994efe00fa4816ddfb00389f440a96abc2c0f58d88066ba1f35bde519b6978d183f751e4cac36d02813bb945c1376f0026213c93fe39df30bb0c87cee11980a28b8365076907c5f4457544e89e76cf1b6baa2e11807b95b7c92896adff721c04c7ff5a58e4d6ce689a922f344cabd9f35b8f19681a854bc011a808fc88c8cf378b96bec23d8011061e9dd850ad8722d0ec10944fd0253f59e2acfe1e93f23728a34dec570aca7967c30617ed9880fb4fdd9bef8e2dc9cb4216f56e7cb2d0c35baa5ab6f8d79aab1cd4639c2df18662fc4dee4d1e166e1f3bb5eee16fd3035505ce4af56e8d987fa9f650996", 0x1000}, {&(0x7f0000002d80)="b786aa694e013d46c4f965ad71fe83bceb7495fa7d6d6950592ac657397f8706a071c6f3d902001ec262fd87550754dd1c7cbff5362c9213878b89a108968d32172ae6ceec0d4a73492b8814a40183d92f9d82c0fedad60b7e3455a10acc85b4310989e428c5051a4474aa55ce5c041f3da5f70b93621cc77d9f231a9575c7057a5638d9d511abccef3c28b30f274c90f2411141a42158c0c4b3119fae14923813ec8c11dfca24c423d3a91a", 0xac}, {&(0x7f0000002e40)="a96540de926808a27bb1e602d2c7bd246da6ba94faa41a4f1f2a400fd573fa57697459763e8f734d412edb53f94bd5c16a0527ae75433d741e1fd0568bff91a857812e8fd919b971df484a916a74413ab8de575bc514ae983fb164aeeb316a6756af3b8dd36c11de5332dc329f07c5b282", 0x71}, {&(0x7f0000002ec0)="98d3cfe774c2008ba628b99046b6c03d65476bdbf9705b7b0ed2a6e21f3f9985c380899cd4118ff0ad492604809a4fec95fa085744a43333e8362f907de3316507f15403d6647ee9ff81cbbfcedec5f869f3cc4673faf57834490e066edb69b54fe413c9d7e7b35c08334b0d551db9cc572581487cf503f7bd10239e3d925454db8187bf4ccc747b8e8ebfac9d61cc22dc876f4784097b27f7a4955c625f20e3c0aa6fc2fdf8436f6cb1bfdfe4ba25af3989f28636a8d36203193eb8f79e2d4a0cc038c80a43495ce3c1d861b4e2bf939a991c3f857f09aedb96d704d5654237d3d61c0c677e73197354b464ac4213352036c0562fbce2c52dc4ba791b5389fa85b549ad9274a133196a35d2e73cd62234254c79994208394e864120bf0a94a50e47ae4ccfb5ce4a920b03dc337b2348dcac5a10977476998612fdd2bc0744b83a96374e1b3e0ae1a4e6b9ec7bf2792ce3755aa55c002bd6227e09d15f3fa5b8d26cf4eb09d6f77cce3c9dec22eb9b5feb7c772750627155649ec17e247f0488b86570f491a77d189cbe93fccedb151453b557933d812115865b1473dda7eab04ba28d8a8bf8b3d0f653a8b59908562b7723c637409d1b5d05e278c4593af2fe854b34be7672d187722b66cfaa39b06eef2d18f88cbd54e80af7541075a06ed07265bee1635829245dcc07816a1644d4a0dc7998be4d8045e13178220b66d60eda3b85df806fccb739281c23ee74c9c78af9038adb6ec89a7eee2c9fd70feb4c66729a6a996a989338e02e98a1ed996ebec8b88e95194739bed345bbba8ad6e95d8b459ac2fb2261cbf0795481f89417254b758a80f870a9e969993b1df3b711ffb25dcf675c8cd2ffdc0e4f881f7c0a003d48ed5c6451064f741ebd2bbc705fdf74194b38e0521f9f8aa34119736c9982c0bcb499c5da664ecc4e11e0ff401d06a7b92ef7bc6b2197511ae251a29f54a417e900848071e81a055a179103bda6108bec9e1ff3f9239151f0cde2120749240693b1b379698e9796caa462fe8e8bf077ec65c50038e376c9a3f27241c34b58e2ac42eade8020c8f2286ae08afa057f0f9e779001bdedf7a0105cdc31161097ccc1bb8854d2cfd177e014c21bbed687c2c10dcd25cbab5c5750e18297a286e683b21feaa218732a10e404fee4256d44dbd4200d0833ba8d7337f1fdcec0f61f1ee17456a4c15026866a94a80af219cd6ef908ff222b8a141f3b8078f315ec374c2cf6116f96da5840fcce5a1cc58b51af8a17a22bafe311525152384f054d0b3a85b0bfae79d9319d5c5f495d2ca730b90fd8f3a4a77e4d08b8ca03592c2492604c152f23938d9fa0237a21f65b72c09803f2d67cfc3f24b8f27d022d63a82287b23d0091495ec252d0154de79abfae95fb25593191064c2b92987f7713e141470a2ae6e715be3e8a3d819a5cf20eede56d373a9eaf777471a8c27337b671284547de14ab5fc3d070646997ce309b5bcc8b372e59db45fb37478a4d738aae04a0bb4dcb220dd5a2b167c582f06814eba464157714c7763f32914f1a43b9c549be73926e8e4e14eb06954358d4dc9a31a5fe62e3225cfb7943aa580972d27c12d0f9d577c7bdaa7841bf138f63407c5fd2b7c560a903ceba86d99dbbf48a84530a3d1f31e9646db7570d0cdd0f3863d850d448ace21045caaaf1de57dd7552f3a54490d0634e90e8e644d5bdba6b2cd6ef30b472bbf6926aaef0ab999e015bb008855f5728824bb443751e39738c431d3bd2eb1d53b0e8e96594e989b9801d7f6a4a95ea3398dfd29b3c7398c0951989fa7602e75108ad10596d8f243ab09726d7e5f1b8ac86ca7ccf883ac630dec6fc15e467d20ecff114c13e477c9e1754a2ee7d3fb198e872dbc6dba989dbff7a25f006804d0406849f46a4d907453bc0f798e64ef4f8359068689c72da144838d5e83503942b7c45b4fc6271746fe47367f36187b6b6f22d7359576c74c7485a3ed3dec7fa42721901c92241ab32e926ff11f1a268791d2dde9f8ad781e162cf5f282a4a2864a4f1e1ef490ada9d055781b9c52aed6d3337cb343e99e94af743c0ecad43b2fced62af2467bcc9d3a7a37803e6412308964ed3667c4bc85f2a530a3a20288a070c949d0596ae6d3fc0987da3ec929a972de18546c5dd47b560b0d68f423d3991b2e5e88a663fcdc5e4277ad610a6257adfa84e33d38f867fac712f29cabc6db4ebab826e4c8a672ad9014dae52e4f81c6c9143e5d68b2e165dc6ea9d13d671429e359e6e5f5b209dbc41c22f1bec6863c2440fddc73e36fa5429a564cf21eca46fa901112b10a99185717e1cc749aff4ef4cb51965fa40a40b3f40f22b8fe091fbee64bae4a4e0ff754cfbfa21a9e9081815cb688ea5321347d5ca632669b62fef5c6070efa51b3aa6ab8dd2bb98d9767990f77632a2deb63737fd801ba94c4969ac7a758d470bbbc60a13b9c1250a6fa666a46f38f61f095006752fc846eb27d751d5ac03383f53e37e5d485a5112ee74c3ebab1173bda5a298e951ec9875abdcf78b76241cbbbc0854561b1f13a187229bcc2c6024fa38f1bb17aa8a83621b0c49563ede6d2e87db5c79b58922e4f000a0eff88c86fdf46df73c209a6f38a80455f6d7ce5f45af34dd313432fe0a092270d0dae1f81bb5b7463c3931023e7010d39d7c6ceb79e7917a008a5688cd736eeb79894bf2408857828762839a577ee5030ef361e19957f9ad2ebd32dd27c804d6b440636e80df7a9b3d017a6eadf08cb85b704296eb6dd33e6db1b21b61ebc058c5fde2c9ba64727b94c3d64fc455bb2e8c5ae8a711c22a9f2b5e07d25f3f76dc06d1e2020f531605def281bb677d89a72fc6b0e3290930501767d131bf0855b6f160848519a22242a6889382b6b6e056b235b5ec10c3fd2352ae7cd906a8e2a72cca100d66b2ffc840045ed10f8fead2bf33e82af7a1dc6abefdecae8cf86ae0afd389a6cc58dbe59799de1329f0849ea685a6fac5be8deb9a29b3340765898a9bbbb51515a6600a6d74726c8fbdef0bfb371aaebdffdd311c4cdf577d1e195e06700cf36b2558c1a4ca46c43db91ff15ac514b21c1a89a530da477cb6c40f29e9e47e8ff8f61ee34b4194a31fc5fea245139c840b3d213dca59eee2d170349c9523af79903f9778a23cd29fbfd195c169f10d8c5b40d6f1985b0c8544b3a27048f254284b1c026a9257ede7645b2ddb96ea76c20185a011ffff9b6ac380925510be6ce2f670defab33ed08861af65b526e0059fc0c04db01561216cf82f47d8cce5d794a248fbfaa36e58c9226f555c1cb9111bc92dbd138202296940b5f68e41f72a083448a7519a8744d7d563493f8cb30cc9f9afd6392ef2ebf0029eb47049b7f864a06756763d86c228dfe35d1500c0d870d21dfab6258c8713f3b258bb375b5b14e7afbbf5dca6d041738a676f9de5de3a7b4682d2772dec2bb43d5a0ee9e74c12a78a11c6c6cb4a7f24ba190600b744c33f2cd44f187e409fac4235ce7d260cb73ac2835d76fc5b2c53e243d219020f286122ba9803f9c5a0122dbc0e4bb5e34d14b2c25d531cf5640329b7b064a9d4ed8045ca3028c43415b06932e11bf958f6a27b20de127a6e495a5038eec553555750caae4bab6659327321072ab208aabf03323ce273ebb1e5c1b45ed433b48ce957cde82659ab40b708984b5b2effbc216fe0339b0503bd91e7ca5d2655f1db53126498beb96cb804df2b1a3b9f1039266b1cf17cc1c174a1a7e3f467a5ffa409279e8ba925b960c8d0c18a89df10ce3f23d2e63abb845e97a3dd8417ee208653b5c31a79f3c8545c3ade6a1743278baa92562c196b5541151c38dc009390e211d03475acef79ff51e5ae45b5c2b5cd5a699f3741c48aead05c9c4d300697d5cab717f49faa5653d94b6c404a4325f67a4eb9e35f634abd025a311f17d45f6800689d58f3379a98ac281353a095e239cce49e291572bd6854daae0c77f5b87e6434c3b8eb37015d3fba8fedcd1174cce696e84251887e05180308e3711bbf9505ffd924d43d8070f5996324a6c688dcd80559387a7e4693a4123674e245a4c2bda70ff1339ba16e8111791f6de5c1d4d2c3f05f4cfc8af419b344e0401ba5b0f9e6b9cd06dee22d6dd1eebcc04c7d93465222992f177d828238251ea743f12c986de0e6693de4ee9e4c996cc50f1929ba9b5d15b400389f2ac0841ef6cb4ff08559698f5a0c564644b3d0a925b88cf4827927aab233b1a1df3442c446759b269f7864565dce4b9edd82b457858c61abbc79730dd1467a98c763b3dcdd2f216071c0d08b5a8c4f75713fb43f08ff20710f8a79641ebe811abc67421a5358d9a678f9b9ee4294b25c1497107d899d0270b826b7212fe7932eb121fd6206d0209d2e085180454a4d1e1746c0172e26ff0da9b8c13777f033e5741f511488509a765d1dd08a603fb35c440e451790db9e9b6438c7ed04ad09ebc9d24968e5c03a18249c723c0ab256bc673bbb6f9349c564b32c229b41f28fc8ef212fc2ef75d966ea143a49f2da57358b1b84814ca6ff139b78a07cec6dfa75d569a9bfc1b6eb6c3b1e331cce20b93c7f55dbbfbd0704755ca24be6511b80f8ed27a7384e245c961c2004d0d06c937a72a1bfcca35744da49725e9f11e22ce241bb06cc46a512b4618094ec00999bd7d2a5cdca2004bbcbf2c8eceaf7b0ce6591aa1bb4d399e131424300265398bdd2006bacf7dc092534101831fbb2cc7e82b8b0e441832072cc28d01b57cb863b6c791d6247a52cc69aebe7ecb0e390074f794965d8eb8e8eff754710b46e1289df0e8872f1a96b8a675bfb47e5fd1da70736f21abc0d485902cf28f1b225050b49a559bf17795a8d20af0cdfc3c489b76fc0701e2c8b53decb648d50f7d9c16385625346d6897852b16c444cb4c8396dfc47c18f66c7f169bdbaab6ad3178ddb7c874f8817a4838abd302b7d7f185914d3f0c4361bda63b7fe5c166f52c43449eec9dce46884ccb8a3e83fb934e74dee16b398bf66109583dc472958c7dcf6d0cb2fdb27cbdb5fcfcd50be9648ed3839c59856c3c49670f541255c5847f64ef712196253416d5f8e63ab69eeb35905399d06422ff26d7830c5ac756e8ec9fe6b5c046c086acee5cc2f469bddec9d451e02cf2cfa4077c78c385bbc73473d3305798f2d896ed70b009d89efab2f73f02d464650a2c6498312036115ea8979af7abc9e4770a35a0fb812298749219ab833bc6ba2bbc5e79af7bb29008d250e12a8cfb581884d528a60888326c4c8e80da7d7a4b368cf2623eeafcf3cceacf47b95b10a8cd92042658ccdf681996e802178a54ed0b76dd7df9baf5aa26888326f157c0eab33c965a0c86b2a7eb2b14454fc3910f89fd4de5e32a2b72289ab0e3f837a3238190c0d10a81e54e8a64435d76ca534d99be982c6cc0aec83da6469a775b91a731681cb9be552e37042a9637746e43ac19ba266c9f5aa84b039bf1fed80ab3ec50fd349b15279370a148070f6e1ad180a384e10e0992eafda87de86381df0a89df71a4532937f0048a66bf70b989724abe25c07b83d42e18a16ffc730c22db1f2487fd06fb7231b92109d56f832326d8388f4c4cddbe0e244de15a7d525addacdea61f2ad35e3a315b170b5166221181b5973dce189d6cf94db33da71ecb56017a5113bb08b49ab1722cbca9b82cca42449e6689c685cf6e834be748b6a1dff0ee730c765ff4bbc39662d11e9ded6ed2dd7bf1c446c2cf97a768b72a7d95f8c56ce284c300f9fe603d751e5", 0x1000}, {&(0x7f0000003ec0)="3bc29ee0fe76cd62cabebbbdd21053f3f5bdf03f6c0d84fc366a03f3be7e7a657d508ff1e58399416853c306ddac660fc11e291f6f1e6cdeea3de4210c0e033343fe2c1f69cc8e9aa390d2f07641c1118940d614aedfaee9ec45227517bffeb5476c618d8a3a73b8db588f9db9ef1eb2fa78ec4fbc961ce9accf3d6f0401cec970e1e5b6f7003463988a21da9cc255379f75ed57d990fc217bc0317c5bc5d8f5d9d40e62297ee6909f165ceea3bb8ff14ea18a317fdc7e13c67bc44e2307b7330602deee954eb3ec5e95a09c7b4457211315c8a3f620ae91e34009ce77a848d5c0bad4cecbbf21294c495f753fb9b99457757b2a497dccf053bd425e981a7f7e12f426f54c3ae0dfdbb5b0cbcc7a2e465814e2e1468a44c3e4632d3cde4bb6a2c3ac2bc81f08bcde9e9ef23563d3fa8911b11af492adefc3c01a04075adae6760860f2087da1c1230173e9f3609088366b5d0a3a3011ebe28249d507c7e3e7f6ea242958db7ae99a6dc7aa8b1c8d7818295dee2d29708d57291d02f21400d35873951a5318b240a099e68e5c5d85ad0c8f7fb52e684a7a6c6eac0b91d07d6f6d42d8c4fd3773beacfb039eb7b578b68192d0ef5394bcfde6d8468154fa3c52b49d31fe91eabd1f5f9edc7a8c7fe63469264f82ae5d4d71cf7f6f32f794ae77c4a49c098c70d20190d6c155b0a39c5522a2ab1cc67c00a2c43efdb9148ba2dbd1afb1e9570bd3549c842ef11dcf85d0df95b70661a6d7848bf6fe807a674f46d26ba1fb4a7daee63bab1921a2c84968b5b0abddf32d1f53781805cb041f41aae8b6e9703638fed9e83e36a677af343973cdd7893f398d41a827d9c4ce6f9c5bc4f80a3d09b1fd74b6a13d07a8181bd6dcb3da6495655f761f0471bb680997f2f669b84ed3b0c2b2f5aaec24df9f7b0f95779db58a7185912bde7d079b6b61b9f00abb9f1efbf6e41dfd419d81d3928ef8ad18ed72dce65dabf21e79b677b32efdedf35e7a8e0875d93e68e33b4318ee4d2c8a80bb2706a6cb2fdb4c7f8d4dafa44b0c0679af92b1095aa04aceb9eae5173992f3e31d6df47d51073eb0767c912ff6b00d4544629042db9aec5dcf1b94297339e268338ae71b17497c142587b9d6e273a69caf59c4e321979afcbfbe705ae83344f26b2c40c97cb5e7984b101e2970847aa8b24f48a0c2777a0bbed8d5025e3113bab405ee2da680953f922fb24c68f3ccd57a196c1c5dd7a591499de2b3d9dbeb8493f5c15919ce7ae6f3cfbe9a89dfa3839e213e15bef7a71f3c042003a783ade080a0857310aff47fba85f118f66aa5332c33a9929ec770682bf397254e15f6cf2fe7d96767d2496565ba88791cd671c8edc680cb739caa9543efcc575bdc2187eb1b5f9ff6405af83b177162e247dd996d68a63fb2be38a9043a593f24003a6ec329fe1fb665321b4c295728f0fd902b57db19f080efbef3292dfd2300e604a202424969885defe79a22cf315b71cbcc2653ea85f892d5fcfb59f1e026642204e921294353548e2faa378215f7f2c0b5c46dbd168bd1668b35a132c1d58d4af6a85513869d7c8b06ad99aa85b348891f8d08a1735b979e65c5620e47046f5572adfea5631bde520ce090704e54d52669327a316d723b71422f5c856e4566d2d0a2f19a561a8afbc660e7edd7ec17bae5df5a88c4aab727a4b3f4f8beef7fa9dec06ddbd16b6396e00487b8902f8b1ea7cda49d7aa56e7b61813b963c54806cd62863e6843c2f05b32c36e53510aaafd2499d110a8c1b20f9734bace9ff97d14f1ffe9385bdb95aa30abd2b64fbc31e3665a846fb6154e705addb210441dd706c11b5870b0ef9a635a6572aea175e6092aa771b88d16c983200896ffbbbdb2df3d3cc1f196144116349abfe3dec2cded1969a2b83e49d224719904ebca7ead5dd22b9ea0e1dc982dc07c6d02972e2d38f593997ef218ada5b2141c31dbf96b1bca97524b9bcd8acc3ec7f39f1bbaa0b05cc71e2c6fab5da12ca51ea588299c792957344ad225ad4bc524e85f5f3bf0f851fea915dcd9495ba9f36e94b0900d16eebcd872e443ff7b9d3654161b2bb5523f82d8a39a810f4df7ee73a916b1b10b29d8ffdb6491f556e313fd51f1bf7040af86778a47be34e42b84d398cb9bd8b3072cf1122ba809adb7f6563a253a5cbfd82c891324c2e218697a2e27979f1934e1d3e10aeceaab94cbf36553edbb2a65d339280fba8b88fe92572af86c738e54cad0a1612c92c64d44a72eb524298759a5b7a0cd1d89aee169ea3ea233d279ba2fa95bae2e816b86f7071b83fba37162db93ca96bfedcbdab0905ead00f7685d5d1a3a2204c1071747df1731e8f8a63d70f93fb1c4c91d4a71dde5f5f56ddaff426f5b5351a88e5844a4d66e24b424f8cff5389d07f88e6095d840f5b833eb6b7db33702fd9599a43534abb9d94921f5f778d40e3c5e2a4bc1be2ad45d0072e02229d91a517fb1dd56fee358f669185432ccefc70f1ba6185cab6ae1a86eec8a6fc93bd932e77aaaf29a52426a473a36a8afa93bbd9e1244ecf78235222fc838b6a5e99fc95e20e260d4f321205979861f3bbb9b51c490c3b875673a9bf4789cec11917bd2aae6cbc1f0ba8c031760b2fe9be15a22ee926d81ff65beae914e89499efffc98a323df9d4c907e5e75c5d004b41911b36cf1c664b9276fa1c2aa428e24148b864a412640334ef022f7008304ced2b748ce54372fdeded2efabc7d36a32ead5c615ef41e531b1c4b8b35af458f527999d33dcfff1598090ecc201f7245e961a69a0264eed02dae813e56cd10f1732291bab3b5bc8417687a34454fc9d59c46fdbb71a6913b54d369f0db0dfa7405638b5bf20ee8265a47b7282e231ab6717c1ecbc676b3d350aca1d99573e8908ef08b28c3314ae513f12e2776e28e381228d8fad09af8b410d9d50e77207cb9f497420d8ac28c0d48e19d2d164a35f0f17202d472b83d7a5d768ea1c352813539bd93a179f025095998627dbca67dfffae1cf23c9c5a53d8399ae8fb5116a5c2a214bf7acb9d59bb74381d77aab7b3e5bef60c6f01bdb9ca0d051acc288d7ba623cf070f48d37d6b3bbb73b15bdb63a6300f4a0f1ba8de4e83f2fc76f57d9b0b00085f74f7493c23d3f5a7226d7aadb4a3461b08bac3f70ced7c345e34ed9aeef545f8357ae6ef3bbfebef8c32b9fb393936fa22c2732adf836f705971c5f5cd0b8938e9019c36f9ab32a479fd033f02a3b7d13407758358c3c92fa78ba236e3f41fba6b1cfd338e2ab2fdf8f4d4e1c01bec9e5c3068594a1b085c047d65a1c79f5eebb9e8db6da6256a9dd3c7942194a9aaf3e2b5f327b43d7472eb3597604ec6164bc35f783f42978fc7d6a6a4e15f3cdeb0a4c281aca2e803cd62127317793b6bab14817941e61d6bbab13407cc9f627b72e06d3c625cdc949186fdc9e36f7100caad22ba332104a9099359149f0d120679fddb0ad427f73ec2d4644a67550062edec6c9d9843fd32943af04f1c9af7a8bb83448485cc92326b6d02722ec6d656b31ccf2f7d2e6c8f4eeea0b301af6a7b90395bbb1a3e3bd2d2f01f3788ddf071f55e59e25209a2631b483cdc08d0a2d19f183af6cdf8ce63f5ff6e560866ac30ebbe33f8cf13e9b09b31aea000ccfe6dbfd0b9fa001e664ea86ada03ec13f93787d9a7f8b9dfc1ce4ca0f10abf66276b160612fc80aadcb4684ea37ee487dd6f5a14c13858dc2fb007652cd0fe8800a2d2a33e9cad4a0ca5192f052fadd057ff5af3c960e2dbc5ca8b3b8af6043a06cb08b4c40cca5f737e433cc8ffa7160393541f192e00e066af75f63a5cc8fa9fae47e6210a601a89feb54ecb7c683ae64c1e09002b906dbe1f1a9d4c344a156202af7a36c075d1dee62de551a601bebfb7138710ae3ffa04afaa1614b657edccd2c5b4da88f98a33875b676c2c59356e718ad91cc92655e9af942ecb72edc8dd3a8110f72820e5fcaeea00c5d7e708e8f2469651671aa1ee6596636a0c0aabacc749a6723b05ac902e0ec02f399ef612f6933ab7a935bffa45dadb14d53d255af35a4a5cd2d83d4f4217ce76e6d7caff605427a259f63bed813e5551e281883fae93618a44812ca55f57831753b4f297bb1defa0621ad80d0aae1df3f6ffb9bcf64b8b6c22bafde421def8913cbda398f284e18021a2efba01421ac0fa8440b107760a0230d24e64e99aab9d9a9b9f10db61a76e504cf79a41c55be3accba50996f0d09aacde88717b712d0053bd85811d1720f388a6933d999761fd1e35743a229770b382fb1c9ea636a7d00825d8ee877fe87f1da9fe233d1aa48c0b296b3bd86f55e3e0f12d84ac73f87932d7fe2bcb26edbe9f6c1e1880e9da4fd262dea194859b1ae733bce449c298d598c2d0f25fd408c5ff59722bdf0cbf7320e90971b32feee5d1d76192dd45ea129da32da75041b43caedc8aa05a9a449a7fc77aac8e789f2e6042b4afd3709cab5a492dc91b5cd76a59587add4090f6332820b350579bd7e9a0808126a5658811e01ae8e134dfe38426027cbc30d2cff340a2e51ebef8a7ee00cc8fa4125ff589b57261a01b1c37326b0d01fe6c4ec78c8c229c41e38ea0340baa59aca370da8b917d2394649aca317d88a442fcb70c23149dc44089c1db3dbdd81a0170c66051942449078e41a0aec47351bc049c60f4a8f2c577367da0e2df2823ece88bd620f4360fb749e16f81845eaf3c9f39c03cc34839f0cb356dbe24614b0446663b7051911285c51ba6395ae1486c9e5fe75f3d769fb3b814be81bf898cf9774678dbdc56477afc9c4cb81c27b101270c016cf0568068386148dc5d94c9398a5b501c7188a07ce324da063912211a3636eaa8a5f5e5e502c1df126ff5e898ec00b03fc22e43a9f39253712f508ad6f1707a5d5f1565dc4b8f2cb66c5341cec3ff49b6db1b925562d6aaf1d44caa10e277b1d81b3da200437ca68bb397b26155ef562b418eba575fd32f025ee3a7544ac174d18b5b3a19dffff6ecfc6b7cc611e54848e0b836c6c57b41fce0ad922b539b975ae5e4e5407d8853e17102d83b56b02a0b90380390e8ddec013fd6b275a2446f82fc994fa6b81a7c1c500cd02abdbc4a13fa48c94707fc28e654c7aed4aba85359b5d5cb452d45cf2934677feea3363fff8506651733a083cc3badacca042bc2740547922fea52703da939bc6d851f753434ee824b8f161fd8487bad4a2364ab328f503a45028e3fc149f5f66aecdf1c837b86f845c90b87de6bd221c795ab83e118cb9006d9e288255880e3581ceb8318007cccc62dffbbdb92f7039c591899c98e45b820ce02050b3488ec8d817f130c2138f6cd6d2ad6ffe43e64f2f24c227e4bf4ef11e337cccf92e00a4cb9d2e354ec643c6ee9c3741cff6927ada8e1e898ebc5c6e5bf6d5952c96051b48b49254ccd4794f06cb4cabefe7301348a1e3cb62e2c79f72f8911e7ab897365f68ccff100102da431725be994f44fccd1c9ef5eb1be895318e329e6ce7ec92fab0c09f77dfedd5996dde4839c8623848b143ad8e24a8d9b94d49362e46f8a8545ea5cb6aa150edc1159d3f49c58765ba7455c388c6eef5d70ecd44449937ff3b05ee50cd391e5ff50a8c79aa2825284cad42e4a0a0b3ab05a779d3757f8db990e0e77603760468c93169a945d19920a641e48837e80d4f52766dc19605c209df7b9250b523ec2ab45a8083e2d55a312c47c27c902071e098f4c3d46f5dcc75103b27be49c9faed2a436b8ec101db6fbbd3420327a524087fe1689e0703127fb9cf", 0x1000}, {&(0x7f0000004ec0)="48e2b39cc6a6f2daf6381342c3d11307a7f57e86d13408e56a0e45723d0497e34e873c9ca4e9b70cb42ddce276b5e5b5c3a3a0d94386f485511c", 0x3a}, {&(0x7f0000004f00)="a02c016f8755ece6ae00a8450aa1cbb3256ffdc533f5ae1eabf559674c17a34b52fc", 0x22}], 0xa, &(0x7f0000005140)=[@cred={{0x1c, 0x1, 0x2, {r11, r12}}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, r13, r0, r0]}}, @rights={{0x30, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r16, r19, r20, r0, r0]}}, @cred={{0x1c, 0x1, 0x2, {r21, r24, r25}}}, @rights={{0x1c, 0x1, 0x1, [r26, r28, r0]}}, @rights={{0x30, 0x1, 0x1, [r29, r31, r33, r0, r34, r35, r36, r0]}}, @rights={{0x20, 0x1, 0x1, [r38, r39, r41, r42]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x118, 0x40084d0}, {&(0x7f0000005280)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000005480)=[{&(0x7f0000005300)="21864079b9056153b4b4b2d7d7d149f8535633229ab2d23833afbbdeb922d8b488c5e0c7a3385a84955692de770fdae7402f669923cc7587f8f1f7073228989c64f0c1f677d319b5cafb8d45c57ec985aaac", 0x52}, {&(0x7f0000005380)="299fe8599cc82fb93ffcaf2b1b69b6d7b6edd931a6ac7b18c2bc7254ec5604f2b81bfe20e926a425392d63ff3b6bc1479fd9ddd03ae9d73b3ebe179bd48ecc03a3033b59fbdf7e7386c4fda8203faec51704f201ed87d23b95f96a3814b9b86afae50028aeb502824e26d3c31415a2d2d367c1057659150f08fb5e47cd7c9ac65160ccd86fd47ff253f771067cc9c98c6383de6ee1ca3f37aff36e42e4bd426f1e75ec42949572619046c8d4fca54bc702d59297b8abe99a24ffaab699b592726e0afe035fdde7078fd965c8146e03301956f8063fab381736bdb7e39d581a0980c2f0fd83c23b74afd3a79494d2596edb16bf3a4326b2968d01cacf35c3ab", 0xff}], 0x2, &(0x7f00000054c0), 0x0, 0x8081}, {&(0x7f0000005500)=@abs={0x0, 0x0, 0x4e21}, 0x6e, &(0x7f0000005840)=[{&(0x7f0000005580)="93c2cbf1547b297af91d2a872b549d588dee4d0547fbb1ff816b6a2daa95a6a639c317bf759f31273cce31a89a59ae6ee48a638227aa33f1314018abfc8ec705235d81e2c1549926f5872368361af6b017eab383a4d1a8454c3ee34d367d3b9ab035dd15df09b19a513c986705752a997d599235e99b9d8360ee5aa4778786a364aced7c80b9171560a1564bf7d2bc5c1659ce6d2930572573007583708e5c797c0444c0", 0xa4}, {&(0x7f0000005640)="ccaf6a7bb71a85e61287739bbf15d0b91d33974fddf06ea03ab38275fd4825f2437fb8c2a8fc7c66bd445441a7bdf05ab97da682b8d63c4845a3a24d83cd536a68e0235010ae7db09b0d98eb63c95fdc6605a6c08527b323e473df9520a8ec6e8a3b0ef3b6f474feb12929195dcfcc8b0361394d91204e2012e086e0450c7923499ce65b2c242268bf5c03bea4043a1efbace77bc4b399834d563e272bb1e0e930a05d5b8162d345b4df55042e5dd91755984a74796d", 0xb6}, {&(0x7f0000005700)="ae37d3d928c90ad5a94b794f0e7e1c1477", 0x11}, {&(0x7f0000005740)="ed1a4770b1ec10273408182dd5d75571b35d216181080f9a533d9f8b96669a754fbb4e117f99b50f0362cca15c3f07846fab7f7df936148a264362c43b827a9dd56c63b12af638f851e1d747df60e2703f0724b18e3a1418a77cd1231821633f3c80d5e6b1c29c7feb6b9bdbaa86e9d6191f80a18152a228039d3e1ed73a5af96c68776a1396bc06a321ecbb9911f8c84ad0efb6ccceba2e8957cc79dd7a1e4158c0222c411fac4bd1fdf4c0a226addc99437c5eabf6ce1fea8f2937d21bca06f7a30725136b", 0xc6}], 0x4, &(0x7f0000005dc0)=[@rights={{0x30, 0x1, 0x1, [r0, r0, r45, r46, r0, r48, r49, r0]}}, @rights={{0x1c, 0x1, 0x1, [r0, 0xffffffffffffffff, r0]}}, @cred={{0x1c, 0x1, 0x2, {r50, r52, r53}}}, @rights={{0x30, 0x1, 0x1, [r54, r55, r56, r0, r57, r59, r61, r62]}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r63, r64}}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r67, 0xffffffffffffffff]}}, @rights={{0x34, 0x1, 0x1, [r68, r0, r0, r0, r69, r0, r70, r71, r74]}}], 0x118, 0x91}, {&(0x7f0000005f00)=@file={0x1, './file0\x00'}, 0x6e, &(0x7f0000006600)=[{&(0x7f0000005f80)}, {&(0x7f0000005fc0)="1f813a5c345a3f116f1d28a63b60c6630b77147f9f264911a0785ec8ea7554a7a7d081b696464676730ad394791490610b4d8c274268fd1545755d63a05b0eb88dea2c191c57229034c4fb0dd4f8306f6bd9070a6b12be14de7da217b27278bc72e8b176d6635cb1151a2cc69b1ff92ace7c07d54ac31b61722a9a23039a3fd8c7bc994cc94786969ccd2ed955348ba77011bcbef50642cafa775e07f8bd952760b6657d039972598515d2ee6490d0f8d99219954ecf1055f5157638dc9ead233084", 0xc2}, {&(0x7f00000060c0)="d5616ce96f397fa8", 0x8}, {&(0x7f0000006100)="3d718e161b38a6f42264480d6b", 0xd}, {&(0x7f0000006140)="61bfdd13d5880a409592f4377e7b6bc72383a87cff1f9ea58997a9babac823f8dd175d605dc0248985d7ca346fd0ecd6b8753440624c19d69a0c69e33db0b430d2e0293488ff961ff2f01e07c0cb0250a2e49646309327f680cbcbaa36f5b4614a9d8509b6dcae869f7bba468fd799ce2cd19f83cde71239ccf8f0902b24a97a2dfaf809ab379250307e2b3803ca24b1fcfb24c443fe96e51e4e61e0ee09e3a38330528bc03e3c8e6d9394698bbfc5b30799413e0a8c665cb7379070e064b470c230aae838fc695ff0ab53f1", 0xcc}, {&(0x7f0000006240)="6d38a9acd80ab832f075ab6779a1e07938b40e1acc13e576c1547c53a3d41f688a9879b0fed6644022a2d39d52060f7bf7195d2c4cdb3316d44459962f0e400047f632e711f1b0e6256f9905872a1deebbff3850d5644967038e72b06aad2b1c64b45c62f67f1c42cc8f321279c24f1ae0", 0x71}, {&(0x7f00000062c0)="ce3e397308915ef7006e8088c4385cca21e9714bbc8d4aca5d7b47cc992e5ce27eeca3297bf74529112df140611cf09aff5e0c1afc008838dec37e9ab94f662dd4de0cf88256f59f2cf0f187b4f14279982ff54933c88f4716ad5771cb817db2bb0b8a740af0f2e2dbf57f6aeef0105894f4be538204caf635c59a78529e33b35e962c1d9b20b344656811d31f4aca3b15faf61047dd92c305642c3fe456ea1f823b676a470aa27102999a0a48b4bbe465902e47e9ebeea0573d14f7304731c579455cfaddefd1acf28692b6eb08d61b22531efd104c", 0xd6}, {&(0x7f00000063c0)="eca46760fd5bafebab64096c3a42886a17fb15c74d19cd9fa5759f5d1804ab8c095a4e4de8e4606acbe1882b3cc8b1ba153b5d58525a62f206e42d956dda6c6249f44dea84156fa0aaf4b2e14e828248d9e70ef01cd6d8e19d8b49b313a1ffe4d950ea1e797a50f8bf8296a0d3cbbca7aeaf55532e84a78f20f7e2928ebfd8dcdca5225a951b760197c6153b23e796", 0x8f}, {&(0x7f0000006480)="a814af17c4e24f3380f4d5bb9c18d0a9e1b58c75190e70a344f3fdbf10860c5e68a4243eb68045a866ea9411447089128c001a42d3e74d8c4641c609cbc7d088dd3ce07bae6381d24d89956b83600c7c3d8e790646a4a3cdbdb47c80582c1602c8ffc98870cf06acb9b21480428d563b03791cb2bf541ebc7eeebc9f9414125e12a00aaa34b9a3dd547f17a1bb294a9133c9d668e6e1841c36f3da6ca87fac72e5e7c698e336cf0c042bffd91bb8c990", 0xb0}, {&(0x7f0000006540)="7ea73e251cb972ef04097aa24a3c441c6c276051911a217a5409ac66c7a30e286dac3d2b058ed725c30bac0ff5b49e7bdb70d014014f25d2e5457ff7c990219f0452e5c9930074f185c0475d656a5bb65f3d6073e383a386ee44124ead49d7709195b18679ae783affccca0a110bfea52675781b8b9f457b369dd405a717b70b5112948d3d2bbce0333d356111c77d4393db03dd96bf0fd00d1f781e41545eb99236b9edf5dc3d7b784778df776a2e9ed29a3b63f74f", 0xb6}], 0xa, &(0x7f0000006740)=[@cred={{0x1c, 0x1, 0x2, {r75, 0x0, r77}}}, @rights={{0x18, 0x1, 0x1, [r79, r0]}}, @rights={{0x30, 0x1, 0x1, [r0, r82, r0, r83, r84, r85, r0, r86]}}], 0x68, 0x44001}, {&(0x7f00000067c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000006940)=[{&(0x7f0000006840)="3d66d8d3a27ce8db999cd8ecbc37699a090292ad81128a58a68c2178cb98887ea84a05612eb17ae692a8dd3167553825866890abaab45919f2340cd68d39bfa8aa98c766efdb737b2cb50e54f1445d6a1d56f8c088fd28cba068ec6f4c456d00d76ca798a391b45eaecdd4587dc4ccf52e5865d62639b3578e0e4397bfcb7899ef8e793b2717107b1db6a61c3fa79af927f5f064628d595246c3e9c801785d9a10bf111d5ea5f503b65726f62ac04ecfe687b1d1aa403df096685a6e6f27fc7b98c559c411e9ed728f3536e5ca5e6897e4eb97a7221468016786d6b12b867215c39c9f3b14791b3a842188c8754e2caca9a5cf8d04ed4f45c6ae", 0xfa}], 0x1, &(0x7f0000006a80)=[@rights={{0x34, 0x1, 0x1, [r88, r0, r0, r90, 0xffffffffffffffff, r0, r91, r93, r94]}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, r96, r97, r99, r0]}}], 0x60, 0x4040010}, {&(0x7f0000006b00)=@abs={0x1, 0x0, 0x4e21}, 0x6e, &(0x7f0000006ec0)=[{&(0x7f0000006b80)="8dfdec2a6429ba32dcd5cd0f48694dc8f9073f63a242a250d2721931a6addfcbd5f06f4186532f91c4b33e6c6d60b8050c99bbe4892ae8013f96c63e1b95da4df902717a9c5d83523fb1a205492e4e9ab195e5a55ea7b2aee9f4feaebc2423c6ad07f999ba3f8ae660a209eee38695d4f6160052a69abd805f", 0x79}, {&(0x7f0000006c00)="41002117ad8a4d9f5c", 0x9}, {&(0x7f0000006c40)="4590baebe683c4a078f96a499306d501021c739dd7b9990d00f11ce991b20673cdd29c624c5e661cafcce28e2e08e72f813bf822aa1be30c67d7a311570c29fecaffe9c4d9be4f89c9f1b77177", 0x4d}, {&(0x7f0000006cc0)="87ebab1242035d9cf1bd72e4435ebeac4925d0d213796502ba5d2cc01eb8b44e84ca1bb099ac9e344684fe359a67c4a3dcd793319c4f388f0e8d364a386a97251d5a9640a446c265b0f559c744ae405e4f9f825f27914c11200f2bb8783fcc6a4d8800c3919ddd7578e1b3cd8f3dc573fcc45c40fd4b0a892ae1e04cb9994acd8978c828d8fa07f344595ca02b8eee3513af7b6a9baf65452c67c9", 0x9b}, {&(0x7f0000006d80)="695788d7932156d30702d5f3e94df6d9e4ce3402535dcb96ca8cf0fa9c788afbb38b4cd527c308b70b415f6fa3f1003dfcc4e1672ae299becdb9104cbe99fd97827f48bae65031b038a69db50666db53caa125a57d991ba59d7668", 0x5b}, {&(0x7f0000006e00)="2e39519c7d03a96ac890240ee433562b034bec66d6cb97f9af950b40961a678e0ea7181983fa1a1210206163166bd89b95a1daeede72e7cd5b43387036d91156680f10691ca3c885fd6eb8fa4a8ffcedd349553f11658884cb696a98d5c5b0029c9b4c5ff120576d55674b5750973b2e61784bc24358fcd2ebd1cc", 0x7b}, {&(0x7f0000006e80)="8d4ad047dc8b5f5109fb74efc49787170c447574cc26a25687119126c200fa83bdfee2cedfc1a72ce022187b7b3a369ca950d57dec2d0bc743", 0x39}], 0x7, 0x0, 0x0, 0x11}, {&(0x7f0000006f40)=@abs={0x0, 0x0, 0x4e24}, 0x6e, &(0x7f00000070c0)=[{&(0x7f0000006fc0)="4df23defda71f15651bdd64514", 0xd}, {&(0x7f0000007000)="ebe5b9df16e706bd847bc109e579d9877de22151a9c9d6c6852ebd9d08ad0099d42a5f00afbe9a3dbd4b01b5fa1be02186972d38ee90ee8d319d074e7dea31d84cee8349696fb349a30c32b303f941141be6eb205d6771773d1030f9f906a37dd05c2ad69592e83f50a047d9ea6963920dda690667a1434df881ec02017308cee5dc2abd78ca8828055b5547a9f3605b479584c1f26be6bb6905b47c585ae616c6cf8d5e08957f8a0513f1616f27b194ebb8", 0xb2}], 0x2, &(0x7f0000007580)=[@cred={{0x1c, 0x1, 0x2, {r101, r103, r104}}}, @cred={{0x1c, 0x1, 0x2, {r105, r108, r109}}}, @rights={{0x18, 0x1, 0x1, [r110, r0]}}, @rights={{0x30, 0x1, 0x1, [r0, r0, 0xffffffffffffffff, r112, r114, r0, r116, r117]}}, @cred={{0x1c, 0x1, 0x2, {r119, r120, r122}}}, @cred={{0x1c, 0x1, 0x2, {r124, r126, r127}}}, @cred={{0x1c, 0x1, 0x2, {r128, r130, r132}}}, @cred={{0x1c, 0x1, 0x2, {0xffffffffffffffff, r135, r145}}}, @rights={{0x1c, 0x1, 0x1, [r0, r146, r147]}}], 0x128, 0x20008004}, {&(0x7f00000076c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f00000077c0)=[{&(0x7f0000007740)="f3a79679fd45d6cc5d451396426ec28aad6a026b93f65618451e97a360086bfba2629b39325b33358b03f9c44b9e6909c44f9572dc43335a045bbeda0212c8ae12fc7028d53664961e97e434e79bfe1b1b43b14c2a1e8468e8d9d2b24a71fabd", 0x60}], 0x1, &(0x7f0000007800)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, r148, r0]}}], 0x20, 0x8804}], 0xa, 0x0) fcntl$dupfd(r0, 0x0, r0) [ 504.617764] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 504.625073] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000012 [ 504.649785] BTRFS error (device loop4): superblock checksum mismatch 02:47:59 executing program 5 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 504.721349] BTRFS error (device loop4): open_ctree failed [ 504.746251] FAULT_INJECTION: forcing a failure. [ 504.746251] name failslab, interval 1, probability 0, space 0, times 0 [ 504.757704] CPU: 1 PID: 28877 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 504.765974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 504.775468] Call Trace: [ 504.778187] dump_stack+0x142/0x197 [ 504.781824] should_fail.cold+0x10f/0x159 [ 504.785974] should_failslab+0xdb/0x130 [ 504.789983] kmem_cache_alloc+0x2d7/0x780 [ 504.794407] ? wait_for_completion+0x420/0x420 [ 504.799116] __kernfs_new_node+0x70/0x480 [ 504.803279] ? kernfs_activate+0x13a/0x190 [ 504.807522] kernfs_new_node+0x80/0xf0 [ 504.811452] __kernfs_create_file+0x46/0x323 [ 504.816029] sysfs_add_file_mode_ns+0x1e4/0x450 [ 504.821240] internal_create_group+0x232/0x7b0 [ 504.825842] sysfs_create_group+0x20/0x30 [ 504.830008] lo_ioctl+0x1162/0x1cd0 [ 504.833658] ? loop_probe+0x160/0x160 [ 504.837920] blkdev_ioctl+0x95f/0x1850 [ 504.841819] ? blkpg_ioctl+0x970/0x970 [ 504.845735] ? __might_sleep+0x93/0xb0 [ 504.849641] ? __fget+0x210/0x370 [ 504.853119] block_ioctl+0xde/0x120 [ 504.856785] ? blkdev_fallocate+0x3b0/0x3b0 [ 504.861117] do_vfs_ioctl+0x7ae/0x1060 [ 504.865005] ? selinux_file_mprotect+0x5d0/0x5d0 [ 504.869757] ? lock_downgrade+0x740/0x740 [ 504.874616] ? ioctl_preallocate+0x1c0/0x1c0 [ 504.879036] ? __fget+0x237/0x370 [ 504.882644] ? security_file_ioctl+0x89/0xb0 [ 504.887060] SyS_ioctl+0x8f/0xc0 [ 504.890586] ? do_vfs_ioctl+0x1060/0x1060 [ 504.894756] do_syscall_64+0x1e8/0x640 [ 504.898720] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 504.903939] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 504.909393] RIP: 0033:0x45b227 [ 504.912574] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 504.920274] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 504.927537] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 504.934820] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 504.942216] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 504.949600] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000013 02:48:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:48:01 executing program 1: r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000080)={&(0x7f0000000340)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x10c, 0x10c, 0x8, [@int={0x8, 0x0, 0x0, 0x1, 0x0, 0x10, 0x0, 0x1c, 0x2}, @union={0x7, 0x5, 0x0, 0x5, 0x0, 0x7a, [{0x3, 0x5bd2, 0x80000001}, {0xd, 0x0, 0xf2f}, {0x7, 0x4, 0x400}, {0x5, 0x3, 0xbc0}, {0x9, 0x3, 0x4}]}, @volatile={0x6, 0x0, 0x0, 0x9, 0x2}, @const={0x2}, @func_proto={0x0, 0x6, 0x0, 0xd, 0x0, [{0x8, 0x5}, {0x1, 0x5}, {0x7, 0x2}, {0xf}, {0x6, 0x1}, {0x0, 0x3}]}, @enum={0xc, 0x9, 0x0, 0x6, 0x4, [{0xa}, {0x10, 0xe8f}, {0xc, 0x7fff}, {0xd, 0xb8d}, {0x9, 0x80000000}, {0x6, 0x1}, {0x4, 0x8}, {0x1, 0x1}, {0x3}]}, @restrict={0xb}]}, {0x0, [0x61, 0x30, 0x0, 0x30, 0x3e, 0x0]}}, &(0x7f00000001c0)=""/242, 0x12c, 0xf2, 0x1}, 0x20) dup3(r0, r2, 0xb72453b004c382c2) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x0) recvmmsg(r4, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = msgget$private(0x0, 0x204) msgctl$IPC_STAT(r6, 0x2, &(0x7f00000002c0)=""/106) msgctl$MSG_INFO(r6, 0xc, &(0x7f0000000000)=""/81) r7 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) 02:48:01 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:01 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) openat$selinux_avc_hash_stats(0xffffffffffffff9c, &(0x7f0000000180)='/selinux/avc/hash_stats\x00', 0x0, 0x0) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r1}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r1}}, 0x48) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r3}}, 0x48) syz_init_net_socket$nfc_llcp(0x27, 0x3, 0x1) syz_open_dev$ttys(0xc, 0x2, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r6, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r6, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r7}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x4e23, 0x0, @mcast2}, {0xa, 0x0, 0x0, @mcast2}}}, 0x48) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) socket$caif_seqpacket(0x25, 0x5, 0x3) syz_open_dev$sndctrl(&(0x7f0000000200)='/dev/snd/controlC#\x00', 0x400, 0x44e202) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r9, 0x0, r9) r10 = accept(r9, &(0x7f0000000240)=@hci, &(0x7f00000002c0)=0x80) r11 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000300)='/selinux/status\x00', 0x0, 0x0) r12 = fcntl$dupfd(r10, 0x406, r11) ioctl$BLKREPORTZONE(r12, 0xc0101282, &(0x7f0000000100)=ANY=[@ANYBLOB="07000000000000000100000000000000ff0000000000000006000000000001004c000000000000007f800100000100"/80]) r13 = socket$inet6_tcp(0xa, 0x1, 0x0) r14 = fcntl$dupfd(r13, 0x0, r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) 02:48:01 executing program 0: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x88) r1 = socket(0x200000000000011, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) bind$packet(r1, &(0x7f0000000240)={0x11, 0x0, r3}, 0x14) getsockname$packet(r1, &(0x7f0000000500)={0x11, 0x0, 0x0}, &(0x7f0000000040)=0x10eef0f1) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@dev, 0x0, r4}) 02:48:01 executing program 5 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 506.710179] BTRFS error (device loop4): superblock checksum mismatch [ 506.724145] FAULT_INJECTION: forcing a failure. [ 506.724145] name failslab, interval 1, probability 0, space 0, times 0 [ 506.757833] CPU: 1 PID: 28896 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 506.765759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 506.775331] Call Trace: [ 506.777943] dump_stack+0x142/0x197 [ 506.782394] should_fail.cold+0x10f/0x159 [ 506.786666] should_failslab+0xdb/0x130 [ 506.790658] kmem_cache_alloc_trace+0x2e9/0x790 [ 506.795355] ? kernfs_put+0x35e/0x490 [ 506.799182] ? sysfs_add_file_mode_ns+0x1e4/0x450 [ 506.804035] ? devm_device_remove_groups+0x50/0x50 [ 506.809069] kobject_uevent_env+0x208/0xc80 [ 506.813410] ? internal_create_group+0x49a/0x7b0 [ 506.818443] kobject_uevent+0x20/0x30 [ 506.822257] lo_ioctl+0x11d3/0x1cd0 [ 506.825901] ? loop_probe+0x160/0x160 [ 506.829711] blkdev_ioctl+0x95f/0x1850 [ 506.833616] ? blkpg_ioctl+0x970/0x970 [ 506.837518] ? __might_sleep+0x93/0xb0 [ 506.841544] ? __fget+0x210/0x370 [ 506.845884] block_ioctl+0xde/0x120 [ 506.849516] ? blkdev_fallocate+0x3b0/0x3b0 [ 506.853966] do_vfs_ioctl+0x7ae/0x1060 [ 506.857870] ? selinux_file_mprotect+0x5d0/0x5d0 [ 506.862647] ? lock_downgrade+0x740/0x740 [ 506.866821] ? ioctl_preallocate+0x1c0/0x1c0 [ 506.871252] ? __fget+0x237/0x370 [ 506.874722] ? security_file_ioctl+0x89/0xb0 [ 506.879203] SyS_ioctl+0x8f/0xc0 [ 506.882588] ? do_vfs_ioctl+0x1060/0x1060 [ 506.886751] do_syscall_64+0x1e8/0x640 [ 506.890656] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 506.895528] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 506.900896] RIP: 0033:0x45b227 02:48:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) [ 506.904084] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 506.911806] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 506.919247] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 506.926554] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 506.933847] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 506.941130] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000014 [ 506.983322] BTRFS error (device loop4): open_ctree failed 02:48:01 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000000180)=ANY=[]}) r0 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000380)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea0bdc9e1587a050000000000000042e33089754c8107c3cd3923dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb74b50ec93c152f5e8e198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b06f90b5274cc5c1e298a16324fe2c5e16d87cebd96a909d308bd73f4772539", 0xc0, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000540)='user\x00', &(0x7f0000000340)={'syz', 0x0}, &(0x7f0000000100), 0x26, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000140)={r1, r0, r1}, 0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={'streebog256\x00\x00\x00\x00\x00\x03\x00'}}) 02:48:01 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:01 executing program 5 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 507.123891] FAULT_INJECTION: forcing a failure. [ 507.123891] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 507.135736] CPU: 1 PID: 28934 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 507.143625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.152998] Call Trace: [ 507.155604] dump_stack+0x142/0x197 [ 507.159164] could not allocate digest TFM handle streebog256 [ 507.159265] should_fail.cold+0x10f/0x159 [ 507.159282] __alloc_pages_nodemask+0x1d6/0x7a0 [ 507.174238] ? __alloc_pages_slowpath+0x2930/0x2930 [ 507.179287] cache_grow_begin+0x80/0x400 [ 507.183380] kmem_cache_alloc_trace+0x6b2/0x790 [ 507.188131] ? kernfs_put+0x35e/0x490 [ 507.191964] ? devm_device_remove_groups+0x50/0x50 [ 507.196933] kobject_uevent_env+0x208/0xc80 [ 507.201268] ? internal_create_group+0x49a/0x7b0 [ 507.204881] could not allocate digest TFM handle streebog256 [ 507.206173] kobject_uevent+0x20/0x30 [ 507.206185] lo_ioctl+0x11d3/0x1cd0 [ 507.206198] ? loop_probe+0x160/0x160 [ 507.223256] blkdev_ioctl+0x95f/0x1850 [ 507.227152] ? blkpg_ioctl+0x970/0x970 [ 507.231051] ? __might_sleep+0x93/0xb0 [ 507.234949] ? __fget+0x210/0x370 [ 507.238449] block_ioctl+0xde/0x120 [ 507.242093] ? blkdev_fallocate+0x3b0/0x3b0 [ 507.246434] do_vfs_ioctl+0x7ae/0x1060 [ 507.250335] ? selinux_file_mprotect+0x5d0/0x5d0 [ 507.255118] ? lock_downgrade+0x740/0x740 [ 507.259304] ? ioctl_preallocate+0x1c0/0x1c0 [ 507.261089] BTRFS error (device loop4): superblock checksum mismatch [ 507.263725] ? __fget+0x237/0x370 [ 507.263747] ? security_file_ioctl+0x89/0xb0 [ 507.278121] SyS_ioctl+0x8f/0xc0 [ 507.281483] ? do_vfs_ioctl+0x1060/0x1060 [ 507.285716] do_syscall_64+0x1e8/0x640 [ 507.289632] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 507.294494] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 507.299684] RIP: 0033:0x45b227 [ 507.302866] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 507.310698] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 02:48:02 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x2, 0x4e1e}, 0x10) r3 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8982, 0x0) ioctl$KVM_DEASSIGN_PCI_DEVICE(0xffffffffffffffff, 0x4040ae72, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x200000200, 0x0, 0x4c8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r3, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 02:48:02 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() [ 507.317981] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 507.325268] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 507.332553] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 507.339817] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000015 [ 507.388977] kvm: pic: single mode not supported 02:48:02 executing program 0: r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl(r4, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071") socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x2a9, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="000000000000000028001200090001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB="0000b200080000001028e6c467144d2fa83383874db53a6e606dd1044b82c0269ddd5a8b093e93a4129b020a1555890abd5e0f53861f3b"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="38000000240007050000004007a2a30005000000", @ANYRES32=r5, @ANYBLOB="00000000ffffffff000000000900010068667363000000000800020000000000"], 0x38}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=@newtfilter={0x44, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0x0, 0xb}, {}, {0xfff1}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x14, 0x2, [@TCA_CGROUP_EMATCHES={0x10, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x20}}, @TCA_EMATCH_TREE_LIST={0x4}]}]}}]}, 0x44}}, 0x0) [ 507.388987] kvm: pic: level sensitive irq not supported [ 507.424596] BTRFS error (device loop4): open_ctree failed [ 507.498979] BTRFS error (device loop4): superblock checksum mismatch 02:48:02 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$nfc_llcp_NFC_LLCP_MIUX(r2, 0x118, 0x1, &(0x7f0000000000)=0x5, 0x4) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:02 executing program 5 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 507.550354] BTRFS error (device loop4): open_ctree failed 02:48:02 executing program 0: perf_event_open(&(0x7f0000001340)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@multicast1, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@loopback, 0x4d4, 0x33}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x6, 0xfdc}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 02:48:02 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$TIOCMSET(r3, 0x5418, &(0x7f0000000100)=0x20) [ 507.639987] FAULT_INJECTION: forcing a failure. [ 507.639987] name failslab, interval 1, probability 0, space 0, times 0 [ 507.681009] CPU: 1 PID: 28970 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 507.688938] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 507.698306] Call Trace: [ 507.700921] dump_stack+0x142/0x197 [ 507.704592] should_fail.cold+0x10f/0x159 [ 507.708769] should_failslab+0xdb/0x130 [ 507.712770] kmem_cache_alloc_node+0x287/0x780 [ 507.717379] __alloc_skb+0x9c/0x500 [ 507.721032] ? skb_trim+0x180/0x180 [ 507.724687] ? netlink_has_listeners+0x20a/0x330 [ 507.729549] kobject_uevent_env+0x6ea/0xc80 [ 507.733887] ? internal_create_group+0x49a/0x7b0 [ 507.738695] kobject_uevent+0x20/0x30 [ 507.742512] lo_ioctl+0x11d3/0x1cd0 [ 507.746157] ? loop_probe+0x160/0x160 [ 507.749972] blkdev_ioctl+0x95f/0x1850 [ 507.753918] ? blkpg_ioctl+0x970/0x970 [ 507.757847] ? __might_sleep+0x93/0xb0 [ 507.761746] ? __fget+0x210/0x370 [ 507.765212] block_ioctl+0xde/0x120 [ 507.768860] ? blkdev_fallocate+0x3b0/0x3b0 [ 507.773391] do_vfs_ioctl+0x7ae/0x1060 [ 507.777303] ? selinux_file_mprotect+0x5d0/0x5d0 [ 507.782158] ? lock_downgrade+0x740/0x740 [ 507.786845] ? ioctl_preallocate+0x1c0/0x1c0 [ 507.791272] ? __fget+0x237/0x370 [ 507.794891] ? security_file_ioctl+0x89/0xb0 [ 507.799343] SyS_ioctl+0x8f/0xc0 [ 507.802950] ? do_vfs_ioctl+0x1060/0x1060 [ 507.807376] do_syscall_64+0x1e8/0x640 [ 507.811275] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 507.816137] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 507.821516] RIP: 0033:0x45b227 02:48:02 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f00000000c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000580)='keyring\x00', &(0x7f00000005c0)={'syz', 0x3}, 0x0, 0x0, r0) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, &(0x7f0000000100)='asymmetric\x00', &(0x7f0000000300)=@builtin='builtin_trusted\x00') [ 507.824712] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 507.832691] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 507.839976] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 507.847267] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 507.854550] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 507.861849] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000016 [ 508.088423] BTRFS error (device loop4): superblock checksum mismatch [ 508.154474] BTRFS error (device loop4): open_ctree failed [ 508.216633] BTRFS error (device loop4): superblock checksum mismatch [ 508.270757] BTRFS error (device loop4): open_ctree failed 02:48:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:48:04 executing program 0: fanotify_init(0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x200000000000000, 0x4}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x800002, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xff7fffffffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x3, 0x11) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000800)=ANY=[@ANYBLOB="7261770000000000000000000000000000010000000000000000000000000000c103000003000000d803000000000000f8010000fc3e15617bf6e05ef801000008030000080300000803000008030000080300000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000d801f801000000000000000000000000000000000000000000000000f800726563656e740000000000000000000000000000000000000000000000000000000000000000020073797a3000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000380073746174697374696300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020005452414345000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d00010010000000000000000000000000000000000000000000000002800697076366865616465720000000000000000000000000000000000000000000000000000000040005443504f505453545249500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a800d0000000000000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) 02:48:04 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:04 executing program 5 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bind$alg(r4, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) r5 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240)='/dev/vga_arbiter\x00', 0x240200, 0x0) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r6, 0x0, 0x0) fcntl$getownex(r0, 0x10, &(0x7f0000000300)) r7 = getpgrp(0x0) r8 = getpgrp(r7) ioctl$TIOCSPGRP(r5, 0x5410, &(0x7f00000002c0)=r8) r9 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r9, &(0x7f0000001280)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@nfc_llcp, 0x80, &(0x7f0000000280)=[{&(0x7f0000000100)=""/131, 0x83}, {&(0x7f00000001c0)=""/100, 0x64}], 0x2, &(0x7f0000001300)=""/4112, 0x1010}, 0x1000}], 0x2, 0x0, 0x0) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) r11 = fcntl$dupfd(r10, 0x0, r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) 02:48:04 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6(0xa, 0x2, 0x8) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ALLOC(r6, 0xc0206434, &(0x7f0000000200)={0x0, 0x0, 0x1, 0x6}) ioctl$DRM_IOCTL_SG_FREE(0xffffffffffffffff, 0x40106439, &(0x7f0000000240)={0x7d6, r7}) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r9 = syz_open_dev$vcsn(&(0x7f00000002c0)='/dev/vcs#\x00', 0x100, 0x38d002) ioctl$VHOST_SET_VRING_ENDIAN(r9, 0x4008af13, &(0x7f0000000300)={0x3, 0x400}) r10 = socket(0x11, 0x800000003, 0x0) ioctl$VIDIOC_ENUM_FREQ_BANDS(r9, 0xc0405665, &(0x7f0000000340)={0xac, 0x1, 0x3, 0x20, 0x2, 0x2, 0xa}) setsockopt$packet_add_memb(r10, 0x107, 0x1, &(0x7f0000000280)={r8, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8}}, 0x20}}, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@dev={0xfe, 0x80, [], 0x2a}, @in6=@local, 0x4e22, 0xf1, 0x4e20, 0x0, 0xa, 0x30, 0xa0, 0x0, r8}, {0x8000000000000000, 0x3, 0x20, 0x7fffffff, 0x2, 0x0, 0x9, 0x7f}, {0xf00c, 0x9, 0x401, 0xfffffffffffffc00}, 0x7, 0x6e6bbf, 0x2, 0x1, 0x3, 0x1}, {{@in6=@dev={0xfe, 0x80, [], 0x21}, 0x4d6, 0xff}, 0x2, @in=@loopback, 0x3503, 0x4, 0x3, 0x20, 0xffff, 0x1000, 0xff6}}, 0xe8) r11 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) 02:48:04 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'ctr(cast5)\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet6_tcp_SIOCATMARK(r2, 0x8905, &(0x7f0000000000)) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 510.034098] x_tables: ip6_tables: TCPOPTSTRIP target: only valid in mangle table, not raw [ 510.045519] FAULT_INJECTION: forcing a failure. [ 510.045519] name failslab, interval 1, probability 0, space 0, times 0 [ 510.060909] BTRFS error (device loop4): superblock checksum mismatch [ 510.099105] CPU: 0 PID: 29009 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 510.107059] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 510.117250] Call Trace: [ 510.119842] dump_stack+0x142/0x197 [ 510.123465] should_fail.cold+0x10f/0x159 [ 510.127782] should_failslab+0xdb/0x130 [ 510.131776] kmem_cache_alloc_node+0x287/0x780 [ 510.136370] __alloc_skb+0x9c/0x500 [ 510.140000] ? skb_trim+0x180/0x180 [ 510.143685] ? netlink_has_listeners+0x20a/0x330 [ 510.148448] kobject_uevent_env+0x6ea/0xc80 [ 510.153091] kobject_uevent+0x20/0x30 [ 510.156886] lo_ioctl+0x11d3/0x1cd0 [ 510.160578] ? loop_probe+0x160/0x160 [ 510.164393] blkdev_ioctl+0x95f/0x1850 [ 510.168284] ? blkpg_ioctl+0x970/0x970 [ 510.172192] ? __might_sleep+0x93/0xb0 [ 510.176075] ? __fget+0x210/0x370 [ 510.179527] block_ioctl+0xde/0x120 [ 510.183167] ? blkdev_fallocate+0x3b0/0x3b0 [ 510.187486] do_vfs_ioctl+0x7ae/0x1060 [ 510.191384] ? selinux_file_mprotect+0x5d0/0x5d0 [ 510.196160] ? lock_downgrade+0x740/0x740 [ 510.200312] ? ioctl_preallocate+0x1c0/0x1c0 [ 510.204741] ? __fget+0x237/0x370 [ 510.208358] ? security_file_ioctl+0x89/0xb0 [ 510.212901] SyS_ioctl+0x8f/0xc0 [ 510.216258] ? do_vfs_ioctl+0x1060/0x1060 [ 510.220437] do_syscall_64+0x1e8/0x640 [ 510.224337] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 510.229191] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 510.234469] RIP: 0033:0x45b227 [ 510.237651] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 02:48:04 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 510.245374] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 510.252644] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 510.260424] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 510.267701] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 510.274978] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000017 02:48:05 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_SET_VAPIC_ADDR(r1, 0x4008ae93, &(0x7f0000000000)) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 510.310526] BTRFS error (device loop4): open_ctree failed [ 510.322866] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. 02:48:05 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x1b008c1, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:05 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 510.390825] print_req_error: I/O error, dev loop4, sector 128 02:48:05 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) wait4(0x0, 0x0, 0x0, 0x0) 02:48:07 executing program 5 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:07 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:07 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:07 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0xc000, 0x0) ioctl$void(r2, 0x5450) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:07 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = fcntl$dupfd(r6, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) [ 513.048448] FAULT_INJECTION: forcing a failure. [ 513.048448] name failslab, interval 1, probability 0, space 0, times 0 [ 513.079936] CPU: 1 PID: 29065 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 513.087862] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.097238] Call Trace: [ 513.099844] dump_stack+0x142/0x197 [ 513.103496] should_fail.cold+0x10f/0x159 [ 513.107667] should_failslab+0xdb/0x130 [ 513.111658] kmem_cache_alloc_node+0x287/0x780 [ 513.116260] __alloc_skb+0x9c/0x500 [ 513.119888] ? skb_trim+0x180/0x180 [ 513.123528] ? netlink_has_listeners+0x20a/0x330 [ 513.128292] kobject_uevent_env+0x6ea/0xc80 [ 513.132737] kobject_uevent+0x20/0x30 [ 513.136555] lo_ioctl+0x11d3/0x1cd0 [ 513.140179] ? loop_probe+0x160/0x160 [ 513.143991] blkdev_ioctl+0x95f/0x1850 [ 513.147889] ? blkpg_ioctl+0x970/0x970 [ 513.151779] ? __might_sleep+0x93/0xb0 [ 513.155654] ? __fget+0x210/0x370 [ 513.159237] block_ioctl+0xde/0x120 [ 513.163059] ? blkdev_fallocate+0x3b0/0x3b0 [ 513.167371] do_vfs_ioctl+0x7ae/0x1060 [ 513.171324] ? selinux_file_mprotect+0x5d0/0x5d0 [ 513.176077] ? lock_downgrade+0x740/0x740 [ 513.180267] ? ioctl_preallocate+0x1c0/0x1c0 [ 513.184685] ? __fget+0x237/0x370 [ 513.188145] ? security_file_ioctl+0x89/0xb0 [ 513.192558] SyS_ioctl+0x8f/0xc0 [ 513.195922] ? do_vfs_ioctl+0x1060/0x1060 [ 513.200077] do_syscall_64+0x1e8/0x640 [ 513.203972] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 513.208832] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 513.214033] RIP: 0033:0x45b227 [ 513.217209] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.224917] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 513.232304] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 513.239596] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a 02:48:07 executing program 1: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PIO_UNIMAPCLR(r1, 0x4b68, &(0x7f0000000000)={0x3, 0x2, 0xe3}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) prlimit64(0x0, 0x7, &(0x7f0000000040)={0x81, 0x7}, &(0x7f0000000080)) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:07 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:08 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 513.246889] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 513.254185] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000018 [ 513.332051] BTRFS error (device loop4): superblock checksum mismatch 02:48:08 executing program 0: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:08 executing program 5 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 02:48:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 513.420233] BTRFS error (device loop4): open_ctree failed [ 513.489624] FAULT_INJECTION: forcing a failure. [ 513.489624] name failslab, interval 1, probability 0, space 0, times 0 [ 513.525568] CPU: 0 PID: 29097 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 02:48:08 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 513.533494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 513.542943] Call Trace: [ 513.545559] dump_stack+0x142/0x197 [ 513.549245] should_fail.cold+0x10f/0x159 [ 513.553433] should_failslab+0xdb/0x130 [ 513.557431] kmem_cache_alloc_node+0x287/0x780 [ 513.562043] __alloc_skb+0x9c/0x500 [ 513.565721] ? skb_trim+0x180/0x180 [ 513.569358] ? netlink_has_listeners+0x20a/0x330 [ 513.574139] kobject_uevent_env+0x6ea/0xc80 [ 513.578484] kobject_uevent+0x20/0x30 [ 513.582294] lo_ioctl+0x11d3/0x1cd0 [ 513.585947] ? loop_probe+0x160/0x160 [ 513.589765] blkdev_ioctl+0x95f/0x1850 [ 513.593666] ? blkpg_ioctl+0x970/0x970 [ 513.597567] ? __might_sleep+0x93/0xb0 [ 513.601464] ? __fget+0x210/0x370 [ 513.604933] block_ioctl+0xde/0x120 [ 513.608566] ? blkdev_fallocate+0x3b0/0x3b0 [ 513.613009] do_vfs_ioctl+0x7ae/0x1060 [ 513.616934] ? selinux_file_mprotect+0x5d0/0x5d0 [ 513.621724] ? lock_downgrade+0x740/0x740 [ 513.625887] ? ioctl_preallocate+0x1c0/0x1c0 [ 513.630305] ? __fget+0x237/0x370 [ 513.633768] ? security_file_ioctl+0x89/0xb0 [ 513.638199] SyS_ioctl+0x8f/0xc0 [ 513.641573] ? do_vfs_ioctl+0x1060/0x1060 [ 513.645723] do_syscall_64+0x1e8/0x640 [ 513.649630] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 513.654494] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 513.659691] RIP: 0033:0x45b227 [ 513.662884] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 513.670657] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 513.677934] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 02:48:08 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:08 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 513.685209] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 513.692485] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 513.699777] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000019 [ 513.752038] BTRFS error (device loop4): superblock checksum mismatch [ 513.820327] BTRFS error (device loop4): open_ctree failed 02:48:08 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) inotify_add_watch(r1, &(0x7f0000000240)='./file0\x00', 0x800) unlink(&(0x7f0000000100)='./file0\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 02:48:08 executing program 0: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:08 executing program 5 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 513.953562] FAULT_INJECTION: forcing a failure. [ 513.953562] name failslab, interval 1, probability 0, space 0, times 0 [ 513.992714] CPU: 0 PID: 29131 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 514.000632] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.010522] Call Trace: [ 514.013136] dump_stack+0x142/0x197 [ 514.016788] should_fail.cold+0x10f/0x159 [ 514.020988] should_failslab+0xdb/0x130 [ 514.025433] kmem_cache_alloc_node+0x287/0x780 [ 514.030135] __alloc_skb+0x9c/0x500 [ 514.033863] ? skb_trim+0x180/0x180 [ 514.037497] ? netlink_has_listeners+0x20a/0x330 [ 514.042260] kobject_uevent_env+0x6ea/0xc80 [ 514.046601] kobject_uevent+0x20/0x30 [ 514.050577] lo_ioctl+0x11d3/0x1cd0 [ 514.054238] ? loop_probe+0x160/0x160 [ 514.058050] blkdev_ioctl+0x95f/0x1850 [ 514.061948] ? blkpg_ioctl+0x970/0x970 [ 514.065849] ? __might_sleep+0x93/0xb0 [ 514.069942] ? __fget+0x210/0x370 [ 514.073408] block_ioctl+0xde/0x120 [ 514.077043] ? blkdev_fallocate+0x3b0/0x3b0 [ 514.081380] do_vfs_ioctl+0x7ae/0x1060 [ 514.085274] ? selinux_file_mprotect+0x5d0/0x5d0 [ 514.090039] ? lock_downgrade+0x740/0x740 [ 514.094208] ? ioctl_preallocate+0x1c0/0x1c0 [ 514.098771] ? __fget+0x237/0x370 [ 514.102257] ? security_file_ioctl+0x89/0xb0 [ 514.106679] SyS_ioctl+0x8f/0xc0 [ 514.110053] ? do_vfs_ioctl+0x1060/0x1060 [ 514.114214] do_syscall_64+0x1e8/0x640 [ 514.118121] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 514.122981] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 514.128177] RIP: 0033:0x45b227 [ 514.131375] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 514.139193] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 514.146473] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 02:48:08 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x800, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r1, 0xc02c564a, &(0x7f0000000040)={0x1, 0x30314742, 0x1, @discrete={0x6, 0x5}}) r2 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180)='ethtool\x00') ioctl$sock_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f00000001c0)={0x0, @llc={0x1a, 0x200, 0x1f, 0x1f, 0x0, 0x0, @broadcast}, @xdp={0x2c, 0xe, 0x0}, @l2={0x1f, 0x9, @any, 0x0, 0x2}, 0x8001, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x2}) sendmsg$ETHTOOL_MSG_STRSET_GET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000240)={&(0x7f00000002c0)={0xa4, r4, 0x800, 0x70bd2b, 0x25dfdbfb, {}, [@ETHTOOL_A_STRSET_HEADER={0x90, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'lo\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netpci0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve1\x00'}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4000}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000580)={{{@in6=@remote, @in, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@dev}, 0x0, @in6=@remote}}, &(0x7f0000000680)=0xe8) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000006c0)={'veth0_macvtap\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r11, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r12 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r12, 0x107, 0x1, &(0x7f0000000280)={r11, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r11}}, 0x20}}, 0x0) sendmsg$ETHTOOL_MSG_LINKINFO_GET(r1, &(0x7f00000007c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000780)={&(0x7f0000000800)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="04002cbd7000ffdbdf2502000000040001803800018008000100", @ANYRES32=r6, @ANYBLOB="08000300f09784cd1400020076657468305f766972745f776966690008000100", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r11, @ANYBLOB="aedad56fc674e523b5b951cc261f6dbdc029175a13fdcdc2d8e4a3f6874417126588e7f793f6105317578627cbf5afce50efc91d585c20aa569b91b6af456bccfd4db74777fba0996e2d8bb42ee7c69cf15e1d48c467aaeeaecc592218d5623771c4754978cb7b9996c4e79b66d3a652e7cdab83746b04ec9405be0ac78631"], 0x50}}, 0x800) r13 = socket$inet6_tcp(0xa, 0x1, 0x0) r14 = fcntl$dupfd(r13, 0x0, r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r15) r16 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r16, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r15, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r17}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r14, 0x84, 0x6f, &(0x7f0000000440)={r17, 0x4c, &(0x7f00000003c0)=[@in={0x2, 0x4e23, @multicast1}, @in6={0xa, 0x4e22, 0xffff, @ipv4={[], [], @multicast2}, 0x7}, @in={0x2, 0x4e21, @remote}, @in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, &(0x7f0000000480)=0x10) r18 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r18, 0x8912, 0x400200) socket$inet_sctp(0x2, 0x5, 0x84) [ 514.153932] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 514.161216] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 514.168517] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001a 02:48:08 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 514.227201] BTRFS error (device loop4): superblock checksum mismatch 02:48:08 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, 0x0, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:09 executing program 5 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 514.321625] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 514.331594] BTRFS error (device loop4): open_ctree failed 02:48:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) [ 514.412143] device veth37 entered promiscuous mode [ 514.422382] BTRFS error (device loop4): superblock checksum mismatch [ 514.429517] FAULT_INJECTION: forcing a failure. [ 514.429517] name failslab, interval 1, probability 0, space 0, times 0 [ 514.452272] device veth37 left promiscuous mode [ 514.506430] CPU: 0 PID: 29162 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 514.514352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 514.523718] Call Trace: [ 514.526325] dump_stack+0x142/0x197 [ 514.529969] should_fail.cold+0x10f/0x159 [ 514.534183] should_failslab+0xdb/0x130 [ 514.538178] kmem_cache_alloc_node_trace+0x280/0x770 [ 514.543302] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 514.548772] __kmalloc_node_track_caller+0x3d/0x80 [ 514.553720] __kmalloc_reserve.isra.0+0x40/0xe0 [ 514.558406] __alloc_skb+0xcf/0x500 [ 514.562263] ? skb_trim+0x180/0x180 [ 514.566013] ? netlink_has_listeners+0x20a/0x330 [ 514.570791] kobject_uevent_env+0x6ea/0xc80 [ 514.575138] kobject_uevent+0x20/0x30 [ 514.578959] lo_ioctl+0x11d3/0x1cd0 [ 514.582694] ? loop_probe+0x160/0x160 [ 514.586516] blkdev_ioctl+0x95f/0x1850 [ 514.590421] ? blkpg_ioctl+0x970/0x970 [ 514.594332] ? __might_sleep+0x93/0xb0 [ 514.598244] ? __fget+0x210/0x370 [ 514.601712] block_ioctl+0xde/0x120 [ 514.605355] ? blkdev_fallocate+0x3b0/0x3b0 [ 514.609686] do_vfs_ioctl+0x7ae/0x1060 [ 514.613597] ? selinux_file_mprotect+0x5d0/0x5d0 [ 514.618368] ? lock_downgrade+0x740/0x740 [ 514.622577] ? ioctl_preallocate+0x1c0/0x1c0 [ 514.627004] ? __fget+0x237/0x370 [ 514.630469] ? security_file_ioctl+0x89/0xb0 [ 514.634894] SyS_ioctl+0x8f/0xc0 [ 514.638267] ? do_vfs_ioctl+0x1060/0x1060 [ 514.642424] do_syscall_64+0x1e8/0x640 [ 514.646321] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 514.651204] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 514.656401] RIP: 0033:0x45b227 [ 514.659594] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 514.667315] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 514.674889] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 514.682338] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 514.689615] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 514.697600] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001b [ 514.710482] BTRFS error (device loop4): open_ctree failed 02:48:09 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:09 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x3, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 514.975007] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 515.017778] BTRFS error (device loop4): superblock checksum mismatch [ 515.046775] device veth37 entered promiscuous mode [ 515.053432] device veth37 left promiscuous mode [ 515.101379] BTRFS error (device loop4): open_ctree failed [ 515.205475] BTRFS error (device loop4): superblock checksum mismatch [ 515.243134] BTRFS error (device loop4): open_ctree failed [ 515.670652] NOHZ: local_softirq_pending 08 02:48:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x200000000000013, &(0x7f0000000040)=0x480100000001, 0x498) connect$inet6(r0, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000440), 0x12f85e) clone(0x2000000002000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@dev}, 0x32) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x19) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x0) wait4(0x0, 0x0, 0x0, 0x0) 02:48:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)=@ethtool_cmd={0x7}}) 02:48:11 executing program 5 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:11 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, 0x0, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000000)={0x9, 0x20, 0x40, 0x81000, r7}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:11 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netrom_NETROM_IDLE(0xffffffffffffffff, 0x103, 0x7, &(0x7f0000000100)=0x8001, 0x4) r1 = openat$selinux_mls(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/mls\x00', 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_GET(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x40, 0x1, 0x8, 0x301, 0x0, 0x0, {0x1, 0x0, 0x6}, [@CTA_TIMEOUT_DATA={0x2c, 0x4, 0x0, 0x1, @tcp=[@CTA_TIMEOUT_TCP_FIN_WAIT={0x8, 0x4, 0x1, 0x0, 0x8}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x1}, @CTA_TIMEOUT_TCP_ESTABLISHED={0x8, 0x3, 0x1, 0x0, 0x242c}, @CTA_TIMEOUT_TCP_TIME_WAIT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TIMEOUT_TCP_RETRANS={0x8, 0xa, 0x1, 0x0, 0x9}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x8000}, 0x48800) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 02:48:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) [ 516.949475] BTRFS error (device loop4): superblock checksum mismatch [ 516.976861] FAULT_INJECTION: forcing a failure. [ 516.976861] name failslab, interval 1, probability 0, space 0, times 0 [ 516.990817] BTRFS error (device loop4): open_ctree failed [ 517.004173] CPU: 1 PID: 29209 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 517.012103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.021471] Call Trace: [ 517.024086] dump_stack+0x142/0x197 [ 517.027759] should_fail.cold+0x10f/0x159 [ 517.032072] should_failslab+0xdb/0x130 [ 517.036152] kmem_cache_alloc_node_trace+0x280/0x770 [ 517.041274] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 517.046735] __kmalloc_node_track_caller+0x3d/0x80 [ 517.052661] __kmalloc_reserve.isra.0+0x40/0xe0 [ 517.057376] __alloc_skb+0xcf/0x500 [ 517.061061] ? skb_trim+0x180/0x180 [ 517.064689] ? netlink_has_listeners+0x20a/0x330 [ 517.069452] kobject_uevent_env+0x6ea/0xc80 [ 517.073914] kobject_uevent+0x20/0x30 [ 517.077731] lo_ioctl+0x11d3/0x1cd0 [ 517.081384] ? loop_probe+0x160/0x160 [ 517.085195] blkdev_ioctl+0x95f/0x1850 [ 517.089097] ? blkpg_ioctl+0x970/0x970 [ 517.093001] ? __might_sleep+0x93/0xb0 [ 517.096918] ? __fget+0x210/0x370 [ 517.100392] block_ioctl+0xde/0x120 [ 517.104035] ? blkdev_fallocate+0x3b0/0x3b0 [ 517.108394] do_vfs_ioctl+0x7ae/0x1060 [ 517.112376] ? selinux_file_mprotect+0x5d0/0x5d0 [ 517.117248] ? lock_downgrade+0x740/0x740 [ 517.121431] ? ioctl_preallocate+0x1c0/0x1c0 [ 517.125854] ? __fget+0x237/0x370 [ 517.129323] ? security_file_ioctl+0x89/0xb0 [ 517.133862] SyS_ioctl+0x8f/0xc0 [ 517.137241] ? do_vfs_ioctl+0x1060/0x1060 [ 517.141406] do_syscall_64+0x1e8/0x640 [ 517.145300] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:11 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) r2 = semget$private(0x0, 0x77eafb62cae5b4e4, 0x40) semop(r2, &(0x7f0000000000)=[{0x0, 0x81, 0x800}, {0x1, 0x1}, {0x1, 0x7fff, 0x1000}], 0x3) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 517.150167] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 517.155361] RIP: 0033:0x45b227 [ 517.158559] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 517.166284] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 517.173683] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 517.181101] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 517.188374] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 517.195650] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001c 02:48:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) 02:48:11 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) 02:48:12 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', 0x0}) [ 517.265453] print_req_error: I/O error, dev loop4, sector 128 [ 517.295394] BTRFS error (device loop4): superblock checksum mismatch 02:48:12 executing program 5 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 517.344715] BTRFS error (device loop4): open_ctree failed [ 517.411537] FAULT_INJECTION: forcing a failure. [ 517.411537] name failslab, interval 1, probability 0, space 0, times 0 [ 517.443523] CPU: 1 PID: 29243 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 517.451668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 517.461182] Call Trace: [ 517.463791] dump_stack+0x142/0x197 [ 517.467446] should_fail.cold+0x10f/0x159 [ 517.471618] should_failslab+0xdb/0x130 [ 517.475717] kmem_cache_alloc_node_trace+0x280/0x770 [ 517.480838] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 517.486303] __kmalloc_node_track_caller+0x3d/0x80 [ 517.491248] __kmalloc_reserve.isra.0+0x40/0xe0 [ 517.495921] __alloc_skb+0xcf/0x500 [ 517.499554] ? skb_trim+0x180/0x180 [ 517.503362] ? netlink_has_listeners+0x20a/0x330 [ 517.508273] kobject_uevent_env+0x6ea/0xc80 [ 517.512615] kobject_uevent+0x20/0x30 [ 517.516418] lo_ioctl+0x11d3/0x1cd0 [ 517.520055] ? loop_probe+0x160/0x160 [ 517.523862] blkdev_ioctl+0x95f/0x1850 [ 517.527759] ? blkpg_ioctl+0x970/0x970 [ 517.531656] ? __might_sleep+0x93/0xb0 [ 517.535543] ? __fget+0x210/0x370 [ 517.539007] block_ioctl+0xde/0x120 [ 517.542651] ? blkdev_fallocate+0x3b0/0x3b0 [ 517.546989] do_vfs_ioctl+0x7ae/0x1060 [ 517.550892] ? selinux_file_mprotect+0x5d0/0x5d0 [ 517.555652] ? lock_downgrade+0x740/0x740 [ 517.560033] ? ioctl_preallocate+0x1c0/0x1c0 [ 517.564584] ? __fget+0x237/0x370 [ 517.568176] ? security_file_ioctl+0x89/0xb0 [ 517.572653] SyS_ioctl+0x8f/0xc0 [ 517.576020] ? do_vfs_ioctl+0x1060/0x1060 [ 517.580163] do_syscall_64+0x1e8/0x640 [ 517.584050] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 517.588896] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 517.594097] RIP: 0033:0x45b227 [ 517.597281] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 517.605047] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 517.612460] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 517.619862] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 517.627140] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 517.634575] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001d 02:48:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', 0x0}) 02:48:14 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = open$dir(&(0x7f0000000100)='./file0\x00', 0x100, 0x100) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = fcntl$dupfd(r0, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f0000000140)={0x7, 0xfff, 0x200, 0x3, 0x80000000, 0x0, 0x9, 0x1, 0x0}, &(0x7f0000000180)=0x20) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r5, 0x84, 0x75, &(0x7f0000000200)={r6, 0xffffff7e}, 0x8) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:14 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, 0x0, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:14 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat$vhci(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vhci\x00', 0x4000) r6 = accept4$phonet_pipe(r4, 0x0, &(0x7f00000001c0), 0x80000) ioctl$sock_SIOCOUTQ(r6, 0x5411, &(0x7f0000000200)) r7 = socket$netlink(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r8, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$TIPC_NL_PUBL_GET(r2, &(0x7f0000000380)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000340)={&(0x7f0000000280)={0xb0, r8, 0x20, 0x70bd25, 0x25dfdbfc, {}, [@TIPC_NLA_SOCK={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xa76c}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x3}]}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x9}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x82}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x241}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x20}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x157}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x3}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_MEDIA={0x28, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x5}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x4000000}, 0x4040080) ioctl$FS_IOC_GETFSLABEL(r5, 0x81009431, &(0x7f0000000040)) 02:48:14 executing program 5 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:14 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000000380)=@hci, 0x80) sendmsg$can_bcm(r0, &(0x7f0000000240)={0x0, 0x1e, &(0x7f00000000c0)={&(0x7f00000001c0)={0x6, 0xcaa, 0x0, {0x0, 0x7530}, {}, {}, 0x1, @canfd={{}, 0x0, 0x0, 0x0, 0x0, "ba0ab2987139498828fe76f382f8a43c10137c5456d1f8bafbf6f8d0c2c6b06adafb9b1bb701ce7bedfdb0c75b51a7bafe25a132fa7dee888ff25aeaf48d222a"}}, 0x80}}, 0x0) [ 519.997821] FAULT_INJECTION: forcing a failure. [ 519.997821] name failslab, interval 1, probability 0, space 0, times 0 [ 520.032121] CPU: 0 PID: 29261 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 520.040050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 520.049416] Call Trace: [ 520.052020] dump_stack+0x142/0x197 [ 520.055670] should_fail.cold+0x10f/0x159 [ 520.059845] should_failslab+0xdb/0x130 [ 520.063844] kmem_cache_alloc_node_trace+0x280/0x770 [ 520.069090] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 520.074567] __kmalloc_node_track_caller+0x3d/0x80 [ 520.079526] __kmalloc_reserve.isra.0+0x40/0xe0 [ 520.084218] __alloc_skb+0xcf/0x500 [ 520.087867] ? skb_trim+0x180/0x180 [ 520.091526] ? netlink_has_listeners+0x20a/0x330 [ 520.096304] kobject_uevent_env+0x6ea/0xc80 [ 520.100672] kobject_uevent+0x20/0x30 [ 520.104490] lo_ioctl+0x11d3/0x1cd0 [ 520.108136] ? loop_probe+0x160/0x160 [ 520.111953] blkdev_ioctl+0x95f/0x1850 [ 520.115856] ? blkpg_ioctl+0x970/0x970 [ 520.119763] ? __might_sleep+0x93/0xb0 [ 520.123657] ? __fget+0x210/0x370 [ 520.127263] block_ioctl+0xde/0x120 [ 520.130911] ? blkdev_fallocate+0x3b0/0x3b0 [ 520.135333] do_vfs_ioctl+0x7ae/0x1060 [ 520.139237] ? selinux_file_mprotect+0x5d0/0x5d0 [ 520.144011] ? lock_downgrade+0x740/0x740 [ 520.148417] ? ioctl_preallocate+0x1c0/0x1c0 [ 520.152840] ? __fget+0x237/0x370 [ 520.156316] ? security_file_ioctl+0x89/0xb0 [ 520.160745] SyS_ioctl+0x8f/0xc0 [ 520.164123] ? do_vfs_ioctl+0x1060/0x1060 [ 520.168293] do_syscall_64+0x1e8/0x640 [ 520.172202] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 520.177062] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 520.182276] RIP: 0033:0x45b227 [ 520.185474] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 02:48:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', 0x0}) 02:48:14 executing program 3: r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000140)='/dev/rtc0\x00', 0x0, 0x0) ioctl$RTC_UIE_ON(r0, 0x7003) ioctl$RTC_WKALM_SET(r0, 0x4028700f, &(0x7f0000000000)={0x1, 0x0, {0x0, 0x0, 0x0, 0xd, 0x0, 0x1000b}}) read(r0, &(0x7f0000000200)=""/76, 0x4c) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socket$alg(0x26, 0x5, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) clock_gettime(0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000180), 0x0) 02:48:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)}) 02:48:14 executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000caefb8)={0x8, 0x3, &(0x7f0000000080)=@framed={{0xffffff85, 0x0, 0x0, 0x0, 0x61, 0x54}}, &(0x7f0000281ffc)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040), 0x37}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x0, 0xe, 0x0, &(0x7f0000000140)="33215aab4087f687ff16f8b00800aa4e39c382d444300c5ffe00000000a0a0857a99", 0x0, 0xffffffff00000017}, 0x28) 02:48:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)}) 02:48:14 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x14, 0x1a, 0x105, 0x0, 0x0, {0xa}}, 0x14}}, 0x0) 02:48:14 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f0000002fc0)}) [ 520.193546] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 520.200822] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 520.208100] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 520.215380] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 520.222671] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001e [ 520.255945] BTRFS error (device loop4): superblock checksum mismatch [ 520.330957] BTRFS error (device loop4): open_ctree failed [ 520.378988] BTRFS error (device loop4): superblock checksum mismatch 02:48:15 executing program 3: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/184, 0xb8}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) syncfs(r2) write$P9_RGETATTR(r1, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0) [ 520.430232] BTRFS error (device loop4): open_ctree failed 02:48:15 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:15 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) clone(0x400, &(0x7f0000000000)="2fa8fcc592117bde32640c0cf9a595f394d66a9ef1db992cc488b916d9124f05124c4b26466246ec209712ad71694b5297b2458d445a2a77bb8360c42993651fac7b524084ab4f2144090632d59557b94c2ab8b2ea1d2b1d1a942d44233b19e19ca60eb87308f4d48d36e63ef52c6d8496852a4f2b11a71a776855e31fc4e859f01cb8c2a50d0497b010bcd1d1593666ab771e801eeb685c1d203726d2e1b83dab8f453d2815e3be69328b3070b325b8b8b6a011c2600bd7e21f1f8c9a63affb979c6d216b03fbe99a5e0809db7e4526ffcb06967e9c500d53", &(0x7f0000000100), &(0x7f00000001c0), &(0x7f0000000200)="b27546531e80d83e79e079379f01fb8eeaa8a7ba9ffd773314ce7113b09c95732d68e7") bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000240)='/proc/self\x00', 0x800, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_GET_CLIENT(r3, 0xc0286405, &(0x7f0000000280)={0x5fae, 0x8, {0xffffffffffffffff}, {0xffffffffffffffff}, 0xffffffff, 0x9e2}) fcntl$setown(r1, 0x8, r4) r5 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) 02:48:15 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) 02:48:15 executing program 5 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:15 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x34, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000140)='IPVS\x00') sendmsg$IPVS_CMD_DEL_SERVICE(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x20, r2, 0x400, 0x70bd27, 0x25dfdbfe, {}, [@IPVS_CMD_ATTR_DEST={0xc, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ADDR_FAMILY={0x6, 0xb, 0x2}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x40) [ 520.556413] FAULT_INJECTION: forcing a failure. [ 520.556413] name failslab, interval 1, probability 0, space 0, times 0 [ 520.596154] CPU: 0 PID: 29308 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 520.604078] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 520.613543] Call Trace: [ 520.616143] dump_stack+0x142/0x197 [ 520.619858] should_fail.cold+0x10f/0x159 [ 520.624034] should_failslab+0xdb/0x130 [ 520.628021] kmem_cache_alloc_node+0x287/0x780 [ 520.632607] __alloc_skb+0x9c/0x500 [ 520.636240] ? skb_trim+0x180/0x180 [ 520.639880] ? netlink_has_listeners+0x20a/0x330 [ 520.644641] kobject_uevent_env+0x6ea/0xc80 [ 520.648964] kobject_uevent+0x20/0x30 [ 520.652755] lo_ioctl+0x11d3/0x1cd0 [ 520.656391] ? loop_probe+0x160/0x160 [ 520.660303] blkdev_ioctl+0x95f/0x1850 [ 520.664469] ? blkpg_ioctl+0x970/0x970 [ 520.668394] ? __might_sleep+0x93/0xb0 [ 520.672290] ? __fget+0x210/0x370 [ 520.675753] block_ioctl+0xde/0x120 [ 520.679375] ? blkdev_fallocate+0x3b0/0x3b0 [ 520.683691] do_vfs_ioctl+0x7ae/0x1060 [ 520.687681] ? selinux_file_mprotect+0x5d0/0x5d0 [ 520.692470] ? lock_downgrade+0x740/0x740 [ 520.696635] ? ioctl_preallocate+0x1c0/0x1c0 [ 520.701050] ? __fget+0x237/0x370 [ 520.704504] ? security_file_ioctl+0x89/0xb0 [ 520.708953] SyS_ioctl+0x8f/0xc0 [ 520.712319] ? do_vfs_ioctl+0x1060/0x1060 [ 520.716471] do_syscall_64+0x1e8/0x640 [ 520.720391] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 520.725270] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 520.730461] RIP: 0033:0x45b227 [ 520.733654] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 520.741360] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 520.748647] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 02:48:15 executing program 0: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) [ 520.756009] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 520.763275] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 520.770631] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000001f [ 520.831910] print_req_error: I/O error, dev loop4, sector 128 02:48:15 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newsa={0x138, 0x10, 0x501, 0x0, 0x0, {{@in6=@mcast2, @in6=@mcast1}, {@in=@multicast1, 0x0, 0x6c}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_comp={0x48, 0x3, {{'lzs\x00'}}}]}, 0x138}}, 0x0) 02:48:15 executing program 5 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:15 executing program 4: syz_mount_image$btrfs(&(0x7f0000000140)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x8, 0x0, &(0x7f0000000100), 0x347014, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x12041, 0x40) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r1, 0xc0884123, &(0x7f0000000180)={0x0, "01b1c35163151faa853cfee02f699ed78208063e6c72c651e8b0304393861108cdd50a30e6dc1f68b4e7bfa69664e4059d9598474f1733ddc888e5bed79c70fa", {0x9}}) fsetxattr$trusted_overlay_nlink(r0, &(0x7f0000000000)='trusted.overlay.nlink\x00', &(0x7f0000000080)={'L-'}, 0x16, 0x3) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 520.996829] FAULT_INJECTION: forcing a failure. [ 520.996829] name failslab, interval 1, probability 0, space 0, times 0 [ 521.023853] CPU: 1 PID: 29341 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 521.031932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.042096] Call Trace: [ 521.044700] dump_stack+0x142/0x197 [ 521.048368] should_fail.cold+0x10f/0x159 [ 521.052538] should_failslab+0xdb/0x130 [ 521.056613] kmem_cache_alloc_node+0x287/0x780 [ 521.061220] __alloc_skb+0x9c/0x500 [ 521.064986] ? skb_trim+0x180/0x180 [ 521.068625] ? netlink_has_listeners+0x20a/0x330 [ 521.073412] kobject_uevent_env+0x6ea/0xc80 [ 521.077821] kobject_uevent+0x20/0x30 [ 521.081625] lo_ioctl+0x11d3/0x1cd0 [ 521.085266] ? loop_probe+0x160/0x160 [ 521.089072] blkdev_ioctl+0x95f/0x1850 [ 521.092952] ? blkpg_ioctl+0x970/0x970 [ 521.096849] ? __might_sleep+0x93/0xb0 [ 521.100844] ? __fget+0x210/0x370 [ 521.104314] block_ioctl+0xde/0x120 [ 521.108076] ? blkdev_fallocate+0x3b0/0x3b0 [ 521.112439] do_vfs_ioctl+0x7ae/0x1060 [ 521.116321] ? selinux_file_mprotect+0x5d0/0x5d0 [ 521.121096] ? lock_downgrade+0x740/0x740 [ 521.125258] ? ioctl_preallocate+0x1c0/0x1c0 [ 521.129686] ? __fget+0x237/0x370 [ 521.133151] ? security_file_ioctl+0x89/0xb0 [ 521.137576] SyS_ioctl+0x8f/0xc0 [ 521.140958] ? do_vfs_ioctl+0x1060/0x1060 [ 521.145149] do_syscall_64+0x1e8/0x640 [ 521.149031] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.153893] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.159086] RIP: 0033:0x45b227 [ 521.162290] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 521.170060] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 521.177347] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 521.184647] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a 02:48:15 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x1e, 0x4, 0x0) r2 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r1, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) r3 = socket(0x1e, 0x4, 0x0) r4 = socket(0x1e, 0x4, 0x0) recvfrom$unix(r4, &(0x7f00000002c0)=""/186, 0xba, 0x0, 0x0, 0x0) setsockopt$packet_tx_ring(r4, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) setsockopt$packet_tx_ring(r3, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x0, 0x2}, 0x10) sendmmsg(r3, &(0x7f00000030c0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000000)="ee", 0x1}], 0x1}}], 0x92, 0x0) dup3(r4, r3, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) dup3(r2, r1, 0x0) [ 521.191918] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 521.199194] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000020 02:48:16 executing program 5 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 521.337380] FAULT_INJECTION: forcing a failure. [ 521.337380] name failslab, interval 1, probability 0, space 0, times 0 [ 521.359555] CPU: 0 PID: 29368 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 521.367569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.377323] Call Trace: [ 521.379939] dump_stack+0x142/0x197 [ 521.383587] should_fail.cold+0x10f/0x159 [ 521.387756] should_failslab+0xdb/0x130 [ 521.391875] kmem_cache_alloc_node+0x287/0x780 [ 521.396461] __alloc_skb+0x9c/0x500 [ 521.400091] ? skb_trim+0x180/0x180 [ 521.403738] ? netlink_has_listeners+0x20a/0x330 [ 521.408519] kobject_uevent_env+0x6ea/0xc80 [ 521.412865] kobject_uevent+0x20/0x30 [ 521.416678] lo_ioctl+0x11d3/0x1cd0 [ 521.420325] ? loop_probe+0x160/0x160 [ 521.424519] blkdev_ioctl+0x95f/0x1850 [ 521.428414] ? blkpg_ioctl+0x970/0x970 [ 521.432420] ? __might_sleep+0x93/0xb0 [ 521.436298] ? __fget+0x210/0x370 [ 521.439748] block_ioctl+0xde/0x120 [ 521.443377] ? blkdev_fallocate+0x3b0/0x3b0 [ 521.447840] do_vfs_ioctl+0x7ae/0x1060 [ 521.451746] ? selinux_file_mprotect+0x5d0/0x5d0 [ 521.456635] ? lock_downgrade+0x740/0x740 [ 521.460839] ? ioctl_preallocate+0x1c0/0x1c0 [ 521.465320] ? __fget+0x237/0x370 [ 521.468778] ? security_file_ioctl+0x89/0xb0 [ 521.473187] SyS_ioctl+0x8f/0xc0 [ 521.476620] ? do_vfs_ioctl+0x1060/0x1060 [ 521.480883] do_syscall_64+0x1e8/0x640 [ 521.484779] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.489744] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.495053] RIP: 0033:0x45b227 [ 521.498242] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 521.505950] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 521.513218] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 521.520495] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 521.527769] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 521.535037] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000021 02:48:16 executing program 3: add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, 0x0, 0x0) getpid() r0 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r0, &(0x7f0000002700)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002480)=""/184, 0xb8}}], 0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) pipe(&(0x7f0000000200)={0xffffffffffffffff}) r2 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) syncfs(r2) write$P9_RGETATTR(r1, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f00000017c0), 0x375, 0x0) 02:48:16 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) ioctl$GIO_FONT(0xffffffffffffffff, 0x4b60, &(0x7f00000000c0)=""/48) lsetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)=@known='com.apple.FinderInfo\x00', &(0x7f0000000080)='\x00', 0x1, 0x1) read$snddsp(0xffffffffffffffff, &(0x7f0000000240)=""/113, 0x71) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$nfc_llcp(r1, &(0x7f00000001c0)={0x27, 0x0, 0x2, 0x3, 0x3f, 0x8f, "3b1ba53ae1b48b294d431ded5122d6801faa538c14027efd9651214e2d6e44668623ac71473c993bf21eb9fc769febadd61480d23ca25bc300c521ae3a3223", 0x2e}, 0x60) fcntl$dupfd(r2, 0x0, r2) 02:48:16 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = fcntl$dupfd(r2, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$cgroup_ro(r5, &(0x7f0000000100)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) r7 = syz_genetlink_get_family_id$tipc(&(0x7f0000000180)='TIPC\x00') sendmsg$TIPC_CMD_GET_NETID(r6, &(0x7f0000000280)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x1c, r7, 0x100, 0x70bd29, 0x25dfdbff, {}, [""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000084}, 0x1) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0xffffffff) 02:48:16 executing program 5 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 521.639955] BTRFS error (device loop4): superblock checksum mismatch [ 521.682782] FAULT_INJECTION: forcing a failure. [ 521.682782] name failslab, interval 1, probability 0, space 0, times 0 [ 521.698868] CPU: 0 PID: 29393 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 521.706811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 521.716179] Call Trace: [ 521.718827] dump_stack+0x142/0x197 [ 521.722483] should_fail.cold+0x10f/0x159 [ 521.726673] should_failslab+0xdb/0x130 [ 521.730668] kmem_cache_alloc_node_trace+0x280/0x770 [ 521.735904] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 521.741429] __kmalloc_node_track_caller+0x3d/0x80 [ 521.746648] __kmalloc_reserve.isra.0+0x40/0xe0 [ 521.751335] __alloc_skb+0xcf/0x500 [ 521.755196] ? skb_trim+0x180/0x180 [ 521.759361] ? netlink_has_listeners+0x20a/0x330 [ 521.764160] kobject_uevent_env+0x6ea/0xc80 [ 521.768535] kobject_uevent+0x20/0x30 [ 521.772343] lo_ioctl+0x11d3/0x1cd0 [ 521.775978] ? loop_probe+0x160/0x160 [ 521.779790] blkdev_ioctl+0x95f/0x1850 [ 521.783700] ? blkpg_ioctl+0x970/0x970 [ 521.787636] ? __might_sleep+0x93/0xb0 [ 521.791515] ? __fget+0x210/0x370 [ 521.794982] block_ioctl+0xde/0x120 [ 521.798876] ? blkdev_fallocate+0x3b0/0x3b0 [ 521.803196] do_vfs_ioctl+0x7ae/0x1060 [ 521.807078] ? selinux_file_mprotect+0x5d0/0x5d0 [ 521.811834] ? lock_downgrade+0x740/0x740 [ 521.815978] ? ioctl_preallocate+0x1c0/0x1c0 [ 521.820483] ? __fget+0x237/0x370 [ 521.824058] ? security_file_ioctl+0x89/0xb0 [ 521.828485] SyS_ioctl+0x8f/0xc0 [ 521.831864] ? do_vfs_ioctl+0x1060/0x1060 [ 521.836015] do_syscall_64+0x1e8/0x640 [ 521.839902] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 521.844952] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 521.850153] RIP: 0033:0x45b227 [ 521.853332] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 521.861040] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 521.868328] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 521.875610] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 521.882914] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 521.890191] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000022 [ 521.918831] BTRFS error (device loop4): open_ctree failed [ 521.973252] BTRFS error (device loop4): superblock checksum mismatch 02:48:16 executing program 5 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:16 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mreqsrc(r2, 0x0, 0x27, &(0x7f0000000040)={@multicast1=0xe0000306, @dev={0xac, 0x14, 0x14, 0x22}}, 0xc) [ 522.022765] BTRFS error (device loop4): open_ctree failed 02:48:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) sysfs$2(0x2, 0x3, &(0x7f0000000000)=""/144) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f00000000c0)='/selinux/commit_pending_bools\x00', 0x1, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x800) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r4) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r6, 0xc058534b, &(0x7f00000004c0)={0x800, 0xfffffffe, 0x3, 0x80000001, 0xffff, 0x7f}) sendmsg$nl_netfilter(r2, &(0x7f0000000400)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x10043000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="b801000004007a4a25bd700014dcdf25c9b3e04a7f2967e15000000000000000008c", @ANYRES32=r0, @ANYBLOB="b7002500ce1cdd9c7d8e446e7b145eeed88d4c4ea310673df27bc77a9cd0d6f53c504f8b42fc3e2f98ee75a2de98359188e4cd9c35bbed58855c022c496e0b5b29e94d270d879d3439ebbe9328ef00b682c6f27086b9445390515ad2d7fadefa8933e6f3a2dfd55ebcfdc81297ca00957d9b6f237dc7976c94cadb612b88d13d5d096f0953e688f14ee9cb6ffacbfda99ff0a9e11f536579a15445341e5f5e99fc66150000009873aec181acf9b45ea2ae789aace5dec10008001d00", @ANYRES32=r4, @ANYBLOB="c2854e985d8210c141de86f4a0e9ef7f56f6af116eb3c618453c8ba87042d49a4b268844bea01ba757b5e22a6cbea15afeda03259d3af7a9f6e2e7220e091873b70267ce6fecb3273b04207d4ca3c8b5d9225e452ab1937352c494b8e6226fc6922a203d866d7a84b7c650e162d3326868c2595100a012be770e944a199b62a140d9f0a71aed44b13935d1f119266bb74303a8b9fc958da90210da6a365772df274b30e5802779e044f6bfda045a5880c0cbe593a718e9cdb95a9f44f2de936ab724a098e5b415476622766127900000"], 0x1b8}, 0x1, 0x0, 0x0, 0x804}, 0x1) r7 = gettid() ptrace$setopts(0x4206, r7, 0x0, 0x0) tkill(r7, 0x3c) ptrace$cont(0x18, r7, 0x0, 0x0) connect$unix(r1, &(0x7f0000000440)=@abs={0x1, 0x0, 0x4e22}, 0x6e) ptrace$setregs(0xd, r7, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r7, 0x0, 0x0) fcntl$setown(r2, 0x8, r7) r8 = accept4(r0, 0x0, 0x0, 0x800) recvmmsg(r8, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) 02:48:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000000)='ethtool\x00') r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 522.075466] FAULT_INJECTION: forcing a failure. [ 522.075466] name failslab, interval 1, probability 0, space 0, times 0 [ 522.093667] CPU: 1 PID: 29409 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 522.101775] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.111277] Call Trace: [ 522.113900] dump_stack+0x142/0x197 [ 522.117589] should_fail.cold+0x10f/0x159 [ 522.121761] should_failslab+0xdb/0x130 [ 522.125752] kmem_cache_alloc_node+0x287/0x780 [ 522.130407] __alloc_skb+0x9c/0x500 [ 522.134145] ? skb_trim+0x180/0x180 [ 522.137788] ? netlink_has_listeners+0x20a/0x330 [ 522.142563] kobject_uevent_env+0x6ea/0xc80 [ 522.146913] kobject_uevent+0x20/0x30 [ 522.150717] lo_ioctl+0x11d3/0x1cd0 [ 522.154359] ? loop_probe+0x160/0x160 [ 522.158190] blkdev_ioctl+0x95f/0x1850 [ 522.162082] ? blkpg_ioctl+0x970/0x970 [ 522.166058] ? __might_sleep+0x93/0xb0 [ 522.169975] ? __fget+0x210/0x370 [ 522.173441] block_ioctl+0xde/0x120 [ 522.177076] ? blkdev_fallocate+0x3b0/0x3b0 [ 522.181412] do_vfs_ioctl+0x7ae/0x1060 [ 522.185311] ? selinux_file_mprotect+0x5d0/0x5d0 [ 522.190088] ? lock_downgrade+0x740/0x740 [ 522.194265] ? ioctl_preallocate+0x1c0/0x1c0 [ 522.198691] ? __fget+0x237/0x370 [ 522.202199] ? security_file_ioctl+0x89/0xb0 [ 522.206633] SyS_ioctl+0x8f/0xc0 [ 522.210003] ? do_vfs_ioctl+0x1060/0x1060 [ 522.214191] do_syscall_64+0x1e8/0x640 [ 522.218114] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$pppoe(0x18, 0x1, 0x0) r2 = accept4(r1, 0x0, 0x0, 0x80000) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:48:16 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = fcntl$dupfd(r1, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 522.223112] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.228314] RIP: 0033:0x45b227 [ 522.231511] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 522.239392] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 522.246681] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 522.253985] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 522.261269] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 522.268554] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000023 02:48:17 executing program 0: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000100)='/dev/uinput\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) ioctl$UI_DEV_SETUP(r0, 0x5501, 0x0) 02:48:17 executing program 3: r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) waitid(0x0, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, 0x0, 0x0) pipe(0x0) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) write(0xffffffffffffffff, &(0x7f0000000340), 0x41395527) vmsplice(0xffffffffffffffff, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) getxattr(&(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0) r1 = gettid() r2 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r2, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r2) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) ptrace(0x10, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000700)={0x48, 0x0, &(0x7f0000000680)=[@register_looper, @transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@fda={0x66646185, 0xa}, @ptr={0x70742a85, 0x0, &(0x7f0000000b80)=""/4096, 0x1000, 0x0, 0x3}, @fd}, &(0x7f0000000140)={0x0, 0x20, 0x48}}}], 0x0, 0x0, &(0x7f0000000500)}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) 02:48:17 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$FS_IOC_GETFLAGS(r2, 0x80086601, &(0x7f0000000100)) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:17 executing program 5 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:17 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x204) pause() 02:48:17 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RATTACH(r0, &(0x7f0000000000)={0x14}, 0x14) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r0, 0x0) rt_sigaction(0xd, &(0x7f0000000480)={0x0, 0x0, 0x0}, &(0x7f0000000580)={0x0, 0x0, 0x0}, 0x8, &(0x7f00000005c0)) 02:48:17 executing program 0: add_key$keyring(&(0x7f0000000900)='keyring\x00', &(0x7f0000000940)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, 0x0, 0x0, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r4 = open(&(0x7f00000009c0)='./bus\x00', 0x141042, 0x0) syncfs(r4) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f00000004c0)={{{@in6, @in6=@loopback}}, {{@in=@empty}, 0x0, @in=@local}}, 0x0) stat(&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)) r5 = socket$inet6(0xa, 0x3, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r5, 0x29, 0x23, &(0x7f0000000000)={{{@in=@dev={0xac, 0x14, 0x14, 0x38}, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x88}, {}, {0x5, 0x0, 0x2}}, {{@in=@remote, 0x0, 0x33}, 0x0, @in=@remote}}, 0xe8) write$binfmt_aout(r5, &(0x7f0000000980)=ANY=[@ANYBLOB="070108042d010000590200000100000000010000000000000000000000000000918771891e33c70bce6eacc41ddb346f8539872b8e8f07b170f6b63257b5f03ca0162bf99976438d6e299f3c3072452136b133064cfa1ab37527ec7d63180530eca9e8eb94f1d133116e6dfc12a2eedc38b8af02f1ecc519f045d07e2853b1753ef1c60feae9626dcb72eccd59d31284244316e852cd8221fc21e3b7c86e0c1c27caa78f5054a136c482efda66dcf37b278ac6491065f7ca58cf3ba4046f1f7143f0fcef79824cf661fd44cfeb88855aa969f015d2bbc8bd56696d9582dd72b000001a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000064b39520434b2b030000000000960000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000eb9e2be55bdaa1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000012aaabb9cd6e9ba245d371b881349305cbeb4a43c7469b62e053dd486a8325"], 0x3da) lstat(0x0, 0x0) write$P9_RGETATTR(0xffffffffffffffff, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x0, 0x11, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000100)='net/netstat\x00') preadv(r6, &(0x7f00000017c0), 0x375, 0x0) syz_genetlink_get_family_id$nl80211(0x0) 02:48:17 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040)='ethtool\x00') sendmsg$ETHTOOL_MSG_LINKMODES_SET(r4, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f00000001c0)={0x1c0, r5, 0x400, 0x70bd26, 0x25dfdbfe, {}, [@ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x9}, @ETHTOOL_A_LINKMODES_OURS={0x80, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_BITS={0x78, 0x3, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x9, 0x2, 'hash\x00'}, @ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x2d97}, @ETHTOOL_A_BITSET_BIT_NAME={0x1c, 0x2, 'keyringGPLeth0security&\x00'}]}, {0x40, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_NAME={0x18, 0x2, 'lo}eth0-%]-security\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}, @ETHTOOL_A_BITSET_BIT_NAME={0x6, 0x2, '-\x00'}, @ETHTOOL_A_BITSET_BIT_NAME={0xd, 0x2, 'sha3-384\x00'}, @ETHTOOL_A_BITSET_BIT_VALUE={0x4}]}]}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0xff}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0x8}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x3}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0xfff}, @ETHTOOL_A_LINKMODES_DUPLEX={0x5, 0x6, 0x1f}, @ETHTOOL_A_LINKMODES_OURS={0xf4, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_NOMASK={0x4}, @ETHTOOL_A_BITSET_SIZE={0x8, 0x2, 0x5}, @ETHTOOL_A_BITSET_MASK={0xe3, 0x5, "f889e375f73f47aefdb04e9bccd6d3214d44acf7863baf095653c5777161a2673b3d0300fcec45662be70468c0cb289db32010628d51630eaf5d2cb2ea9fa4d47d1de64343bf3c23bc54a0dcfd0c9137d19457fff10780065cc315c7d8c89a48f0915236b6809d11a58c6f077ebfd92f5b88abcd5d36a61895d2e8a7eeac36b47b82db748a9b2893db36c779c8baa1f320004e4fd96aa8f7190a9c4a2fa72d1a33414930f1980c4f176915034da12fd6b58cc7c3b8a0788f61454dd5b2695b5238ad19b61b8d1ba8d384a3bd216a5130211feac0988f6fba668436dff95973"}]}]}, 0x1c0}, 0x1, 0x0, 0x0, 0x44080}, 0x40800) r6 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 522.499650] BTRFS error (device loop4): superblock checksum mismatch [ 522.535799] FAULT_INJECTION: forcing a failure. [ 522.535799] name failslab, interval 1, probability 0, space 0, times 0 [ 522.600629] BTRFS error (device loop4): open_ctree failed [ 522.603909] CPU: 1 PID: 29447 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 02:48:17 executing program 5 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 522.603918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 02:48:17 executing program 3: r0 = open(&(0x7f0000000080)='./file0\x00', 0x40c5, 0x0) r1 = open$dir(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) write$9p(r0, &(0x7f0000001400)="3b27a4b46ee92b4a59073c369a5e19f9db153c4fdbc76aa2a4bb9f3e5e1aa197a9e97d1016c01813792e50c2692c175aad715d110a892949ccc6e2e54c2d5c8f0b7932b69797f217168b0c1feb128ae34f0daf487a70b5c117acd43725fe17993634f1695dabd7f998cd55e9d5bd911e86aa7a4ad75a574bb96951d6018b25d942a9544bca1ebb0e8d10c092cdcb85797673972099e4041aaf8d636f66cb1103ef2050ad28fabaed33d6927889d97f4b5ce0de71d3fd832980f4f088d0d824e20549b4bbd906ffa51ce9de54d779eb4de462faac20a3ab0ed9934373ca22cea5454f4c2a740cd461e39956bb5f98df2aebc60cf32623adbffbcc378fa7250b6a3fc863dadcf6d4f8b855c4e70f0796eee6218445dad2811dd6b540ff52efa2f167dd9c1b8b016268d37db430983fefc0645d20614c8df2eb0872c58e09664e672b0b6a9970fec199257e1c606ec3e364c66a0f4d258c74accd43b987c756d602fd8787fed3aa43fd8d84e9656d4a413fa9a423bc54b873583d6d497005e54712fafc71384988d80134fbf84f53fdd74b354848006b8b5b67e7cc5a472475d3ae545ca1fcf7628b873e31ba83a98a7ad5b0cfbe9711b517a9a1388ad0efa2a3b4e22152021d631b731e2e100a9831111db7acce948bb5deeea260463c140ac929e77c58402776caf85d4569a75dde2f64c4491508afb541ed9b2c81fc95c06706235f383e31cf662c95b1e49cfd94871e22720a41535756e419b271276941692bd023dd9c9dbec4f7db1e5c00d8b3be7b8e826a6aadd001edd0dfeb00f8048442b5c48456fd642e629dcb2ff55592665ff491cd832672ce4d999da186db2c3a1f8b6b1f7d3750d7cdb3097954e6e14fb2183ad662c63d4ce8b82dc2487f0fe2ea2827b53a7c6dcced878d2fb29c1d3ff583570e7bc172d1a5c716e0447cb08ce3c468ffdf975da372f3f3eb455aaf5822bc04a51b6cad24a2331369df81c123b009a2381b42e9aeb077f621608d81c12a5f5c6c295d74afd4dd5c051296be0b54c70bf899b347c36bff62f313079983409d7f9cf1242c917985c1b5d0736fe21f8514f63d0369a374c42da40bd5140bc3e602d00c3cb4f8e621863ab47422778d67d72de34753fd72cef80649a1548e4e8dcbcffe4054cc9d8a1f922623a75904cbdaacde768131e587269a4a99d82f7009c1b8ab79aa232a2fd45ad71b603803123f6ba979fa6a87525884b08d721a21400fb1f950b96ead82f408cc4388d3b78fb456616429a520656d5e5a876fd04748498902c86f58d45f4c1b3919eb846a00edf07e7a830bf723e4774f085f15534dd3b5246c0c0970b5ad7bb39b30b156a9430378c5b0aab1261c78d72ac301cd552d5e8dd4b642ec1dc0672745d593bb26d095b5b23576e3cfd6ab580f6e09419d0f0c64250fafaa3759aa1888da48d89c3f7c9454b0b3d0ab40445f5bed4493ef43ab08f31b1345ac4ffd94ad79c9eee53904ed6f572817153190d2e6863f2e39356bb99926419fd314341a536b7e76cae60bf7750a4c29e3f4c7f005530b1d4ee0e25b93b76fcc1108222f0b00de52cf4100e97adfd7b9db1370586ba27e1e183299be00d0df8439c380edf2f79deb441eac59b814b04accdff5e17f02046139f91f0332661676ff506e575f0cb2850bcc9f8666f6d1f69f8f4271cb804a79fccd7016f049d1a494c26a527c437fa0be6d51ec7543d9bd7a2f016194ebe3c99080a6c9b5119863dfe865f8e60cae29f50b67dbfaa0a3c9794d73034485ca1613344c572783db3dfab01b28089c51cda99cefa4c1c881a29e229f04c7e0fd04dc425ae8417852e6e31520c6207e9d4e35285feef2a2cb8a3bceb08a166fa4284a516362621e2c06731a442791f1db063a32cf1f005c914102c7273cb4d7ab1bf567d72f230783d2ea99c43a60e8729132441ee6c5362c33f9b613f84417c3c5549f4e3d9e73c6f83f16c8e57ae22fe5f54515e111fe43ad7c400d214281452bb6141cecad84b23a695f061988d906d03be5d89584634b9e9d9a9b072f8e7cbb47c47719318a2001cafa665dd2c82672d16877ea115bd023fc1975f7c59664bfb06f66a1a5e3f05cb283fb45ea67a2727ee6e10bf35b31fdd03d43ec67b753f6737e0d2f4a5275031595878cefc8f0ca", 0x600) ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000000)) sendfile(r0, r1, 0x0, 0x1c000) [ 522.603922] Call Trace: [ 522.603943] dump_stack+0x142/0x197 [ 522.603963] should_fail.cold+0x10f/0x159 [ 522.603980] should_failslab+0xdb/0x130 02:48:17 executing program 0: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x2, &(0x7f0000000580)=[{0x0, 0x0, 0xfffffffffffffff8}, {&(0x7f0000000480)="700c959c08ab798dd88a2d83bf769da9fd", 0x11, 0x5}], 0x0, 0x0) [ 522.603993] kmem_cache_alloc_node_trace+0x280/0x770 [ 522.604014] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 522.604030] __kmalloc_node_track_caller+0x3d/0x80 [ 522.604046] __kmalloc_reserve.isra.0+0x40/0xe0 02:48:17 executing program 5 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:17 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) symlink(&(0x7f0000000200)='./file0\x00', 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) waitid(0x5, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0) r3 = gettid() r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="230228efb4a24fdf46892bc04b26c0d8d21d5d6fe0eb92552fba4784466ebedbcc3e23000000000000006c0e1b3127b51ed53e6d971e20d2e2262309d1ede6c1f37b9c352ef85800004380a8cf359a30a74dc68c37cfbef5c16f3e648860faf8228bf63bb3bf08002a74e3e6017fe72e8d5b7cc2dba5236e1882c601f2b49e32098f6919c7234ce9fe065d74f23c995de2be4e7b3881c92986a5aba827995c4ea9173085931c9f9abb4a2956cfba8227afd19e8f003e80efbe0b10d442ddd93c1436c9cbafacbe4b03ba4b656f9029509bed808f4aa86c8dc50de43149543b911caf5e9ccd3c36c416e6ba34d30721ffc6933beffc5b6dcfcb5c2c4295750e12bf08cf6a46df9b9e5b00c8de1d6687f10b410b852c6008250f2fe940ed50dc3a13984b627ba94f8aa31b1b16bf8a7523fb07b1b5ee027b413acacb65253484b86864a9a35fa81fd34083873063604893b9890834bc1bee1f2d34137b74920371226fd9e796f5586d354ba2edab762282359b53a77689cb44983404e0c9aaf10fba67eb0a0dbb369052f97b"], 0x193) getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(0xffffffffffffffff, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={0x0}}, 0x0) r5 = gettid() ptrace(0x10, r5) sched_setattr(r5, &(0x7f00000001c0)={0x38, 0x2, 0x12, 0xbe, 0x0, 0x0, 0x7ff, 0x0, 0x7, 0x3}, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x13, 0x4, &(0x7f0000000a80)=ANY=[@ANYBLOB="8500000008000000350000000000000085000000050000009500009c00000000604cbcf961b54fc16077f17cd67c3b6df74b91d67eef9cdd76b0ea4d455d800f88ddfcc692bbee3c53f94efb7a651402e17ab3b5f0b04d37f2fc94e31bc76d42c393e3a09fca63c5a9f905527e65dc3a0298f03afbabce629d3abaf4a2baa49ca30e22a9040cf30508621fdc30122624b6a34ba1bf3b02bcfcda6673cc9a3e7713227435000000d5e6e05a840bfdf1fee94d50c161a1b5382dae39f731335ac096e1c7879ecdbd4a02dfc45e69ac500d8db51ec650a3f794deb6675fbcb72884cf88095cc017684c41cb166a8b7ccd65b5a3938d02f999dd248cc63b34e874810d522818a7063093ada1df5ea608b4d10d4976b873a0e63c7aee41282a39dc24c08e37ee9ed395e24565cb217664ced5e0d812b2fc9e93281b29a49431e514db22f4306a63b850b857e594e23a0dbd767626013bbb9f82fa4ca99c224ed307d2bd19c9b4828e8c0ddb449f9995a0c9ef0931daf31bbb709d5d82ac27e71efc0411c0c67552ee895d0e"], &(0x7f0000000140)='GPL\x00', 0x4, 0x99, &(0x7f0000000180)=""/153, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r6, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000700)={0x48, 0x0, &(0x7f0000000680)=[@register_looper, @transaction={0x40406300, {0x3, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x60, 0x18, &(0x7f0000000880)={@fda={0x66646185, 0x0, 0x0, 0x38}, @ptr={0x70742a85, 0x0, &(0x7f0000000b80)=""/4096, 0x1000, 0x0, 0x3}, @fd={0x66642a85, 0x0, r6}}, &(0x7f0000000140)={0x0, 0x20, 0x48}}}], 0x0, 0x0, &(0x7f0000000500)}) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) [ 522.604060] __alloc_skb+0xcf/0x500 02:48:17 executing program 1: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cpuset.effective_cpus\x00', 0x0, 0x0) setsockopt$IP_VS_SO_SET_STARTDAEMON(r0, 0x0, 0x48b, &(0x7f0000000040)={0x2, 'wg1\x00', 0x1}, 0x18) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r2 = accept4(r1, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x1) [ 522.604070] ? skb_trim+0x180/0x180 [ 522.604083] ? netlink_has_listeners+0x20a/0x330 [ 522.604098] kobject_uevent_env+0x6ea/0xc80 [ 522.604118] kobject_uevent+0x20/0x30 [ 522.604129] lo_ioctl+0x11d3/0x1cd0 [ 522.604144] ? loop_probe+0x160/0x160 [ 522.604157] blkdev_ioctl+0x95f/0x1850 [ 522.604167] ? blkpg_ioctl+0x970/0x970 [ 522.604184] ? __might_sleep+0x93/0xb0 [ 522.604194] ? __fget+0x210/0x370 [ 522.604209] block_ioctl+0xde/0x120 [ 522.604220] ? blkdev_fallocate+0x3b0/0x3b0 [ 522.604232] do_vfs_ioctl+0x7ae/0x1060 [ 522.604244] ? selinux_file_mprotect+0x5d0/0x5d0 [ 522.604254] ? lock_downgrade+0x740/0x740 [ 522.604267] ? ioctl_preallocate+0x1c0/0x1c0 [ 522.604280] ? __fget+0x237/0x370 [ 522.604298] ? security_file_ioctl+0x89/0xb0 [ 522.604312] SyS_ioctl+0x8f/0xc0 [ 522.604322] ? do_vfs_ioctl+0x1060/0x1060 [ 522.604335] do_syscall_64+0x1e8/0x640 [ 522.604346] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.604364] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.604373] RIP: 0033:0x45b227 [ 522.604379] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 522.604391] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 522.604397] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 522.604403] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 522.604409] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 522.604414] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000024 [ 522.648710] print_req_error: I/O error, dev loop4, sector 128 [ 522.821294] FAULT_INJECTION: forcing a failure. [ 522.821294] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 522.821308] CPU: 1 PID: 29479 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 522.821315] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.821320] Call Trace: [ 522.821336] dump_stack+0x142/0x197 [ 522.821356] should_fail.cold+0x10f/0x159 [ 522.821373] __alloc_pages_nodemask+0x1d6/0x7a0 [ 522.821386] ? fs_reclaim_acquire+0x20/0x20 [ 522.821401] ? __alloc_pages_slowpath+0x2930/0x2930 [ 522.821422] cache_grow_begin+0x80/0x400 [ 522.821436] kmem_cache_alloc+0x6a6/0x780 [ 522.821447] ? selinux_file_mprotect+0x5d0/0x5d0 [ 522.821457] ? lock_downgrade+0x740/0x740 [ 522.821474] getname_flags+0xcb/0x580 [ 522.821489] SyS_mkdir+0x7e/0x200 [ 522.821501] ? SyS_mkdirat+0x210/0x210 [ 522.821511] ? do_syscall_64+0x53/0x640 [ 522.821522] ? SyS_mkdirat+0x210/0x210 [ 522.821535] do_syscall_64+0x1e8/0x640 [ 522.821546] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.821562] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.821571] RIP: 0033:0x45a7d7 [ 522.821577] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 522.821589] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 522.821595] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 522.821602] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 522.821608] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 522.821613] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000025 [ 522.883188] audit: type=1804 audit(1581562097.575:90): pid=29485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="invalid_pcr" cause="open_writers" comm="syz-executor.3" name="/root/syzkaller-testdir067549618/syzkaller.zqD9uG/655/file0" dev="sda1" ino=16596 res=1 [ 522.995155] FAULT_INJECTION: forcing a failure. [ 522.995155] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 522.995173] CPU: 0 PID: 29493 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 522.995180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 522.995184] Call Trace: [ 522.995201] dump_stack+0x142/0x197 [ 522.995221] should_fail.cold+0x10f/0x159 [ 522.995237] __alloc_pages_nodemask+0x1d6/0x7a0 [ 522.995246] ? fs_reclaim_acquire+0x20/0x20 [ 522.995260] ? __alloc_pages_slowpath+0x2930/0x2930 [ 522.995283] cache_grow_begin+0x80/0x400 [ 522.995294] kmem_cache_alloc+0x6a6/0x780 [ 522.995305] ? selinux_file_mprotect+0x5d0/0x5d0 [ 522.995319] ? lock_downgrade+0x740/0x740 [ 522.995338] getname_flags+0xcb/0x580 [ 522.995353] SyS_mkdir+0x7e/0x200 [ 522.995365] ? SyS_mkdirat+0x210/0x210 [ 522.995375] ? do_syscall_64+0x53/0x640 [ 522.995386] ? SyS_mkdirat+0x210/0x210 [ 522.995399] do_syscall_64+0x1e8/0x640 [ 522.995409] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 522.995426] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 522.995434] RIP: 0033:0x45a7d7 [ 522.995440] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 522.995451] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 522.995458] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 522.995463] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 522.995469] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 522.995475] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000026 [ 523.219326] ptrace attach of ""[29502] was attempted by "/root/syz-executor.0"[29504] 02:48:18 executing program 0: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000001b00)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCGPKT(r0, 0x80045439, &(0x7f0000002380)) 02:48:18 executing program 5 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:18 executing program 3: r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000840)=@raw={'raw\x00', 0x2, 0x3, 0x258, 0x0, 0x0, 0x0, 0x0, 0xc8, 0x1c0, 0x1c0, 0x1c0, 0x1c0, 0x1c0, 0x3, 0x0, {[{{@uncond=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6], 0x0, 0xa0, 0xc8, 0x0, {}, [@common=@inet=@tcp={{0x30, 'tcp\x00'}, {[], [], 0x0, 0x0, 0x2, 0x4}}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00'}}, {{@ip={@loopback, @remote, 0x0, 0x0, 'veth0_to_batadv\x00', 'caif0\x00'}, 0x0, 0x98, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}], {{[], 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x2b8) 02:48:18 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) pause() 02:48:18 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dsp\x00', 0x20800, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000700)={0x140, 0x640, 0xa0, 0x960, 0x4, 0x6, 0x4, 0x0, {0x3d56, 0x85}, {0x7fffffff, 0x3c43}, {0x2, 0x8}, {0xa430, 0x4, 0x1}, 0x3, 0x11, 0x20, 0x0, 0x0, 0x98, 0x7, 0x7, 0x200, 0x100, 0x6, 0x9f9, 0x10, 0x4, 0x2}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r3, &(0x7f0000000680)=[{{&(0x7f00000001c0)=@x25, 0x80, &(0x7f0000000640)=[{&(0x7f0000000480)=""/147, 0x93}, {&(0x7f0000000280)=""/87, 0x57}, {&(0x7f0000000540)=""/142, 0x8e}, {&(0x7f0000000600)=""/22, 0x16}], 0x4}, 0x1}], 0x1, 0x0, &(0x7f00000006c0)={0x0, 0x1c9c380}) ioctl$SNDCTL_DSP_GETIPTR(r1, 0x800c5011, &(0x7f00000000c0)) socket$inet6_udp(0xa, 0x2, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0xb4) ioctl$SNDCTL_DSP_POST(r7, 0x5008, 0x0) accept4(r0, 0x0, 0x0, 0x0) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r8, 0x0, r8) recvmmsg(r8, &(0x7f0000004780)=[{{&(0x7f00000007c0)=@rc, 0x80, &(0x7f0000001d80)=[{&(0x7f0000000840)=""/36, 0x24}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000001880)=""/43, 0x2b}, {&(0x7f00000018c0)=""/206, 0xce}, {&(0x7f00000019c0)=""/3, 0x3}, {&(0x7f0000001a00)=""/231, 0xe7}, {&(0x7f0000001b00)=""/113, 0x71}, {&(0x7f0000001b80)=""/227, 0xe3}, {&(0x7f0000001c80)=""/56, 0x38}, {&(0x7f0000001cc0)=""/167, 0xa7}], 0xa, &(0x7f0000004a00)=""/4096, 0x1000}, 0x7fffffff}, {{&(0x7f0000002e40)=@hci, 0x80, &(0x7f0000002fc0)=[{&(0x7f0000002ec0)=""/230, 0xe6}, {&(0x7f0000003180)=""/147, 0x93}, {&(0x7f0000003080)=""/248, 0xf8}, {&(0x7f0000004880)=""/35, 0x23}, {&(0x7f00000048c0)=""/220, 0xdc}, {&(0x7f0000003380)=""/159, 0x9f}, {&(0x7f0000003440)=""/172, 0xac}, {&(0x7f0000003500)=""/179, 0xb3}], 0x8}, 0x9}, {{0x0, 0x0, &(0x7f0000004640)=[{&(0x7f0000004840)=""/63, 0x3f}, {&(0x7f0000005a00)=""/4096, 0x1000}, {&(0x7f00000049c0)=""/20, 0x14}], 0x3, &(0x7f0000004680)=""/212, 0xd4}, 0x3}], 0x3, 0x0, 0x0) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000380)=""/202) r11 = openat$cgroup_ro(r10, &(0x7f0000000100)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(r11, 0xc0106426, &(0x7f0000000300)={0x0, &(0x7f0000001ec0)}) getsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r10, 0x84, 0x8, &(0x7f0000000000), &(0x7f0000000040)=0x4) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) r13 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) r14 = socket$inet6_tcp(0xa, 0x1, 0x0) r15 = fcntl$dupfd(r14, 0x0, r14) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) ioctl$VIDIOC_STREAMOFF(r15, 0x40045613, &(0x7f0000000240)=0x100) 02:48:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x4, &(0x7f0000000400)=[{&(0x7f0000000140)="7fc6cc1a9480f5820d43934f82c854dcddffff952bbfa4036dc6f514926f401700c188dfba95fabdf20857c30ffeeb0466228b3cb9350ee5557edac9c31d1264b98212bdb06e45833fd2af1d4ebfd0e5aab751fdeb31cb", 0x57, 0x1000}, {&(0x7f0000000200)="c99ac9b2a35862f8a672566e6dec1721364f7e7f652884ee3a510dc381fe218fc8585ccae4f717fb1c2af5adef17e7a4f05e8ca585b823d6d0738e0a17fad922d8abba67834ba8b2021228e86df2d42babcac6eccbcfedaf6e33fa51fa3414fbe6c75a58508b3dc12ac9616809cfa2e209526aebcc1c830d24d6bf385859d3d2d399e9cf4a14d7caec51d224ef3122b6efae53022175d8e365a3bfef93257842bc9d80a10b5145cd5988dcd3f43dbf700741ec8f21af897416d21a32f2", 0xbd, 0x6}, {&(0x7f00000002c0)="438549de1dc104c747c09e591077ddc6068ff9d08ab23096689ef8cc3c384dd7f3b34bb165d746eda7864270edba4db9d05665df03b1de2dd83b3239d47036fb3d43b5b8ba04b6f3bddaebf7f96ffec6356caedca58ec858ef81635d7285c25521cd1a8e1e0310be", 0x68, 0x5}, {&(0x7f0000000340)="2335dc6b929c753b45047eaf3587837353ca116478109ecafa20ad7d998682b8a4dbd326dc642c14b3b0c63469d347fef4179feee6a18a63f8951b3ffeb68e4f053ab02e5d172b0cfd0765c679f2f994fca3ab2860b1aafd75644decdb35ce382b51010c0655e99ca5ceb0a4a768d5c7ba68625da92c4b49959ca4de794fe946c01ca74c", 0x84, 0x9f2a}], 0x434648a1bcf9c25c, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) prctl$PR_SET_DUMPABLE(0x4, 0x2) syz_open_dev$ptys(0xc, 0x3, 0x0) [ 523.278500] BTRFS error (device loop4): superblock checksum mismatch [ 523.320408] BTRFS error (device loop4): open_ctree failed [ 523.828268] xt_TCPMSS: Only works on TCP SYN packets 02:48:18 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) pause() 02:48:18 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) symlink(&(0x7f0000000200)='./file0\x00', 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) waitid(0x5, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0) r3 = gettid() r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="230228efb4a24fdf46892bc04b26c0d8d21d5d6fe0eb92552fba4784466ebedbcc3e23000000000000006c0e1b3127b51ed53e6d971e20d2e2262309d1ede6c1f37b9c352ef85800004380a8cf359a30a74dc68c37cfbef5c16f3e648860faf8228bf63bb3bf08002a74e3e6017fe72e8d5b7cc2dba5236e1882c601f2b49e32098f6919c7234ce9fe065d74f23c995de2be4e7b3881c92986a5aba827995c4ea9173085931c9f9abb4a2956cfba8227afd19e8f003e80efbe0b10d442ddd93c1436c9cbafacbe4b03ba4b656f9029509bed808f4aa86c8dc50de43149543b911caf5e9ccd3c36c416e6ba34d30721ffc6933beffc5b6dcfcb5c2c4295750e12bf08cf6a46df9b9e5b00c8de1d6687f10b410b852c6008250f2fe940ed50dc3a13984b627ba94f8aa31b1b16bf8a7523fb07b1b5ee027b413acacb65253484b86864a9a35fa81fd34083873063604893b9890834bc1bee1f2d34137b74920371226fd9e796f5586d354ba2edab762282359b53a77689cb44983404e0c9aaf10fba67eb0a0dbb369052f97b"], 0x193) getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x10, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x2, 0x12, 0xbe, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) [ 523.854500] FAULT_INJECTION: forcing a failure. [ 523.854500] name failslab, interval 1, probability 0, space 0, times 0 [ 523.903843] CPU: 1 PID: 29525 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 523.911768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 523.921223] Call Trace: [ 523.923808] dump_stack+0x142/0x197 [ 523.927455] should_fail.cold+0x10f/0x159 [ 523.931623] should_failslab+0xdb/0x130 [ 523.935623] kmem_cache_alloc+0x2d7/0x780 [ 523.939931] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 523.945380] ? ext4_sync_fs+0x800/0x800 [ 523.949359] ext4_alloc_inode+0x1d/0x610 [ 523.953427] alloc_inode+0x64/0x180 [ 523.957049] new_inode_pseudo+0x19/0xf0 [ 523.961047] new_inode+0x1f/0x40 [ 523.964534] __ext4_new_inode+0x32c/0x4860 [ 523.968779] ? avc_has_perm+0x2df/0x4b0 [ 523.972760] ? ext4_free_inode+0x1210/0x1210 [ 523.977161] ? dquot_get_next_dqblk+0x160/0x160 [ 523.981984] ext4_mkdir+0x331/0xc20 [ 523.985655] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 523.990429] ? security_inode_mkdir+0xd0/0x110 [ 523.995047] vfs_mkdir+0x3ca/0x610 [ 523.998590] SyS_mkdir+0x1b7/0x200 [ 524.002146] ? SyS_mkdirat+0x210/0x210 [ 524.006066] ? do_syscall_64+0x53/0x640 [ 524.010047] ? SyS_mkdirat+0x210/0x210 [ 524.014088] do_syscall_64+0x1e8/0x640 [ 524.017968] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 524.022814] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 524.028105] RIP: 0033:0x45a7d7 [ 524.031519] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 524.039394] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 524.046682] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 02:48:18 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)={0x14, 0x42, 0x105}, 0x14}}, 0x0) [ 524.053966] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 524.061325] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 524.068776] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000027 02:48:18 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$6lowpan_control(r2, &(0x7f0000000000)='connect aa:aa:aa:aa:aa:11 2', 0x1b) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = syz_open_dev$media(&(0x7f0000000040)='/dev/media#\x00', 0x0, 0x202000) r8 = fcntl$dupfd(r4, 0x80c, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) 02:48:18 executing program 2: timer_create(0x0, &(0x7f0000000440)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000080)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000200)=0x0) timer_settime(r0, 0x0, &(0x7f0000000180)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) clone(0x13102001ffa, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket(0x0, 0x0, 0x0) poll(0x0, 0x0, 0x0) pause() 02:48:18 executing program 2: 02:48:18 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000140)='wireguard\x00') sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1004000}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x3c, r1, 0x400, 0x70bd2d, 0x25dfdbfd, {}, [@WGDEVICE_A_FLAGS={0x8, 0x5, 0x1}, @WGDEVICE_A_FWMARK={0x8, 0x7, 0x2}, @WGDEVICE_A_LISTEN_PORT={0x6, 0x6, 0x4e20}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @a='\xa0\\\xa8Ol\x9c\x8e8S\xe2\xfdzp\xae\x0f\xb2\x0f\xa1R`\f\xb0\bE\x17O\b\ao\x8dxC'}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000) r2 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r2, 0x29, 0x20, &(0x7f00000002c0)={@dev={0xfe, 0x80, [], 0x42}, 0x0, 0x2, 0x3, 0x4, 0x7fff, 0xffff}, 0x20) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 524.353348] ptrace attach of "/root/syz-executor.0"[29562] was attempted by "/root/syz-executor.0"[29565] [ 524.548898] BTRFS error (device loop4): superblock checksum mismatch 02:48:19 executing program 5 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:19 executing program 3: 02:48:19 executing program 2: 02:48:19 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) symlink(&(0x7f0000000200)='./file0\x00', 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) waitid(0x5, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0) r3 = gettid() r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="230228efb4a24fdf46892bc04b26c0d8d21d5d6fe0eb92552fba4784466ebedbcc3e23000000000000006c0e1b3127b51ed53e6d971e20d2e2262309d1ede6c1f37b9c352ef85800004380a8cf359a30a74dc68c37cfbef5c16f3e648860faf8228bf63bb3bf08002a74e3e6017fe72e8d5b7cc2dba5236e1882c601f2b49e32098f6919c7234ce9fe065d74f23c995de2be4e7b3881c92986a5aba827995c4ea9173085931c9f9abb4a2956cfba8227afd19e8f003e80efbe0b10d442ddd93c1436c9cbafacbe4b03ba4b656f9029509bed808f4aa86c8dc50de43149543b911caf5e9ccd3c36c416e6ba34d30721ffc6933beffc5b6dcfcb5c2c4295750e12bf08cf6a46df9b9e5b00c8de1d6687f10b410b852c6008250f2fe940ed50dc3a13984b627ba94f8aa31b1b16bf8a7523fb07b1b5ee027b413acacb65253484b86864a9a35fa81fd34083873063604893b9890834bc1bee1f2d34137b74920371226fd9e796f5586d354ba2edab762282359b53a77689cb44983404e0c9aaf10fba67eb0a0dbb369052f97b"], 0x193) getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x10, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x2, 0x12, 0xbe, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) 02:48:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) symlink(&(0x7f0000000200)='./file0\x00', 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) waitid(0x5, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0) r3 = gettid() r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="230228efb4a24fdf46892bc04b26c0d8d21d5d6fe0eb92552fba4784466ebedbcc3e23000000000000006c0e1b3127b51ed53e6d971e20d2e2262309d1ede6c1f37b9c352ef85800004380a8cf359a30a74dc68c37cfbef5c16f3e648860faf8228bf63bb3bf08002a74e3e6017fe72e8d5b7cc2dba5236e1882c601f2b49e32098f6919c7234ce9fe065d74f23c995de2be4e7b3881c92986a5aba827995c4ea9173085931c9f9abb4a2956cfba8227afd19e8f003e80efbe0b10d442ddd93c1436c9cbafacbe4b03ba4b656f9029509bed808f4aa86c8dc50de43149543b911caf5e9ccd3c36c416e6ba34d30721ffc6933beffc5b6dcfcb5c2c4295750e12bf08cf6a46df9b9e5b00c8de1d6687f10b410b852c6008250f2fe940ed50dc3a13984b627ba94f8aa31b1b16bf8a7523fb07b1b5ee027b413acacb65253484b86864a9a35fa81fd34083873063604893b9890834bc1bee1f2d34137b74920371226fd9e796f5586d354ba2edab762282359b53a77689cb44983404e0c9aaf10fba67eb0a0dbb369052f97b"], 0x193) getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x10, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x2, 0x12, 0xbe, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) [ 524.601101] BTRFS error (device loop4): open_ctree failed 02:48:19 executing program 3: [ 524.673938] BTRFS error (device loop4): superblock checksum mismatch [ 524.763386] FAULT_INJECTION: forcing a failure. [ 524.763386] name failslab, interval 1, probability 0, space 0, times 0 [ 524.778818] BTRFS error (device loop4): open_ctree failed [ 524.967632] CPU: 0 PID: 29587 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 524.975563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 524.985311] Call Trace: [ 524.987917] dump_stack+0x142/0x197 [ 524.991672] should_fail.cold+0x10f/0x159 [ 524.995842] should_failslab+0xdb/0x130 [ 525.000028] kmem_cache_alloc+0x2d7/0x780 [ 525.004364] ? __debug_object_init+0x171/0x8e0 [ 525.008947] ? ext4_alloc_inode+0x1d/0x610 [ 525.013178] selinux_inode_alloc_security+0xb6/0x2a0 [ 525.018290] security_inode_alloc+0x94/0xd0 [ 525.022621] inode_init_always+0x552/0xaf0 [ 525.026957] alloc_inode+0x81/0x180 [ 525.031127] new_inode_pseudo+0x19/0xf0 [ 525.035108] new_inode+0x1f/0x40 [ 525.038465] __ext4_new_inode+0x32c/0x4860 [ 525.043160] ? avc_has_perm+0x2df/0x4b0 [ 525.047154] ? ext4_free_inode+0x1210/0x1210 [ 525.051571] ? dquot_get_next_dqblk+0x160/0x160 [ 525.056239] ext4_mkdir+0x331/0xc20 [ 525.059865] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 525.064551] ? security_inode_mkdir+0xd0/0x110 [ 525.069143] vfs_mkdir+0x3ca/0x610 [ 525.072673] SyS_mkdir+0x1b7/0x200 [ 525.076225] ? SyS_mkdirat+0x210/0x210 [ 525.080119] ? do_syscall_64+0x53/0x640 [ 525.084088] ? SyS_mkdirat+0x210/0x210 [ 525.087984] do_syscall_64+0x1e8/0x640 [ 525.091870] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.096708] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 525.101988] RIP: 0033:0x45a7d7 [ 525.105168] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 02:48:19 executing program 3: 02:48:19 executing program 0: [ 525.112869] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 525.120164] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 525.127430] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 525.134698] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 525.141967] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000028 02:48:19 executing program 3: 02:48:19 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0x9, 0x242083) connect$inet(r1, &(0x7f0000000140)={0x2, 0x4e24, @multicast1}, 0x10) r2 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 02:48:19 executing program 0: 02:48:20 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000000)=0x6, 0x4) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000040)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF(r3, 0xc0585609, &(0x7f0000000080)={0x40, 0xa, 0x4, 0x2, 0x4, {r8, r9/1000+10000}, {0x1, 0x1, 0x7, 0x3f, 0x5, 0x2, "4ea00351"}, 0x2, 0x3, @offset=0x3, 0x2}) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) r11 = fcntl$dupfd(r10, 0x0, r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) r13 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) r14 = socket$inet6_tcp(0xa, 0x1, 0x0) r15 = fcntl$dupfd(r14, 0x0, r14) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) r16 = socket$inet6_tcp(0xa, 0x1, 0x0) r17 = fcntl$dupfd(r16, 0x0, r16) ioctl$PERF_EVENT_IOC_ENABLE(r17, 0x8912, 0x400200) r18 = socket$inet6_tcp(0xa, 0x1, 0x0) r19 = fcntl$dupfd(r18, 0x0, r18) ioctl$PERF_EVENT_IOC_ENABLE(r19, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x33) [ 525.358533] BTRFS error (device loop4): superblock checksum mismatch 02:48:20 executing program 5 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:20 executing program 0: 02:48:20 executing program 3: [ 525.421291] BTRFS error (device loop4): open_ctree failed 02:48:20 executing program 3: 02:48:20 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) symlink(&(0x7f0000000200)='./file0\x00', 0x0) r0 = getpid() sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) waitid(0x5, 0x0, &(0x7f00000002c0), 0x1000000, &(0x7f0000000440)) sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0) pipe(&(0x7f0000000840)={0xffffffffffffffff, 0xffffffffffffffff}) modify_ldt$write(0x1, 0x0, 0x0) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) write$P9_RLINK(0xffffffffffffffff, &(0x7f00000000c0)={0x7, 0x47, 0x1}, 0x7) getxattr(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB], 0x0, 0x0) r3 = gettid() r4 = creat(&(0x7f0000000280)='./file0\x00', 0x1) write$binfmt_script(r4, &(0x7f00000009c0)=ANY=[@ANYBLOB="230228efb4a24fdf46892bc04b26c0d8d21d5d6fe0eb92552fba4784466ebedbcc3e23000000000000006c0e1b3127b51ed53e6d971e20d2e2262309d1ede6c1f37b9c352ef85800004380a8cf359a30a74dc68c37cfbef5c16f3e648860faf8228bf63bb3bf08002a74e3e6017fe72e8d5b7cc2dba5236e1882c601f2b49e32098f6919c7234ce9fe065d74f23c995de2be4e7b3881c92986a5aba827995c4ea9173085931c9f9abb4a2956cfba8227afd19e8f003e80efbe0b10d442ddd93c1436c9cbafacbe4b03ba4b656f9029509bed808f4aa86c8dc50de43149543b911caf5e9ccd3c36c416e6ba34d30721ffc6933beffc5b6dcfcb5c2c4295750e12bf08cf6a46df9b9e5b00c8de1d6687f10b410b852c6008250f2fe940ed50dc3a13984b627ba94f8aa31b1b16bf8a7523fb07b1b5ee027b413acacb65253484b86864a9a35fa81fd34083873063604893b9890834bc1bee1f2d34137b74920371226fd9e796f5586d354ba2edab762282359b53a77689cb44983404e0c9aaf10fba67eb0a0dbb369052f97b"], 0x193) getpid() perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x100, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp, 0x0, 0x79af, 0x3, 0x0, 0x0, 0x0, 0xb9a}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) close(r4) clone(0x2000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) ptrace(0x10, 0x0) sched_setattr(0x0, &(0x7f00000001c0)={0x38, 0x2, 0x12, 0xbe, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000}, 0x28) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000380), 0x4) [ 525.533327] BTRFS error (device loop4): superblock checksum mismatch [ 525.557722] FAULT_INJECTION: forcing a failure. [ 525.557722] name failslab, interval 1, probability 0, space 0, times 0 [ 525.569461] CPU: 1 PID: 29630 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 525.577462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 525.586915] Call Trace: [ 525.589527] dump_stack+0x142/0x197 [ 525.593176] should_fail.cold+0x10f/0x159 [ 525.597346] should_failslab+0xdb/0x130 [ 525.601336] __kmalloc+0x71/0x7a0 [ 525.604808] ? mls_compute_context_len+0x3f6/0x5e0 [ 525.609762] ? context_struct_to_string+0x33a/0x630 [ 525.615064] context_struct_to_string+0x33a/0x630 [ 525.620008] ? security_load_policycaps+0x320/0x320 [ 525.625046] security_sid_to_context_core+0x18a/0x200 02:48:20 executing program 0: 02:48:20 executing program 3: socket$packet(0x11, 0x2, 0x300) timerfd_create(0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$KVM_CHECK_EXTENSION_VM(r0, 0xae03, 0x2) pipe(&(0x7f0000000140)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) 02:48:20 executing program 0: sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f0000000000)="080db5055e0bcfe8478071") r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000008c0)={&(0x7f00000007c0)=@bridge_getlink={0x34, 0x12, 0x1, 0x0, 0x0, {}, [@IFLA_IFNAME={0x14, 0x35, 'bond0\x00'}]}, 0x34}}, 0x0) [ 525.630254] security_sid_to_context_force+0x2b/0x40 [ 525.635384] selinux_inode_init_security+0x493/0x700 [ 525.640515] ? selinux_inode_create+0x30/0x30 [ 525.645822] ? kfree+0x20a/0x270 [ 525.649987] security_inode_init_security+0x18d/0x360 [ 525.655191] ? ext4_init_acl+0x1f0/0x1f0 [ 525.659265] ? security_kernel_post_read_file+0xd0/0xd0 [ 525.664638] ? posix_acl_create+0xf5/0x3a0 [ 525.668889] ? ext4_set_acl+0x400/0x400 [ 525.672881] ? lock_downgrade+0x740/0x740 [ 525.677085] ext4_init_security+0x34/0x40 02:48:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 525.681248] __ext4_new_inode+0x3385/0x4860 [ 525.685593] ? ext4_free_inode+0x1210/0x1210 [ 525.690017] ? dquot_get_next_dqblk+0x160/0x160 [ 525.694705] ext4_mkdir+0x331/0xc20 [ 525.698351] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 525.703047] ? security_inode_mkdir+0xd0/0x110 [ 525.707753] vfs_mkdir+0x3ca/0x610 [ 525.711337] SyS_mkdir+0x1b7/0x200 [ 525.714947] ? SyS_mkdirat+0x210/0x210 [ 525.718865] ? do_syscall_64+0x53/0x640 [ 525.722861] ? SyS_mkdirat+0x210/0x210 [ 525.726766] do_syscall_64+0x1e8/0x640 [ 525.730670] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 525.735615] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 525.740899] RIP: 0033:0x45a7d7 [ 525.744092] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 525.751811] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 525.759091] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 525.766366] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 525.773657] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 525.780941] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000029 [ 525.800320] BTRFS error (device loop4): open_ctree failed 02:48:20 executing program 5 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:20 executing program 3: [ 526.049620] ptrace attach of "/root/syz-executor.2"[29650] was attempted by "/root/syz-executor.2"[29652] [ 526.138161] FAULT_INJECTION: forcing a failure. [ 526.138161] name failslab, interval 1, probability 0, space 0, times 0 [ 526.149640] CPU: 0 PID: 29659 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 526.157536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.166897] Call Trace: [ 526.169502] dump_stack+0x142/0x197 [ 526.173145] should_fail.cold+0x10f/0x159 [ 526.177315] should_failslab+0xdb/0x130 [ 526.181307] __kmalloc+0x71/0x7a0 [ 526.184772] ? mls_compute_context_len+0x3f6/0x5e0 [ 526.189828] ? context_struct_to_string+0x33a/0x630 [ 526.194872] context_struct_to_string+0x33a/0x630 [ 526.199730] ? security_load_policycaps+0x320/0x320 [ 526.204873] security_sid_to_context_core+0x18a/0x200 [ 526.210090] security_sid_to_context_force+0x2b/0x40 [ 526.215417] selinux_inode_init_security+0x493/0x700 [ 526.220539] ? selinux_inode_create+0x30/0x30 [ 526.225175] ? kfree+0x20a/0x270 [ 526.228567] security_inode_init_security+0x18d/0x360 [ 526.233776] ? ext4_init_acl+0x1f0/0x1f0 [ 526.237861] ? security_kernel_post_read_file+0xd0/0xd0 [ 526.243244] ? posix_acl_create+0xf5/0x3a0 [ 526.248471] ? ext4_set_acl+0x400/0x400 [ 526.252546] ? lock_downgrade+0x740/0x740 [ 526.256842] ext4_init_security+0x34/0x40 [ 526.261205] __ext4_new_inode+0x3385/0x4860 [ 526.265549] ? ext4_free_inode+0x1210/0x1210 [ 526.269977] ? dquot_get_next_dqblk+0x160/0x160 [ 526.274657] ext4_mkdir+0x331/0xc20 [ 526.278371] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 526.283050] ? security_inode_mkdir+0xd0/0x110 [ 526.287652] vfs_mkdir+0x3ca/0x610 [ 526.291239] SyS_mkdir+0x1b7/0x200 [ 526.294888] ? SyS_mkdirat+0x210/0x210 [ 526.298791] ? do_syscall_64+0x53/0x640 [ 526.302776] ? SyS_mkdirat+0x210/0x210 [ 526.306673] do_syscall_64+0x1e8/0x640 [ 526.310565] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 526.315434] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 526.320626] RIP: 0033:0x45a7d7 [ 526.323817] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 526.331546] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 02:48:20 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) ioctl$FIGETBSZ(r2, 0x2, &(0x7f0000000000)) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:48:20 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) close(r1) io_setup(0x6, &(0x7f0000000140)=0x0) io_submit(r2, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r1, 0x0, 0x7ffff000}]) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400201) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000400)={0x7}) r5 = openat$null(0xffffffffffffff9c, &(0x7f0000000180)='/dev/null\x00', 0x40041, 0x0) io_submit(r2, 0x1, &(0x7f0000000240)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x7, 0x4, 0xffffffffffffffff, &(0x7f0000000140), 0x0, 0x10000, 0x0, 0x2, r5}]) r6 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) r10 = fcntl$dupfd(r9, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) r12 = fcntl$dupfd(r11, 0x0, r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r12, 0x84, 0x9, &(0x7f0000000280)={0x0, @in={{0x2, 0x4e21, @remote}}, 0x80000001, 0x8000, 0x2, 0x401, 0x11, 0xd7, 0x7}, &(0x7f0000000340)=0x9c) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r10, 0x84, 0x18, &(0x7f0000000380)={r13, 0xffff}, &(0x7f00000003c0)=0x8) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r8, 0x10e, 0x1, &(0x7f0000000100)=0x1, 0x4) 02:48:20 executing program 2: 02:48:20 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:20 executing program 3: 02:48:21 executing program 3: 02:48:21 executing program 2: [ 526.338822] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 526.346097] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 526.353467] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 526.360732] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002a 02:48:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:21 executing program 2: [ 526.448454] BTRFS error (device loop4): superblock checksum mismatch 02:48:21 executing program 3: 02:48:21 executing program 5 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 526.521185] BTRFS error (device loop4): open_ctree failed [ 526.623544] BTRFS error (device loop4): superblock checksum mismatch [ 526.650714] FAULT_INJECTION: forcing a failure. [ 526.650714] name failslab, interval 1, probability 0, space 0, times 0 [ 526.665684] CPU: 1 PID: 29700 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 526.673607] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 526.682980] Call Trace: [ 526.685583] dump_stack+0x142/0x197 [ 526.689245] should_fail.cold+0x10f/0x159 [ 526.693425] should_failslab+0xdb/0x130 [ 526.697415] __kmalloc+0x2f0/0x7a0 [ 526.700968] ? ext4_find_extent+0x709/0x960 [ 526.705278] ext4_find_extent+0x709/0x960 [ 526.709428] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 526.715687] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 526.720218] ? save_trace+0x290/0x290 [ 526.724016] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 526.729083] ? __lock_is_held+0xb6/0x140 [ 526.733151] ? lock_acquire+0x16f/0x430 [ 526.737116] ? ext4_map_blocks+0x402/0x17c0 [ 526.741505] ext4_map_blocks+0xd3c/0x17c0 [ 526.745668] ? __lock_is_held+0xb6/0x140 [ 526.749719] ? check_preemption_disabled+0x3c/0x250 [ 526.754753] ? ext4_issue_zeroout+0x160/0x160 [ 526.759263] ? __brelse+0x50/0x60 [ 526.762724] ext4_getblk+0xac/0x450 [ 526.766359] ? ext4_iomap_begin+0x8a0/0x8a0 [ 526.770673] ? ext4_free_inode+0x1210/0x1210 [ 526.775112] ext4_bread+0x6e/0x1a0 [ 526.778648] ? ext4_getblk+0x450/0x450 [ 526.782535] ext4_append+0x14b/0x360 [ 526.786248] ext4_mkdir+0x531/0xc20 [ 526.789894] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 526.794571] ? security_inode_mkdir+0xd0/0x110 [ 526.799146] vfs_mkdir+0x3ca/0x610 [ 526.802802] SyS_mkdir+0x1b7/0x200 [ 526.806357] ? SyS_mkdirat+0x210/0x210 [ 526.810233] ? do_syscall_64+0x53/0x640 [ 526.814199] ? SyS_mkdirat+0x210/0x210 [ 526.818133] do_syscall_64+0x1e8/0x640 [ 526.822019] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 526.826873] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 526.832055] RIP: 0033:0x45a7d7 [ 526.835676] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 526.843454] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 526.850717] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 526.857985] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 526.865250] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 02:48:21 executing program 3: [ 526.872544] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002b [ 526.905944] BTRFS error (device loop4): open_ctree failed 02:48:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:21 executing program 2: 02:48:21 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) setsockopt$TIPC_GROUP_LEAVE(r2, 0x10f, 0x88) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x0, 0x0) r5 = getpgid(r4) r6 = gettid() sched_getattr(r5, &(0x7f0000000080)={0x38}, 0x38, 0x0) ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r6, 0x0, 0x0) tgkill(r5, r6, 0x14) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_inet_SIOCGIFDSTADDR(r1, 0x8917, &(0x7f0000000040)={'macvlan0\x00', {0x2, 0x4e24, @local}}) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) 02:48:21 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) syz_mount_image$hfs(&(0x7f0000000100)='hfs\x00', &(0x7f0000000140)='./file0\x00', 0x690, 0x3, &(0x7f0000000300)=[{&(0x7f0000000200)="317fd342cf809366a415b16e0a5d4f72b6d280c6f1fb3a788e887c9f8d68102f0daf29133e97db38d323c825db5a236f4737e07c555fa7190010b71c900c034c375ad10805c683b238b44b82608190120c7c186494a0fa1efa84e9e59ce0bce7edf9640ee1776e3523ebf7ed1cba8eb2ba5581fbaf", 0x75, 0x1}, {&(0x7f0000000180)="e958e591a6656832ca5c8b6024f0cdfdabbd0b", 0x13, 0x3}, {&(0x7f0000000280)="e5a0797d8a7dabbf6e31263b742dd926d56fe5da5d795b95997c92b5adca594c7548c58085b091b41d977539b72ea2fa386a3c4845b07564fafd503caa5f86b4c73409fe027ab5f8c7", 0x49, 0xfe0e}], 0x8000, &(0x7f0000000380)={[{@quiet='quiet'}, {@codepage={'codepage', 0x3d, 'cp862'}}, {@type={'type', 0x3d, "ceff1825"}}, {@quiet='quiet'}, {@quiet='quiet'}], [{@appraise='appraise'}, {@pcr={'pcr', 0x3d, 0x22}}, {@fsmagic={'fsmagic', 0x3d, 0xfffffffffffffffc}}, {@measure='measure'}]}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) 02:48:21 executing program 3: 02:48:21 executing program 3: 02:48:21 executing program 2: 02:48:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:21 executing program 3: [ 527.057332] BTRFS error (device loop4): superblock checksum mismatch 02:48:21 executing program 5 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:21 executing program 2: 02:48:21 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:21 executing program 3: 02:48:21 executing program 2: [ 527.180175] BTRFS error (device loop4): open_ctree failed [ 527.197543] FAULT_INJECTION: forcing a failure. [ 527.197543] name failslab, interval 1, probability 0, space 0, times 0 [ 527.228820] CPU: 1 PID: 29736 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 527.236742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.246103] Call Trace: [ 527.248714] dump_stack+0x142/0x197 [ 527.252374] should_fail.cold+0x10f/0x159 [ 527.256544] should_failslab+0xdb/0x130 [ 527.260539] __kmalloc+0x2f0/0x7a0 [ 527.264091] ? check_preemption_disabled+0x3c/0x250 [ 527.269138] ? ext4_find_extent+0x709/0x960 [ 527.273468] ext4_find_extent+0x709/0x960 [ 527.277626] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 527.283092] ext4_ext_map_blocks+0x1a3/0x4fa0 [ 527.287604] ? save_trace+0x290/0x290 [ 527.291420] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 527.296439] ? __lock_is_held+0xb6/0x140 [ 527.300512] ? lock_acquire+0x16f/0x430 [ 527.304493] ? ext4_map_blocks+0x829/0x17c0 [ 527.308837] ext4_map_blocks+0x881/0x17c0 [ 527.313014] ? ext4_issue_zeroout+0x160/0x160 [ 527.317521] ? __brelse+0x50/0x60 [ 527.321030] ext4_getblk+0xac/0x450 [ 527.324668] ? ext4_iomap_begin+0x8a0/0x8a0 [ 527.329002] ? ext4_free_inode+0x1210/0x1210 [ 527.333446] ext4_bread+0x6e/0x1a0 [ 527.337012] ? ext4_getblk+0x450/0x450 [ 527.340912] ext4_append+0x14b/0x360 [ 527.344636] ext4_mkdir+0x531/0xc20 [ 527.348286] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 527.352975] ? security_inode_mkdir+0xd0/0x110 [ 527.357575] vfs_mkdir+0x3ca/0x610 [ 527.361128] SyS_mkdir+0x1b7/0x200 [ 527.364675] ? SyS_mkdirat+0x210/0x210 [ 527.368569] ? do_syscall_64+0x53/0x640 [ 527.372556] ? SyS_mkdirat+0x210/0x210 [ 527.376457] do_syscall_64+0x1e8/0x640 [ 527.380436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 527.385702] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 527.391017] RIP: 0033:0x45a7d7 [ 527.394231] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 527.402065] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 527.409341] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 [ 527.416710] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 527.424120] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 02:48:22 executing program 2: [ 527.431395] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002c [ 527.517458] BTRFS error (device loop4): superblock checksum mismatch 02:48:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:22 executing program 3: 02:48:22 executing program 5 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:22 executing program 2: [ 527.570329] BTRFS error (device loop4): open_ctree failed 02:48:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) getsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f0000000280)={{{@in=@multicast1, @in6=@mcast2}}, {{@in=@dev}, 0x0, @in=@loopback}}, &(0x7f0000000100)=0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x1, 0x128002) r4 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcs\x00', 0x402300, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) r6 = socket$inet(0x2, 0x80001, 0x84) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000380)={'team0\x00'}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$VIDIOC_TRY_ENCODER_CMD(r8, 0xc028564e, &(0x7f00000001c0)={0x3, 0x1, [0x4, 0x4, 0x5, 0x80000001, 0x2, 0x80000000, 0x10001, 0x7ff]}) getsockopt$inet_sctp_SCTP_MAX_BURST(r6, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r5, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r9}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000080)={r9, 0x8, 0x30}, &(0x7f00000000c0)=0xc) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) r11 = fcntl$dupfd(r10, 0x0, r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) ioctl$TIOCVHANGUP(r11, 0x5437, 0x0) 02:48:22 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$update(0x2, r1, 0x0, 0x0) r2 = request_key(&(0x7f0000000240)='.dead\x00', &(0x7f0000000280)={'syz', 0x2}, &(0x7f00000002c0)='btrfs\x00', r1) request_key(&(0x7f0000000140)='keyring\x00', &(0x7f0000000180)={'syz', 0x0}, &(0x7f0000000200)='\x00', r2) ptrace$getregs(0xc, r0, 0x2, &(0x7f0000000100)=""/2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_open_dev$sg(&(0x7f0000000300)='/dev/sg#\x00', 0x635, 0x80) 02:48:22 executing program 3: 02:48:22 executing program 2: 02:48:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 527.701140] FAULT_INJECTION: forcing a failure. [ 527.701140] name failslab, interval 1, probability 0, space 0, times 0 [ 527.713148] CPU: 0 PID: 29765 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 527.721041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 527.730404] Call Trace: [ 527.733006] dump_stack+0x142/0x197 [ 527.736651] should_fail.cold+0x10f/0x159 [ 527.740810] ? __es_tree_search.isra.0+0x15f/0x1c0 [ 527.745751] should_failslab+0xdb/0x130 [ 527.749735] kmem_cache_alloc+0x47/0x780 [ 527.753920] ? finish_task_switch+0x178/0x650 [ 527.758512] __es_insert_extent+0x26c/0xe60 [ 527.762856] ext4_es_insert_extent+0x1f0/0x590 [ 527.767567] ? check_preemption_disabled+0x3c/0x250 [ 527.772607] ? ext4_es_find_delayed_extent_range+0x960/0x960 [ 527.778415] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 527.783878] ? ext4_es_find_delayed_extent_range+0x31d/0x960 [ 527.789680] ? firmware_map_remove+0x196/0x196 [ 527.794368] ext4_ext_put_gap_in_cache+0xcb/0x110 02:48:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) set_thread_area(&(0x7f0000000000)={0x6, 0x100000, 0xfffffffffffffbff, 0x1, 0x3, 0x1, 0x1, 0x1}) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r5}}, 0x48) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r4, 0xc0506617, &(0x7f0000000040)={{0x1, 0x0, @descriptor="31271ca04f18913f"}, 0xaa, [], "8b2e7f46871c0631a8b28380dbda2960c7072247328b3c61489bce9bafd82c04c5364c5563be83cdaf3e716b39843fe51bf48abb9ace2cc31974c10c6d033ab0386c9a25a359b085c4985c4b9a2beb4882612863521de877bad1b102c9c2520e4a6cf8e97d9d41552d5b216c8b64fecf0ff43010f8ae8ab10c55eb7ffc37c60ed60632e8e1fdbbf2a38589c1c4ea9b53b20bdf6c0aeee61a8f27525385c975fa68e702b8910681f8dcfe"}) [ 527.799221] ? ext4_zeroout_es+0x170/0x170 [ 527.803456] ? ext4_find_extent+0x64c/0x960 [ 527.807919] ext4_ext_map_blocks+0x1d4b/0x4fa0 [ 527.812518] ? save_trace+0x290/0x290 [ 527.816323] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 527.821352] ? __lock_is_held+0xb6/0x140 [ 527.825421] ? lock_acquire+0x16f/0x430 [ 527.829400] ? ext4_map_blocks+0x402/0x17c0 [ 527.833760] ext4_map_blocks+0xd3c/0x17c0 [ 527.837916] ? __lock_is_held+0xb6/0x140 [ 527.841983] ? check_preemption_disabled+0x3c/0x250 [ 527.847135] ? ext4_issue_zeroout+0x160/0x160 [ 527.851634] ? __brelse+0x50/0x60 [ 527.855098] ext4_getblk+0xac/0x450 [ 527.858744] ? ext4_iomap_begin+0x8a0/0x8a0 [ 527.863084] ? ext4_free_inode+0x1210/0x1210 [ 527.867573] ext4_bread+0x6e/0x1a0 [ 527.871250] ? ext4_getblk+0x450/0x450 [ 527.875149] ext4_append+0x14b/0x360 [ 527.878884] ext4_mkdir+0x531/0xc20 [ 527.882531] ? ext4_init_dot_dotdot+0x4c0/0x4c0 [ 527.887216] ? security_inode_mkdir+0xd0/0x110 [ 527.891948] vfs_mkdir+0x3ca/0x610 [ 527.895504] SyS_mkdir+0x1b7/0x200 02:48:22 executing program 3: 02:48:22 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000018c0)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @dev}, 0x80, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/120, 0x78}, {&(0x7f0000000240)=""/31, 0x1f}, {&(0x7f0000000280)=""/123, 0x7b}, {&(0x7f0000000300)=""/108, 0x6c}], 0x4, &(0x7f00000003c0)=""/148, 0x94}, 0x2}, {{0x0, 0x0, &(0x7f0000001740)=[{&(0x7f0000000480)=""/4096, 0x1000}, {&(0x7f0000001480)=""/216, 0xd8}, {&(0x7f0000001580)=""/108, 0x6c}, {&(0x7f0000001600)=""/23, 0x17}, {&(0x7f0000001640)=""/70, 0x46}, {&(0x7f0000001940)=""/22, 0x16}, {&(0x7f0000001980)=""/52, 0x34}], 0x7, &(0x7f00000017c0)=""/227, 0xe3}, 0xe46}], 0x2, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) socket$inet_dccp(0x2, 0x6, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) ioctl$VIDIOC_PREPARE_BUF(r5, 0xc058565d, &(0x7f0000000040)={0xfffffff8, 0x9, 0x4, 0x2000, 0x3ff, {r6, r7/1000+10000}, {0x7, 0x2, 0x0, 0x1, 0x5, 0xff, "caefcaa1"}, 0x1ff, 0x2, @fd, 0x7, 0x0, r3}) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x4ea9) [ 527.899237] ? SyS_mkdirat+0x210/0x210 [ 527.903139] ? do_syscall_64+0x53/0x640 [ 527.907121] ? SyS_mkdirat+0x210/0x210 [ 527.911027] do_syscall_64+0x1e8/0x640 [ 527.915062] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 527.919923] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 527.925117] RIP: 0033:0x45a7d7 [ 527.928306] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 527.936025] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045a7d7 [ 527.943297] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 00000000200001c0 02:48:22 executing program 3: 02:48:22 executing program 2: [ 527.950662] RBP: 000000000075bf20 R08: 0000000000000000 R09: 000000000000000a [ 527.957936] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000003 [ 527.965208] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002d [ 527.988328] BTRFS error (device loop4): superblock checksum mismatch 02:48:22 executing program 5 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:22 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:22 executing program 2: [ 528.084033] BTRFS error (device loop4): open_ctree failed [ 528.154515] FAULT_INJECTION: forcing a failure. [ 528.154515] name failslab, interval 1, probability 0, space 0, times 0 [ 528.166055] CPU: 0 PID: 29803 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 528.174154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.183744] Call Trace: [ 528.186326] dump_stack+0x142/0x197 [ 528.189960] should_fail.cold+0x10f/0x159 [ 528.194124] should_failslab+0xdb/0x130 [ 528.198087] __kmalloc_track_caller+0x2ec/0x790 [ 528.202867] ? strndup_user+0x62/0xf0 [ 528.206668] memdup_user+0x26/0xa0 [ 528.210214] strndup_user+0x62/0xf0 [ 528.213845] SyS_mount+0x3c/0x120 [ 528.217296] ? copy_mnt_ns+0x8c0/0x8c0 [ 528.221182] do_syscall_64+0x1e8/0x640 [ 528.225110] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 528.229948] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 528.235184] RIP: 0033:0x45de0a [ 528.238416] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 528.246170] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a 02:48:23 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) r3 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_MAXSEG(r2, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r4}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000040)={r4, 0x205}, &(0x7f0000000080)=0x8) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_DELAYED_SACK(r7, 0x84, 0x10, &(0x7f0000000000)=@sack_info={0x0, 0x6, 0x4}, 0xc) r8 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) 02:48:23 executing program 3: 02:48:23 executing program 2: 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) 02:48:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$IPSET_CMD_PROTOCOL(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0x5c, 0x1, 0x6, 0x101, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x5c}, 0x1, 0x0, 0x0, 0x8000}, 0x0) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$inet6_tcp_TLS_TX(r5, 0x6, 0x1, &(0x7f0000000280)=@gcm_256={{0x304}, "6fc19a46c16bb2e8", "dd802cc8256bd67ac0bc3713246d2c58c25bbf3d7ece8cc8c60353dad60693fb", "8e0863a9", "eff4bdc142ac4b4d"}, 0x38) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 528.253493] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 528.260879] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 528.268168] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 528.275434] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002e 02:48:23 executing program 3: 02:48:23 executing program 2: 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) 02:48:23 executing program 5 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 528.402500] BTRFS error (device loop4): superblock checksum mismatch 02:48:23 executing program 2: [ 528.450337] BTRFS error (device loop4): open_ctree failed [ 528.490292] FAULT_INJECTION: forcing a failure. 02:48:23 executing program 3: [ 528.490292] name failslab, interval 1, probability 0, space 0, times 0 [ 528.501843] CPU: 0 PID: 29830 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 528.509753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.519255] Call Trace: [ 528.521863] dump_stack+0x142/0x197 [ 528.525512] should_fail.cold+0x10f/0x159 [ 528.529684] should_failslab+0xdb/0x130 [ 528.533799] kmem_cache_alloc+0x47/0x780 [ 528.537879] ? lock_downgrade+0x740/0x740 [ 528.542132] __sigqueue_alloc+0x1da/0x400 [ 528.546293] __send_signal+0x1a2/0x1280 [ 528.550280] ? lock_acquire+0x16f/0x430 [ 528.554285] send_signal+0x49/0xc0 [ 528.557838] force_sig_info+0x243/0x350 [ 528.561830] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 528.567386] ? is_prefetch.isra.0+0x350/0x350 [ 528.571924] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 528.577557] __bad_area_nosemaphore+0x1dc/0x2a0 [ 528.582225] bad_area+0x69/0x80 [ 528.585677] __do_page_fault+0x86f/0xb80 [ 528.589775] ? vmalloc_fault+0xe30/0xe30 [ 528.593835] ? page_fault+0x2f/0x50 [ 528.597462] do_page_fault+0x71/0x511 [ 528.601256] ? page_fault+0x2f/0x50 [ 528.604885] page_fault+0x45/0x50 [ 528.608352] RIP: 0033:0x454fbf [ 528.611619] RSP: 002b:00007f6b0e361a68 EFLAGS: 00010283 [ 528.617082] RAX: 00007f6b0e361b40 RBX: 00007f6b0e3626d4 RCX: 0000000000000000 [ 528.624348] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f6b0e361b40 [ 528.631629] RBP: 000000000075bf20 R08: 00000000000000e0 R09: 000000000000000a [ 528.638907] R10: 0000000000000075 R11: 00000000004ee120 R12: 0000000000000003 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) [ 528.646169] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000002f 02:48:23 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) recvmmsg(r0, &(0x7f0000004080)=[{{&(0x7f0000000000)=@llc={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @remote}, 0x80, &(0x7f0000000580)=[{&(0x7f0000000080)=""/167, 0xa7}, {&(0x7f00000001c0)=""/163, 0xa3}, {&(0x7f0000000280)=""/231, 0xe7}, {&(0x7f0000000380)=""/206, 0xce}, {&(0x7f0000000480)=""/14, 0xe}, {&(0x7f00000004c0)=""/86, 0x56}, {&(0x7f0000000540)=""/55, 0x37}], 0x7}, 0x3}, {{&(0x7f0000000600)=@vsock, 0x80, &(0x7f00000019c0)=[{&(0x7f0000000680)=""/4096, 0x1000}, {&(0x7f0000001680)=""/147, 0x93}, {&(0x7f0000001740)=""/55, 0x37}, {&(0x7f0000001780)=""/6, 0x6}, {&(0x7f00000017c0)=""/231, 0xe7}, {&(0x7f00000018c0)=""/133, 0x85}, {&(0x7f0000001980)}], 0x7}, 0x2}, {{&(0x7f0000001a40)=@isdn, 0x80, &(0x7f0000001f80)=[{&(0x7f0000001ac0)=""/149, 0x95}, {&(0x7f0000001b80)=""/28, 0x1c}, {&(0x7f0000001bc0)=""/29, 0x1d}, {&(0x7f0000001c00)=""/240, 0xf0}, {&(0x7f0000001d00)=""/117, 0x75}, {&(0x7f0000001d80)=""/228, 0xe4}, {&(0x7f0000001e80)}, {&(0x7f0000001ec0)=""/174, 0xae}], 0x8, &(0x7f0000002000)=""/85, 0x55}}, {{&(0x7f0000002080)=@l2tp6={0xa, 0x0, 0x0, @loopback}, 0x80, &(0x7f00000032c0)=[{&(0x7f0000002100)=""/108, 0x6c}, {&(0x7f0000002180)=""/4096, 0x1000}, {&(0x7f0000003180)=""/63, 0x3f}, {&(0x7f00000031c0)=""/249, 0xf9}], 0x4}, 0x6}, {{&(0x7f0000003380)=@x25={0x9, @remote}, 0x80, &(0x7f00000034c0)=[{&(0x7f0000003400)=""/187, 0xbb}, {&(0x7f0000003300)=""/56, 0x38}], 0x2, &(0x7f0000003500)=""/54, 0x36}, 0x1ff}, {{&(0x7f0000003540)=@ax25={{0x3, @null}, [@netrom, @netrom, @netrom, @bcast, @bcast, @bcast, @netrom, @default]}, 0x80, &(0x7f0000003a00)=[{&(0x7f00000035c0)=""/48, 0x30}, {&(0x7f0000003600)=""/254, 0xfe}, {&(0x7f0000003700)=""/211, 0xd3}, {&(0x7f0000003800)=""/122, 0x7a}, {&(0x7f0000003880)=""/84, 0x54}, {&(0x7f0000003900)=""/207, 0xcf}], 0x6, &(0x7f0000003a80)=""/35, 0x23}, 0x6}, {{&(0x7f0000003ac0)=@can, 0x80, &(0x7f0000003c80)=[{&(0x7f0000003b40)=""/20, 0x14}, {&(0x7f0000003b80)=""/253, 0xfd}], 0x2}, 0x3}, {{0x0, 0x0, &(0x7f0000003fc0)=[{&(0x7f0000003cc0)=""/129, 0x81}, {&(0x7f0000003d80)=""/193, 0xc1}, {&(0x7f0000003e80)=""/76, 0x4c}, {&(0x7f0000003f00)=""/165, 0xa5}], 0x4, &(0x7f0000004000)=""/90, 0x5a}}], 0x8, 0x60, &(0x7f0000004280)={0x0, 0x1c9c380}) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:23 executing program 2: 02:48:23 executing program 3: 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:23 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000180)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0) ioctl$SG_GET_ACCESS_COUNT(r4, 0x2289, &(0x7f0000000200)) r5 = openat$selinux_enforce(0xffffffffffffff9c, &(0x7f00000002c0)='/selinux/enforce\x00', 0x200, 0x0) r6 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r7) r8 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r8, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r9) mount$9p_fd(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='9p\x00', 0x20000, &(0x7f00000004c0)=ANY=[@ANYBLOB="747261ab0f2c0b206e733d66646e6f3d070000000e6e25d2f4c0e8288fa1ad056788c75f10f6624b9e1e9b1c41aefe776312b89036042cbe48217d9efe53d844966b98ab021bd5d11c83804bb86c9b3de335ed4b54c4546174b621480c1f86711130ce131ed9aa0100531f17d7c1c8cd95173153ff03ff18a3087d22327b38744709964a2c391127a5b391946af1cb7f8db5afdbbace01ffe74c3cebb61280ec41cf0c376f7dda15b28855dfd812882d", @ANYRESHEX=r5, @ANYBLOB=',wfdno=', @ANYRESHEX=r3, @ANYBLOB=',posixacl,access=any,debug=0x000000000000003f,measure,euid<', @ANYRESDEC=r7, @ANYBLOB=',fscontext=system_u,pcr=00000000000000000008,fsname=btrfs\x00,fowner>', @ANYRESDEC=r9, @ANYBLOB=',\x00']) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getpeername$inet(r3, &(0x7f0000000100)={0x2, 0x0, @empty}, &(0x7f0000000140)=0x10) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:23 executing program 5 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:23 executing program 2: [ 528.948080] BTRFS error (device loop4): superblock checksum mismatch [ 528.962148] FAULT_INJECTION: forcing a failure. [ 528.962148] name failslab, interval 1, probability 0, space 0, times 0 [ 528.973390] CPU: 0 PID: 29856 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 528.981418] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 528.990957] Call Trace: [ 528.993675] dump_stack+0x142/0x197 [ 528.997642] should_fail.cold+0x10f/0x159 [ 529.001984] should_failslab+0xdb/0x130 [ 529.005984] kmem_cache_alloc+0x47/0x780 [ 529.010056] ? lock_downgrade+0x740/0x740 [ 529.014218] __sigqueue_alloc+0x1da/0x400 [ 529.018512] __send_signal+0x1a2/0x1280 [ 529.023100] ? lock_acquire+0x16f/0x430 [ 529.027179] send_signal+0x49/0xc0 [ 529.030836] force_sig_info+0x243/0x350 [ 529.034831] force_sig_info_fault.constprop.0+0x1c6/0x2b0 [ 529.040495] ? is_prefetch.isra.0+0x350/0x350 [ 529.045016] ? trace_raw_output_x86_exceptions+0x140/0x140 [ 529.050715] __bad_area_nosemaphore+0x1dc/0x2a0 [ 529.055386] bad_area+0x69/0x80 [ 529.058805] __do_page_fault+0x86f/0xb80 [ 529.062922] ? vmalloc_fault+0xe30/0xe30 [ 529.066993] ? page_fault+0x2f/0x50 [ 529.070697] do_page_fault+0x71/0x511 [ 529.074511] ? page_fault+0x2f/0x50 [ 529.078143] page_fault+0x45/0x50 [ 529.081598] RIP: 0033:0x454fbf [ 529.084804] RSP: 002b:00007f6b0e361a68 EFLAGS: 00010283 [ 529.090165] RAX: 00007f6b0e361b40 RBX: 00007f6b0e3626d4 RCX: 0000000000000000 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:23 executing program 3: [ 529.097439] RDX: 00000000000000e0 RSI: 0000000000000000 RDI: 00007f6b0e361b40 [ 529.104716] RBP: 000000000075bf20 R08: 00000000000000e0 R09: 000000000000000a [ 529.112096] R10: 0000000000000075 R11: 00000000004ee120 R12: 0000000000000003 [ 529.119388] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000030 02:48:23 executing program 3: 02:48:23 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:23 executing program 2: 02:48:24 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = openat$selinux_checkreqprot(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/checkreqprot\x00', 0x189d02, 0x0) timer_create(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, @thr={&(0x7f00000001c0), 0x0}}, 0x0) r5 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) r6 = dup(r5) ioctl$PERF_EVENT_IOC_SET_FILTER(r6, 0x8b2b, &(0x7f0000000000)='wlan0\x00') sendmsg$IPSET_CMD_SWAP(r4, &(0x7f0000000100)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x2c, 0x6, 0x6, 0x801, 0x0, 0x0, {0xa, 0x0, 0xa}, [@IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}]}, 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:24 executing program 3: 02:48:24 executing program 2: 02:48:24 executing program 0: setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) [ 529.360192] BTRFS error (device loop4): open_ctree failed [ 529.437426] BTRFS error (device loop4): superblock checksum mismatch [ 529.480532] BTRFS error (device loop4): open_ctree failed 02:48:24 executing program 3: 02:48:24 executing program 2: 02:48:24 executing program 0: setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) 02:48:24 executing program 5 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffffc, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) syz_mount_image$nfs(&(0x7f0000000100)='nfs\x00', &(0x7f0000000140)='./file0\x00', 0x1, 0x7, &(0x7f0000000540)=[{&(0x7f0000000180)="726e0e95064b340aae2b50f1cba99c3d10ee2f31d92a1669b23f872a80ffc770009395a48c3c73d00311678a0667", 0x2e, 0x5}, {&(0x7f0000000200)="bb56e753618899738fe1a362b4e3779e895b241d8c58108e2e70693df1731ff1cbca10e1b2f6adf49f9a90d670aae84bd3b3c2438a1d92a4c5e6e0a14389da46976fa115018bb1de68998a528f6ef210014170eefb", 0x55, 0x27}, {&(0x7f0000000280)="c90a753a26418531967d099ff48cebf6441c3b4451b3a852fb2e6973a38829a9537c71e4abd2800e669a0cded6778cda794e4c2748d9215386d32e8f88a9157b34c0b9b24a2fc5818ddc207d0d9ae06b00e82093b8c6f709b724352c22d929c4f0b749134fa40d2c4f8fdbb2ebe218c15fe9832eee150b10e4d2bf971e9afbf31916cb3c2cb517c9c18c3b14f23d520241c02a4d7f1c98ea8f5eeb32a6ac86827003dfeaf19163332d98bdde9afce2d3cbd9e59589d0f03f9740", 0xba, 0x1}, {&(0x7f0000000340)="0e73a9311fc8155d9987c288781148a025952fcc9ca45767539f55ddf4210e730151e121e8157ede7bcd55878da6ab11a2a5", 0x32, 0x800}, {&(0x7f0000000380)="4888730d0df063d186075a94b2337bf1bb9c501b06827610780a76737deb415d0169430d3e513bc2b662e4776521d2db927c322cfda79b88bc6c9b4ea37ecc60ddd976a57d81cc6f5ac312959a8f6a79bcc1ba3c21e7524e1c3cfb450e438bfb38dd9be0524d240c4aca46e34b87316c9c9fb43e77780d29eb612c3a33194a36294ff4d15195edb0a6ac5ee9b7c383a299d4f0719047bd7b45c40e5e130be3d70702ab16ac90384ced9f", 0xaa, 0x9}, {&(0x7f0000000440)="db9132919d0e00528769aaaac42283a83f7393ab1bc89cc668dd719d90a957bf16440f157e437d585c70b9e00636c5d376a74221cb3bfee10b23cfd8661b0f567089c59ab07521e5334fa08546001e3bfe849b00cdf88dfcc88cfa13392f9f0dfd6ceaac964c88ee135f6b23e1a3e52fac106f0cd14c240b8b8f81f41589d23471132c581204fe064180761c2b08b3", 0x8f, 0x4}, {&(0x7f0000000500)="3d9ebdf74d2d0c1756b26d4868b57fc33d5d55ca43f5", 0x16, 0x4}], 0x18001, &(0x7f0000000600)='btrfs\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$NFNL_MSG_ACCT_DEL(r1, &(0x7f0000000700)={&(0x7f0000000640)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f00000006c0)={&(0x7f0000000680)={0x20, 0x3, 0x7, 0x301, 0x0, 0x0, {0x3, 0x0, 0x8}, [@NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0xc3}]}, 0x20}, 0x1, 0x0, 0x0, 0x20040080}, 0x24040050) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$P9_RUNLINKAT(r3, &(0x7f0000000740)={0x7, 0x4d, 0x2}, 0x7) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:24 executing program 3: 02:48:24 executing program 2: 02:48:24 executing program 0: setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r0 = socket(0x11, 0x800000003, 0x0) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r0, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r1}, 0x14) [ 529.591674] FAULT_INJECTION: forcing a failure. [ 529.591674] name failslab, interval 1, probability 0, space 0, times 0 [ 529.640166] CPU: 1 PID: 29903 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 529.648343] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 529.657730] Call Trace: [ 529.660337] dump_stack+0x142/0x197 [ 529.664018] should_fail.cold+0x10f/0x159 [ 529.668216] should_failslab+0xdb/0x130 [ 529.672210] __kmalloc_track_caller+0x2ec/0x790 [ 529.677004] ? kasan_check_write+0x14/0x20 [ 529.681256] ? strndup_user+0x62/0xf0 [ 529.685067] memdup_user+0x26/0xa0 [ 529.688623] strndup_user+0x62/0xf0 [ 529.692296] SyS_mount+0x6b/0x120 [ 529.695764] ? copy_mnt_ns+0x8c0/0x8c0 [ 529.700625] do_syscall_64+0x1e8/0x640 [ 529.704557] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 529.709428] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 529.714751] RIP: 0033:0x45de0a [ 529.717953] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 529.728561] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 529.735839] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 529.743305] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 529.750714] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 529.758028] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000031 02:48:24 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_open_dev$usbfs(&(0x7f0000000000)='/dev/bus/usb/00#/00#\x00', 0x7, 0x1c1142) syslog(0x0, &(0x7f0000000240)=""/233, 0xe9) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$IP_VS_SO_SET_DELDEST(r3, 0x0, 0x488, &(0x7f00000001c0)={{0x2f, @dev={0xac, 0x14, 0x14, 0x12}, 0x4e23, 0x0, 'wlc\x00', 0x12, 0x64a, 0x20}, {@remote, 0x4e20, 0x3, 0x1, 0x4, 0x40}}, 0x44) fchown(r4, r5, 0xee00) r6 = socket$tipc(0x1e, 0x1389b1d36a5fd842, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r6, 0x891a, &(0x7f00000000c0)={'vlan1\x00', {0x2, 0x4e23, @rand_addr=0x2}}) ioperm(0x2, 0x4, 0x100) ioctl$VIDIOC_QBUF(r3, 0xc058560f, &(0x7f0000000040)={0xcbe, 0x6, 0x4, 0x0, 0x47, {0x0, 0x2710}, {0x5, 0xc, 0x36, 0x8, 0x3, 0x7, "2033af59"}, 0x2, 0x1, @userptr=0x5, 0x5, 0x0, r2}) 02:48:24 executing program 3: 02:48:24 executing program 2: 02:48:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 529.817324] BTRFS error (device loop4): superblock checksum mismatch [ 529.850708] BTRFS error (device loop4): open_ctree failed 02:48:24 executing program 5 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:24 executing program 2: 02:48:24 executing program 3: 02:48:24 executing program 2: 02:48:24 executing program 3: 02:48:24 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:24 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$KVM_KVMCLOCK_CTRL(r7, 0xaead) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x406, r8) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000280)={0xfffffff, 0x3, 0xfffffeff, 0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x9a0911, 0x8, [], @string=&(0x7f0000000200)}}) ioctl$sock_inet_sctp_SIOCINQ(r10, 0x541b, &(0x7f00000002c0)) r11 = getpid() tkill(r11, 0x3e) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) r13 = socket$inet6_tcp(0xa, 0x1, 0x0) r14 = fcntl$dupfd(r13, 0x0, r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) ioctl$UFFDIO_UNREGISTER(r14, 0x8010aa01, &(0x7f0000000180)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}) r15 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) ioctl$UI_DEV_SETUP(r15, 0x405c5503, &(0x7f0000000100)={{0x7, 0x400, 0x8, 0x5}, 'syz1\x00', 0x45}) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$SIOCPNENABLEPIPE(r9, 0x89ed, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 530.032756] FAULT_INJECTION: forcing a failure. [ 530.032756] name failslab, interval 1, probability 0, space 0, times 0 [ 530.109145] CPU: 1 PID: 29933 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 530.117074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.126630] Call Trace: [ 530.129362] dump_stack+0x142/0x197 [ 530.133014] should_fail.cold+0x10f/0x159 [ 530.137197] should_failslab+0xdb/0x130 [ 530.141232] __kmalloc_track_caller+0x2ec/0x790 [ 530.145929] ? strndup_user+0x62/0xf0 [ 530.149841] memdup_user+0x26/0xa0 [ 530.153399] strndup_user+0x62/0xf0 02:48:24 executing program 2: [ 530.157047] SyS_mount+0x3c/0x120 [ 530.160647] ? copy_mnt_ns+0x8c0/0x8c0 [ 530.164545] do_syscall_64+0x1e8/0x640 [ 530.168542] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 530.173552] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 530.178743] RIP: 0033:0x45de0a [ 530.182047] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 530.189787] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 530.197069] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 530.204688] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 530.211965] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 530.219237] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000032 02:48:25 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x40082406, &(0x7f0000000000)='hash\x00') 02:48:25 executing program 3: 02:48:25 executing program 2: 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:25 executing program 5 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 530.295588] BTRFS error (device loop4): superblock checksum mismatch [ 530.330957] BTRFS error (device loop4): open_ctree failed 02:48:25 executing program 3: 02:48:25 executing program 2: 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 530.378097] FAULT_INJECTION: forcing a failure. [ 530.378097] name failslab, interval 1, probability 0, space 0, times 0 [ 530.445739] CPU: 1 PID: 29964 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 530.453668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.463683] Call Trace: [ 530.466397] dump_stack+0x142/0x197 [ 530.470048] should_fail.cold+0x10f/0x159 [ 530.474218] should_failslab+0xdb/0x130 [ 530.478214] __kmalloc_track_caller+0x2ec/0x790 [ 530.482897] ? kasan_check_write+0x14/0x20 [ 530.487143] ? strndup_user+0x62/0xf0 [ 530.490963] memdup_user+0x26/0xa0 02:48:25 executing program 3: [ 530.494519] strndup_user+0x62/0xf0 [ 530.498163] SyS_mount+0x6b/0x120 [ 530.501622] ? copy_mnt_ns+0x8c0/0x8c0 [ 530.505521] do_syscall_64+0x1e8/0x640 [ 530.509436] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 530.514311] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 530.519511] RIP: 0033:0x45de0a [ 530.522702] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 530.530423] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 530.537709] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 02:48:25 executing program 2: 02:48:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_SIOCGIFVLAN_GET_VLAN_INGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000100)) r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r5}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r5}}, 0x48) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) fcntl$dupfd(r4, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:25 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040)='NLBL_UNLBL\x00') sendmsg$NLBL_UNLABEL_C_STATICLISTDEF(r4, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x60, r5, 0x100, 0x70bd2a, 0x25dfdbfb, {}, [@NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'wg2\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'geneve0\x00'}, @NLBL_UNLABEL_A_IFACE={0x14, 0x6, 'batadv_slave_1\x00'}, @NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @remote}, @NLBL_UNLABEL_A_IPV4MASK={0x8, 0x5, @remote}]}, 0x60}, 0x1, 0x0, 0x0, 0x48000}, 0x4008800) r6 = fcntl$dupfd(r2, 0x0, r2) r7 = open(&(0x7f0000000200)='./file0\x00', 0x290b81, 0x50) ioctl$TUNGETDEVNETNS(r7, 0x54e3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) [ 530.544986] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 530.552265] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 530.559539] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000033 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:25 executing program 5 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 530.700228] BTRFS error (device loop4): superblock checksum mismatch 02:48:25 executing program 2: 02:48:25 executing program 3: [ 530.774319] BTRFS error (device loop4): open_ctree failed [ 530.791997] FAULT_INJECTION: forcing a failure. [ 530.791997] name failslab, interval 1, probability 0, space 0, times 0 02:48:25 executing program 2: 02:48:25 executing program 3: 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 530.878189] CPU: 1 PID: 29997 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 530.886136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 530.895497] Call Trace: [ 530.898102] dump_stack+0x142/0x197 [ 530.901813] should_fail.cold+0x10f/0x159 [ 530.905978] should_failslab+0xdb/0x130 [ 530.909996] kmem_cache_alloc+0x2d7/0x780 [ 530.914164] ? fs_reclaim_acquire+0x20/0x20 [ 530.918510] ? find_held_lock+0x35/0x130 [ 530.922593] getname_flags+0xcb/0x580 [ 530.926412] user_path_at_empty+0x2f/0x50 [ 530.930625] do_mount+0x12b/0x27d0 [ 530.934207] ? copy_mount_options+0x5c/0x2f0 [ 530.938707] ? rcu_read_lock_sched_held+0x110/0x130 [ 530.943785] ? copy_mount_string+0x40/0x40 [ 530.948066] ? _copy_from_user+0x99/0x110 [ 530.952236] ? copy_mount_options+0x1fe/0x2f0 [ 530.956760] SyS_mount+0xab/0x120 [ 530.960227] ? copy_mnt_ns+0x8c0/0x8c0 [ 530.964140] do_syscall_64+0x1e8/0x640 [ 530.968034] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 530.972915] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:48:25 executing program 3: [ 530.978121] RIP: 0033:0x45de0a [ 530.981401] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 530.989225] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 530.996507] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 531.003787] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 531.011331] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 531.018612] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000034 [ 531.038879] BTRFS error (device loop4): superblock checksum mismatch 02:48:25 executing program 3: 02:48:25 executing program 2: 02:48:25 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = fcntl$dupfd(r1, 0x406, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r3, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x1, 0x20}, &(0x7f0000000040)=0xc) getsockopt$inet_sctp6_SCTP_CONTEXT(0xffffffffffffffff, 0x84, 0x11, &(0x7f0000000080)={r4, 0xa7c}, &(0x7f00000000c0)=0x8) r5 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r7, 0x6, 0x23, &(0x7f0000000100)={&(0x7f0000ffd000/0x1000)=nil, 0x1000}, &(0x7f00000001c0)=0x10) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, 0x0, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:25 executing program 5 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:25 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_POWER_STATE(r2, 0x800455d1, &(0x7f0000000100)) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 531.110177] BTRFS error (device loop4): open_ctree failed 02:48:25 executing program 3: 02:48:25 executing program 2: 02:48:25 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x0, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:26 executing program 2: 02:48:26 executing program 3: [ 531.268258] BTRFS error (device loop4): superblock checksum mismatch [ 531.292552] FAULT_INJECTION: forcing a failure. [ 531.292552] name failslab, interval 1, probability 0, space 0, times 0 [ 531.350506] BTRFS error (device loop4): open_ctree failed [ 531.363858] CPU: 0 PID: 30033 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 531.371781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.381753] Call Trace: [ 531.384362] dump_stack+0x142/0x197 [ 531.388025] should_fail.cold+0x10f/0x159 [ 531.392199] should_failslab+0xdb/0x130 [ 531.396304] kmem_cache_alloc+0x2d7/0x780 [ 531.400644] ? cache_grow_end.part.0+0x92/0x160 [ 531.405333] getname_flags+0xcb/0x580 [ 531.409156] ? lock_downgrade+0x740/0x740 [ 531.413327] user_path_at_empty+0x2f/0x50 [ 531.417488] do_mount+0x12b/0x27d0 [ 531.421058] ? copy_mount_options+0x5c/0x2f0 [ 531.425596] ? rcu_read_lock_sched_held+0x110/0x130 [ 531.430676] ? copy_mount_string+0x40/0x40 [ 531.435020] ? copy_mount_options+0x1fe/0x2f0 [ 531.439646] SyS_mount+0xab/0x120 [ 531.443111] ? copy_mnt_ns+0x8c0/0x8c0 [ 531.447015] do_syscall_64+0x1e8/0x640 02:48:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x0, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 531.450911] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 531.455781] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 531.460973] RIP: 0033:0x45de0a [ 531.464214] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 531.471955] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 531.479592] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 531.486862] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 02:48:26 executing program 2: 02:48:26 executing program 3: [ 531.494143] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 531.501690] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000035 02:48:26 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'wp384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000940)='nl80211\x00') sendmsg$NL80211_CMD_NEW_KEY(r5, &(0x7f0000000a80)={&(0x7f0000000900)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000a40)={&(0x7f0000000980)={0xa8, r6, 0x10, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_MAC={0xa, 0x6, @random="9ec4479254a8"}, @NL80211_ATTR_KEY_SEQ={0x6, 0xa, "0ba6"}, @NL80211_ATTR_KEY_DATA_WEP104={0x11, 0x7, "81ca45d0c361824d4e9144b2f0"}, @NL80211_ATTR_KEY_DEFAULT={0x4}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0xfac05}, @NL80211_ATTR_KEY_DEFAULT_TYPES={0x8, 0x6e, 0x0, 0x1, [@NL80211_KEY_DEFAULT_TYPE_UNICAST={0x4}]}, @NL80211_ATTR_KEY={0x48, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP40={0x9, 0x1, "74ffaee63a"}, @NL80211_KEY_SEQ={0xc, 0x4, "9db6e5a565716785"}, @NL80211_KEY_SEQ={0xb, 0x4, "54f56e038c7c77"}, @NL80211_KEY_DATA_WEP40={0x9, 0x1, "601efc8284"}, @NL80211_KEY_DATA_WEP104={0x11, 0x1, "8fd4bab47931c2b208deedea48"}]}, @NL80211_ATTR_KEY_SEQ={0x6, 0xa, "e5cf"}, @NL80211_ATTR_KEY_CIPHER={0x8, 0x9, 0x7d600}]}, 0xa8}, 0x1, 0x0, 0x0, 0x20044085}, 0x840) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = syz_genetlink_get_family_id$netlbl_calipso(&(0x7f0000000040)='NLBL_CALIPSO\x00') r10 = syz_open_dev$char_usb(0xc, 0xb4, 0x100000000) syz_mount_image$f2fs(&(0x7f00000004c0)='f2fs\x00', &(0x7f0000000500)='./file0\x00', 0x4, 0x4, &(0x7f0000000780)=[{&(0x7f0000000540)="b094aefa3e5d2a944a12907ad73cc9cd08bcee1b5653e602d49df143dc6b63e54e10ff4ef2f7f650582f6cb2ec80a72ca4f0bb6faab1469a8d8d38d3edef2d7cef00a5f3234f728f3ee5d2ec76e74ba6f71a9eb222ab76bdff1b2536143ce8271dc98f040f016824cfd226fa8fbc08d610c2c2f40d7b997472082666bc86707992582be82b2952e5b48f316282f4c59e1a16bd9d60d44b2edd528ef737cc3ef73134ce08d62fcc26d1a435b7248d3ad9870a968b7a989b29af6b32aa54c5e4", 0xbf, 0x4}, {&(0x7f0000000600)="68945a9db0c14217057af2c973a65242f2022290c5b213c0d6b29aade7a0d6cb191640e6b472262ee0c32559c4b3d0463e1de5f90c11e7", 0x37, 0x1}, {&(0x7f0000000640)="e5a236eb0d1636b1b9010a2adc59c4c9f93a2c3b4570331b31871d9cefdf88c1efb77526a54a0980d48c82afc9db8f635271757dfcec902e14", 0x39}, {&(0x7f0000000680)="0aed1758903c7ef2d782c5f9dd16c2623401972bd88fc67cdfe6368fc398bcfdc1b8becfc6d735ac6eaf748c830ab4ba9efc7255a3078996ad5e58a25942d74438035867d6eca75b06a25cc3aa26254aed5f56c8c18623545b563f19546df79d86992fc994d2353f31df7688316397ae7ed6e9acc19b25180418503ddfbaeaa64460d1cc3c014d28d4e765cd7a95cf707dedfeaefa18fd150d3d40534d8a3845d116f96594d5b419b0cc896b274e758d47e6fa56a94aebdafc86788500556f5e2ea1e1dc314e636b173ac63d35b339", 0xcf, 0xffff}], 0x80080, &(0x7f0000000800)={[{@noinline_dentry='noinline_dentry'}, {@norecovery='norecovery'}, {@two_active_logs='active_logs=2'}, {@fsync_mode_strict='fsync_mode=strict'}, {@nodiscard='nodiscard'}, {@inline_xattr_size={'inline_xattr_size', 0x3d, 0x8001}}, {@norecovery='norecovery'}, {@heap='heap'}, {@jqfmt_vfsv1='jqfmt=vfsv1'}], [{@rootcontext={'rootcontext', 0x3d, 'user_u'}}, {@mask={'mask', 0x3d, '^MAY_APPEND'}}, {@pcr={'pcr', 0x3d, 0x15}}]}) ioctl$FIBMAP(r10, 0x1, &(0x7f0000000480)=0xf6f5309f) ioctl$FBIOPUTCMAP(r1, 0x4605, &(0x7f00000002c0)={0xffff, 0x2, &(0x7f00000001c0)=[0x8, 0x1f], &(0x7f0000000200)=[0x8, 0xe8], &(0x7f0000000240)=[0x20, 0x99c1, 0x0, 0x9, 0x3, 0x2, 0x5, 0x21f, 0xec, 0x1], &(0x7f0000000280)=[0x4]}) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) r12 = fcntl$dupfd(r11, 0x0, r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ioctl$VIDIOC_TRY_EXT_CTRLS(r12, 0xc0205649, &(0x7f0000000380)={0x9e0000, 0x4, 0x1, r0, 0x0, &(0x7f0000000340)={0x9d0a9a, 0xd1, [], @string=&(0x7f0000000300)=0x20}}) ioctl$VIDIOC_SUBDEV_G_DV_TIMINGS(r13, 0xc0845658, &(0x7f00000003c0)={0x0, @reserved}) sendmsg$NLBL_CALIPSO_C_REMOVE(r8, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x34, r9, 0x10, 0x70bd26, 0x25dfdbff, {}, [@NLBL_CALIPSO_A_DOI={0x8}, @NLBL_CALIPSO_A_DOI={0x8, 0x1, 0x2}, @NLBL_CALIPSO_A_MTYPE={0x8}, @NLBL_CALIPSO_A_DOI={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x4020}, 0x40) 02:48:26 executing program 3: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x5, [@union={0x0, 0x1, 0x0, 0x5, 0x0, 0x0, [{0x4}]}]}, {0x0, [0x0, 0x0, 0x0]}}, &(0x7f00000004c0)=""/163, 0x35, 0xa3, 0x1}, 0x20) [ 531.562283] BTRFS error (device loop4): superblock checksum mismatch [ 531.624629] BTRFS error (device loop4): open_ctree failed 02:48:26 executing program 5 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x0, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:26 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="aca4363ac0ed0200000000007a000000000001f60180000048aeb81e1b00b10efd9a0000010000000001fffffff60000005f42485266535f4d14acf3c5ea00"/77, 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r0, 0x0, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000100), &(0x7f0000000140)=0x4) 02:48:26 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r2, 0xc008ae91, &(0x7f0000000080)) 02:48:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)={0x14}, 0x14}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r2, 0x4138ae84, &(0x7f0000000080)) 02:48:26 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) socket$inet6_sctp(0xa, 0xca4ab6668756a0ee, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r2) r5 = accept4(r3, 0x0, 0x0, 0x0) recvmmsg(r5, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x100, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) getpeername(r4, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff}}, &(0x7f0000000080)=0x80) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r9) r10 = socket$inet(0x2, 0x80001, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r10, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) r13 = fcntl$dupfd(r12, 0x0, r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) ioctl$DRM_IOCTL_ADD_BUFS(r13, 0xc0206416, &(0x7f0000000100)={0x800, 0x3f, 0x2, 0xe2e3, 0x10, 0x9}) getsockopt$inet_sctp6_SCTP_MAXSEG(r9, 0x84, 0x1b, &(0x7f0000000200)=@assoc_value={r11}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r8, 0x84, 0x1f, &(0x7f00000001c0)={r11, @in6={{0xa, 0x4e23, 0x73, @local, 0x3ff}}, 0x3964, 0x3}, &(0x7f00000000c0)=0x90) [ 531.798472] FAULT_INJECTION: forcing a failure. [ 531.798472] name failslab, interval 1, probability 0, space 0, times 0 [ 531.883041] CPU: 0 PID: 30085 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 531.891262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 531.900792] Call Trace: [ 531.903410] dump_stack+0x142/0x197 [ 531.907037] should_fail.cold+0x10f/0x159 [ 531.911205] should_failslab+0xdb/0x130 [ 531.915179] kmem_cache_alloc+0x2d7/0x780 [ 531.919339] ? check_preemption_disabled+0x3c/0x250 [ 531.924381] alloc_vfsmnt+0x28/0x7d0 [ 531.928089] vfs_kern_mount.part.0+0x2a/0x3d0 [ 531.932585] ? find_held_lock+0x35/0x130 [ 531.936661] vfs_kern_mount+0x40/0x60 [ 531.940477] btrfs_mount+0x3ce/0x2b28 [ 531.944303] ? lock_downgrade+0x740/0x740 [ 531.948443] ? find_held_lock+0x35/0x130 [ 531.952497] ? pcpu_alloc+0x3af/0x1050 [ 531.956393] ? btrfs_remount+0x11f0/0x11f0 [ 531.961441] ? rcu_read_lock_sched_held+0x110/0x130 [ 531.966452] ? __lockdep_init_map+0x10c/0x570 [ 531.970949] ? __lockdep_init_map+0x10c/0x570 [ 531.975531] mount_fs+0x97/0x2a1 [ 531.978918] vfs_kern_mount.part.0+0x5e/0x3d0 [ 531.983406] do_mount+0x417/0x27d0 [ 531.986952] ? copy_mount_options+0x5c/0x2f0 [ 531.991356] ? rcu_read_lock_sched_held+0x110/0x130 [ 531.996653] ? copy_mount_string+0x40/0x40 [ 532.000925] ? copy_mount_options+0x1fe/0x2f0 [ 532.005523] SyS_mount+0xab/0x120 [ 532.009121] ? copy_mnt_ns+0x8c0/0x8c0 [ 532.013021] do_syscall_64+0x1e8/0x640 [ 532.016917] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.021772] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.026976] RIP: 0033:0x45de0a 02:48:26 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x40000000000006b, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r3, 0x0, r3) r4 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x440, 0x0) r5 = fcntl$dupfd(r2, 0x0, r4) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$SNDRV_PCM_IOCTL_START(r7, 0x4142, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:26 executing program 2: mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000180)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='overlay\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f00000002c0)='./bus\x00') mknod$loop(&(0x7f0000000140)='./file1\x00', 0xc000, 0x1) [ 532.030204] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 532.037918] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 532.045215] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 532.052486] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 532.059770] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 532.067048] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000036 02:48:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x0, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:26 executing program 3: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=ANY=[@ANYBLOB="030100000001190500000000000600000a000000440001002c0001001400030016f8bcd383af9b1577def13edad6b8bf14000400fe8000000000000000000000000000bb0c000200050001000000000006000300000200003c0002000c00020005000100000000002c00010014000300fe88000000000000000000000010000114000400ff020000000000000000000000000001080007000000000010000d000c000300060002004e2300008c000e002c00010014000300fe80000000000000000000000000001414000400fe8000000000000000000000000000bb46000300000300002c0001001400030000000000000000000000ffffac14140b140004004a925aa0ddf34330053d13c7087769421400010008000100ac1414aa08000200ac1414340c00020005000100110000000600030000040000"], 0x138}}, 0x0) 02:48:26 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x0, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 532.169296] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.190668] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.201775] overlayfs: filesystem on './file0' not supported as upperdir [ 532.209444] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. 02:48:26 executing program 2: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @perf_config_ext={0x0, 0x8}, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, 0x0, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000b000/0x18000)=nil, &(0x7f00000008c0)=[@text64={0x40, &(0x7f0000000080)="b8010000000f01c166b880008ec8c441fde78a4b39c3c8f2ae0f06660f0010c40130551e6536f3400f5a97482800000f35b96d0900000f32", 0x38}], 0x1, 0x1, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000480)=[@in6={0xa, 0x0, 0xc70, @rand_addr="5fd172704cedeac86d8f810c84838454"}, @in={0x2, 0x4e24, @broadcast}], 0x2c) r3 = syz_open_dev$usbmon(0x0, 0x0, 0x0) socket(0x0, 0x6, 0x0) connect$pppoe(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(0xffffffffffffffff, 0x84, 0xa, &(0x7f00000000c0)={0x0, 0x535, 0x200, 0x4, 0x0, 0x3, 0x6, 0x40}, &(0x7f0000000100)=0x20) ioctl$MON_IOCX_MFETCH(0xffffffffffffffff, 0x9201, 0x0) readahead(r3, 0x2, 0x80000000) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r2, 0x4040ae77, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000140)={[0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x4ca]}) openat$selinux_mls(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_open_dev$mice(0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 532.235368] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. 02:48:27 executing program 5 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x0, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) syz_open_dev$radio(&(0x7f0000000100)='/dev/radio#\x00', 0x0, 0x2) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 532.311050] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. 02:48:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 532.371023] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.391127] BTRFS error (device loop4): superblock checksum mismatch [ 532.402166] FAULT_INJECTION: forcing a failure. [ 532.402166] name failslab, interval 1, probability 0, space 0, times 0 [ 532.437773] CPU: 1 PID: 30140 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 532.440185] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.445731] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.463985] Call Trace: [ 532.466804] dump_stack+0x142/0x197 [ 532.470458] should_fail.cold+0x10f/0x159 [ 532.474629] should_failslab+0xdb/0x130 [ 532.478617] kmem_cache_alloc+0x2d7/0x780 [ 532.482906] ? lock_downgrade+0x740/0x740 [ 532.487233] alloc_vfsmnt+0x28/0x7d0 [ 532.490954] vfs_kern_mount.part.0+0x2a/0x3d0 [ 532.495465] do_mount+0x417/0x27d0 [ 532.499009] ? copy_mount_options+0x5c/0x2f0 [ 532.503446] ? rcu_read_lock_sched_held+0x110/0x130 [ 532.508509] ? copy_mount_string+0x40/0x40 [ 532.512769] ? copy_mount_options+0x1fe/0x2f0 [ 532.517291] SyS_mount+0xab/0x120 [ 532.520745] ? copy_mnt_ns+0x8c0/0x8c0 [ 532.524908] do_syscall_64+0x1e8/0x640 [ 532.528805] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.533694] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.538898] RIP: 0033:0x45de0a [ 532.542363] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 532.550312] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 532.557597] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 532.564907] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 532.572191] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 532.579484] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000037 02:48:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 532.619367] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.628396] BTRFS error (device loop4): open_ctree failed 02:48:27 executing program 5 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 532.702776] netlink: 87 bytes leftover after parsing attributes in process `syz-executor.3'. [ 532.713444] FAULT_INJECTION: forcing a failure. [ 532.713444] name failslab, interval 1, probability 0, space 0, times 0 [ 532.728190] CPU: 1 PID: 30165 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 532.736112] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 532.745473] Call Trace: [ 532.748080] dump_stack+0x142/0x197 [ 532.750506] BTRFS error (device loop4): superblock checksum mismatch [ 532.751728] should_fail.cold+0x10f/0x159 [ 532.751748] should_failslab+0xdb/0x130 [ 532.766547] __kmalloc_track_caller+0x2ec/0x790 [ 532.771341] ? unwind_get_return_address+0x61/0xa0 [ 532.776274] ? __save_stack_trace+0x7b/0xd0 [ 532.780757] ? btrfs_parse_early_options+0xa3/0x310 [ 532.785795] kstrdup+0x3a/0x70 [ 532.789098] btrfs_parse_early_options+0xa3/0x310 [ 532.793951] ? btrfs_freeze+0xc0/0xc0 [ 532.797743] ? find_next_bit+0x28/0x30 [ 532.801620] ? pcpu_alloc+0xcf0/0x1050 [ 532.805517] ? find_held_lock+0x35/0x130 [ 532.809606] ? pcpu_alloc+0xcf0/0x1050 [ 532.813497] btrfs_mount+0x11d/0x2b28 [ 532.817438] ? lock_downgrade+0x740/0x740 [ 532.821687] ? find_held_lock+0x35/0x130 [ 532.825742] ? pcpu_alloc+0x3af/0x1050 [ 532.829639] ? _find_next_bit+0xee/0x120 [ 532.833865] ? check_preemption_disabled+0x3c/0x250 [ 532.838877] ? btrfs_remount+0x11f0/0x11f0 [ 532.843120] ? rcu_read_lock_sched_held+0x110/0x130 [ 532.848229] ? __lockdep_init_map+0x10c/0x570 [ 532.852730] ? __lockdep_init_map+0x10c/0x570 [ 532.857231] mount_fs+0x97/0x2a1 [ 532.860598] vfs_kern_mount.part.0+0x5e/0x3d0 [ 532.865204] do_mount+0x417/0x27d0 [ 532.868748] ? copy_mount_options+0x5c/0x2f0 [ 532.873171] ? rcu_read_lock_sched_held+0x110/0x130 [ 532.878223] ? copy_mount_string+0x40/0x40 [ 532.882506] ? copy_mount_options+0x1fe/0x2f0 [ 532.886993] SyS_mount+0xab/0x120 [ 532.890686] ? copy_mnt_ns+0x8c0/0x8c0 [ 532.894848] do_syscall_64+0x1e8/0x640 [ 532.898728] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 532.903563] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 532.908755] RIP: 0033:0x45de0a [ 532.911933] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 532.919645] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 532.926909] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 532.934178] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 532.941572] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 532.948892] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000038 02:48:27 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 532.993871] BTRFS error (device loop4): open_ctree failed 02:48:27 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:27 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) 02:48:27 executing program 5 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:27 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) fsync(r6) r7 = fcntl$dupfd(r5, 0x0, r5) r8 = syz_open_procfs(0x0, &(0x7f0000000200)='net/udp6\x00') setsockopt$ax25_int(r8, 0x101, 0x3, &(0x7f0000000240)=0x1000, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r7, 0x84, 0x20, &(0x7f0000000040)=0x1, 0x4) r9 = socket$pppoe(0x18, 0x1, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000100)={0xfffffff, 0x1, 0x3, 0xffffffffffffffff, 0x0, &(0x7f00000000c0)={0x990afb, 0x0, [], @p_u16=&(0x7f0000000080)=0x6c6a}}) ioctl$VIDIOC_S_OUTPUT(r10, 0xc004562f, &(0x7f00000001c0)=0x5) syncfs(r9) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x6) ioctl$SNDCTL_DSP_GETBLKSIZE(r4, 0xc0045004, &(0x7f0000000000)) r11 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) [ 533.141156] FAULT_INJECTION: forcing a failure. [ 533.141156] name failslab, interval 1, probability 0, space 0, times 0 [ 533.162968] BTRFS error (device loop4): superblock checksum mismatch [ 533.206834] CPU: 1 PID: 30187 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 533.214885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.224246] Call Trace: [ 533.226966] dump_stack+0x142/0x197 [ 533.230631] should_fail.cold+0x10f/0x159 [ 533.234805] should_failslab+0xdb/0x130 [ 533.238806] __kmalloc+0x2f0/0x7a0 [ 533.242453] ? find_held_lock+0x35/0x130 [ 533.246537] ? pcpu_alloc+0xcf0/0x1050 [ 533.250533] ? btrfs_mount+0x19a/0x2b28 [ 533.254613] btrfs_mount+0x19a/0x2b28 [ 533.258521] ? lock_downgrade+0x740/0x740 [ 533.262688] ? find_held_lock+0x35/0x130 [ 533.266768] ? pcpu_alloc+0x3af/0x1050 [ 533.270782] ? btrfs_remount+0x11f0/0x11f0 [ 533.275037] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.280216] ? __lockdep_init_map+0x10c/0x570 [ 533.284829] ? __lockdep_init_map+0x10c/0x570 [ 533.289350] mount_fs+0x97/0x2a1 [ 533.292742] vfs_kern_mount.part.0+0x5e/0x3d0 [ 533.297255] do_mount+0x417/0x27d0 [ 533.300808] ? copy_mount_options+0x5c/0x2f0 [ 533.305226] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.310282] ? copy_mount_string+0x40/0x40 [ 533.314747] ? copy_mount_options+0x1fe/0x2f0 [ 533.319378] SyS_mount+0xab/0x120 [ 533.322861] ? copy_mnt_ns+0x8c0/0x8c0 [ 533.326871] do_syscall_64+0x1e8/0x640 [ 533.330771] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.335640] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.340964] RIP: 0033:0x45de0a [ 533.344198] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 533.351940] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 533.359738] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 533.367013] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 533.374291] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 533.381571] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000039 [ 533.404286] BTRFS error (device loop4): open_ctree failed [ 533.464599] BTRFS error (device loop4): superblock checksum mismatch 02:48:28 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) 02:48:28 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(0xffffffffffffffff, 0x6, 0x1d, &(0x7f0000000240)={0x5, 0x1, 0x3ff, 0x9, 0x200}, 0x14) ioctl$SNDRV_RAWMIDI_IOCTL_PARAMS(0xffffffffffffffff, 0xc0305710, &(0x7f0000000100)={0x1, 0x0, 0x3, 0x1}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) getsockopt$IP6T_SO_GET_REVISION_TARGET(r4, 0x29, 0x45, &(0x7f0000000180)={'icmp6\x00'}, &(0x7f0000000200)=0x1e) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VT_GETSTATE(r3, 0x5603, &(0x7f0000000140)={0x1, 0x40c9, 0xff80}) 02:48:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:28 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000024c0)='TIPCv2\x00') sendmsg$TIPC_NL_BEARER_SET(r1, &(0x7f00000025c0)={&(0x7f0000002480)={0x10, 0x0, 0x0, 0x4000010}, 0xc, &(0x7f0000002580)={&(0x7f0000002500)={0x54, r4, 0x4, 0x70bd28, 0x25dfdbff, {}, [@TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x14, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x10000}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0xdb43}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}]}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x20000000}, 0x800) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000000040)=@req={0x28, &(0x7f0000000000)={'macvlan1\x00', @ifru_mtu=0x9}}) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$kcm(r6, &(0x7f0000000100)={&(0x7f0000000080)=@un=@abs={0x1, 0x0, 0x4e20}, 0x80, &(0x7f0000002400)=[{&(0x7f00000001c0)="d25c63cf15046574317f163bf2957d83baef2fcf85bd6c4a7e112cb275032e3105f6c2cf5e01e54e349091f0cd4bb9cea39f4ee8e2c5934577ef1b0acf7496652420041064c4411da077def31ad91cd0a52076a6fab0876ce999f0537d7518339839b1a37279a456dc27c7334e9638b527848b42d7b964570b942dcf1e9766510ad21746c01a6123329ec89bbe35f9fb05c4b0adb87cf6d91048eb6347c3011c579638cbbf9bd2878cb88f6873262c2f4cd1fee420a34bee11f6f6747568f03e907337bedd524a7e1df942782ded4e73ad5e8dff59be7bd97fe050e29ab6ca5504000bcdbb2bebae4d3e8524571ded0abea02d630518f3ebb9e48571ca09c31b546b0cc9fc37c79689d61c3f66f96a46e92895c5f6bb9f509eb616c0f5fb56f0b3ac95575f24ec0a5ac37cb9a3b092f8a6bb258ff59dab1f324e5e3fa7d7c9c22f7e21c235c43e12b317647583f98c09040f784db2d2cb2fcd5d4f81fc805d4e9d31e174084847d4f666dbf304e3d1a5150ca63b5ec25974614aaf1ffee87e31a955ef1e509f58333ebd3ca5c6a3fd4aff77a04a52790fbc90e23344e31f4505a9eda221ec85bca20b148df10c58c9c4828320901477e833649b1241cd7a467f9593cd5f1849117f2577a613e4b45a47dfddf03c51085d159125508ac538d328f881ef74d3335321ded880a79b22d3458c1f1b1bf16040176368cb5da2738abe3f97113c91a2373c6864e60256fb74445b5ef98e8e7e804ce881c360e88cc23b58e11972565444943ac2b59e7def85cabb09ae4f7cabf0c43e7b03295542062a91a6a58a55073983905712958c47a6acb4e42ad2a43d530dcaef0200f478c65e6567de8d511846fcaee39942167903183ecd0066317592c6e5231951f73315d69bd8db043d44118e05f33b7d6ab8b722d1f83dd1e3e4e4cf2259c70b195d08226b0488050f9497af336ed64e1effefeb2620939cd173f1a63bfb680a66258c61fd3426930ab9cec45b2bce60d8062f6d0420d5a4197da01d145247c5aa4a056519f624b057b22c90b45ac00ec0be34d9eca92fa7f1c90d636aca3cc76a9d3f2bdcc4eadbb7c4e8cdcff2d13e83cfa3d68f3d7c32dfdd9049325fd85c6a473905b8921dd6e1d8fc9e452af9f14d36ff7099e5e07231d22ec4758ba55055484489cac7d76a7a68593d03c4a05b47434dc5cbbf0aaba249f2f36716c8dc9e4f62fa17c0ae27096cd3dce4e72f68fa5ebeaf87fb2cd449f068e5b3c5a38e3d6d69b6c4d324608a1e80ed8a61dcbc01892bbc92c167d0a1e86343dc6432e255337be6a1f3ba739522f698e686ce4a05a5660d31e3513ad7dac3640d82f0d2ce7c4e8d1c07949ce51947e70d17ee6dee37caa26da3708456632e300f0a4acd495737d9c2f33e254471b0dfda50f70d68a89504dcba41772a666ebc72e79fa42e05c4ddc68fcb1b2cae6b1878f7bb49203461c1aefd55ff529ff74c68e2349fb9c94e386a5c9d957cf15db5c0d972bd10c58e19e3a8ce6fdf3fee8ec396b5bf29215ff8f2885ab4a684f30d9cf5324073288ed1a8e5e2c8cabb7fbca6ce2143cfd1018d5cddfb9c4dda855b574e181fd81393be59104f3ca589b8bb5ea84817f5bd9a1690a16d83298e85a3a76963217dc23725bf7323a10b7be2be698d8b32ff08b3bd62384cbcd8db6cf49beef9bf2afbdf2fcbcbc55eb1e830c087e887c2c2cb04cc741071a3521ed77247a6c5064cd1958d5a1d6ec61178e02c0a2668e6a0030e667a49a8adc967f133234a87b586007908d100c4220a2940d238a25c116a71cb000964bf510bc216a22b4835bda31ef0ebfe5a2b9d8f1d54a714e001226eac955ff6d5905fb82063537837430da5e83752593f01b6121d0e7108089e1d07152aa80f085826210bcfa2e884a5757e5dfa4ca221304b7db4e85dd7d9bc9cdeb2546a9593c0998db3884faf780da41272a890cad90fda79de23b7ba30aa836712184b5077e73115a228fee65799964ef52d33fc71149f555752fa2e4cb9b869c24c02ed97dd9e0965b9e6820ae8d2754dcd7f7c6de3ee05caced40a64cb970e8df6f7f079f3cfca85c514a8b6518221817b8bc7a1e5bb94bb038b37eb350273b6875a607e7df9e491656a8ee7e36a6fcbbfa027e11a4a952cabce98562ddce801e71bfb8b74594500c1275907ed61b7d17efde45b9f972bcf2624251b1b033af2ab0df293f710b7d60562be024eef59394e0303665ae6c3e651735dc3048c64ddc1fa4597654628c3fce9c2001606c59d1a0762517f838d90c842898728d37a423bc1dc6d3d5cf9e9cc61549322dcd040740267ea92133984fff131e417c66e61ab13ec686f8bccd694e4902dedbb49f52bfcf41fe6c6710330eb949b16c2b7aeee20bc5725ba234964eff0608d2de1f893f5e7d060a859892160b4a44db8a476da2a5c770931c98b2526222384a4aba24b50073fb59958834023bcf0ce463fbc970c2d35250e49195fabf49b0cb3c5abdb47cd84208874c750cff81919e372238822d9739ef225022047bd911558d8c830b2e7c1e9254275c1490fe1c9b02dbb9df30d55fef2b503416ecbea2267d4cf7f052a615909889703108927e8eef3689fc94dab13234eb51a74bee5788b8ddee692fb0aba706f6896348b1f118178909e246b22a28a45a333f38abf45ccf26b2d391c070acc7a4e90e04256b59089669f6ad8f84a4b349dd7782875f1bdaea6b40453ee1e82a8db489cec2f4af5d1739d3b044c4507d141a6186f39109420b2fb9042eca2a36f0ca73cc8acfd6cdf35632988a86aed5be2d8d1d8c249602a4c07a5046b52820fec42e057cda7ebb6c3ed9cc7ef71ca3b8181277a55861d3c6df0947d41d47a669b148df7ae54767611adc9dfab222aed2dadd3d9e1eb8f303fa2048fbc62a4bdf4d62bab882924e5cebf202cda90b4aa078a6aff6163eb31a9476494f21093aeb98e795a00ed951d5c2ae084a75a3e9bee0291f86c9158b9b208c7aa68f5a950f984b2caecc1608c74fae21e6f63ff70318fef3b7880c852f68d827f0bbace596cc7580fa5c27fbe9d7820cd1318c1a380b04fe390450fc9d769a2d132de0e318510353b2d01569a70a0f99cb8344645a4c40b9c03350f92eb7a008c83d0d2989a8330a0970d8bd75b74d7fe7f499c8c3c6dfccfea89cdac5438ca141bbca3725bd30ab5f088b8c1d65ff40d73f71e59a3d1d30d4488f0e0e1bfe1bbadb5e2ce6b6c16c291183ecc2b8daceba3fcf8c3cb8a04ee85db366f0a0695993f537cb30f8d627727998f050a69ff7c99ee2c2fe31bf84f302cd4c6311ec760e173e937eb2a465acda8a3a7c9b5749aba015aac0d64821566b4b241f8a4f764a430cf06ebbefaaa124f037c42d5e23b485b1bab70404143e0449929bc27e1a30895a574327a9fd10529ae84f0e99bd87efd6fd19bda9343310c974f3ea3a281271ca159a6903a77cc7e387769a0b74ee4562cc34bf9cf1ab3b88f3480039c045629a3afdbd9502aae84aea03110e6222f0d1576cb8e0defe66400f6059590df094cc4eb1d1caf52847b12344cbe11c35e67f14049d3fc80a6ad375e75dab2e22bf5a0f9a240be0257395a647e1cc42e01b487237584db50d32638f1c7bbcf998e466b056a0753b1ebf1ba6cd2338f3e032caf5e8ce16624c087c3dc0db06d6bce1bfd1872c372c6f61be298b3cde5b6d1acae6ab912a59ce1eae410975d32b56f3467f5c19b5c3069dd2ac3eec183a387ce1efcb4bf98db96a180431f46659e9eec190f819cecc96d042a68e8dc53bc33bc3facff9c790035f15a57cb557e8de912ac296015349330c72af4791e284adc66b7905b3888a6082537eb7f314b1f438ea62648fec4bcdc1344042e63210b675599d53fcb15c8ab77d7a42eb490f2dcfe67813e249db3b265229e6f2563a3f7cbef449c6d003f989445ea9eee9044a16c9876507f0e2982fc48a7ff6f766b16723b45beaedcc13867cc46de7ea947fed34d21a7a525735e5efe94659fba4fe32bd3a77367d73d3ab99e0ea49d47abfaa69e0a31979656ac7849993c01bde163ec75a1ea45d1b64ee6fcc4589588926cb47b1ad6cfd537b41fb60f9e4449d5b168f83380c58ae20b9f4c34ca835bc2f603822e8a1637bf7526a78bad1ec2fe8cca1bfc2a7aeb1cf642ca5b86b03d352f1cf42bd745f747a8d899230d40ef388f43bfb98de32a9b47e20823987183cc7bab6ca34e56e39af60ca179c1616c937b5f3917668942a400763d012b100629a00dcacc4fde9d1bf25afbc78ec98c0ef04cd0035cd167cfc049b4604112a78abf992596d5d6e4cdbed10bae8b553d749ace30e4702099c1e21131c9ab9b73cc94ba21161e0ed88b46e608fe56c5a0d855144a19b0b4940bd75e55032af57fc49ca716f1c422b95cb84dedeacdb560a612ebe6e8dd2e173d04e4d7bf74efe3e9d603e618e1a84828f0a94b7ae01cc48947f4d8f09eb21fa95ded107ecb6eded71c1d6d633bd37776d3c60b1e675ac15eefa5610e0ff03af8473802b43b1a89911a8ae38ec09d40e237d9db7e296c670fe2de86ad3e7ce2d8328de931813ff65e6df7398055e913947871a6f6e51c140b9b99a82062e632793c7650c1c026000b80946ebbb35253afa82bde25de7fcc39e6e0bac968c9dfd20c4cb2c71c0d5776209c75301891659896ea3d2e7f695d84f0772980ce5e7cedf2f6bc8bdfd675810340f478e335dc76d52715602ccca7db222e8f60e234d784021e8b37b2e6b77dd6bc95883d4d684670fafcc5288d99778f8becb25fc56251f0fd378bd95df90212ab623767ec57993a4c8cd62feb5bf95b1149a4c6bd6a8190bdef2af88a64c35d95167f95c3267d085b82761e86bdc103f0c4e0ca1311b13072d5b0bbae05bc058db093a6a647e77190d23fb5f8fbec7d8f2bcdd391548fc9339d3314b1ffd3c35df95d7d13b496f8e89d8875ca15a8c6662aba46dfcc1f34c5a6717a40df0b0e1ec732379aa5a79fe301fddf83248dd59c9099369f6e4af1738765d61bb4fc56da0b910f5f1088aba56fbf070c46e6b9df550213432cac7b9f0dd6a00336d82f5d1a78d6b1f973fa94707eed4c6af0e03c585a0225d9ddec1228417032f548e8ecfbde3f7f4fc9defee51a003ef5a7c9a6bff159a51d2890255b3dd7d0185810b422c18943922122fbacc2e116d294d04390d35801ae3aaa6c153772a3b8f0b47d2868b39f49b06898bb45ef9962b9d7a7aec6342acffddb5e5fac6b9d4a596919e18803836fcafe1d5ca3661c5418a8ec768ec2bde44bcc4850472e99e1d2f064a80c751cba443814ae7e50d83b47c79c4e97109cbc1184096768f653a232c534c9668ebd56a0e540e30dcb3c9fceb0702cd7237292ede0a2983d1769143f18b82a51367682a623cdf1b0d13d2a96dadd884a0ef138421595d6f1fffd6bb3def360abec27d8a51e2196f2f3b40ed171d87e7c5e092b35ea4a5530a4ed57eb844ff80cad55d48209ca3806c03c6cdc29a2b663a81f525b1591c6022758b516443fd7d882be3db313ce54dba7345408d03a35f02006318517df878c995697d6d5c5bc730834778361c0cc41031a7eda1f43de0b9c8a244ccef3d06e2ca71639766c30ec139c713ff8d823873a0414dae555cc404d65d560c836a93500601e67c40a23dd7a1a571e97581f7f3289923de439096ecae09e4b02273ea608b49c99dcdd1ce45b361ac56d067f86efb415a522891494799f6f8612bbf19fbcd1f8a45c6104d37d6b5a037db3e14d351356", 0x1000}, {&(0x7f00000011c0)="86fee38b064bd9c1000562d111eef4d33a065dc288302bb31d4cbb15a5321a08ada68ab9460c6ac4931033d2c01def390ab51704b0cb19eb4735b3c97b2d8815e82fab", 0x43}, {&(0x7f0000001240)="f590300f227538c2b73534c6c3b8a7fd018550cd0f6d3f6ff69942ea1baf6bb85221a5f4dedd0d8466eab20ca21a792b19875d74d9044677122d1fbe98e212649689013d74f96267c71a221e8aeb53024bb40ed1ac214fe0e0365e8a9130c501655315fb58525d258e07175584e087f85c74f88a4cd3f4eeab54dd7bdf2854028bad909223ea7a46ba0ca1bc0e149006e4be6d2e3f6b6e73418aa3500e2a34f623cdb3ea24390e7ebf03111718e8696da36f5e57bb11e9a090d2efc69061b6264ccefa10e617", 0xc6}, {&(0x7f0000001340)="774ffc1a9ecf3f5f874051de9e18d98b436b4ba31ad40c39931b13a05d476a66e36e3b64e0592c4d4ed25e4dd2a1718e1c102e27a9f1906eb1295f9ec80893e6b2661fa62dc1c393e640024c4d0c13a0407f42b7fcfbbd92d8764fcb7a211d6256452f11f4558adae81498a9edaf7e5ce4671015ce4f63766fb7026131efcbc60b39cd146d641b2fce90c27ae0d68b0a7e7dca3ddc47699411b735296237931fb70ee149cfe4d8d0b92ebd30ac5b2d5fc4f8375cb6659ed8e30192e1e3a9cab468c7e5b057acb5c258ef93aca2c5998a99173e4632605ffab42c99d556a5e4e07177b7ed806a2cce4654edef3813f4d48b445f7ded4932a34da45fb8da79adabb4b069e0e8804e7e6c4d2d9a7954ca80ffe61adcb9ead2669e2e48067a37f4b7a727c781bddf4213b8190bc8b60269f47a77e8dbd3666be73eed8f2f4576fed293f08d9982ad6f4350ff5e73f45ad7d76cb14aaaac799b8494eca3d35d3b00e7db46dc04402c2670af25326571ac3b2610fdcfe85800bf4f6df9476b690b9fb7679a7e15c59a694fbea46bccdd5e77e1af3ae5e8b3335aab5fdeb237b3a38dc03f444183e4da49efe4dfc7a369d12d2d61a22a91b48837fa75ae0d9a3d31c11711d09b52d5e17f253657da96285bbcf7d32660c7c3bb423fc495638d0e098db3acb7a22a9a35ab140885d9ba2537851a3ffc09e8b281d080e441ad404d5ea2fcebe1c93f04e6a5a69cd7f132adc92502882f909135ea0bfc0ffe711814c00fd722bbf42e6cbfce90d4cc6eb475ed797f5af736f2b6b4020fc6a33d44d634c16d06928fd045400ada4596a9a019e606d0c15a80ef50a8fa3d3d60e575593b504f2768cce87aebd923c4e6ca41eb37c7445326e9f7d84c66ba8cc3c58facdc131f954c61b041854e0d21cc46190cda9abcc895c2270655081a781d4333d471452a48cfe113aa76c741ec622aff43c643cd3f81fc3d7ea16c216634ab42c58733847290b41ee63f62200e0d58fb4abb8da67f22e66aa13958eedd38b90c86f322c831a03acd2cdeeb11cf860f43639a140b3177f47f7103c9bdcc3eaf3bf2b9563d292045d8cd8b518aafa2725a9c7abe66f5233d7fa4a3be88a82eb9d5dc777d8dca6ee0e73deaad63eba2aa13ddad4aa9ef6102278eccba83bc6da2c45959ceebf612e5b65de2834964b4937658cb084db165107d1a77e4577fa44e831ac791ba812a3a696f9f27668b6afb5fca23bc5035414485d24d5277510dec4479e0ee6e6b1ba7a7d71a601fd3978b7b9215d18e977d273417ad6c8cfbb0fc8c900aac2dac562f44d57699581ad791378eac48b2db92798d8c46fb5b2d8f35883b44ae1e131c863c6aa5111c4698991cef01ad448142790d1fa58ed01a5579c107e973f541fd37ab040b8916934905966bfdd4d2031789ee01868a4bef82bec2e6f15a534f72fbd959baf3ae9c93e1180c1fe7b8e053b2fa600486c738bd3caf8b5e92cf379175136024c8f4e083c5e130996f51b32a36a3a3802a71f94e30b91d6a61f760918b9c5c3ae1c2089628c8fcdf740de7fffb98382d63688b11f5e0d4fac7f42f7aa51563bf1e812f71d7fc4d3fc91aea11bc70537a9b3665fc820f1fd9fade0b2a6fb144a1dd2644c0c26132f25f4966a20d5d5bda2a26c311db62b05383d720274e6d752287b223a551157397db6d872d4580eccfb3d7b9ff4dea73dffb6f1aa87bf4796569c041f8d121bf03880244fd145f89d1609ddf0c2846f902214290e2f3ba926db3af9c606f859ca1a53c8b03253e010d260134d67cda07b0281ca1e42a3464c8c877ad1982028929bf9ad54bb07a7ac5dc59e347d6a79f3fa35a4995729839c32594d490b9876b190411f21dfb174cb913a52d998f4bd55362a1f1eef863828e91faf8089194533176926f5510fda026f8ad01b8d11a81521d9d2e2dd8c8248ab7120afd6b915b9361bc176cf94ab82148c6afe846b473cacc9389cbf8fa5a00de86d90f0f60bd6a83e93f0d51fe7eff249a94e6851bbb01de565b4b586b40df238edb5687342eb9a1343d31a568e45a7a075771296bdd05515c98c296b41f13363f41b55f170d2f2f31b05f2d4e41cbddbbcd2e3d4a01ad71f41deca4eb7ae9f033346b88ba5cca90b8c0b8170b67fffaaf6098edff9049cf5292bb48fab49a6640d9c50e0b864f6204af1b72b67a5f24f507e2a2be463848d2b75b881a208ce123f17c64c5a84d84259cc2a2913ec7933fe94d52c070df0e450f2ac90022d5cfa6ee3230fb49a92565b87bdcf9ea0dda807cb7cb7886ae85c5046a2e69b893d49441e2d0dd3a680bfdf1e12739cdaa51f0d047adf7efee62994d8d7f5a6e8016294a75ca774de31b7fbebf6f9c7a8572d7d409c92ccb1e62e37bcaaaae395fc12d30bcae81fb300fc65657e49198a447af9fd0365c2ef5add0afe246082802dba9782f6d76aaa61f3c6e5432e92fba4a9b3bc4c47ff1080e3b5b201072ef1ff2217b8f90703d61f6d8962b4a00c5a410b44410ce390edfa1b1e00e258d2defb11d54b1ae60966cb6577fd73b34ca6871204026af81ea82bf7dac2a10eb1ce32066eed80462c1ce3a8cd0cbba11eb802ac12f19c35dc7c98f1507907d34fff2762fa058d3ef62161b9a493468ca0d48d7047d6b0c38ac71c6c74ae2b041c2b284879affb955a145495a11b4e4a92f94ecb7dc188a701dddc25492637960fcf23e268189ce1810f40055b649a4cc14812643c2dac09fcab0840d6eb622f22b0c7f6ae0669e1d5e41b0d2398cc74ad4310dc2e501d630d318cd3ef32e20081b50b651ac0b6192ef90b2c53da92cfe2a70c98b92bee3e140763aa808674f8dea0e4023ab4b2582ea74f24d49ad1f8f7114ba860700ab4c711bb85223ee968bdfe932eb0acc44fcf2af14dee285760ae7a7f6088f7d1c8b65e8c94f1a158c5a4800a7b3d59f3dbdb11ab46fdcd97951b7f99fed952b22051033c2577974b734fadcb35f2db8d41f28588250cd1f9be433faa1d6c78d5764383268ae55912f1d657389b0c98b7793870f7576e2bc992aa1e6a88b6a3dbeff8de91800b599cf043611b7de3441dd32bda1025f1735f5b7278f322874d44a3ff71f3a0f7f7f49c7a2e3271575f3d50949f0153c894aaf0cff058cfb21abde24cbe307b53c68f680dea9c64fa5b6df1099de16bf1f1a67edb26d4187995902518052290052bc049a7f409914005c3531c45bf6f8687703c9125ce6152d7478f0a04d586d18f35b59ee3342eb43b681a77c80e20eaa08802f2f2698d2bc412873f29f80c3c1298d9e0dc3516f38fcf3c631852537a44cffbc15929ce3789a1f2fc6bf550f90ed4c6971a91a1a7d259b6067070b5983c4747cd80b91f86ffcf1e2feca09625ef3adc8d4e518f68775eeeed1ef89e88590c6fa86d794c9d7790d6116468c22a1f2a8b50ec14d96636e9f7fcec776e8cb6faabb8460d3e7f8f79ea4fc4db60aef9469f5aa9ebed28047c3ac5613b98344e84a571079e8a481812b827b0fb75f1e398c72bf838d27fbda007f6a153d186a21122614cb61a3672f26fcee5c33a923987a64e0f193c3106772134580a7e049f689181ba6835ceec0fb00e1486964ae8a692fd591c7c67bcc92d631511f91fae03e308bfcf627ed19e755bf4abed53dca109b80e67845dd1ed31803a464bd6ded28b80fd74ee32d1bde343c6b2d2d9ef3dae9cb56b6472e9e1c09a3b80c9ebdb07cbd7d2b30221a29710c7b1f5a2f48194f53660bf79bc4b3f9e49212a8ece7d5fe9470cbeea774a40153d69a3ea3fe12ea0ffa2d8b69691537be7bcab669fb1a445faeadafe2c18674afb2911ef05c82a4a59838bf01a0cc17c7fd7e9d842a8b799df04b758660d8acfbdebfc10e157305b0cb992ab230f814b391f186991cb7632d59670ff765b9da8d698215f3b23a264837cca996e44462e49ef1bb4ade1950a2f3131907975ba76a32808f276093bd2bfc43bbf84fc4ca44f0f785f2af5e976934628de87259f15eba39075bfaf0601cda514b9cdecc2a8034d509deefa5b8c309c16d119fe06f536a2da4b77a7187a7f8a9eb4e40634da290336495a5a2bced46b16be3bca78fbc56fb26259218096bf1bf1773d99cd0ee8d5d2d0437c8497e7affddb3dded27eb8312d6691675740b58c13a26a4686a32d9fbd2e2f0fecf00a1961104038844fd7dd1da47574883b609c8c82c085ce6dbb7bdeaa1b4d1ff7db029312ffd92af159107e1fc78d7544d830842fdfc4ec67deb68a7479edb6d8b885f63022b3d5a2af91d13278cc46d72eea6fd73660439a955e06ae1625df5aba90bb4a28e83e95f3155fbabdf480efa40b1e5994f5b07fd7dec03d40fabeacea5e4e83c7a7a464654a757a42b3bd056edc28a89c372d95b73f751717d0c1775e73bf4b3cc04c919dc677f2c766a0999b49c847e7911f3b5d4110eedad0389a34d7c06da0f3c632eebf99712200fd1927f0d77e7af4e7ec10e758d2006d0499567e7e7048dc0f190384c336bce4764c964f345bbd2b1052b8fe8cf43573e2d83e3a6a46841829ca79e062971d6cae89a5658de3fa21f92e7b58a6f97f7d30501e239ebe3557a6962fa11ed32bb03246688a8c5f6e3f67641283af3c8d1766cc41971afb6a1fda29d182a0ba65a89ea68b913c8cc1763fcd6f5b0860f42d0231b209d89befadab4eb3a74d0c76307038de4690c546fa54ae7deced9263658e5ff46b5384572fc56e6bc3ffa1947155bb567d09619358f2ed738db41735c8f6829bdfcb9ef429e0042dd88ea04aba3554e4191d1d8f82ee8680a98b25d45c70cfcaccda41cd9217b253564396e806b2f86e70975569eda81542671eb4671b87806f50cf6e940a0ac38fa15d1871166ed23e6b384c5d0b8412666412a2210870b6d8bd204e49b41056f5834a049b5dfe5252dcef4e5cb8f252cda029cce1392b72e4bc13b9ae731dce8e3dcb002af013ff7c1f9adc47f2668f7c0281524fb05829f65665ca2e40ae2fa53fea40a3d4582c4855397541e0b307b99ea0cfba429898cffca18cc555b6079a7cff7dd57c5862ce4e8ca911be0b56ba9251684986384b4b7159809e61ebbdbeebfcb52fd8aa6680788b23494397a424f648799f5b5a1e314cbd2c2568fba27f54b02cd38c90157d0bb701ff47b47552347694d61a14efe5af634605be18e1abd064492a554c24dae9167f477e11ef911393848196b3ad56ad045efd1e521d5fc7d151682410e65c88096ba5c19fb1f304b864f9328dbd45edb6650ca9ad11e8de56ea18d1920bf0a10507ef68ef7d98166224d4d3e8333a133a904212fbe11267115bddde525373bc3a8eae865f2eb5e70fdb6d3f896a6dfa9fd3a8471b6a044f393e46c5fcee792ab222e53e93571e22342fb486ac9656a2abbd9d6bbb3ce82c25ce2c68cc4e0e4dd0abaebe74316041766efb15dc76966cfcb200b8543b07c9658d188bdc90d5c7c0c7b005c60e316e2879cc86a4ebfdab73f533236d6926c5a0ae123e01e5af7dd98ea255265afd87c5b449e5be521f5597a6afaa96782caf30ecd55642f3268664aa305a6c96ce9972c7aea8b530802e7d7daf0cec8db390c52805d7420a1a601e97b7fffbd59b13ef172a5eb6bcc62826fd9585d5cd9a71b5032f2e9771d6630b45e7fb302dbb64042b4699a16cc8dae2c2aa072b42c3dbad5a3b97cc46a3c168947dea284e48311b8867556eb1b4432ace98b949ded002ff80f1cc01c7c59636ecef2c6971ce26e16a36b77cc5ab99790bd7058598ea6836cf7", 0x1000}, {&(0x7f0000002340)="f6345f0f8768fce88dd11f916f757eba0fa22078f1ecc8cf27f3b41916f0f154886213934a46747c03d992bb53d60a5c2f74b81ef086e256b3e2baecc5e14b2ed413710b5d5f62b2707d7956ae0bad6d1d250fa9ed4686cc0c7fd05ab20a2588c909bfeb954ab01511a8e078a730da18e648007031c2c082b72bb4e9290591f35a91b51b6c136a10173fc0a54836fe58", 0x90}], 0x5, &(0x7f0000003380)=[{0x1010, 0x8, 0x82, "55a0b380211169b1d341e7d2139a9010400dcdc0e1fad2e7082be7c55ef5a2a30bbe6cc6667603ee0ef3512f3b82065a2dff78806298283ac883bbb49bdaec090387b4ce39877e8c38f8957a58bfb33968c3e425015010a3bd8b37d66a0a16864c6732dbf5c8d0b9365e61322add6331b7260e0effe7dc6f549bb5f6d24b0b6056dfb32d98f06aec0f869733325f4e18bbfd14c0f76c7627b2a5f1efda96e672dabb5439d624b63430aab199fece4be11812313532d95b1d3acf8d52fb30ca95d5899dd023e5bf0c10d28eef98d5e0f71a8e6091a800b20064fae77562557c718e22a49899b350b2945451ce11d1094da3eafd7c7249a1c928545950120563e99270e9ff2e00f8aa8521c83895013c9c0dbc227d7330debe16037450385e3d96b70979b6570d75bd725c34eaac36cf9372d49aa5d3b9f660632f95f73024fd8559ea5929be530bce2633501e360bb3446660605be989ba7175b016fbab0d1e32ec6a9f9a654304793dd458c4859634b6f800946f96ca6c8a36fbc99d49b32542d33b0b9120b76e51c540b6f9287f3496f5f4ccb35d90ff87ac2b03f196a12e40de5319f62f0d10e19e7fffaa866a5356ca344afabc431b9162c1a1e5f80e56b4de019f0354c349d19bf5df2f727321b75da5b190843dfcaffd645bf1032c1f276b979139246454880ac12a5c2d80450253e5d68653867932fec229643f1d2e68b0555a7bf6c8f8ac7696727e5fbcf2a9705f7d68cf89b303d00dead2f88197874c22cecb5decd70f982fe9bc50a990005739c0a56a41377b4f66b7c69fc7a2e3fe82ebd96579012c5fbb640270f46408bf809dfeddca7c4776696fd8f0d86f08e419e0816d523b8eb25d8229963b1e5e40b92a8095382b0da52599b6ba283a407564c7fae599b97a7e882a041f500e53424cbc6d2a49f236d581f452d31488381da9c2053bdc1c387f42a65bb14ada9604c3781b4740b1ce6dd55669b59cf19fbefc1040c38dfc52efc3f3cbc35c3f0ddaec0f9fea30329e6d51ecb27a7dd4789610d34981ef2a0c3594988d505145db24805788a69a8b062efcb005f214f220bea81fadaa09bba9ddaf5c27338afe477be18a8d5551e5337b03e86eae2a51c8330e2fa14e8e95c3d65ffd83a7d878b215acb477cb0fec3b0980a44b11cd1a1f22fbd15a59bbf4cbd0a034c997a81545cefcff5d2306422a81b80c7708d4def778a880ccfed67501683fa105da2d747dc5079654b14b11519126adba88d4d2d567ba70828e0af59e69d90f45ec8abbac140f0a9ab4dcfa1caa147f5b291dd5683d9b757ac035171969259f2b5d8759ef987d05ac8ff54d92e8953e5169cf7dc601a35ddd5f4bb9efa2c59adb00e953eaa0526ca60a3018334db8613d7fe89e1249e67d2f575882f8de244a1431af14c96d63c430d98176d63738862f2e7e92242e3e768796b77c29862ea73670466abd5509a3dcf0c69a1d6a7e9554358a3fdd481be4de519f2381285b325ae2d0e1af6de49fb4de4a3e9227315000afc700e349a7e6d8db1f98f7fc33dcd2cc57d06e04f88124e1d2edf28ef90574e6c611c59a2878f5261cb3b8c0f3366b34fa7e4f56f5104f55b1da450f53119a8671b4c1a094d2f440885aa9817ae3fe6318d4290e285fdbc3c586450520a0ae0d8f6dba2fffe96f13b60959d80f16f0508e2594e9db9953453d7c8e82d9fe9004cd8f3d0879ff72ffca8300ef6abfd48d872ebe802c24f3168b595f143b7c54043a29c84f674d5240c3ab97bb78bd808d8e3be05e0553a7784a8e5779d3761e29bae732733069000df6b9f619de943779081597e7a759bec74885eaffdc975cd361e629ba6549676aed188ae15e4a58b1759719c958bacf0f833d90d2150dadd8b64978bf402d20a408577327bfbfa151f5a32464a1308d736726c6f4ac38cfe6bf788f1623a52c2e9c7bcaa2ea2139ffe50e8ca625b6cd470b4f2fbba861e59685c3b15d86975edeea74b0a50cd6b973fe23ca6e550b9e032dc4642a25c5f5cb7e37f624e083b897b79156e63ae9375722d43bb62e5d0c7655e08a11e4861ec52e859e3d6aa89729bb3fe5cd24dfd8bd794b55459fcdb0bd101c14279d2548a85f5d9678f1aeb2fe0c29c239248069debfe73ed75902022e3be055ab3bd3e69e63f7797cd48014dc9063f87d19ffd4a682a980b078dcf8f55a88a18c572ffe07f7cf163a4585b90a813728b099b79845264b867c260c549782206643429bc9414f87e10047881127917c1cb41d293e5ced80b6dc847107a21bdf8eacadefed20e419d262db29c644f091acf49be3a915507ccd98b90096f2c8b9e649373f56c33ec256a78b04076c6b8d788aee0343b578343096fc3b75a91c7d9ce2f50d868173e26d71552de7bd9c25c09806f8924d9cec3ceea505648b84aa1f4febaed0fd69e86f642e2483282a0da17d4850ba19437edc944db9fd4904014f38dfbe6549713aebe917930e3918ba9d8e0a9b89617c886bbed8cd727784512ee3d9d38df84c79163dc0c815b83794b864c22b2474c4f8e0551527c652591fe5d27ba903a235c0b1f9afeadbc2795b780c4c2bbc8636b550435e389b4463e04c632ceebbd36fee9beec9794c17421adbde00c329587d30e6e654ee015bb6e8f5ef2b3c53f9441ff3e645847efd5b11f86d41e569f6357b0079bc99f00ecada90888cf7b60afb7a3633e1206a830b539b45938ff0cb5b588baf615a138baafb5f8d979bdcfafef1f470c31cdf7e0090a45ca1975f7b2497460fa1e2a14ee462196dd1d6de51c52b026094d23300064f4c0a7025aeb50cf58e951bfc6b8e7859c94adf2ee640dcf4db632bac98e8bdb4a65c0f9831646d3ba840f5b5963cfd7de4c3540067079972ac4c4290642a09db3768cd112ab0cd8830459acd3f6b98c2a69debe1f152fa62354afdad5181923fec0ab154667ded8a0551c760a8ecde8d82153194d41ce3cc2e42f21036a76d251a70e496cc7bbaadc6f4f1cba788f897c516b1e7618c4ff7acbb6669cb91beaf660eee00e2d5a2c4cf6bc33e7ad885fd9e509c3fed60c64cb545fe75a37246f28b2a40253cdd5682f65d3f35b7eda37196dde05dd140533c58d2377381a507c6b07cb6d6f8ca7ab5cd79e1cabefa5d8f3c514b8eb74395f6fa2138682791e09057b4507aeb2fcd93c3bc602ac5fcbaed988349c7e8ec77629d19992269d61cf0e4b74e23e45f750d8bd79ea155b5655a969c699619a547dbacfd6edc733262bd15ebbbe64d03f3d5615251a71be8d5282b23179d0f93983cec5e691ef669783940eeeda6fb34d1d7f68204fbf65582e178cbc8179ed7b7d9741ce4d699c1a67c1c8db0baf550a44f8a060f6588bbf99c09f343728e18f5d0eb87bd0683df1cb0fc8742d55b2584304cc2e32dbb25b1a482e2b8f2a2179654be7f569f01f334fd09ea7b59c523161790147d9ab906539255b818fcf8acccf171c0d68c4dfa077f4f97a10ab64e713a22adc138ce388efcb6dcb90acf3ce96e9c13fe5fc81a0c56fc7d37b485edbe9570b6bb2876f16c7019e4ab0784e7a904c6a5dccbaed04f56322c133a9343450312fe74adad13d27b7d7c532a1ee250697d4ef47e1f56450ab63833c8123e3d8eea4ee0102b57957b2be6c19937132ff636f62584a8223821339c48c5521b8927d1075ad5ad6ec342841f1cd4e7d729ac3a222e9de4b40a283e8764fa7b0b13601a69d27b12963e8a3f718d18c28ec3519bcd96738f91963005d7046e235ba026168655fc711ca2c24ee86833285688b97b496f35ae4e649dae33361e6f90a29ba585dffe8be080b6133b7e4f75a8ef44598225b441272c6d033a4ee578b25992e6628c7e144692cc95017e039605451ef589168dca8ce8f40ba4dc9bdf7100b9da5f5178384e17aaa799bd24154c3a74db6f2c5e9bbde3f79b5a09e8e5db6a9f6105db94b95142e634138ae47be77f9dd64971f652b4da83f833524bf599981ee35f19b3797de5825b01c7ea0ca73537af22b607a20ce8ed307c61acc805a6f3b29721ea816210d1a57d6430b1ca7e26416a2ac3acc95ea7fad24300335ce5b483d9c384524a0ea1c5a81d7ea0c3e7c05e894645ae75545376fb57da1cb56425a4ed74b25c64bac1541c741402bb988d847fa44b66ea56e2b13b8f6368f92d7f3c7f45668b3030dc69774bd4f6276a16b8895c78bf315c9d43c4f574a01af87a4a68e7ae6f3bc4366147adddfe6e834519a369105e30f78e54d8d7da291b3591e0d9b6d2b27b316ad6c3977fb375c6bf3930fe536b6c4c219422f282472b63ca895809e665ee4f39b0b3560194b1cddb5f3892298fc0d1917dd51d4033ec21a24b9781402ee0b1905fb13e2188de073431e1bee1cd86d4e20093b64cd8ca3ca5ee6a4b2df80f7c01d2db84e594720a6d988f62cfbad0b942feb8b7f774f7cd9025b518d7d77e44db234dfd61e384c662037857e3db9854c5d9f8712fbcdd51d10e3e99729d44f0803a37958fee4bac9a1cc9711cd59486ee5e9ce2c72f8be26995df5451ba292dda02ce10763b91a667a16b1d291a95596e64cd71c7e00a87847f8a056f0ffebc9c0ed0dcb703636c9347e1dc7740066bc90d65b5d0399e9499cb6ea0db2c00f34577bc0bff30b1d5b1db4f0e65201719df9e0de2061055116b44182f8933ec235f5c1372682b3670bc4cae0d4b0d915b5374fe98cfb4ee44b33eebb6a66f218d6693fbd9b446790a172c61254bcd16d4bd353c4c1d938998e1938359f730e5307b7bbdb7cb98123e17141ac9e6eadc07175cdcc469c1fe116c7374241c21fdb6ed55889d32def494a4d996ab6a8cb1023d0f7699f2fb7ca2a9c11c2bd161c01ab0c6a0e37dd6f11401f4c4463b7e853120fc9be45e95943e5f313db4f37fe5652b6bc2cd9492adb224d4bfa3001a19d127ac45cf43d220462a4165f0707329371e16814b118ac7cae60dc5cfb3e46451329765abf86d67891080bb9338dcfbc8c0e68179b88cd12c18196fba07c682e2a580062074f95e31113120b6999550f38256e9e2d82e7a6cc9f5a091efba8f8966235287138323b0ba25345d7d86d1c7bc9a21db963d38335d57a7fb14d766b0e23e6ad502cf7c0aeaf0e233d7c7fe81ab81ccbcff935948d21292d6c5647c07c59e6e40fef7fbdcc8701e002ed53915b7cbb3dd581a8ed971a4059db3ddf28e33c373c8d11f0096df3b5bd7da4a3e4162ee4d9722d102b0d38b80fef95736a31b437cedbb471397026c3ff13f4bfa8704fc808178d09f02d7ef940c6fc3382763e423b9418b5f3dd7d9ec977a7f5ff4f575a9a7b3c7998349a29949cb08c7ee111687b108eedb99d924a7386df7d4e48c692df599441a02a5daf2d869cc62e9265cc949a9446f3bc2f86dc17431f35de474907c5b059fc6d37c4e4ad12fefbe5850c8b0c2e2b6ffeb53fa10a1ed762c9737ff0a8b76efb7f89c01ac9d83f29bd42250f11535d1d2feccf8832815cbab279e4a6a06b4a42de63aff4853eee0dd1fb963d3cc55a5c58dea411b09b187db64d811d76b3567b829767e690ec0308d89b5648292475e41185d5aab0cd56a58222f9c270f4a2918c24161a6a4f11ffb769f3b6b2bab69e44457e4772fdf88b11fd8fa4886cd862bac1c3526dc1b5212e3e0c0ea4276e20b754b13b02d6c7a257dec825598362003176e8557232b829c046b0e9ca32f6a434566ce6aab8c2377b5b2fa0488fa03dc8d9e6be3b6f229f5e0284e8b8a2e837934e28fe5574e328e54e82a5ddb56f6931081"}], 0x1010}, 0x880) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:28 executing program 5 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 533.550851] BTRFS error (device loop4): open_ctree failed [ 533.604787] FAULT_INJECTION: forcing a failure. [ 533.604787] name failslab, interval 1, probability 0, space 0, times 0 [ 533.616832] CPU: 0 PID: 30215 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 533.624833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 533.634383] Call Trace: [ 533.636991] dump_stack+0x142/0x197 [ 533.640818] should_fail.cold+0x10f/0x159 [ 533.644996] should_failslab+0xdb/0x130 [ 533.648985] kmem_cache_alloc+0x2d7/0x780 [ 533.653271] ? check_preemption_disabled+0x3c/0x250 [ 533.658606] alloc_vfsmnt+0x28/0x7d0 [ 533.662342] vfs_kern_mount.part.0+0x2a/0x3d0 [ 533.666871] ? find_held_lock+0x35/0x130 [ 533.670941] vfs_kern_mount+0x40/0x60 [ 533.674751] btrfs_mount+0x3ce/0x2b28 [ 533.678570] ? lock_downgrade+0x740/0x740 [ 533.682726] ? find_held_lock+0x35/0x130 [ 533.686799] ? pcpu_alloc+0x3af/0x1050 [ 533.691003] ? btrfs_remount+0x11f0/0x11f0 [ 533.695244] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.700254] ? __lockdep_init_map+0x10c/0x570 [ 533.704753] ? __lockdep_init_map+0x10c/0x570 [ 533.709255] mount_fs+0x97/0x2a1 [ 533.712680] vfs_kern_mount.part.0+0x5e/0x3d0 [ 533.717195] do_mount+0x417/0x27d0 [ 533.720853] ? copy_mount_options+0x5c/0x2f0 [ 533.725384] ? rcu_read_lock_sched_held+0x110/0x130 [ 533.730520] ? copy_mount_string+0x40/0x40 [ 533.734850] ? copy_mount_options+0x1fe/0x2f0 [ 533.739352] SyS_mount+0xab/0x120 [ 533.742797] ? copy_mnt_ns+0x8c0/0x8c0 [ 533.746704] do_syscall_64+0x1e8/0x640 [ 533.750587] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 533.755442] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 533.760649] RIP: 0033:0x45de0a [ 533.763851] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 533.771569] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 533.778848] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 533.786122] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 533.794108] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 533.801387] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003a 02:48:28 executing program 5 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 533.846714] BTRFS error (device loop4): superblock checksum mismatch [ 533.940514] BTRFS error (device loop4): open_ctree failed [ 533.958307] FAULT_INJECTION: forcing a failure. [ 533.958307] name failslab, interval 1, probability 0, space 0, times 0 [ 533.990475] CPU: 1 PID: 30241 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 533.998526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.008667] Call Trace: [ 534.011269] dump_stack+0x142/0x197 [ 534.014925] should_fail.cold+0x10f/0x159 [ 534.019245] should_failslab+0xdb/0x130 [ 534.023361] kmem_cache_alloc+0x2d7/0x780 [ 534.027526] ? check_preemption_disabled+0x3c/0x250 [ 534.032557] alloc_vfsmnt+0x28/0x7d0 [ 534.036287] vfs_kern_mount.part.0+0x2a/0x3d0 [ 534.040787] ? find_held_lock+0x35/0x130 [ 534.044867] vfs_kern_mount+0x40/0x60 [ 534.048675] btrfs_mount+0x3ce/0x2b28 [ 534.052575] ? lock_downgrade+0x740/0x740 [ 534.056733] ? find_held_lock+0x35/0x130 [ 534.060814] ? pcpu_alloc+0x3af/0x1050 [ 534.064711] ? btrfs_remount+0x11f0/0x11f0 [ 534.068958] ? rcu_read_lock_sched_held+0x110/0x130 [ 534.073992] ? __lockdep_init_map+0x10c/0x570 [ 534.078525] ? __lockdep_init_map+0x10c/0x570 [ 534.083021] mount_fs+0x97/0x2a1 [ 534.086396] vfs_kern_mount.part.0+0x5e/0x3d0 [ 534.090984] do_mount+0x417/0x27d0 [ 534.094535] ? copy_mount_options+0x5c/0x2f0 [ 534.098952] ? rcu_read_lock_sched_held+0x110/0x130 [ 534.103977] ? copy_mount_string+0x40/0x40 [ 534.108220] ? copy_mount_options+0x1fe/0x2f0 [ 534.113157] SyS_mount+0xab/0x120 [ 534.116616] ? copy_mnt_ns+0x8c0/0x8c0 [ 534.120495] do_syscall_64+0x1e8/0x640 [ 534.124389] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.129242] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 534.134433] RIP: 0033:0x45de0a 02:48:28 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, 0x0, 0x0) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 534.137627] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 534.145334] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 534.152603] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 534.159875] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 534.167175] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 534.174450] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003b [ 534.198169] BTRFS error (device loop4): superblock checksum mismatch 02:48:28 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)={0x5, [0x0, 0x9, 0x6, 0x18cf, 0x400]}, &(0x7f0000000080)=0xe) r2 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r2, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:48:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:29 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 534.340500] BTRFS error (device loop4): open_ctree failed 02:48:29 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:29 executing program 5 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:29 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0xffffffffffffffe9, 0x10000}], 0x200881, 0x0) r0 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ocfs2_control\x00', 0x12d022, 0x0) ioctl$BLKDISCARD(r0, 0x1277, &(0x7f0000000200)=0xfff) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000240)='/dev/dlm-monitor\x00', 0x480000, 0x0) sendmsg$NLBL_CIPSOV4_C_REMOVE(r1, &(0x7f0000000600)={&(0x7f0000000280), 0xc, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="26f70000", @ANYRES16=0x0, @ANYBLOB="100027bd7000fddbdf2502000000b80108801c00078008000600e7000000080006009200000008000500bef1c4133c00078008000500e6e7cd0c08000600220000000800050043122a5808000500eec3322008000500ba3e2f49080005006b07847f08000600100000002c00078008000600c4000000080005003901974f08000600e100000008000500e5dea639080005003d611b2154000780080006005d000000080005006380af0508000600a7000000080006005a00000008000500e5963e0b08000500057a3d66080006001d00000008000500c8a13311080005003c85dc27080006003100000014000780080005003b57864c080006003a00000014000780080005006abcc60508000600d500000034000780080005002743a05808000600230000000800050003ed433e080006005700000008000500b13b9a3d08000500917d85504c000780080006004a0000000800060078000000080005001fd0d35a08000600ad0000000800050053f51459080005009edf9f310800060000000000080005001221582608000500d858ae0d3400078008000500da0f40720800050052179e1d08000500171f921d08000500a0540e3a0800060052000000080006006a00000038000c8014000b8008000900f669676208000900aca4d8320c000b8008000a007aea000014000b8008000a006bf2000008000a00bb320000ec00088034000780080005004ff1f42008000600de00000008000600a500000008000500a7154333080005005c5d724208000500ba837f735400078008000500be1cd6330800050022fd954c080006001100000008000500cea86664080006002200000008000500a9f2806708000600b9000000080006002400000008000600d700000008000600d10000002c000780080005006f4c9f6d0800060025000000080005009556e44208000600e80000000800050055a9e7543400078008000600da0000000800060088000000080005001bf2db51080005003ce1a86a08000600710000000800060030000000"], 0x2f0}}, 0x20044800) syz_genetlink_get_family_id$team(&(0x7f0000000140)='team\x00') r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$packet_int(r4, 0x107, 0xf, &(0x7f0000000640)=0x998, 0x4) r5 = fcntl$dupfd(r2, 0x0, r2) connect$inet6(r5, &(0x7f0000000100)={0xa, 0x4e20, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x800}, 0x1c) getsockopt$ARPT_SO_GET_ENTRIES(0xffffffffffffffff, 0x0, 0x61, &(0x7f0000000680)={'filter\x00', 0xe8, "2ca8377121701ab8702ed753de708c2972082c2c07d62c35f53db37d4b604bf4678241a4a555e8eecfffeb3d0d5d17b6f44c23bae4bb86385a242651c3033a979b6e094154189cbbd2b00b35538acfd6eae6dd5a7e2f65e3ef622360832f6932571ba8303dca88e5e6fb094c0f70adefa3f2bf76be81d04e41733824ab01564a8723d244971d3bccda3f069b0991ec6f94ac4aab3f09977ef067123ab3b68d3692d25540dbf80b536d9c64d462346438786375fdfe3f39b6c0222affec07d677a1cefb089ab74446f556f831c034cf10a5269b768b3bf57a98783a3952cb81d15cacbf60c613bb52"}, &(0x7f00000007c0)=0x10c) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:29 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 534.581861] FAULT_INJECTION: forcing a failure. [ 534.581861] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 534.625015] CPU: 0 PID: 30273 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 534.632943] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 534.642415] Call Trace: [ 534.645023] dump_stack+0x142/0x197 [ 534.648744] should_fail.cold+0x10f/0x159 [ 534.652913] ? __might_sleep+0x93/0xb0 [ 534.656974] __alloc_pages_nodemask+0x1d6/0x7a0 [ 534.661692] ? trace_hardirqs_on+0xd/0x10 [ 534.665855] ? __alloc_pages_slowpath+0x2930/0x2930 [ 534.670888] ? btrfs_parse_early_options+0x1a2/0x310 [ 534.676003] alloc_pages_current+0xec/0x1e0 [ 534.680334] __get_free_pages+0xf/0x40 [ 534.685127] get_zeroed_page+0x11/0x20 [ 534.689021] parse_security_options+0x1f/0xa0 [ 534.693521] btrfs_mount+0x2bb/0x2b28 [ 534.697323] ? lock_downgrade+0x740/0x740 [ 534.701602] ? find_held_lock+0x35/0x130 [ 534.705713] ? pcpu_alloc+0x3af/0x1050 [ 534.709612] ? btrfs_remount+0x11f0/0x11f0 [ 534.713855] ? rcu_read_lock_sched_held+0x110/0x130 [ 534.718893] ? __lockdep_init_map+0x10c/0x570 [ 534.723501] mount_fs+0x97/0x2a1 [ 534.726999] vfs_kern_mount.part.0+0x5e/0x3d0 [ 534.731503] ? find_held_lock+0x35/0x130 [ 534.735580] vfs_kern_mount+0x40/0x60 [ 534.739393] btrfs_mount+0x3ce/0x2b28 [ 534.743210] ? lock_downgrade+0x740/0x740 [ 534.747374] ? find_held_lock+0x35/0x130 [ 534.751544] ? pcpu_alloc+0x3af/0x1050 [ 534.755461] ? btrfs_remount+0x11f0/0x11f0 [ 534.759727] ? rcu_read_lock_sched_held+0x110/0x130 [ 534.764800] ? __lockdep_init_map+0x10c/0x570 [ 534.769307] ? __lockdep_init_map+0x10c/0x570 [ 534.773866] mount_fs+0x97/0x2a1 [ 534.777250] vfs_kern_mount.part.0+0x5e/0x3d0 [ 534.781791] do_mount+0x417/0x27d0 [ 534.785347] ? copy_mount_options+0x5c/0x2f0 [ 534.789770] ? rcu_read_lock_sched_held+0x110/0x130 [ 534.794804] ? copy_mount_string+0x40/0x40 [ 534.799203] ? copy_mount_options+0x1fe/0x2f0 [ 534.803715] SyS_mount+0xab/0x120 [ 534.807180] ? copy_mnt_ns+0x8c0/0x8c0 [ 534.811192] do_syscall_64+0x1e8/0x640 [ 534.815090] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 534.819951] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:48:29 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) [ 534.825148] RIP: 0033:0x45de0a [ 534.828370] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 534.836096] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 534.843390] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 534.850673] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 534.857962] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 534.865250] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003c 02:48:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:29 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 02:48:29 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 02:48:29 executing program 5 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:29 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 535.056324] FAULT_INJECTION: forcing a failure. [ 535.056324] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 535.069280] CPU: 0 PID: 30302 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 535.077196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.087095] Call Trace: [ 535.089700] dump_stack+0x142/0x197 [ 535.093438] should_fail.cold+0x10f/0x159 [ 535.097693] ? __might_sleep+0x93/0xb0 [ 535.101707] __alloc_pages_nodemask+0x1d6/0x7a0 [ 535.106390] ? trace_hardirqs_on+0xd/0x10 [ 535.110545] ? __alloc_pages_slowpath+0x2930/0x2930 [ 535.115554] ? btrfs_parse_early_options+0x1a2/0x310 [ 535.120798] alloc_pages_current+0xec/0x1e0 [ 535.125139] __get_free_pages+0xf/0x40 [ 535.129037] get_zeroed_page+0x11/0x20 [ 535.132929] parse_security_options+0x1f/0xa0 [ 535.137419] btrfs_mount+0x2bb/0x2b28 [ 535.141227] ? lock_downgrade+0x740/0x740 [ 535.145366] ? find_held_lock+0x35/0x130 [ 535.149446] ? pcpu_alloc+0x3af/0x1050 [ 535.153365] ? btrfs_remount+0x11f0/0x11f0 [ 535.157789] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.162820] ? __lockdep_init_map+0x10c/0x570 [ 535.167332] mount_fs+0x97/0x2a1 [ 535.170695] vfs_kern_mount.part.0+0x5e/0x3d0 [ 535.175213] ? find_held_lock+0x35/0x130 [ 535.179268] vfs_kern_mount+0x40/0x60 [ 535.183085] btrfs_mount+0x3ce/0x2b28 [ 535.186964] ? lock_downgrade+0x740/0x740 [ 535.191117] ? find_held_lock+0x35/0x130 [ 535.195174] ? pcpu_alloc+0x3af/0x1050 [ 535.199067] ? btrfs_remount+0x11f0/0x11f0 [ 535.203310] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.208347] ? __lockdep_init_map+0x10c/0x570 [ 535.212866] ? __lockdep_init_map+0x10c/0x570 [ 535.217464] mount_fs+0x97/0x2a1 [ 535.220836] vfs_kern_mount.part.0+0x5e/0x3d0 [ 535.225427] do_mount+0x417/0x27d0 [ 535.229054] ? copy_mount_options+0x5c/0x2f0 [ 535.233471] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.238500] ? copy_mount_string+0x40/0x40 [ 535.242747] ? copy_mount_options+0x1fe/0x2f0 [ 535.247258] SyS_mount+0xab/0x120 [ 535.250718] ? copy_mnt_ns+0x8c0/0x8c0 [ 535.254706] do_syscall_64+0x1e8/0x640 [ 535.258614] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 535.263567] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 535.268820] RIP: 0033:0x45de0a [ 535.272074] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 535.279879] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 535.287158] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 535.294447] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 02:48:30 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) [ 535.301731] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 535.309003] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003d 02:48:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:30 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) 02:48:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(0xffffffffffffffff, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:30 executing program 5 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:30 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_S390_INTERRUPT_CPU(r5, 0x4010ae94, &(0x7f0000000000)={0x4, 0x2, 0x9}) openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/snat_reroute\x00', 0x2, 0x0) 02:48:30 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000100), &(0x7f0000000140)=0x4) r3 = fcntl$dupfd(r0, 0x0, r0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @dev={0xfe, 0x80, [], 0x38}}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r6, 0x10000000}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r5, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r6}}, 0x48) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) r8 = fcntl$dupfd(r7, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) mmap$snddsp_status(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x2010, r2, 0x82000000) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r9, 0x0, r9) r10 = fcntl$dupfd(r4, 0x406, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) setsockopt$inet6_tcp_TLS_TX(r10, 0x6, 0x1, &(0x7f0000000180)=@gcm_256={{0x304}, "d68d695fcf87d0f8", "4ed7115dee70e93c81ab9a864a7dc8ea415ad774c27cf93d868e60c7313152bc", "3b6ce627", "0ddfa2e5e100f961"}, 0x38) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 535.703928] FAULT_INJECTION: forcing a failure. [ 535.703928] name failslab, interval 1, probability 0, space 0, times 0 [ 535.717135] CPU: 0 PID: 30329 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 535.725073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 535.734434] Call Trace: [ 535.737039] dump_stack+0x142/0x197 [ 535.740825] should_fail.cold+0x10f/0x159 [ 535.745232] should_failslab+0xdb/0x130 [ 535.749227] kmem_cache_alloc_trace+0x2e9/0x790 [ 535.753944] selinux_parse_opts_str+0x3c1/0xa30 [ 535.758723] ? selinux_sb_show_options+0xd50/0xd50 [ 535.763673] ? free_pages+0x46/0x50 [ 535.767474] ? selinux_sb_copy_data+0x21e/0x390 [ 535.772184] security_sb_parse_opts_str+0x75/0xb0 [ 535.777063] parse_security_options+0x4e/0xa0 [ 535.781578] btrfs_mount+0x2bb/0x2b28 [ 535.785422] ? lock_downgrade+0x740/0x740 [ 535.789587] ? find_held_lock+0x35/0x130 [ 535.793664] ? pcpu_alloc+0x3af/0x1050 [ 535.797580] ? btrfs_remount+0x11f0/0x11f0 [ 535.801846] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.807037] ? __lockdep_init_map+0x10c/0x570 [ 535.811564] mount_fs+0x97/0x2a1 [ 535.815078] vfs_kern_mount.part.0+0x5e/0x3d0 [ 535.819596] ? find_held_lock+0x35/0x130 [ 535.823852] vfs_kern_mount+0x40/0x60 [ 535.827670] btrfs_mount+0x3ce/0x2b28 [ 535.831487] ? lock_downgrade+0x740/0x740 [ 535.835648] ? find_held_lock+0x35/0x130 [ 535.839857] ? pcpu_alloc+0x3af/0x1050 [ 535.843792] ? btrfs_remount+0x11f0/0x11f0 [ 535.848051] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.853098] ? __lockdep_init_map+0x10c/0x570 [ 535.857761] ? __lockdep_init_map+0x10c/0x570 [ 535.862522] mount_fs+0x97/0x2a1 [ 535.865906] vfs_kern_mount.part.0+0x5e/0x3d0 [ 535.870424] do_mount+0x417/0x27d0 [ 535.874097] ? copy_mount_options+0x5c/0x2f0 [ 535.878518] ? rcu_read_lock_sched_held+0x110/0x130 [ 535.883621] ? copy_mount_string+0x40/0x40 [ 535.888224] ? copy_mount_options+0x1fe/0x2f0 [ 535.892741] SyS_mount+0xab/0x120 [ 535.896213] ? copy_mnt_ns+0x8c0/0x8c0 [ 535.900116] do_syscall_64+0x1e8/0x640 [ 535.904629] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 535.909712] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 535.915211] RIP: 0033:0x45de0a [ 535.918414] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 535.926131] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 535.933414] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 535.940729] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 02:48:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, 0x0, &(0x7f0000000300)) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:30 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) [ 535.948011] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 535.955413] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003e [ 535.985473] BTRFS error (device loop4): superblock checksum mismatch 02:48:30 executing program 3: perf_event_open(&(0x7f0000000140)={0x2, 0x70, 0x3e7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) [ 536.070267] BTRFS error (device loop4): open_ctree failed 02:48:30 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, 0x0, &(0x7f0000000300)) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:30 executing program 5 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 536.165732] BTRFS error (device loop4): superblock checksum mismatch [ 536.213444] FAULT_INJECTION: forcing a failure. [ 536.213444] name failslab, interval 1, probability 0, space 0, times 0 [ 536.240127] BTRFS error (device loop4): open_ctree failed [ 536.251669] CPU: 1 PID: 30361 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 536.259598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.268967] Call Trace: [ 536.271602] dump_stack+0x142/0x197 [ 536.275258] should_fail.cold+0x10f/0x159 [ 536.279429] should_failslab+0xdb/0x130 [ 536.283417] kmem_cache_alloc_trace+0x2e9/0x790 [ 536.288095] selinux_parse_opts_str+0x42c/0xa30 [ 536.293546] ? selinux_sb_show_options+0xd50/0xd50 [ 536.298502] ? free_pages+0x46/0x50 [ 536.302135] ? selinux_sb_copy_data+0x21e/0x390 [ 536.306947] security_sb_parse_opts_str+0x75/0xb0 [ 536.311799] parse_security_options+0x4e/0xa0 [ 536.316381] btrfs_mount+0x2bb/0x2b28 [ 536.320184] ? lock_downgrade+0x740/0x740 [ 536.324345] ? find_held_lock+0x35/0x130 [ 536.328425] ? pcpu_alloc+0x3af/0x1050 [ 536.332332] ? btrfs_remount+0x11f0/0x11f0 [ 536.336576] ? rcu_read_lock_sched_held+0x110/0x130 [ 536.341603] ? __lockdep_init_map+0x10c/0x570 [ 536.346104] mount_fs+0x97/0x2a1 [ 536.349625] vfs_kern_mount.part.0+0x5e/0x3d0 [ 536.354128] ? find_held_lock+0x35/0x130 [ 536.358184] vfs_kern_mount+0x40/0x60 [ 536.361982] btrfs_mount+0x3ce/0x2b28 [ 536.365929] ? lock_downgrade+0x740/0x740 [ 536.370083] ? find_held_lock+0x35/0x130 [ 536.374170] ? pcpu_alloc+0x3af/0x1050 [ 536.378181] ? btrfs_remount+0x11f0/0x11f0 [ 536.382422] ? rcu_read_lock_sched_held+0x110/0x130 [ 536.387473] ? __lockdep_init_map+0x10c/0x570 [ 536.391975] ? __lockdep_init_map+0x10c/0x570 [ 536.396487] mount_fs+0x97/0x2a1 [ 536.399852] vfs_kern_mount.part.0+0x5e/0x3d0 [ 536.404359] do_mount+0x417/0x27d0 [ 536.408090] ? copy_mount_options+0x5c/0x2f0 [ 536.412511] ? rcu_read_lock_sched_held+0x110/0x130 [ 536.417527] ? copy_mount_string+0x40/0x40 [ 536.421771] ? copy_mount_options+0x1fe/0x2f0 [ 536.426280] SyS_mount+0xab/0x120 [ 536.429721] ? copy_mnt_ns+0x8c0/0x8c0 [ 536.433660] do_syscall_64+0x1e8/0x640 [ 536.437553] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 536.442596] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 536.447783] RIP: 0033:0x45de0a [ 536.451067] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 536.458796] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 536.466164] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 536.473443] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 536.480716] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 536.487992] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000003f 02:48:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) 02:48:31 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r4}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x4, @local}, {0xa, 0x4e22, 0x0, @remote}, r4}}, 0x48) r5 = fcntl$dupfd(r2, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, 0x0, &(0x7f0000000300)) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:31 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/sysvipc/shm\x00', 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_G_EXT_CTRLS(r3, 0xc0205647, &(0x7f0000000240)={0x60000, 0xffff8000, 0x7e6b, 0xffffffffffffffff, 0x0, &(0x7f0000000200)={0x9a091d, 0x1, [], @p_u16=&(0x7f0000000180)=0x5}}) clock_gettime(0x0, &(0x7f0000000280)={0x0, 0x0}) ioctl$VIDIOC_QUERYBUF(r4, 0xc0585609, &(0x7f00000002c0)={0x5, 0xb, 0x4, 0x1000, 0x9, {r5, r6/1000+10000}, {0x4, 0x2, 0x20, 0x7b, 0x3, 0x49, "882156a4"}, 0x7fffffff, 0x1, @userptr=0x7, 0x7, 0x0, 0xffffffffffffffff}) ioctl$KVM_SIGNAL_MSI(r7, 0x4020aea5, &(0x7f0000000140)={0xd000, 0x3000, 0x9, 0x800, 0x5}) 02:48:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(0x0) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) 02:48:31 executing program 5 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 536.617562] BTRFS error (device loop4): superblock checksum mismatch 02:48:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(0x0) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) [ 536.704549] FAULT_INJECTION: forcing a failure. [ 536.704549] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 536.722606] BTRFS error (device loop4): open_ctree failed [ 536.759377] CPU: 0 PID: 30391 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 536.767508] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 536.776955] Call Trace: [ 536.779546] dump_stack+0x142/0x197 [ 536.783171] should_fail.cold+0x10f/0x159 [ 536.787332] ? __might_sleep+0x93/0xb0 [ 536.791220] __alloc_pages_nodemask+0x1d6/0x7a0 [ 536.795911] ? __alloc_pages_slowpath+0x2930/0x2930 [ 536.800950] ? lock_downgrade+0x740/0x740 [ 536.805106] alloc_pages_current+0xec/0x1e0 [ 536.809441] __page_cache_alloc+0x248/0x3e0 [ 536.813761] do_read_cache_page+0x6d5/0x1320 [ 536.818190] ? blkdev_writepages+0xd0/0xd0 [ 536.822440] ? find_get_pages_contig+0xcf0/0xcf0 [ 536.827312] ? blkdev_get+0xb0/0x8e0 [ 536.831029] ? dput.part.0+0x170/0x750 [ 536.834924] ? bd_may_claim+0xd0/0xd0 [ 536.838722] ? path_put+0x50/0x70 [ 536.842185] ? lookup_bdev.part.0+0xe1/0x160 [ 536.846598] read_cache_page_gfp+0x6e/0x90 [ 536.850854] btrfs_read_disk_super+0xdd/0x530 [ 536.855382] btrfs_scan_one_device+0xc6/0x4e0 [ 536.859874] ? device_list_add+0x8d0/0x8d0 [ 536.864128] ? __free_pages+0x54/0x90 [ 536.867919] ? free_pages+0x46/0x50 [ 536.871536] btrfs_mount+0x2e3/0x2b28 [ 536.875351] ? lock_downgrade+0x740/0x740 [ 536.879496] ? find_held_lock+0x35/0x130 [ 536.883575] ? pcpu_alloc+0x3af/0x1050 [ 536.887600] ? btrfs_remount+0x11f0/0x11f0 [ 536.891835] ? rcu_read_lock_sched_held+0x110/0x130 [ 536.896901] ? __lockdep_init_map+0x10c/0x570 [ 536.901397] mount_fs+0x97/0x2a1 [ 536.904757] vfs_kern_mount.part.0+0x5e/0x3d0 [ 536.909375] ? find_held_lock+0x35/0x130 [ 536.913470] vfs_kern_mount+0x40/0x60 [ 536.917269] btrfs_mount+0x3ce/0x2b28 [ 536.921066] ? lock_downgrade+0x740/0x740 [ 536.925242] ? find_held_lock+0x35/0x130 [ 536.929309] ? pcpu_alloc+0x3af/0x1050 [ 536.933238] ? btrfs_remount+0x11f0/0x11f0 [ 536.937481] ? rcu_read_lock_sched_held+0x110/0x130 [ 536.942500] ? __lockdep_init_map+0x10c/0x570 [ 536.947024] ? __lockdep_init_map+0x10c/0x570 [ 536.951531] mount_fs+0x97/0x2a1 [ 536.954896] vfs_kern_mount.part.0+0x5e/0x3d0 [ 536.959419] do_mount+0x417/0x27d0 [ 536.962954] ? retint_kernel+0x2d/0x2d [ 536.966836] ? copy_mount_string+0x40/0x40 [ 536.971063] ? copy_mount_options+0x195/0x2f0 [ 536.975566] ? copy_mount_options+0x1fe/0x2f0 [ 536.980060] SyS_mount+0xab/0x120 [ 536.983520] ? copy_mnt_ns+0x8c0/0x8c0 [ 536.987562] do_syscall_64+0x1e8/0x640 [ 536.991451] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 536.996317] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.001508] RIP: 0033:0x45de0a 02:48:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) [ 537.004704] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 537.012432] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 537.019704] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 537.026984] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 537.034261] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 537.041544] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000040 02:48:31 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(0x0) sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1, 0x301}, 0x14}}, 0x0) 02:48:31 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:31 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) 02:48:31 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$VT_GETSTATE(0xffffffffffffffff, 0x5603, &(0x7f0000000000)={0x40, 0x9, 0x7f}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:32 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) [ 537.362326] BTRFS error (device loop4): superblock checksum mismatch [ 537.440248] BTRFS error (device loop4): open_ctree failed 02:48:32 executing program 5 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 537.527347] FAULT_INJECTION: forcing a failure. [ 537.527347] name failslab, interval 1, probability 0, space 0, times 0 [ 537.538942] CPU: 1 PID: 30437 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 537.546839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 537.556342] Call Trace: [ 537.559035] dump_stack+0x142/0x197 [ 537.562747] should_fail.cold+0x10f/0x159 [ 537.567060] should_failslab+0xdb/0x130 [ 537.571033] kmem_cache_alloc+0x47/0x780 [ 537.575112] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 537.580740] __radix_tree_create+0x337/0x4d0 [ 537.585298] page_cache_tree_insert+0xa7/0x2d0 [ 537.589880] ? file_check_and_advance_wb_err+0x380/0x380 [ 537.595359] ? debug_smp_processor_id+0x1c/0x20 [ 537.600077] __add_to_page_cache_locked+0x2ab/0x8c0 [ 537.605090] ? find_lock_entry+0x4b0/0x4b0 [ 537.609336] add_to_page_cache_lru+0xf4/0x310 [ 537.613844] ? add_to_page_cache_locked+0x40/0x40 [ 537.618695] ? __page_cache_alloc+0xdd/0x3e0 [ 537.623484] do_read_cache_page+0x6fe/0x1320 [ 537.628020] ? blkdev_writepages+0xd0/0xd0 [ 537.632317] ? find_get_pages_contig+0xcf0/0xcf0 [ 537.637118] ? blkdev_get+0xb0/0x8e0 [ 537.640846] ? dput.part.0+0x170/0x750 [ 537.644749] ? bd_may_claim+0xd0/0xd0 [ 537.648630] ? path_put+0x50/0x70 [ 537.652080] ? lookup_bdev.part.0+0xe1/0x160 [ 537.656487] read_cache_page_gfp+0x6e/0x90 [ 537.660856] btrfs_read_disk_super+0xdd/0x530 [ 537.665353] btrfs_scan_one_device+0xc6/0x4e0 [ 537.669852] ? device_list_add+0x8d0/0x8d0 [ 537.674075] ? __free_pages+0x54/0x90 [ 537.677876] ? free_pages+0x46/0x50 [ 537.681504] btrfs_mount+0x2e3/0x2b28 [ 537.685294] ? lock_downgrade+0x740/0x740 [ 537.689453] ? find_held_lock+0x35/0x130 [ 537.693598] ? pcpu_alloc+0x3af/0x1050 [ 537.697490] ? btrfs_remount+0x11f0/0x11f0 [ 537.701779] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.706829] ? __lockdep_init_map+0x10c/0x570 [ 537.711331] mount_fs+0x97/0x2a1 [ 537.714704] vfs_kern_mount.part.0+0x5e/0x3d0 [ 537.719205] ? find_held_lock+0x35/0x130 [ 537.723270] vfs_kern_mount+0x40/0x60 [ 537.727176] btrfs_mount+0x3ce/0x2b28 [ 537.731049] ? lock_downgrade+0x740/0x740 [ 537.735197] ? find_held_lock+0x35/0x130 [ 537.739261] ? pcpu_alloc+0x3af/0x1050 [ 537.743167] ? btrfs_remount+0x11f0/0x11f0 [ 537.747505] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.752530] ? __lockdep_init_map+0x10c/0x570 [ 537.757981] ? __lockdep_init_map+0x10c/0x570 [ 537.762550] mount_fs+0x97/0x2a1 [ 537.765956] vfs_kern_mount.part.0+0x5e/0x3d0 [ 537.770460] do_mount+0x417/0x27d0 [ 537.774075] ? copy_mount_options+0x5c/0x2f0 [ 537.778473] ? rcu_read_lock_sched_held+0x110/0x130 [ 537.783510] ? copy_mount_string+0x40/0x40 [ 537.787821] ? copy_mount_options+0x1fe/0x2f0 [ 537.792528] SyS_mount+0xab/0x120 [ 537.796031] ? copy_mnt_ns+0x8c0/0x8c0 [ 537.800054] do_syscall_64+0x1e8/0x640 [ 537.804074] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 537.808924] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 537.814105] RIP: 0033:0x45de0a [ 537.817287] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 02:48:32 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) 02:48:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:32 executing program 3: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r0, 0x301}, 0x14}}, 0x0) 02:48:32 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f0000000000)='tls\x00', 0x4) r5 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:32 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = pkey_alloc(0x0, 0x2) pkey_mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x300000a, r0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r7, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r8 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r8, 0x107, 0x1, &(0x7f0000000280)={r7, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x20, 0x11, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r7}}, 0x20}}, 0x0) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000100)={r7, @multicast1, @rand_addr=0xfffffffe}, 0xc) msync(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x1) r9 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) write$vhost_msg_v2(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, {&(0x7f0000000300)=""/133, 0x85, &(0x7f0000000200)=""/102, 0x1, 0x2}}, 0x48) [ 537.824985] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 537.832316] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 537.839586] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 537.846934] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 537.854274] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000041 02:48:32 executing program 5 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 537.886454] print_req_error: I/O error, dev loop4, sector 128 02:48:32 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, 0x0, 0x0) [ 538.012388] FAULT_INJECTION: forcing a failure. [ 538.012388] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 538.015044] BTRFS error (device loop4): superblock checksum mismatch [ 538.025246] CPU: 0 PID: 30459 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 538.025254] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.025258] Call Trace: [ 538.025280] dump_stack+0x142/0x197 [ 538.025298] should_fail.cold+0x10f/0x159 [ 538.025313] __alloc_pages_nodemask+0x1d6/0x7a0 [ 538.025326] ? __alloc_pages_slowpath+0x2930/0x2930 [ 538.025348] cache_grow_begin+0x80/0x400 [ 538.025361] kmem_cache_alloc+0x6a6/0x780 [ 538.077342] getname_kernel+0x53/0x350 [ 538.081252] kern_path+0x20/0x40 [ 538.084631] lookup_bdev.part.0+0x63/0x160 [ 538.088684] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 538.088872] ? blkdev_open+0x260/0x260 [ 538.101871] ? free_hot_cold_page+0x763/0xca0 [ 538.106390] blkdev_get_by_path+0x76/0xf0 [ 538.110654] btrfs_scan_one_device+0x97/0x4e0 [ 538.115169] ? device_list_add+0x8d0/0x8d0 [ 538.119585] ? __free_pages+0x54/0x90 [ 538.123396] ? free_pages+0x46/0x50 [ 538.127124] btrfs_mount+0x2e3/0x2b28 [ 538.130946] ? lock_downgrade+0x740/0x740 [ 538.135114] ? find_held_lock+0x35/0x130 [ 538.139188] ? pcpu_alloc+0x3af/0x1050 [ 538.143091] ? btrfs_remount+0x11f0/0x11f0 [ 538.147340] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.149137] device veth13 entered promiscuous mode [ 538.152517] ? __lockdep_init_map+0x10c/0x570 [ 538.152537] mount_fs+0x97/0x2a1 [ 538.152550] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.152564] ? find_held_lock+0x35/0x130 [ 538.173920] vfs_kern_mount+0x40/0x60 [ 538.177763] btrfs_mount+0x3ce/0x2b28 [ 538.181570] ? lock_downgrade+0x740/0x740 [ 538.186166] ? find_held_lock+0x35/0x130 [ 538.190241] ? pcpu_alloc+0x3af/0x1050 [ 538.194146] ? btrfs_remount+0x11f0/0x11f0 [ 538.198432] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.203506] ? __lockdep_init_map+0x10c/0x570 [ 538.208040] ? __lockdep_init_map+0x10c/0x570 02:48:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, 0x0, 0x0) 02:48:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, 0x0, 0x0) 02:48:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 02:48:32 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) [ 538.212560] mount_fs+0x97/0x2a1 [ 538.215937] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.220567] do_mount+0x417/0x27d0 [ 538.224131] ? copy_mount_options+0x5c/0x2f0 [ 538.228688] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.233961] ? copy_mount_string+0x40/0x40 [ 538.238304] ? copy_mount_options+0x1fe/0x2f0 [ 538.242889] SyS_mount+0xab/0x120 [ 538.246468] ? copy_mnt_ns+0x8c0/0x8c0 [ 538.250383] do_syscall_64+0x1e8/0x640 [ 538.254297] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.259244] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 538.264442] RIP: 0033:0x45de0a [ 538.267639] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 538.275536] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 538.282817] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 538.290086] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 538.297358] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 538.304653] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000042 [ 538.320825] device veth13 left promiscuous mode [ 538.400249] BTRFS error (device loop4): open_ctree failed [ 538.481494] BTRFS error (device loop4): superblock checksum mismatch [ 538.530540] BTRFS error (device loop4): open_ctree failed [ 538.567280] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 538.586297] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=224 sclass=netlink_route_socket pig=30452 comm=syz-executor.4 02:48:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) 02:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) 02:48:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x40000) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) keyctl$session_to_parent(0x12) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) connect$llc(r5, &(0x7f0000000000)={0x1a, 0x324, 0x5, 0x0, 0xff, 0x0, @local}, 0x10) 02:48:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x1c, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:33 executing program 5 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:33 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setxattr$trusted_overlay_nlink(&(0x7f0000000500)='./file0\x00', &(0x7f0000000540)='trusted.overlay.nlink\x00', &(0x7f0000000580)={'U-'}, 0x16, 0x3) ioctl$UI_SET_LEDBIT(r1, 0x40045569, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) r7 = fcntl$dupfd(r6, 0x0, r6) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) r9 = fcntl$dupfd(r8, 0x0, r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) r10 = socket$netlink(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000000)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)={0x14, r11, 0xb03, 0x0, 0x0, {0x13}}, 0x14}}, 0x0) sendmsg$TIPC_NL_NET_SET(r9, &(0x7f00000004c0)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000480)={&(0x7f0000000240)={0x21c, r11, 0x800, 0x70bd2c, 0x25dfdbfd, {}, [@TIPC_NLA_MEDIA={0x64, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}]}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffff142}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x2}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}]}, @TIPC_NLA_PUBL={0x2c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0xffff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x55}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x7}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0x40, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_PROP={0xc, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz0\x00'}]}, @TIPC_NLA_PUBL={0x34, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xe0}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x40}]}, @TIPC_NLA_BEARER={0x3c, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x38, 0x4, {{0x20, 0x1, @in6={0xa, 0x4e24, 0x351ddc91, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x2}}, {0x14, 0x2, @in={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x1, 0x0}}}}}]}, @TIPC_NLA_MEDIA={0xb0, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x47b}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x17}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x34, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x20}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x15}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}, @TIPC_NLA_NODE={0x18, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x20}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xafd}]}]}, 0x21c}, 0x1, 0x0, 0x0, 0x180}, 0xc090) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r12 = accept4$rose(r7, &(0x7f0000000100)=@full={0xb, @remote, @rose, 0x0, [@rose, @remote, @null, @default, @netrom, @bcast]}, &(0x7f0000000200)=0x40, 0x80800) setsockopt$sock_timeval(r12, 0x1, 0x42, &(0x7f0000000180)={0x0, 0x2710}, 0x10) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 538.768256] FAULT_INJECTION: forcing a failure. [ 538.768256] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 538.780238] CPU: 1 PID: 30495 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 538.788137] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 538.797908] Call Trace: [ 538.800523] dump_stack+0x142/0x197 [ 538.804466] should_fail.cold+0x10f/0x159 [ 538.808637] __alloc_pages_nodemask+0x1d6/0x7a0 [ 538.813330] ? __alloc_pages_slowpath+0x2930/0x2930 02:48:33 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000000)={[0x101]}, 0x8, 0x80400) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) [ 538.818368] cache_grow_begin+0x80/0x400 [ 538.822581] kmem_cache_alloc+0x6a6/0x780 [ 538.826763] ? _raw_spin_unlock_irqrestore+0x6b/0xe0 [ 538.831892] getname_kernel+0x53/0x350 [ 538.835910] kern_path+0x20/0x40 [ 538.839303] lookup_bdev.part.0+0x63/0x160 [ 538.843552] ? blkdev_open+0x260/0x260 [ 538.847454] ? free_hot_cold_page+0x763/0xca0 [ 538.851974] blkdev_get_by_path+0x76/0xf0 [ 538.856168] btrfs_scan_one_device+0x97/0x4e0 [ 538.860683] ? device_list_add+0x8d0/0x8d0 [ 538.865027] ? __free_pages+0x54/0x90 02:48:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) [ 538.868840] ? free_pages+0x46/0x50 [ 538.872480] btrfs_mount+0x2e3/0x2b28 [ 538.876289] ? lock_downgrade+0x740/0x740 [ 538.880445] ? find_held_lock+0x35/0x130 [ 538.884519] ? pcpu_alloc+0x3af/0x1050 [ 538.888424] ? btrfs_remount+0x11f0/0x11f0 [ 538.892810] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.897893] ? __lockdep_init_map+0x10c/0x570 [ 538.902408] mount_fs+0x97/0x2a1 [ 538.905794] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.910301] ? find_held_lock+0x35/0x130 [ 538.914406] vfs_kern_mount+0x40/0x60 [ 538.918241] btrfs_mount+0x3ce/0x2b28 [ 538.922056] ? lock_downgrade+0x740/0x740 [ 538.926214] ? find_held_lock+0x35/0x130 [ 538.930306] ? pcpu_alloc+0x3af/0x1050 [ 538.934220] ? btrfs_remount+0x11f0/0x11f0 [ 538.938639] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.943715] ? __lockdep_init_map+0x10c/0x570 [ 538.948245] ? __lockdep_init_map+0x10c/0x570 [ 538.952762] mount_fs+0x97/0x2a1 [ 538.956153] vfs_kern_mount.part.0+0x5e/0x3d0 [ 538.960666] do_mount+0x417/0x27d0 [ 538.964344] ? copy_mount_options+0x5c/0x2f0 [ 538.968772] ? rcu_read_lock_sched_held+0x110/0x130 [ 538.974073] ? copy_mount_string+0x40/0x40 [ 538.978332] ? copy_mount_options+0x1fe/0x2f0 [ 538.983113] SyS_mount+0xab/0x120 [ 538.986588] ? copy_mnt_ns+0x8c0/0x8c0 [ 538.990489] do_syscall_64+0x1e8/0x640 [ 538.994403] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 538.999522] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 539.004724] RIP: 0033:0x45de0a [ 539.007920] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 02:48:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) [ 539.015737] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 539.023039] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 539.030390] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 539.037681] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 539.044984] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000043 02:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 02:48:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={0x0}}, 0x0) 02:48:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 539.162214] BTRFS error (device loop4): superblock checksum mismatch 02:48:33 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:33 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 02:48:33 executing program 5 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 539.251346] BTRFS error (device loop4): open_ctree failed [ 539.361010] BTRFS error (device loop4): superblock checksum mismatch [ 539.386373] FAULT_INJECTION: forcing a failure. [ 539.386373] name failslab, interval 1, probability 0, space 0, times 0 [ 539.418197] CPU: 1 PID: 30541 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 539.426127] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 539.435603] Call Trace: [ 539.438204] dump_stack+0x142/0x197 [ 539.441863] should_fail.cold+0x10f/0x159 [ 539.446027] should_failslab+0xdb/0x130 [ 539.450019] kmem_cache_alloc+0x2d7/0x780 [ 539.454181] ? delete_node+0x1fb/0x690 [ 539.458083] ? save_trace+0x290/0x290 [ 539.461893] alloc_buffer_head+0x24/0xe0 [ 539.465972] alloc_page_buffers+0xb7/0x200 [ 539.470228] create_empty_buffers+0x39/0x480 [ 539.474642] ? __lock_is_held+0xb6/0x140 [ 539.478843] ? check_preemption_disabled+0x3c/0x250 [ 539.483982] create_page_buffers+0x153/0x1c0 [ 539.488417] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 539.493875] block_read_full_page+0xcd/0x960 [ 539.498404] ? set_init_blocksize+0x210/0x210 [ 539.502906] ? __lru_cache_add+0x18a/0x250 [ 539.507144] ? __bread_gfp+0x290/0x290 [ 539.511043] ? add_to_page_cache_lru+0x159/0x310 [ 539.515895] ? add_to_page_cache_locked+0x40/0x40 [ 539.520928] blkdev_readpage+0x1d/0x30 [ 539.524821] do_read_cache_page+0x721/0x1320 [ 539.529226] ? blkdev_writepages+0xd0/0xd0 [ 539.533475] ? find_get_pages_contig+0xcf0/0xcf0 [ 539.538427] ? blkdev_get+0xb0/0x8e0 [ 539.542144] ? dput.part.0+0x170/0x750 [ 539.546044] ? bd_may_claim+0xd0/0xd0 [ 539.549852] ? path_put+0x50/0x70 [ 539.553326] ? lookup_bdev.part.0+0xe1/0x160 [ 539.557850] read_cache_page_gfp+0x6e/0x90 [ 539.562105] btrfs_read_disk_super+0xdd/0x530 [ 539.566660] btrfs_scan_one_device+0xc6/0x4e0 [ 539.571164] ? device_list_add+0x8d0/0x8d0 [ 539.575404] ? __free_pages+0x54/0x90 [ 539.579217] ? free_pages+0x46/0x50 [ 539.582863] btrfs_mount+0x2e3/0x2b28 [ 539.586675] ? lock_downgrade+0x740/0x740 [ 539.590832] ? find_held_lock+0x35/0x130 [ 539.594905] ? pcpu_alloc+0x3af/0x1050 [ 539.598814] ? btrfs_remount+0x11f0/0x11f0 [ 539.603261] ? rcu_read_lock_sched_held+0x110/0x130 [ 539.608301] ? __lockdep_init_map+0x10c/0x570 [ 539.612915] mount_fs+0x97/0x2a1 [ 539.616266] vfs_kern_mount.part.0+0x5e/0x3d0 [ 539.620760] ? find_held_lock+0x35/0x130 [ 539.624851] vfs_kern_mount+0x40/0x60 [ 539.628675] btrfs_mount+0x3ce/0x2b28 [ 539.632492] ? lock_downgrade+0x740/0x740 [ 539.636636] ? find_held_lock+0x35/0x130 [ 539.640725] ? pcpu_alloc+0x3af/0x1050 [ 539.644612] ? btrfs_remount+0x11f0/0x11f0 [ 539.648857] ? rcu_read_lock_sched_held+0x110/0x130 [ 539.653880] ? __lockdep_init_map+0x10c/0x570 [ 539.658362] ? __lockdep_init_map+0x10c/0x570 [ 539.662860] mount_fs+0x97/0x2a1 [ 539.666223] vfs_kern_mount.part.0+0x5e/0x3d0 [ 539.670701] do_mount+0x417/0x27d0 [ 539.674222] ? retint_kernel+0x2d/0x2d [ 539.678092] ? copy_mount_string+0x40/0x40 [ 539.682320] ? copy_mount_options+0x17c/0x2f0 [ 539.686817] ? copy_mount_options+0x1fe/0x2f0 [ 539.691400] SyS_mount+0xab/0x120 [ 539.694837] ? copy_mnt_ns+0x8c0/0x8c0 [ 539.698722] do_syscall_64+0x1e8/0x640 [ 539.702608] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 539.707562] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 539.712740] RIP: 0033:0x45de0a [ 539.715924] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 539.723621] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 539.730889] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 539.738270] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 539.745529] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 539.752858] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000044 [ 539.760875] BTRFS error (device loop4): open_ctree failed 02:48:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) 02:48:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000002700)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000000)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, 0x80, &(0x7f0000002900)=[{&(0x7f0000000080)=""/99, 0x63}, {&(0x7f00000001c0)=""/229, 0xe5}, {&(0x7f00000002c0)=""/72, 0x48}, {&(0x7f0000000100)=""/14, 0xe}, {&(0x7f0000000340)=""/245, 0xf5}, {&(0x7f0000000440)=""/43, 0x2b}], 0x6}, 0x80000001}, {{&(0x7f0000000500)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000b80)=[{&(0x7f0000000580)=""/180, 0xb4}, {&(0x7f0000000640)=""/9, 0x9}, {&(0x7f0000000680)=""/232, 0xe8}, {&(0x7f0000000780)=""/78, 0x4e}, {&(0x7f0000000800)=""/217, 0xd9}, {&(0x7f0000000900)=""/35, 0x23}, {&(0x7f0000000940)=""/29, 0x1d}, {&(0x7f0000000980)=""/248, 0xf8}, {&(0x7f0000000a80)=""/209, 0xd1}], 0x9, &(0x7f0000000c40)=""/179, 0xb3}, 0xc56}, {{&(0x7f0000000d00)=@xdp, 0x80, &(0x7f0000001380)=[{&(0x7f0000000d80)=""/15, 0xf}, {&(0x7f0000000dc0)=""/205, 0xcd}, {&(0x7f0000000ec0)}, {&(0x7f0000000f00)=""/255, 0xff}, {&(0x7f0000001000)=""/234, 0xea}, {&(0x7f0000001100)=""/24, 0x18}, {&(0x7f0000001140)=""/225, 0xe1}, {&(0x7f0000001240)}, {&(0x7f0000001280)=""/61, 0x3d}, {&(0x7f00000012c0)=""/156, 0x9c}], 0xa, &(0x7f0000002880)=""/112, 0x70}, 0x8001}, {{0x0, 0x0, &(0x7f0000001540)=[{&(0x7f00000014c0)=""/122, 0x7a}], 0x1}, 0xae}, {{&(0x7f0000001580)=@hci, 0x80, &(0x7f0000002680)=[{&(0x7f0000001600)=""/40, 0x28}, {&(0x7f0000001640)=""/4087, 0xff7}, {&(0x7f0000002640)=""/47, 0x2f}], 0x3, &(0x7f00000026c0)=""/52, 0x34}, 0x7}], 0x6, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000480)='/dev/vsock\x00', 0x101001, 0x0) ioctl$VIDIOC_S_PRIORITY(r3, 0x40045644, 0x2) r4 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:48:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x0, &(0x7f0000000100)={@remote, r2}, 0x14) 02:48:34 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x7, &(0x7f0000000500)=[{&(0x7f0000000100)="5841479a4d6cde13f974c6511ea28aa22762cef3d5a785", 0x17, 0x3}, {&(0x7f0000000200)="5175673542f68f72a2c9e953b0b07e04ffa65e69bedc00d6bdf395171561f1337dd3907e87e32c9a16b2d26bd40bde9f5a0c6e5511adc362e60cdbd830af31d41b424c686c823bbc1b07d03c6838f641a67be72d91677e85f9420ce845430c2243a3bf19c6abd356b5e14183495e1b3e973c675f2e29b5e4ec5425ee94c1b5ad3e8eefc0676e352338fb20752f82584b17caba1d41f3", 0x96, 0xfffffffffffffffe}, {&(0x7f0000000140)="982e3ce8e847c9e41d184a2145461c9f78db72270685d1e8662dc146be4d98c69909a3846e898b4ebf939afa448962eaf12565f05513246344af97334921f52228769c5dcad7059538d8b4504b3a98a0a23d08938395fd94bd82b668b1", 0x5d, 0xfffffffffffffffa}, {&(0x7f00000002c0)="692bc272b2ba5ea1ba62471aac9e5cc11b64fd", 0x13, 0x8}, {&(0x7f0000000300)="798fd01c4e3fb8cc96aa15d6fbcc222d0b7a0e98b829a0fb360e70384ffd9edac1559f27c442a88c7ba932677dd445fdfc48a37f4d3bd6fa69a2d69abac279f96abe9f4f47262d8784a6b73a1a1f18e5ead7d1359e8827f95895c399c1e21d51a1d0cb16", 0x64, 0x7ff}, {&(0x7f0000000380)="c7cae701171f11c242167dbe26ac231bca9c800978650f6c4f532e7a5f43d4676a8def39e8aa82fd5249bd9cc6bef6afb9ab3bae58d69a3211f764ef1a6e53f13211b7be1d43595d6e1cf7279aa7947838437977524adb09820898884fbf6a0bb32e86c197", 0x65, 0x4}, {&(0x7f0000000400)="59d2b7d90b05784cc20490a17ac37500058f74514f72457ea370c20da005074cdbad85e5c93d6b426a6abfc28bd016d4079d89acb2e2b1b6b22bce095500b74ee4336c478b807a51300126f0f9703a48a2ec8331c4c3f0f963df424e27119c61222e00cc875e653d929918e7827ecd89dc45a0840e722a776fbe45adb1e409885a63abcf313579d61d55a4c61d100a26f3ab766c2cb6282f412ad7850594bb849a40adbe3df77918d633625d2aae99b87b41b3f35732d4774b1fe1f69ae1bbadff5885e050b0d1fb5b2c4d421619", 0xce, 0x9}], 0x708821, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r4, 0x0, r4) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f00000005c0)=@raw={'raw\x00', 0x9, 0x3, 0x430, 0x0, 0x0, 0x248, 0x0, 0x248, 0x360, 0x360, 0x360, 0x360, 0x360, 0x3, &(0x7f0000000080), {[{{@uncond, 0x0, 0x1e0, 0x248, 0x0, {}, [@common=@rt={{0x138, 'rt\x00'}, {0x4, [0x3, 0x5], 0x4e, 0x4, 0x7, [@dev={0xfe, 0x80, [], 0x29}, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @initdev={0xac, 0x1e, 0x0, 0x0}}, @remote, @dev={0xfe, 0x80, [], 0x42}, @mcast1, @mcast2, @mcast2, @empty, @mcast2, @rand_addr="492e048fbea21fd20d487cfdfb02d90c", @mcast2, @loopback, @mcast2, @dev={0xfe, 0x80, [], 0x28}, @local], 0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x8, 0x4, 0xc50c, '\x00', 'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28, 'rpfilter\x00'}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x8, 'syz0\x00', {0x7}}}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x490) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r3, 0x10e, 0x2, &(0x7f0000000040)=0x7, 0x4) 02:48:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, 0x0, 0x301}, 0x14}}, 0x0) [ 539.889488] Unknown ioctl 1074026052 02:48:34 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, 0x0, 0x0) 02:48:34 executing program 5 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 539.939589] Unknown ioctl 1074026052 02:48:34 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$inet(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10, &(0x7f0000000080)}, 0x20040000) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r3, 0x84, 0xb, &(0x7f0000000000)={0x81, 0x73, 0x5, 0xff, 0x0, 0x1, 0x3, 0x1, 0x3, 0x5c, 0xf9, 0x81, 0x83, 0xff}, 0xe) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:34 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1}, 0x14}}, 0x0) [ 540.077703] FAULT_INJECTION: forcing a failure. [ 540.077703] name failslab, interval 1, probability 0, space 0, times 0 [ 540.089046] CPU: 1 PID: 30579 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 540.096937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.106306] Call Trace: [ 540.108918] dump_stack+0x142/0x197 [ 540.112575] should_fail.cold+0x10f/0x159 [ 540.116743] should_failslab+0xdb/0x130 [ 540.120759] kmem_cache_alloc+0x47/0x780 [ 540.124849] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 540.130486] __radix_tree_create+0x337/0x4d0 [ 540.134920] page_cache_tree_insert+0xa7/0x2d0 [ 540.139510] ? file_check_and_advance_wb_err+0x380/0x380 [ 540.144956] ? debug_smp_processor_id+0x1c/0x20 [ 540.150095] __add_to_page_cache_locked+0x2ab/0x8c0 [ 540.155109] ? find_lock_entry+0x4b0/0x4b0 [ 540.159350] add_to_page_cache_lru+0xf4/0x310 [ 540.163850] ? add_to_page_cache_locked+0x40/0x40 [ 540.168752] ? __page_cache_alloc+0xdd/0x3e0 [ 540.173171] do_read_cache_page+0x6fe/0x1320 [ 540.177588] ? blkdev_writepages+0xd0/0xd0 [ 540.181930] ? find_get_pages_contig+0xcf0/0xcf0 [ 540.186676] ? blkdev_get+0xb0/0x8e0 [ 540.190502] ? dput.part.0+0x170/0x750 [ 540.194410] ? bd_may_claim+0xd0/0xd0 [ 540.198335] ? path_put+0x50/0x70 [ 540.201790] ? lookup_bdev.part.0+0xe1/0x160 [ 540.206206] read_cache_page_gfp+0x6e/0x90 [ 540.210436] btrfs_read_disk_super+0xdd/0x530 [ 540.214948] btrfs_scan_one_device+0xc6/0x4e0 [ 540.219441] ? device_list_add+0x8d0/0x8d0 [ 540.223703] ? __free_pages+0x54/0x90 [ 540.227491] ? free_pages+0x46/0x50 [ 540.231113] btrfs_mount+0x2e3/0x2b28 [ 540.234922] ? lock_downgrade+0x740/0x740 [ 540.239091] ? find_held_lock+0x35/0x130 [ 540.243321] ? pcpu_alloc+0x3af/0x1050 [ 540.247355] ? btrfs_remount+0x11f0/0x11f0 [ 540.251607] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.256628] ? __lockdep_init_map+0x10c/0x570 [ 540.261119] mount_fs+0x97/0x2a1 [ 540.264484] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.269027] ? find_held_lock+0x35/0x130 [ 540.273090] vfs_kern_mount+0x40/0x60 [ 540.276898] btrfs_mount+0x3ce/0x2b28 [ 540.280749] ? lock_downgrade+0x740/0x740 [ 540.284900] ? find_held_lock+0x35/0x130 [ 540.288974] ? pcpu_alloc+0x3af/0x1050 [ 540.293850] ? btrfs_remount+0x11f0/0x11f0 [ 540.298079] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.303117] ? __lockdep_init_map+0x10c/0x570 [ 540.307635] ? __lockdep_init_map+0x10c/0x570 [ 540.312130] mount_fs+0x97/0x2a1 [ 540.315495] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.319979] do_mount+0x417/0x27d0 [ 540.323517] ? copy_mount_options+0x5c/0x2f0 [ 540.327910] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.332915] ? copy_mount_string+0x40/0x40 [ 540.337145] ? copy_mount_options+0x1fe/0x2f0 [ 540.341634] SyS_mount+0xab/0x120 [ 540.345070] ? copy_mnt_ns+0x8c0/0x8c0 [ 540.348943] do_syscall_64+0x1e8/0x640 [ 540.352816] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.357667] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.362840] RIP: 0033:0x45de0a [ 540.366016] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 02:48:35 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x8) 02:48:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = openat$selinux_commit_pending_bools(0xffffffffffffff9c, &(0x7f0000000140)='/selinux/commit_pending_bools\x00', 0x1, 0x0) ioctl$USBDEVFS_DISCARDURB(r1, 0x550b, &(0x7f0000000180)=0x6) bind$alg(0xffffffffffffffff, &(0x7f0000002900)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_sha1\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000009fc0)=[{{0x0, 0x0, &(0x7f0000002640)=[{&(0x7f0000000000)=""/213, 0xd5}, {&(0x7f00000001c0)=""/193, 0xc1}, {&(0x7f00000002c0)=""/113, 0x71}, {&(0x7f0000000340)=""/4096, 0x1000}, {&(0x7f0000001340)=""/235, 0xeb}, {&(0x7f0000001440)=""/227, 0xe3}, {&(0x7f0000001540)=""/4096, 0x1000}, {&(0x7f0000003380)=""/4096, 0x1000}, {&(0x7f0000002540)=""/215, 0xd7}, {&(0x7f0000004380)=""/4096, 0x1000}], 0xa, &(0x7f0000002700)=""/233, 0xe9}, 0xffffff9e}, {{&(0x7f0000002800)=@nfc_llcp, 0x80, &(0x7f0000002980)=[{&(0x7f0000000100)=""/30, 0x1e}, {&(0x7f0000002880)=""/14, 0xe}, {&(0x7f000000a180)=""/138, 0x8a}, {&(0x7f0000005380)=""/4096, 0x1000}], 0x4, &(0x7f00000029c0)=""/166, 0xa6}, 0x9}, {{&(0x7f0000002a80)=@in6={0xa, 0x0, 0x0, @mcast2}, 0x80, &(0x7f0000003040)=[{&(0x7f0000002b00)=""/210, 0xd2}, {&(0x7f0000002c00)}, {&(0x7f0000002c40)=""/252, 0xfc}, {&(0x7f0000002d40)=""/8, 0x8}, {&(0x7f0000002d80)=""/115, 0x73}, {&(0x7f0000002e00)=""/17, 0x11}, {&(0x7f0000002e40)=""/242, 0xf2}, {&(0x7f0000002f40)=""/52, 0x34}, {&(0x7f0000002f80)=""/141, 0x8d}, {&(0x7f0000006380)=""/4096, 0x1000}], 0xa, &(0x7f00000028c0)=""/4, 0x4}, 0x40}, {{0x0, 0x0, &(0x7f0000003300)=[{&(0x7f0000003140)=""/56, 0x38}, {&(0x7f0000003180)=""/220, 0xdc}, {&(0x7f0000003280)=""/96, 0x60}, {&(0x7f0000007380)=""/147, 0x93}], 0x4}, 0x7}, {{&(0x7f0000007440)=@l2tp6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000007800)=[{&(0x7f00000074c0)=""/252, 0xfc}, {&(0x7f00000075c0)=""/35, 0x23}, {&(0x7f0000007600)=""/171, 0xab}, {&(0x7f000000a240)=""/102400, 0x19000}, {&(0x7f0000007700)=""/157, 0x9d}, {&(0x7f00000077c0)=""/35, 0x23}], 0x6}, 0x200}, {{&(0x7f0000007880)=@hci, 0x80, &(0x7f0000009c80)=[{&(0x7f0000007900)=""/252, 0xfc}, {&(0x7f0000007a00)=""/112, 0x70}, {&(0x7f0000007a80)=""/228, 0xe4}, {&(0x7f0000007b80)=""/4096, 0x1000}, {&(0x7f0000023240)=""/177, 0xb1}, {&(0x7f0000008c40)=""/26, 0x1a}, {&(0x7f0000008c80)=""/4096, 0x1000}], 0x7, &(0x7f0000009d00)=""/172, 0xac}, 0xffff8001}, {{&(0x7f0000009dc0)=@vsock={0x28, 0x0, 0x0, @my}, 0x80, &(0x7f0000009e80)=[{&(0x7f0000009e40)=""/28, 0x1c}], 0x1, &(0x7f0000009ec0)=""/244, 0xf4}, 0x1c000000}], 0x7, 0x21, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, 0x0, 0x0) [ 540.373946] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 540.381390] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 540.388653] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 540.395911] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 540.404123] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000045 02:48:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1}, 0x14}}, 0x0) [ 540.459498] BTRFS error (device loop4): superblock checksum mismatch 02:48:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'xts-aes-ce\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = accept4$unix(r1, &(0x7f00000000c0)=@abs, &(0x7f0000000140)=0x6e, 0x80800) ioctl$SG_SET_KEEP_ORPHAN(r2, 0x2287, &(0x7f0000000240)=0x9) accept4$unix(r3, 0x0, &(0x7f0000000180), 0x80000) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='net/netstat\x00') ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r4, 0xc0045540, &(0x7f0000000200)=0x5) r5 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) r6 = fcntl$dupfd(r5, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 02:48:35 executing program 5 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:35 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000180)='l2tp\x00') sendmsg$L2TP_CMD_SESSION_GET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)={0x14, r1}, 0x14}}, 0x0) [ 540.553168] BTRFS error (device loop4): open_ctree failed 02:48:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, 0x0, 0x0) [ 540.687886] BTRFS error (device loop4): superblock checksum mismatch [ 540.688066] FAULT_INJECTION: forcing a failure. [ 540.688066] name failslab, interval 1, probability 0, space 0, times 0 [ 540.705628] CPU: 0 PID: 30621 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 540.713516] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 540.722876] Call Trace: [ 540.725476] dump_stack+0x142/0x197 [ 540.729586] should_fail.cold+0x10f/0x159 [ 540.733751] should_failslab+0xdb/0x130 [ 540.737746] kmem_cache_alloc+0x47/0x780 [ 540.741851] radix_tree_node_alloc.constprop.0+0x1c7/0x310 [ 540.747489] __radix_tree_create+0x337/0x4d0 [ 540.751914] page_cache_tree_insert+0xa7/0x2d0 [ 540.756511] ? file_check_and_advance_wb_err+0x380/0x380 [ 540.761963] ? debug_smp_processor_id+0x1c/0x20 [ 540.766644] __add_to_page_cache_locked+0x2ab/0x8c0 [ 540.771670] ? find_lock_entry+0x4b0/0x4b0 [ 540.775914] add_to_page_cache_lru+0xf4/0x310 [ 540.780413] ? add_to_page_cache_locked+0x40/0x40 [ 540.785260] ? __page_cache_alloc+0xdd/0x3e0 [ 540.789681] do_read_cache_page+0x6fe/0x1320 [ 540.794108] ? blkdev_writepages+0xd0/0xd0 [ 540.798463] ? find_get_pages_contig+0xcf0/0xcf0 [ 540.803235] ? blkdev_get+0xb0/0x8e0 [ 540.807827] ? dput.part.0+0x170/0x750 [ 540.811718] ? bd_may_claim+0xd0/0xd0 [ 540.815536] ? path_put+0x50/0x70 [ 540.819024] ? lookup_bdev.part.0+0xe1/0x160 [ 540.823455] read_cache_page_gfp+0x6e/0x90 [ 540.827694] btrfs_read_disk_super+0xdd/0x530 [ 540.832194] btrfs_scan_one_device+0xc6/0x4e0 [ 540.836702] ? device_list_add+0x8d0/0x8d0 [ 540.840951] ? __free_pages+0x54/0x90 [ 540.844752] ? free_pages+0x46/0x50 [ 540.848395] btrfs_mount+0x2e3/0x2b28 [ 540.852221] ? lock_downgrade+0x740/0x740 [ 540.856381] ? find_held_lock+0x35/0x130 [ 540.860448] ? pcpu_alloc+0x3af/0x1050 [ 540.864358] ? btrfs_remount+0x11f0/0x11f0 [ 540.868767] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.873891] ? __lockdep_init_map+0x10c/0x570 [ 540.878420] mount_fs+0x97/0x2a1 [ 540.881802] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.886307] ? find_held_lock+0x35/0x130 [ 540.890389] vfs_kern_mount+0x40/0x60 [ 540.894199] btrfs_mount+0x3ce/0x2b28 [ 540.898015] ? lock_downgrade+0x740/0x740 [ 540.902189] ? find_held_lock+0x35/0x130 [ 540.906278] ? pcpu_alloc+0x3af/0x1050 [ 540.910184] ? btrfs_remount+0x11f0/0x11f0 [ 540.914448] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.919492] ? __lockdep_init_map+0x10c/0x570 [ 540.924010] ? __lockdep_init_map+0x10c/0x570 [ 540.928527] mount_fs+0x97/0x2a1 [ 540.931990] vfs_kern_mount.part.0+0x5e/0x3d0 [ 540.936502] do_mount+0x417/0x27d0 [ 540.940052] ? copy_mount_options+0x5c/0x2f0 [ 540.944555] ? rcu_read_lock_sched_held+0x110/0x130 [ 540.949585] ? copy_mount_string+0x40/0x40 [ 540.953832] ? copy_mount_options+0x1fe/0x2f0 [ 540.958330] SyS_mount+0xab/0x120 [ 540.961790] ? copy_mnt_ns+0x8c0/0x8c0 [ 540.965679] do_syscall_64+0x1e8/0x640 [ 540.969568] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 540.974416] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 540.979707] RIP: 0033:0x45de0a 02:48:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:35 executing program 3: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000100)="660f382b1a0f01df0f300f32d9e90f79d16665676426f7c5000000000f22fd4545ef1e03e5", 0x25}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0xffffffffffffffff, 0x0, 0x40000000, 0x0, 0x0, 0x0, 0x4cb], 0x10000}) openat$vcsa(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vcsa\x00', 0x0, 0x0) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000000)={0x4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 540.982911] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 540.990643] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 540.997913] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 541.005413] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 541.013823] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 541.021107] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000046 02:48:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) [ 541.170413] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000042 data 0xffff0000 [ 541.184910] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000025 data 0xffff0000 [ 541.194698] BTRFS error (device loop4): open_ctree failed [ 541.201118] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000067 data 0xffff0000 [ 541.211208] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000008 data 0xffff0000 02:48:35 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205647, &(0x7f0000000180)={0x980000, 0x401, 0x7, r1, 0x0, &(0x7f0000000140)={0x9a0906, 0x3, [], @p_u8=&(0x7f0000000100)=0x3}}) getsockopt$bt_rfcomm_RFCOMM_CONNINFO(r2, 0x12, 0x2, &(0x7f0000000200)=""/219, &(0x7f0000000300)=0xdb) r3 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:35 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000000)='/selinux/status\x00', 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x7) 02:48:35 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:35 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) 02:48:35 executing program 5 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 541.221050] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000004a data 0xffff0000 [ 541.232841] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000008c data 0xffff0000 [ 541.250138] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000002d data 0xffff0000 02:48:36 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000300)=0x14) setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f0000000100)={@remote}, 0x14) [ 541.316380] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x4000006f data 0xffff0000 [ 541.366839] BTRFS error (device loop4): superblock checksum mismatch [ 541.395324] FAULT_INJECTION: forcing a failure. [ 541.395324] name failslab, interval 1, probability 0, space 0, times 0 [ 541.417579] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000052 data 0xffff0000 02:48:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:36 executing program 0: creat(0x0, 0x0) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setsockopt$IPT_SO_SET_REPLACE(r1, 0x8000000000000, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x2, 0x3, 0x358, 0x1f0, 0x0, 0x0, 0x0, 0x0, 0x2c0, 0x2c0, 0x2c0, 0x2c0, 0x2c0, 0x3, 0x0, {[{{@ip={@broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'ip6gretap0\x00'}, 0x0, 0x190, 0x1f0, 0x0, {}, [@common=@inet=@recent0={{0xf8, 'recent\x00'}, {0x0, 0x0, 0x1, 0x0, 'syz1\x00'}}, @inet=@rpfilter={{0x28, 'rpfilter\x00'}}]}, @common=@SET={0x60, 'SET\x00'}}, {{@ip={@empty, @multicast1, 0x0, 0x0, 'ip6erspan0\x00', 'macvlan1\x00'}, 0x0, 0x70, 0xd0}, @common=@CLUSTERIP={0x60, 'CLUSTERIP\x00', 0x0, {0x0, @remote}}}], {{[], 0x0, 0x70, 0x98}, {0x28}}}}, 0x692) [ 541.465325] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000035 data 0xffff0000 [ 541.480514] CPU: 0 PID: 30663 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 541.488447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 541.497904] Call Trace: [ 541.500527] dump_stack+0x142/0x197 [ 541.504181] should_fail.cold+0x10f/0x159 [ 541.508356] should_failslab+0xdb/0x130 [ 541.512346] kmem_cache_alloc_node+0x56/0x780 [ 541.516854] ? mount_fs+0x97/0x2a1 [ 541.520414] create_task_io_context+0x31/0x3d0 [ 541.524999] x_tables: ip_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 541.525012] generic_make_request_checks+0x1505/0x1ac0 [ 541.525026] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.545045] ? blk_cleanup_queue+0x610/0x610 [ 541.549478] ? trace_hardirqs_on+0x10/0x10 [ 541.553784] generic_make_request+0x7d/0xa40 [ 541.558214] ? save_trace+0x290/0x290 [ 541.562253] ? blk_queue_enter+0x520/0x520 [ 541.566500] ? find_held_lock+0x35/0x130 [ 541.570624] ? guard_bio_eod+0x161/0x530 [ 541.574709] submit_bio+0x1a5/0x3e0 [ 541.578352] ? submit_bio+0x1a5/0x3e0 [ 541.582172] ? generic_make_request+0xa40/0xa40 [ 541.586859] ? guard_bio_eod+0x1fd/0x530 [ 541.590936] submit_bh_wbc+0x550/0x720 [ 541.594887] block_read_full_page+0x7a2/0x960 [ 541.599406] ? set_init_blocksize+0x210/0x210 [ 541.603918] ? __bread_gfp+0x290/0x290 [ 541.607945] ? add_to_page_cache_lru+0x159/0x310 [ 541.612827] ? add_to_page_cache_locked+0x40/0x40 [ 541.617680] blkdev_readpage+0x1d/0x30 [ 541.621582] do_read_cache_page+0x721/0x1320 [ 541.626000] ? blkdev_writepages+0xd0/0xd0 [ 541.630279] ? find_get_pages_contig+0xcf0/0xcf0 [ 541.637051] ? blkdev_get+0xb0/0x8e0 [ 541.640780] ? dput.part.0+0x170/0x750 [ 541.644788] ? bd_may_claim+0xd0/0xd0 [ 541.648606] ? path_put+0x50/0x70 [ 541.652167] ? lookup_bdev.part.0+0xe1/0x160 [ 541.656593] read_cache_page_gfp+0x6e/0x90 [ 541.660852] btrfs_read_disk_super+0xdd/0x530 [ 541.665544] btrfs_scan_one_device+0xc6/0x4e0 [ 541.670247] ? device_list_add+0x8d0/0x8d0 [ 541.674496] ? __free_pages+0x54/0x90 [ 541.678423] ? free_pages+0x46/0x50 [ 541.682190] btrfs_mount+0x2e3/0x2b28 [ 541.686021] ? lock_downgrade+0x740/0x740 [ 541.690186] ? find_held_lock+0x35/0x130 [ 541.694386] ? pcpu_alloc+0x3af/0x1050 [ 541.698296] ? btrfs_remount+0x11f0/0x11f0 [ 541.702550] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.708414] ? __lockdep_init_map+0x10c/0x570 [ 541.712947] mount_fs+0x97/0x2a1 02:48:36 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004040}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 541.716376] vfs_kern_mount.part.0+0x5e/0x3d0 [ 541.720885] ? find_held_lock+0x35/0x130 [ 541.724975] vfs_kern_mount+0x40/0x60 [ 541.728797] btrfs_mount+0x3ce/0x2b28 [ 541.732647] ? lock_downgrade+0x740/0x740 [ 541.736968] ? find_held_lock+0x35/0x130 [ 541.741155] ? pcpu_alloc+0x3af/0x1050 [ 541.745064] ? btrfs_remount+0x11f0/0x11f0 [ 541.749324] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.754370] ? __lockdep_init_map+0x10c/0x570 [ 541.758884] ? __lockdep_init_map+0x10c/0x570 [ 541.763409] mount_fs+0x97/0x2a1 [ 541.766806] vfs_kern_mount.part.0+0x5e/0x3d0 [ 541.771319] do_mount+0x417/0x27d0 [ 541.774883] ? copy_mount_options+0x5c/0x2f0 [ 541.779345] ? rcu_read_lock_sched_held+0x110/0x130 [ 541.784366] ? copy_mount_string+0x40/0x40 [ 541.788814] ? copy_mount_options+0x1fe/0x2f0 [ 541.793300] SyS_mount+0xab/0x120 [ 541.796864] ? copy_mnt_ns+0x8c0/0x8c0 [ 541.800759] do_syscall_64+0x1e8/0x640 [ 541.804793] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 541.809763] entry_SYSCALL_64_after_hwframe+0x42/0xb7 02:48:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 541.814981] RIP: 0033:0x45de0a [ 541.818297] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 541.826031] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 541.833317] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 541.840754] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 541.848154] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 541.855671] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000047 [ 541.888679] kvm [30636]: vcpu0, guest rIP: 0x108 Hyper-V uhandled wrmsr: 0x40000020 data 0xffff0000 02:48:36 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) fcntl$dupfd(0xffffffffffffffff, 0x0, r2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, &(0x7f00000015c0), 0x1, 0x0, 0x0, 0x20004040}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r3, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r3, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r3, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r3, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r3, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r3, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:36 executing program 1: bind$alg(0xffffffffffffffff, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r0 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x81800) recvmmsg(r0, &(0x7f0000003340), 0x0, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SCSI_IOCTL_STOP_UNIT(r3, 0x6) r4 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 541.981586] BTRFS error (device loop4): open_ctree failed [ 542.118116] BTRFS error (device loop4): superblock checksum mismatch [ 542.170308] BTRFS error (device loop4): open_ctree failed 02:48:36 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f0000000200)={0x10001, 0x4, 0x1, 'queue0\x00', 0x5}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000100)='/dev/snapshot\x00', 0x8a000, 0x0) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r3, 0x4020565b, &(0x7f0000000140)={0x0, 0x6, 0x6}) r4 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 02:48:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:36 executing program 5 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:36 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$UHID_GET_REPORT_REPLY(r4, &(0x7f0000000080)={0xa, {0x5, 0x5, 0x3}}, 0xa) pread64(r0, &(0x7f0000000000)=""/128, 0x80, 0x4) r5 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 542.272177] FAULT_INJECTION: forcing a failure. [ 542.272177] name failslab, interval 1, probability 0, space 0, times 0 [ 542.322762] CPU: 0 PID: 30707 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 542.331104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.340565] Call Trace: [ 542.343170] dump_stack+0x142/0x197 [ 542.346806] should_fail.cold+0x10f/0x159 [ 542.351065] should_failslab+0xdb/0x130 [ 542.355065] __kmalloc+0x2f0/0x7a0 [ 542.358624] ? device_list_add+0x5e0/0x8d0 [ 542.362878] device_list_add+0x5e0/0x8d0 [ 542.366970] ? btrfs_rm_dev_replace_free_srcdev+0x2f0/0x2f0 [ 542.372694] ? btrfs_read_disk_super+0x98/0x530 [ 542.377374] btrfs_scan_one_device+0x267/0x4e0 [ 542.381962] ? device_list_add+0x8d0/0x8d0 [ 542.386228] ? __free_pages+0x54/0x90 [ 542.390038] ? free_pages+0x46/0x50 [ 542.393692] btrfs_mount+0x2e3/0x2b28 [ 542.397499] ? lock_downgrade+0x740/0x740 [ 542.401662] ? find_held_lock+0x35/0x130 [ 542.405743] ? pcpu_alloc+0x3af/0x1050 [ 542.409641] ? btrfs_remount+0x11f0/0x11f0 [ 542.413897] ? rcu_read_lock_sched_held+0x110/0x130 [ 542.418955] ? __lockdep_init_map+0x10c/0x570 [ 542.423470] mount_fs+0x97/0x2a1 [ 542.426844] vfs_kern_mount.part.0+0x5e/0x3d0 [ 542.431363] ? find_held_lock+0x35/0x130 [ 542.435518] vfs_kern_mount+0x40/0x60 [ 542.439322] btrfs_mount+0x3ce/0x2b28 [ 542.443227] ? lock_downgrade+0x740/0x740 [ 542.447480] ? find_held_lock+0x35/0x130 [ 542.451540] ? pcpu_alloc+0x3af/0x1050 [ 542.455434] ? btrfs_remount+0x11f0/0x11f0 [ 542.459668] ? rcu_read_lock_sched_held+0x110/0x130 [ 542.464693] ? __lockdep_init_map+0x10c/0x570 [ 542.469268] ? __lockdep_init_map+0x10c/0x570 [ 542.473759] mount_fs+0x97/0x2a1 [ 542.477123] vfs_kern_mount.part.0+0x5e/0x3d0 [ 542.481654] do_mount+0x417/0x27d0 [ 542.485395] ? copy_mount_options+0x5c/0x2f0 [ 542.490170] ? rcu_read_lock_sched_held+0x110/0x130 [ 542.495320] ? copy_mount_string+0x40/0x40 [ 542.499769] ? copy_mount_options+0x1fe/0x2f0 [ 542.504445] SyS_mount+0xab/0x120 [ 542.507909] ? copy_mnt_ns+0x8c0/0x8c0 [ 542.511849] do_syscall_64+0x1e8/0x640 [ 542.515760] ? trace_hardirqs_off_thunk+0x1a/0x1c 02:48:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000001800)=[{{&(0x7f00000000c0)=@isdn={0x22, 0x1f, 0xa4, 0x7f, 0x4}, 0x80, &(0x7f0000000040)=[{&(0x7f00000001c0)="1aa6cbe04211ad15ee76ca34ce1d10d3c7ae7146bb3895fb49c6e148895ba015c8ad4da10cb44126b4c625c824adf767e404ea0092994d10a756d82148c04dfe14ce6c662fbbad2f164d2917390f4aa3550795efa235f7b89249e2f63d21e7ad077025ed8751db81d4e393d932c7712d63", 0x71}, {&(0x7f0000000340)="9c0a5a6c9cc2d5abbfd7ad2491062cde093a6c1772d86b90b064c56a9841d800cdbb1378e15eb8115c86929e5472a18e28423b526bdbf98bf5b06dd33ea4555ebfde5483beac8aa753902b24", 0x4c}, {&(0x7f0000000480)="b2971c407b80baef1516be45a48ca77f98506664cb5720dfe76179473279dd94227f36df7894f9e7e72bf049cea37795ebd0d3c2b4ef5d4afcfbd6a665837c546118c4dc59545adf5afa418fd56ed92936f98f76984721898da35ea32e33f66bf01a6443aa9e4025297d230a1123e47df88db9f3cb18e1604d70204bb4e894c4fdb5bb6e4a6cef545d03837f099cf900624df9c46ffa", 0x96}, {&(0x7f00000003c0)="073a5b0fb08ea381c1ba3efa402e19d927d3cfa4a36d22ef0c09bb2a8b8780e346a32c24784c4f049be8b3aad4612c4780f9d84e3f1868f6b11619ef39b7d648ead2ec6e3bfe476e53d971ca6e42ffd738de0ccfec8ed29623307d", 0x5b}], 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="8800000000000000ff000000030000009a26fccd99ecd1636581ec19204050a7fbbecdf1acc592f50c7659adcfc10626b7fc913e680beb8f180482becc6d04ddba159375a85e67039b935749a3e9e3d5cbf2f563532f21cbe2b718624817eed9908aa8579ac02e8185e0fcfd863966e50030dc2d0800defe67b65e5345f564360e00000000000000"], 0x88}}, {{&(0x7f0000000600)=@rc={0x1f, @none, 0x20}, 0x80, &(0x7f0000001680)=[{&(0x7f0000000680)="7c4e07895df5f1173abdb11a462267e6f876cdf7ac1ea0348df49aaf68d94373fb0eb2e5c4b82379170e22be21d55eb957b688c12276a235c7e99851f10e2ea44d3070f0b050a5913e0b1028624de29de9f95a00ad837408cdf7ed1cab7f98b25f45303d62ce0f5735764275d0edeaa44a92041350383cf81f8c133f117b59e8feb25126cbbac4152a01f24fd5f7fa7bf593998f6f97903a12a67e204c1f5ae167d540ca1755425ad2e1f2eea7c1d3e2cb75739d211c4816aba3d7306efc2d1ff668ff50a2ea5cb4096696edf947a3b42076b410ddd7745b0edb9a35deca85f6d006281189d6453fcb8489a506d2b64b65fc344ee7e73f77afe9d730d917e36ced2dea986176ec49963d795fe80eea7503303d65d359f0c8bea0412d6ea73b2cc251ca28d70719e1c4636373d99ed3d3ea9355d36f525c821c4641182911efc3fd0154c9e64cf3c640d90c7ccfe99ce79818485151fdc0c5dcf2f3a5ed60029d0c33664a540b86f787d794e61d0ecd9176ce40b492bed54ab24526d11852afa4e245d3322d296010c8c3308161018763a3293dd9a7ae0068424e793f9fd993e32f9f68fbbcb618891361e5968943d170fb570ff7a05f401547401df1361615ad5495e3b59cf85527227b8f6502051f5e9d39a0e0e3f0a230443992414b6be2c9b0ed10a0e1413cf54827fbdb8585c544c3c2b2eea47fe2bb9978544aac2d8ab3dda3653f39770044fa6db64534b7d2f90062d5480064117fa0dfe16243bed9dc6a67846d869f3ba7e121e8581b4837c6d51aeb8b57588df9dec2e99ddabf9f04af179b56b16db913e06f8b377c6020a4199c7ae3893f98619b282c2f96712a18369fa2a5464315fa838e0d39c85446fb13da2b1369f54014ec2187fcc06181c8a029b4046db537ed58d40348a7770b065b6b07f5a9cf5f28f96015219090a5d493131aed294c403f735276dc8d81777cdc8a9f157e30bfe681007e911621f530b62b9472c5b0b7758c8ab5eedf20ba5f3f58a933edd8f175b336baa1e15ced1e10ef606b9aa806cc313788673846e7d75d4a7d7f37727b4f9cc64748fae0672d1a038dca43e7dab49d8b67fc0c7f0f55285040865c828dace7d29d244161d7c96200b377325d191be637ccdba9e672f9531e786244fafb49827c56c722a13e08ccfd2c75619c97587e6767f06f900b0400e465833ef1e569fcb89f654f60cd0ed20335db5975882e9f1488143d80e62d49740475ff360cd39ac4bc7be10481094cde02021a83d604774f94609b93346b5cf6fd2456c937533399ed2d5a963a0808af34ed419c96a00105dde40b2c783deddc656bebea111c3166f8643c901f83af43d4f421052846bd16e79b9fe3b26cfff6df27309afa69bab25cce408ec59da5128bd65d4ee8ba38e3b81ca269bf91474dc8071a9b10481baa762740cb291776c545393650fc8fb0825dd08bcb50638429fa2d2a83fd21f5ba7c9d12212c63ea0b06dc7fb1a9b0277738a02960bf740202e19768d58d5d54787817478cb023e763bf5aa381f043707d57dc4de8e501cb7fecd0f5445830d0d3b2131df944e9a865249ffa3e36e0d6b2fdd31c215ace71a74c35406bf5280e8176cbd3165d5195cee28a153addedf4831cd8c419ca562438695a5aa87db5c661ec6e203b97e483f74caf9110dd17c3bed16a8d7a3b54a58292be2cdafe31c82d3573563545aedd8f82abaf00e494aa3ea0c1b9838b325dda563ee9611914674413a7fd21ac5395b4fa4ddc6888523ebdfa03454c952008ac0735a6bc76e11b4e0548ad483e53a5623bf1535ada849b928704a8b84806a116dbc46af5367d8f2e1374f280fb068e199bc0dee1f889acaaa85bbdcc816bbc933ef4b571265ce6e21819fd177fcf63626e7b3f6fa2be94dcdfb05d2e630d6d65e3f7cc1fd08c0ab8c651bcb515ff04584a2fb8cff9f5bb38cfbf932c4f6c39e9ec802187eb1db274d73f35f3eabcce251f7f935986db5fda5c20b14610b0700d312685108360694b4a3f790221965450aecbf6f100fb1c2e515cff2b3f98c8e97b8aa07779d9d0622320ca5b880e58db5eeb33b4099d45504272f33d638f23e20581e2bbd37f5866ba81c53a8dd81160dd71c1c0669064fca5ae3a318d084992d8511714bcbcec2beb559a80559dcf3d9a49d13c5c77e7f833107525862b2f0ace26dc65770ceb94f6c494c73bf849760bfdc9933bf49377cab358a4ecfbfd6e41cc5bd84bb33b0879e8ea826a277e486a9b429e2b5f409effbb83bda8c61d2c69881750b8be690b04207c8745dad3b39f1947c8ae800e6889511c0d189a29ff8674b3b5f1eeaf38d5e2e1bf9039773fc66b31cb371395ea1500a0f468edbeafbc885520b7da54d8f2a4ac6269f7132f67d4a77653f4dec12797275f03ed164021a30f4e21d1cecf426e564414e8fdec8875c9d657508ccd3640422429f9b6a4119e5729dd171fbc1b1588508ef85e056d1abbc0a8c802753e7e9a8f91b1117bba37193e752df2516bc5e9d216100095416962f42c7f7abd9579cfd6d4fa2062fbc723cf6d25a51d6b8946bbd463bbb1b67d27c0f9214b8b56af4720fa99d39fb4f45fe3a8a338a61ec7d504f782aff8bb1d35e32b8971360bbf3480a372d3867d1058b88047ad45e7ac03c1104d29581ebde3f2d45450f00fadd8c48de7f1af770a0f7d453eaf22dc7bd21814a6b3c4bf6456ac3e9d99589493af622b4ccdb6337cdd58271ef5ad0412171fc4cc502d2bfbf8f8df4bb734884fd3106fd75cf62633f377035eada412e34c3d5e08466070d9720844dd099e8ed69ba5b04ed1ea6daafdb4f40ac4630d6c342ce1f81ed524a4f8dd053df17cddcd5b9800ff068f2cf22a3f2012134cb4b881bc26e501bf47b128193a925c43ad6bf1296adff97b1fe2e1dbcdfce29edd60d457e42cd67f4e2f7c2c6db375e78f5fc6aa4bf745c1329838fb405288060d1be9d4f90cf9b01076b5c5740ca0de5559f9620c41158749d332f19f18b55c8ba540891e72af6ecf4e4cb530683fe1565cd189ec4058f77ffa225affbfe946b4a47514bcd75dfcac419d4b71d9b57ad63420bf131115f5911a3ca25f7aa512407f161989aa943751751a08b767bdf56887cfc0e6e1f8b9b6434bb1b64856bc5404d719ea438afc106efca2f812c637f52ff064d78807ccd5238f63f6f416de8070952bdf278e97559f7534c789f4d964ad609c1a9fa8da5e79c4afb85915e320892fc590142e6d64d3697e34fed33ae4dc1784aa3c26236256004aeb09629eb204af051168cc82f0e8b9382c5aca19df2085fe519ad1e71ea5585a438c7091fd18af55a3a9fdb2dcee59e1c342c7c785a7ab7b850a88b4e72ab42af3665d0ba33f2b0f730dd657f1abc75e701ad54bd65b7c14843ed5ab35f21ebadad585ab6a9d18a6eca8f20e74a6ba1b7c4b4b3ff5fcc570ad8f7712f10b2445eeaa80d342ac391841c209d112c6fe682cd0b0b1d275ffb98b5d301248aa2e9b5065ada4a16b48e00e0f3a167699362006063966692dc96400dcf202061fec41e0a735a3b3c748040b8b4cc7312ccfcd018f4cab722fd2c177addec11332f79d53bd37f9ec7ccd25686acdd3d65771a4fb6f8d9e33f3999f9ded0b55a1584b6cdce1a3e61e311a768df09d96fcd55e4428f4a7f1744daa6053e252392ded9dae42f1bed785134c66f67070f68b16825d9735084d5e59b1b054a93929a5062d7af3d78f7c800664d26187c9cf651044eebd4faa0b77946896ee6d88f639d287955b53b9b3acaab360415abe23dbb11f8b6e50bc150a3147639d326925a7ada2fa6e0551585bdfd1be7ca73f8888a6d198518f89d62d3b0e4559564a52a445b89d80e12d3c5612ff1d2c3bccff60945f5e048f46040173f435206606ba1098f435e0ef4cee0bdf41853c5ed99e43a36a5e1b96220bd7d4865b162180dee26ece2e47a6a28d2a88485c6c0ce430372e3baf0510b29f81bc3cb30660248317220927ed512ce2a30a0c84e228e91bc49dfa447fa21998150f96f1fe95bd73ba8b3954383ed327610a798988e27aa8d8a322653737cb2285e6b067069e4acf6f50c63ab7ad1928d78e1e41c483179dfd0e856279c7127459978a0e0e87aa2c25655b2ff71fed5c0f279a79ffbaef78dff30ab3ef256c99d331a804fa1342dcc8340b6317dfe1ba2db986ea0d9be44513008e653d35cdd6ff065a56c9055b27b23dd1c4ffaf9a2c15594b825230ad3bfe6ba329b8562d0397d227845c01e601f27e4f3a33893ab1a11919e1de13757b60cbb471802b2e42ead14fef15b371caaa68e959089b6a64b811ecc81e1ff293a5e0d6fafff85774022a41d4b99c1e2cda66c98b14b3b4540bc99c4bc241779b1c4d420f2e26b895106c6f0c61d42aef3bb0dfdbebb445cc605d14a27d4b5cee9f8a593ae485e9455733ccf13766a38ddbcf4076226e30b79e530b19d1d3722126e1f5c1aa454b4c1c712dbc2ed0d8b8f5487b61441cad30a5730d18ffac1ea70284a983249f1062aab987ee5c52f41d667ca14da4adfdf2ac20989f746a09cef34b92a398202c4013de6adb9446c48a4c417b813dcdb24ddc64d8bcde93d5c037f62c8e13a9ba12c17def3aefdb26e70d8600fe7c7109d9ad4a3369df1a24c2b3120abe8af09e44e3e87cb71347381d2803c62276d2838a22bb8fcc96553cf9717b013ae8927297a0c656461f697296d85d7d56dc2c34ae8702476d0f859c7fc13ac4cd1b5bb7b5c800ffbdb1c9fb8733118322fe7b15c47551f2ab6b3a736e93a50efa720ec01da0e7b92ac3fe293e5c6db9a0e1871214cea08f38fd1c96dbbc177e4686d40eb173db06127af55689432f09e213d627ef5728f50fe418eb9d55ef8cfa045db4c2403b650cadbc1fd9323bd9e2c2f7c7716d23430fd0d6fbccc089e1d9846fd083d85d879f3ebf39791fb9864951b14903cf321f2e5eabe3c199d1a4f4484f410ce46772e74388bffa25932623ad0105c9395cf7eff5de5405db183af024e90add0b564e2d7c21f6edf6bf75219d6cabcbfe6ad38952f88d4c1eb769035843a883907d1259d1f17cee37424000ea83be87f0eb48a976cda470017c8636ac092fcb81ae86a46ff6878efe1174f857550c58cee2e1ddd027455c52e882034e2dbd0095c441075fdc051dd77cfe1796dc72782f8dafd849b591cf1f3367b89939fb153e0f7449d51c48704185a393f93b281a7b1026c954f19173d7863e3809cc6c375cc63557e40e08264d34cb78af4a2a152054dde3570aaabe638c76bd67ac3d1ea53a147a757464d69b01ff0448b5276fd6e4765972b0e0605b147b308e9dfe6574fcee4efe3763d90a1433e810f67fe680f27f7294622fc27fcf164ac3be64af83c04a5441e9fbba827c66df9e21dbb7fea4f6c39886efe93888620d42caacbeaa684568d01782da8e9938a6d00b9085e76939f0eca6b2b4e563d154aaa4958005e02637849cb4b2f6027b02a7b6e3dd16b41766be93b83ba008cffee9f69aef414b99f52509456e5f180bf8d5d1b7e0bc2590d75c9bd67699d8b7e7a90874123f85d3cf41bb4b6a2c9d8943e5cde88218867d83cf719c0aaa0653beeeb0f1f11a7bcdd8934f78c5855aa83db31e90e1894e72a091577d9bcc5b2f3d876f68cbfcda7ea0e18149072c1c2d57447ac00bbe357212960b5020ed1a4785d857679b4adcf6f14fc93a248f65f68f07b68c568d6a0cd267ead4b9c9970f3745c5b9bf22e5ff2d2eb33b62fd58b2d9418a2fd1d3c7d01b2b3d", 0x1000}], 0x1, &(0x7f00000016c0)=[{0x10, 0x103}, {0x108, 0x111, 0x9, "c997a413b3d91bac328d81f5121775ec5a507d79aca1d7470b877e56af6ecfdcfdd01c16d8a190cb31f29febb294ee3464e29487b581aefa162a6d6a94c2995914d5ecedb3556325c81c633c7e54485dcf7e62c9d98a0db9dad9a16a688f65fe882f499ce62c4de7b2d3364d149969319f2aec7a57009a1c1fffab14fb09c0d3fc599d00d8accbad075df66a711f26a6ca56d27d96745418cb73c51af9e89758acb3c8567250683a93d5c690408fff1b337e472edf7c91a691ad41c10171e3ab70a64be2e03d11aace9dff5c73eee81dc3c1f1e16f1122ee9410be8170dada1400c95637d9729fee741619857fa9d40ce7"}], 0x118}}], 0x2, 0x80c0) r2 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x800, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0x3ff) r3 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r3, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$VIDIOC_QBUF(r6, 0xc058560f, &(0x7f00000018c0)={0x7d, 0x7, 0x4, 0x800, 0x8001, {0x0, 0x7530}, {0x5, 0x2, 0x9, 0x7f, 0x5, 0x6, "1dd6ae69"}, 0x0, 0x4, @planes=&(0x7f0000001880)={0x10000, 0xd9, @mem_offset=0xc52, 0x1}, 0x0, 0x0, r0}) setsockopt$ALG_SET_AEAD_AUTHSIZE(r7, 0x117, 0x5, 0x0, 0x9) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r4}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r3, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r4}}, 0x48) r8 = fcntl$dupfd(r3, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) [ 542.520713] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 542.525900] RIP: 0033:0x45de0a [ 542.529089] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 542.536796] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 542.544100] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 542.551381] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 542.558666] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 542.565953] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000048 02:48:37 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004040}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:37 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) setsockopt$inet_MCAST_MSFILTER(r1, 0x0, 0x30, &(0x7f00000001c0)={0x20, {{0x2, 0x4e24, @remote}}, 0x1, 0x3, [{{0x2, 0x4e21, @empty}}, {{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x1d}}}, {{0x2, 0x4e20, @remote}}]}, 0x210) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r2, 0x0, r2) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x3f) [ 542.725719] BTRFS error (device loop4): superblock checksum mismatch 02:48:37 executing program 5 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 542.780331] BTRFS error (device loop4): open_ctree failed [ 542.840365] FAULT_INJECTION: forcing a failure. [ 542.840365] name failslab, interval 1, probability 0, space 0, times 0 [ 542.893535] CPU: 1 PID: 30739 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 542.901458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 542.910855] Call Trace: [ 542.913468] dump_stack+0x142/0x197 [ 542.917215] should_fail.cold+0x10f/0x159 [ 542.921386] should_failslab+0xdb/0x130 [ 542.925465] kmem_cache_alloc_node+0x56/0x780 [ 542.929970] ? mount_fs+0x97/0x2a1 [ 542.933539] create_task_io_context+0x31/0x3d0 [ 542.938139] generic_make_request_checks+0x1505/0x1ac0 [ 542.943436] ? rcu_read_lock_sched_held+0x110/0x130 [ 542.948476] ? blk_cleanup_queue+0x610/0x610 [ 542.952915] ? trace_hardirqs_on+0x10/0x10 [ 542.957187] generic_make_request+0x7d/0xa40 [ 542.961608] ? save_trace+0x290/0x290 [ 542.965754] ? blk_queue_enter+0x520/0x520 [ 542.969997] ? find_held_lock+0x35/0x130 [ 542.974058] ? guard_bio_eod+0x161/0x530 [ 542.978128] submit_bio+0x1a5/0x3e0 [ 542.981781] ? submit_bio+0x1a5/0x3e0 [ 542.985577] ? generic_make_request+0xa40/0xa40 [ 542.990245] ? guard_bio_eod+0x1fd/0x530 [ 542.995168] submit_bh_wbc+0x550/0x720 [ 542.999084] block_read_full_page+0x7a2/0x960 [ 543.003588] ? set_init_blocksize+0x210/0x210 [ 543.008091] ? __bread_gfp+0x290/0x290 [ 543.011998] ? add_to_page_cache_lru+0x159/0x310 [ 543.016770] ? add_to_page_cache_locked+0x40/0x40 [ 543.021730] blkdev_readpage+0x1d/0x30 [ 543.025629] do_read_cache_page+0x721/0x1320 [ 543.030044] ? blkdev_writepages+0xd0/0xd0 [ 543.034294] ? find_get_pages_contig+0xcf0/0xcf0 [ 543.039049] ? blkdev_get+0xb0/0x8e0 [ 543.042769] ? dput.part.0+0x170/0x750 [ 543.046665] ? bd_may_claim+0xd0/0xd0 [ 543.050469] ? path_put+0x50/0x70 [ 543.053917] ? lookup_bdev.part.0+0xe1/0x160 [ 543.058338] read_cache_page_gfp+0x6e/0x90 [ 543.062581] btrfs_read_disk_super+0xdd/0x530 [ 543.067097] btrfs_scan_one_device+0xc6/0x4e0 [ 543.071589] ? device_list_add+0x8d0/0x8d0 [ 543.075844] ? __free_pages+0x54/0x90 [ 543.079645] ? free_pages+0x46/0x50 [ 543.083284] btrfs_mount+0x2e3/0x2b28 [ 543.087232] ? lock_downgrade+0x740/0x740 [ 543.091384] ? find_held_lock+0x35/0x130 [ 543.095444] ? pcpu_alloc+0x3af/0x1050 [ 543.099355] ? btrfs_remount+0x11f0/0x11f0 [ 543.103601] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.108635] ? __lockdep_init_map+0x10c/0x570 [ 543.113142] mount_fs+0x97/0x2a1 [ 543.116523] vfs_kern_mount.part.0+0x5e/0x3d0 [ 543.121025] ? find_held_lock+0x35/0x130 [ 543.125101] vfs_kern_mount+0x40/0x60 [ 543.128895] btrfs_mount+0x3ce/0x2b28 [ 543.132707] ? lock_downgrade+0x740/0x740 [ 543.136847] ? find_held_lock+0x35/0x130 [ 543.140918] ? pcpu_alloc+0x3af/0x1050 [ 543.144838] ? btrfs_remount+0x11f0/0x11f0 [ 543.149079] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.154193] ? __lockdep_init_map+0x10c/0x570 [ 543.158809] ? __lockdep_init_map+0x10c/0x570 [ 543.163320] mount_fs+0x97/0x2a1 [ 543.166691] vfs_kern_mount.part.0+0x5e/0x3d0 [ 543.171193] do_mount+0x417/0x27d0 [ 543.174731] ? copy_mount_options+0x5c/0x2f0 [ 543.179161] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.184193] ? copy_mount_string+0x40/0x40 [ 543.188442] ? copy_mount_options+0x1fe/0x2f0 [ 543.192959] SyS_mount+0xab/0x120 [ 543.196431] ? copy_mnt_ns+0x8c0/0x8c0 [ 543.200319] do_syscall_64+0x1e8/0x640 [ 543.204222] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 543.209681] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.214877] RIP: 0033:0x45de0a [ 543.218068] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 543.225792] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 543.233078] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 02:48:37 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004040}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 543.240349] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 543.247805] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 543.255095] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000049 02:48:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 543.407329] BTRFS error (device loop4): superblock checksum mismatch [ 543.512623] BTRFS error (device loop4): open_ctree failed 02:48:38 executing program 5 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:38 executing program 0: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004040}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, 0x0) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:38 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x3f, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x18, 0x10000}], 0x200881, 0x0) ioctl$VIDIOC_SUBDEV_ENUM_DV_TIMINGS(0xffffffffffffffff, 0xc0945662, &(0x7f0000000340)={0x2, 0x0, [], {0x0, @reserved}}) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000100), &(0x7f0000000140)=0x4) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r4}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r4}}, 0x48) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000480)=ANY=[@ANYBLOB="50000000e0000000000000000000000000000000240002000c00028005000100000000001400018008000100ffffffff080002007f0000010900010073797a31000000000c000480080001400000ff008b9681cb15ce183ceb2c71d8c9392992f863b52766c4a0edee80f8f7784030f5d935f4f33b20dc5eed7dd0c38ce570caac5cab77f24df20ea59e3b4c780ce1b376e1e9b3670b7744dfff22b6a6b10cc7beaa6de8f2b6d883b9ac32709b0585b1fa984bdd550e8d97759ec72894fbd379dafdd9fcecff67ccf883d05fa0e2e38b"], 0x50}}, 0x0) r7 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001fd) ioctl$PIO_FONTRESET(r7, 0x4b6d, 0x0) r8 = fcntl$dupfd(0xffffffffffffffff, 0x406, r0) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) [ 543.648942] FAULT_INJECTION: forcing a failure. [ 543.648942] name failslab, interval 1, probability 0, space 0, times 0 [ 543.726440] CPU: 0 PID: 30767 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 543.734366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 543.743767] Call Trace: [ 543.746393] dump_stack+0x142/0x197 [ 543.750051] should_fail.cold+0x10f/0x159 [ 543.754504] should_failslab+0xdb/0x130 [ 543.758503] kmem_cache_alloc+0x2d7/0x780 [ 543.762653] ? save_stack_trace+0x16/0x20 [ 543.766802] ? save_stack+0x45/0xd0 [ 543.770421] ? kasan_kmalloc+0xce/0xf0 [ 543.774309] ? kmem_cache_alloc_trace+0x152/0x790 [ 543.779165] ? btrfs_mount+0x1069/0x2b28 [ 543.783226] ? mount_fs+0x97/0x2a1 [ 543.786760] getname_kernel+0x53/0x350 [ 543.790740] kern_path+0x20/0x40 [ 543.794098] lookup_bdev.part.0+0x63/0x160 [ 543.798340] ? blkdev_open+0x260/0x260 [ 543.802352] ? btrfs_open_devices+0x27/0xb0 [ 543.806673] blkdev_get_by_path+0x76/0xf0 [ 543.810835] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 543.815346] __btrfs_open_devices+0x194/0xab0 [ 543.820716] ? check_preemption_disabled+0x3c/0x250 [ 543.825733] ? find_device+0x100/0x100 [ 543.829626] ? btrfs_mount+0x1069/0x2b28 [ 543.833685] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.838721] btrfs_open_devices+0xa4/0xb0 [ 543.842880] btrfs_mount+0x11b4/0x2b28 [ 543.846763] ? lock_downgrade+0x740/0x740 [ 543.850914] ? find_held_lock+0x35/0x130 [ 543.855002] ? pcpu_alloc+0x3af/0x1050 [ 543.858902] ? btrfs_remount+0x11f0/0x11f0 [ 543.863133] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.868163] ? __lockdep_init_map+0x10c/0x570 [ 543.872672] mount_fs+0x97/0x2a1 [ 543.876047] vfs_kern_mount.part.0+0x5e/0x3d0 [ 543.880560] ? find_held_lock+0x35/0x130 [ 543.884620] vfs_kern_mount+0x40/0x60 [ 543.888452] btrfs_mount+0x3ce/0x2b28 [ 543.892258] ? lock_downgrade+0x740/0x740 [ 543.896409] ? find_held_lock+0x35/0x130 [ 543.900469] ? pcpu_alloc+0x3af/0x1050 [ 543.904350] ? btrfs_remount+0x11f0/0x11f0 [ 543.908679] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.913717] ? __lockdep_init_map+0x10c/0x570 [ 543.918224] ? __lockdep_init_map+0x10c/0x570 [ 543.922740] mount_fs+0x97/0x2a1 [ 543.926112] vfs_kern_mount.part.0+0x5e/0x3d0 [ 543.930663] do_mount+0x417/0x27d0 [ 543.934203] ? copy_mount_options+0x5c/0x2f0 [ 543.938624] ? rcu_read_lock_sched_held+0x110/0x130 [ 543.943657] ? copy_mount_string+0x40/0x40 [ 543.948263] ? copy_mount_options+0x1fe/0x2f0 [ 543.952797] SyS_mount+0xab/0x120 [ 543.956259] ? copy_mnt_ns+0x8c0/0x8c0 [ 543.960160] do_syscall_64+0x1e8/0x640 [ 543.964041] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 543.968898] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 543.974195] RIP: 0033:0x45de0a [ 543.977387] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 543.985094] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 543.992372] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 543.999643] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 544.007037] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 544.014490] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004a 02:48:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:38 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x52, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000002", 0x1c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x7, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x4, 0x6, [0x0]}]}}}}}}}}, 0x0) [ 544.223354] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 02:48:39 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TUNGETIFF(r2, 0x800454d2, &(0x7f0000000000)) r3 = accept4(r0, 0x0, 0x0, 0x0) r4 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$IP_SET_OP_GET_BYINDEX(r4, 0x1, 0x53, &(0x7f0000000040), &(0x7f0000000080)=0x28) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r6, 0x0, r6) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r7, 0x0, r7) r8 = fcntl$dupfd(r5, 0x406, r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) 02:48:39 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f00000003c0)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200407ec, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000200)}, {&(0x7f00000004c0)="6319e6ae3152883e30b8129f75395edf432201ff03e0a2ed13e7c8144783fa41a76acb6add53011f26a5c785708cdac3e52fc9bb12596812b8ff180cb9a7be802ce40c3cc21e133bdbc6af9a1d9fb896e289763c877fee83e30d4233e34c255e8702", 0x62}, {&(0x7f0000000000)="dcb3f9c2285937adea09fe4d21d73ca9b2bfc2d682edee4e1badac040d18781e2a15573cf3a6a88e8bdb87fe39c1147c5502b774b5be4b2180ba68016594b2113f8b9b7f11cfb12be650559ffe8d70cff7c98bfdd72b1319894b", 0x5a}, {&(0x7f0000000180)="8d264b830109b68a8e72966d06c7b742a1911920b2b844bd4dcadabd3a93dbdd051254dbadfa81f1cd000021172986d779526c8d9fcad2a5cac8bee19369a917ec40546501e12487de5f", 0x4a}, {&(0x7f0000000080)="000094", 0x3}, {&(0x7f0000000800)="7ff8764f7970cc1f7f2d07882d8837d2ce0c7602fbb4921fd6c795ed8e82bdf3fb45d314aa4254004d45bac9d899ab9ea5c02040104fb9404301096bc33aa77e5aace4e1ace13b4340d4d244f507d7d2b29f2013664cb9c036d001f764ce910d2b203b6c21fa882c93e9ccc1aa8124fe1c59219611789b75299a3810de7e5d24f44d7dccbddc5ce405831e15e80bcd1a0b242aa8", 0x94}], 0x6}}, {{0x0, 0x0, &(0x7f0000000e40)=[{&(0x7f00000005c0)="e27f9718b1675965bc4c56aff2a754939b6cd68ff1083fe1ede974c1719ebfac4aa1a8348618683089e5b780fbf39bd3779f5d3fc677e4b8401bdf5a1d86ab397cf9c8d2f7912103a4251dc14c86395a7d6c7a047428f378a3ceb04c74e5ea969c4657d932270e860527180f14d2f099d341b1081874a8c3b8a3abc78db451849ecb62fe4a8475185931724be7a8d73ee6f817b5c4", 0x95}, {&(0x7f0000000a00)="97b8f5de98917547b7209e3040e2f64f48a441e7e190f539052a880077fbdab71547169896fed3bf59faab285ac1df55954ee05d0fcfcc37df2d1d6d0a327dbe52474e90b75dddf08a5b5ce965f609363cb99e8b9e12b2f0671a68a23ab6d64fba2fe58b41ac630b60905ce67d9f41af72dd9f2fb6", 0x75}, {&(0x7f0000000ac0)="5e80c36f136c7c962ab19a752dda6e54053869b6032b091e08ada9126ab8bdacd32b07530be715f077a3cdd86f213a8b0bcdb797bde7a964e3b67414e02308878d7d9baf04e636f7efc169ae6a8a9851dc82d6ea96f753529040b84e198317641e283a557981394ae30107799ae62f2e613b59bcb690a9dbfe8acadd444718151042686b0c060c781102500877433539c6ebc3289618e577a51e24126a8c512c4e40d5caeae1962c4e4f9bc87c89", 0xae}, {&(0x7f0000000b80)="4c617c4692cf992e4301901b8b0ecc78082656da66a5a329465c5ad28d0a186abf8f02162e74acf60322b8c71d81c7d09d6303969ee2971108923e70d260d55a46d67239dc1db5765c18c07941ff964e4287653cb6a79a2be8f1403f9a2be9c3c7bcedeb1eead00f69e75675b7a05166fe532983631d0f93edd4ff6439146b981b6cdc343f54cf00ee708f1b63b267b0b49aa8e4cc441293bc2652d649deef5aa4069119ae79680b9a9b7870528d3e87730183de229c6248f22408fb3075ec6430837685", 0xc4}, {&(0x7f0000000c80)="009cc536489eae7117e9f006cdeaa87349440404c31011fe6945f1e754be5b21ed1e3bb7fa2b6d2288c6062af549c72ef1727f97f9222ebafd6bd3a156e2119f242a99bfa04f52a11d39282358f8c8", 0x4f}], 0x5}}], 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000140)=0xda6, 0x4) sendto$inet(r0, &(0x7f00000012c0)="1e268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b087511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) 02:48:39 executing program 5 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:39 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:39 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001fe) setsockopt$bt_l2cap_L2CAP_OPTIONS(0xffffffffffffffff, 0x6, 0x1, &(0x7f0000000100)={0x100, 0x0, 0xe2e, 0x20, 0x20, 0x7, 0x5}, 0xc) [ 544.452262] FAULT_INJECTION: forcing a failure. [ 544.452262] name failslab, interval 1, probability 0, space 0, times 0 [ 544.517616] CPU: 0 PID: 30800 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 544.525657] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 544.535029] Call Trace: [ 544.537688] dump_stack+0x142/0x197 [ 544.541359] should_fail.cold+0x10f/0x159 [ 544.545547] should_failslab+0xdb/0x130 [ 544.549554] kmem_cache_alloc_trace+0x2e9/0x790 [ 544.554402] ? __kmalloc_node+0x51/0x80 [ 544.558394] btrfs_mount+0x1001/0x2b28 [ 544.562297] ? lock_downgrade+0x740/0x740 [ 544.566491] ? find_held_lock+0x35/0x130 [ 544.570557] ? pcpu_alloc+0x3af/0x1050 [ 544.574520] ? btrfs_remount+0x11f0/0x11f0 [ 544.578763] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.583795] ? __lockdep_init_map+0x10c/0x570 [ 544.588408] mount_fs+0x97/0x2a1 [ 544.591781] vfs_kern_mount.part.0+0x5e/0x3d0 [ 544.596286] ? find_held_lock+0x35/0x130 [ 544.600360] vfs_kern_mount+0x40/0x60 [ 544.604168] btrfs_mount+0x3ce/0x2b28 [ 544.607961] ? lock_downgrade+0x740/0x740 [ 544.612108] ? find_held_lock+0x35/0x130 [ 544.616181] ? pcpu_alloc+0x3af/0x1050 [ 544.620070] ? btrfs_remount+0x11f0/0x11f0 [ 544.624326] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.629360] ? __lockdep_init_map+0x10c/0x570 [ 544.633896] ? __lockdep_init_map+0x10c/0x570 [ 544.638410] mount_fs+0x97/0x2a1 [ 544.641779] vfs_kern_mount.part.0+0x5e/0x3d0 [ 544.646287] do_mount+0x417/0x27d0 [ 544.649830] ? copy_mount_options+0x5c/0x2f0 [ 544.654244] ? rcu_read_lock_sched_held+0x110/0x130 [ 544.659274] ? copy_mount_string+0x40/0x40 [ 544.663635] ? copy_mount_options+0x1fe/0x2f0 [ 544.668159] SyS_mount+0xab/0x120 [ 544.671622] ? copy_mnt_ns+0x8c0/0x8c0 [ 544.675532] do_syscall_64+0x1e8/0x640 [ 544.679431] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 544.684293] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 544.689492] RIP: 0033:0x45de0a [ 544.692676] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 544.700383] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 544.707679] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 544.714962] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 544.722350] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 544.729718] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004b [ 544.759124] BTRFS error (device loop4): superblock checksum mismatch [ 544.832472] BTRFS error (device loop4): open_ctree failed 02:48:39 executing program 5 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 544.928422] BTRFS error (device loop4): superblock checksum mismatch [ 545.010759] BTRFS error (device loop4): open_ctree failed [ 545.033030] FAULT_INJECTION: forcing a failure. [ 545.033030] name failslab, interval 1, probability 0, space 0, times 0 [ 545.104809] CPU: 0 PID: 30830 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 545.112739] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.122120] Call Trace: [ 545.124716] dump_stack+0x142/0x197 [ 545.128358] should_fail.cold+0x10f/0x159 [ 545.132505] ? __lock_is_held+0xb6/0x140 [ 545.136582] ? mempool_free+0x1d0/0x1d0 [ 545.140557] should_failslab+0xdb/0x130 [ 545.144531] kmem_cache_alloc+0x47/0x780 [ 545.148604] ? mempool_free+0x1d0/0x1d0 [ 545.152600] mempool_alloc_slab+0x47/0x60 [ 545.156754] mempool_alloc+0x138/0x300 [ 545.160653] ? __find_get_block+0x5c4/0xbf0 [ 545.164968] ? remove_element.isra.0+0x1b0/0x1b0 [ 545.169837] ? mark_held_locks+0xb1/0x100 [ 545.173983] ? save_trace+0x290/0x290 [ 545.177796] ? trace_hardirqs_on_caller+0x400/0x590 [ 545.182805] bio_alloc_bioset+0x368/0x680 [ 545.186975] ? intel_soc_dts_iosf_add_read_only_critical_trip+0xbc/0x210 [ 545.193942] ? bvec_alloc+0x2e0/0x2e0 [ 545.197734] ? __getblk_gfp+0x5c/0x7b0 [ 545.201639] submit_bh_wbc+0xf6/0x720 [ 545.205439] __bread_gfp+0x106/0x290 [ 545.209286] btrfs_read_dev_one_super+0x9f/0x270 [ 545.214037] btrfs_read_dev_super+0x5d/0xb0 [ 545.218518] ? btrfs_read_dev_one_super+0x270/0x270 [ 545.223632] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 545.228380] __btrfs_open_devices+0x194/0xab0 [ 545.232970] ? check_preemption_disabled+0x3c/0x250 [ 545.238003] ? find_device+0x100/0x100 [ 545.241887] ? btrfs_mount+0x1069/0x2b28 [ 545.245943] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.251100] btrfs_open_devices+0xa4/0xb0 [ 545.255284] btrfs_mount+0x11b4/0x2b28 [ 545.259175] ? lock_downgrade+0x740/0x740 [ 545.263336] ? find_held_lock+0x35/0x130 [ 545.267403] ? pcpu_alloc+0x3af/0x1050 [ 545.271439] ? btrfs_remount+0x11f0/0x11f0 [ 545.275688] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.280743] ? __lockdep_init_map+0x10c/0x570 [ 545.285253] mount_fs+0x97/0x2a1 [ 545.288642] vfs_kern_mount.part.0+0x5e/0x3d0 [ 545.293251] ? find_held_lock+0x35/0x130 [ 545.297330] vfs_kern_mount+0x40/0x60 [ 545.301132] btrfs_mount+0x3ce/0x2b28 [ 545.304946] ? lock_downgrade+0x740/0x740 [ 545.309092] ? find_held_lock+0x35/0x130 [ 545.313165] ? pcpu_alloc+0x3af/0x1050 [ 545.317065] ? btrfs_remount+0x11f0/0x11f0 [ 545.321297] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.326343] ? __lockdep_init_map+0x10c/0x570 [ 545.330846] ? __lockdep_init_map+0x10c/0x570 [ 545.335337] mount_fs+0x97/0x2a1 [ 545.338710] vfs_kern_mount.part.0+0x5e/0x3d0 [ 545.343202] do_mount+0x417/0x27d0 [ 545.346736] ? copy_mount_options+0x5c/0x2f0 [ 545.351250] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.356292] ? copy_mount_string+0x40/0x40 [ 545.360729] ? copy_mount_options+0x1fe/0x2f0 [ 545.365247] SyS_mount+0xab/0x120 [ 545.368709] ? copy_mnt_ns+0x8c0/0x8c0 [ 545.372591] do_syscall_64+0x1e8/0x640 [ 545.376491] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 545.381364] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 545.386554] RIP: 0033:0x45de0a [ 545.389757] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 545.397476] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a 02:48:40 executing program 0: syz_emit_ethernet(0x62, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000002", 0x2c, 0x6, 0x0, @local, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0xb, 0x0, 0x0, 0x0, 0x0, {[@sack={0x5, 0x7c, [0x0, 0x0, 0x0, 0x0, 0x0]}]}}}}}}}}, 0x0) [ 545.404747] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 545.412055] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 545.419326] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 545.426603] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004c 02:48:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:40 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60fe01, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600004, 0x15) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) 02:48:40 executing program 3: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000ffa000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) 02:48:40 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r2}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r2}}, 0x48) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) syz_open_dev$media(&(0x7f0000000400)='/dev/media#\x00', 0x800, 0x200400) accept$inet6(0xffffffffffffffff, &(0x7f0000000600)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000000640)=0x1c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r5, 0x0, r5) r6 = accept$netrom(0xffffffffffffffff, &(0x7f0000000800)={{}, [@remote, @default, @null, @rose, @rose, @remote, @default, @null]}, &(0x7f0000000680)=0x48) r7 = fcntl$dupfd(r6, 0x406, r5) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140)='nl80211\x00') getsockopt$PNPIPE_IFINDEX(r7, 0x113, 0x2, &(0x7f0000000180)=0x0, &(0x7f0000000200)=0x4) sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000580)={&(0x7f0000000240)={0x4c, r8, 0x0, 0x70bd26, 0x25dfdbfb, {}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x6}, @NL80211_ATTR_IFINDEX={0x8, 0x3, r9}, @NL80211_ATTR_IFNAME={0x14, 0x4, 'ip6erspan0\x00'}, @NL80211_ATTR_WIPHY={0x8, 0x1, 0x4}, @NL80211_ATTR_WDEV={0xc, 0x99, {0x40, 0x1}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40c0}, 0x4000) ioctl$UI_SET_FFBIT(r7, 0x4004556b, 0x10) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, &(0x7f0000000340)={0x99b80, 0x6, 0x4, 0x100, 0x1, {0x77359400}, {0x2, 0xc, 0x5, 0x6, 0x4c, 0x40, "42f35c9e"}, 0xd0, 0x2, @offset=0xfffffffe, 0x6, 0x0, r0}) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) r12 = fcntl$dupfd(r11, 0x0, r11) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) r13 = openat(r12, &(0x7f00000004c0)='./file0\x00', 0x101400, 0x100) getsockname$packet(r13, &(0x7f0000000500)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000540)=0x14) r14 = socket$nl_generic(0x10, 0x3, 0x10) r15 = socket$inet6_tcp(0xa, 0x1, 0x0) r16 = fcntl$dupfd(r15, 0x0, r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) write$FUSE_DIRENT(r16, &(0x7f00000006c0)=ANY=[@ANYBLOB="000100000000000003000000000000000200000000000000755f0000000000000b0000000000000069703665727370616e300000000000000100000000000000ad0000000000200000000000000000005c75736572747275737465646367726f75707070703025706f7369785f61636c5f6163636573737b2b7d5c0000000000040000000000000003000000000000000b0000000104000069703665727370616e300000000000000600000000000000ff0f0000000000114fd5e761a4554cca0008000000020000006e6c3830323131000500000000000000020000000000000008000000020000006e6c383032313100050000000000000005000000000000000000000008000000"], 0x100) r17 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380)='nl80211\x00') sendmsg$NL80211_CMD_GET_REG(r14, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r17, @ANYBLOB="210800000000000000001f00000008000000000000"], 0x1c}}, 0x0) r18 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0)='nl80211\x00') sendmsg$NL80211_CMD_GET_MESH_CONFIG(r10, &(0x7f0000000480)={&(0x7f00000003c0)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000440)={&(0x7f0000000880)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r18, @ANYBLOB="200026bd7000ffdbdf251c0000000800010004000000080001000000000008000100030000000c009900ffffff7fffffffffc7556eac54953ca780bcc906e4d6ec3ef78d3fc9bc9d6c98bdc3936e43368cd167eb59262d2d1b0133f44f1f4f5c"], 0x38}, 0x1, 0x0, 0x0, 0x8000}, 0x4080) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) 02:48:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$netlink(r5, 0x10e, 0x1, &(0x7f0000000000)=""/191, &(0x7f00000000c0)=0xbf) 02:48:40 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r3, 0x4138ae84, &(0x7f0000000080)) ioctl$KVM_S390_VCPU_FAULT(r3, 0x4004ae52, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000140)={0x2, 0x4e23, @dev}, 0x10) syz_open_dev$loop(0x0, 0x0, 0x0) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c00, 0xffffffffffffffff) 02:48:40 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1e, &(0x7f0000000180)=0x400000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000040)={@in6={{0xa, 0x0, 0x0, @remote}}, 0x0, 0x2c, 0x47, 0x0, "060000000000000000e4ff765400000000000000000000000000000000000000000200"}, 0xd8) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x9b) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @remote, 0xc}, 0x1c) sendto$inet6(r0, &(0x7f0000000000)="84", 0x1, 0x400480d4, 0x0, 0x0) [ 545.604028] audit: type=1800 audit(1581562120.295:91): pid=30849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.3" name="SYSV00000000" dev="hugetlbfs" ino=98304 res=0 [ 545.640460] BTRFS error (device loop4): superblock checksum mismatch [ 545.705667] BTRFS error (device loop4): open_ctree failed 02:48:40 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000100)='/selinux/avc/cache_threshold\x00', 0x2, 0x0) setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r2, 0x84, 0x1e, &(0x7f0000000140)=0xfffffc01, 0x4) 02:48:40 executing program 5 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_TCP_REPAIR_OPTIONS(r1, 0x6, 0x16, &(0x7f0000000040)=[@sack_perm, @sack_perm, @timestamp, @window={0x3, 0x40, 0x8}], 0x4) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$KVM_S390_UCAS_UNMAP(r3, 0x4018ae51, &(0x7f0000000000)={0x100, 0x0, 0x10001}) [ 545.876069] FAULT_INJECTION: forcing a failure. [ 545.876069] name failslab, interval 1, probability 0, space 0, times 0 [ 545.894073] CPU: 0 PID: 30876 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 545.902701] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 545.912093] Call Trace: [ 545.914700] dump_stack+0x142/0x197 [ 545.918350] should_fail.cold+0x10f/0x159 [ 545.922536] should_failslab+0xdb/0x130 [ 545.926522] kmem_cache_alloc_trace+0x2e9/0x790 [ 545.931261] ? __kmalloc_node+0x51/0x80 [ 545.935250] btrfs_mount+0x1001/0x2b28 [ 545.939140] ? lock_downgrade+0x740/0x740 [ 545.943304] ? find_held_lock+0x35/0x130 [ 545.947378] ? pcpu_alloc+0x3af/0x1050 [ 545.951280] ? btrfs_remount+0x11f0/0x11f0 [ 545.955538] ? rcu_read_lock_sched_held+0x110/0x130 [ 545.960564] ? __lockdep_init_map+0x10c/0x570 [ 545.965184] mount_fs+0x97/0x2a1 [ 545.968546] vfs_kern_mount.part.0+0x5e/0x3d0 [ 545.973057] ? find_held_lock+0x35/0x130 [ 545.977111] vfs_kern_mount+0x40/0x60 [ 545.980931] btrfs_mount+0x3ce/0x2b28 [ 545.984739] ? lock_downgrade+0x740/0x740 [ 545.988905] ? find_held_lock+0x35/0x130 [ 545.992974] ? pcpu_alloc+0x3af/0x1050 [ 545.996871] ? btrfs_remount+0x11f0/0x11f0 [ 546.001127] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.006177] ? __lockdep_init_map+0x10c/0x570 [ 546.010691] ? __lockdep_init_map+0x10c/0x570 [ 546.015190] mount_fs+0x97/0x2a1 [ 546.018568] vfs_kern_mount.part.0+0x5e/0x3d0 [ 546.023069] do_mount+0x417/0x27d0 [ 546.026615] ? copy_mount_options+0x5c/0x2f0 [ 546.032167] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.037180] ? copy_mount_string+0x40/0x40 [ 546.041610] ? copy_mount_options+0x1fe/0x2f0 [ 546.046299] SyS_mount+0xab/0x120 [ 546.049755] ? copy_mnt_ns+0x8c0/0x8c0 [ 546.053649] do_syscall_64+0x1e8/0x640 [ 546.057555] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 546.062410] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 546.067590] RIP: 0033:0x45de0a [ 546.070780] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 546.078637] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 546.085926] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 546.093219] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 546.100489] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 546.107763] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004d 02:48:40 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000000)=0x7, &(0x7f0000000040)=0x1) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$selinux_status(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/status\x00', 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(r5, 0x6, 0x2, &(0x7f00000000c0), &(0x7f0000000100)=0x6) r6 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 02:48:40 executing program 5 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 546.151786] BTRFS error (device loop4): superblock checksum mismatch [ 546.190178] BTRFS error (device loop4): open_ctree failed [ 546.272945] BTRFS error (device loop4): superblock checksum mismatch [ 546.298625] FAULT_INJECTION: forcing a failure. [ 546.298625] name failslab, interval 1, probability 0, space 0, times 0 [ 546.310733] CPU: 1 PID: 30897 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 546.318789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.328165] Call Trace: [ 546.330790] dump_stack+0x142/0x197 [ 546.334443] should_fail.cold+0x10f/0x159 [ 546.338693] should_failslab+0xdb/0x130 [ 546.342675] kmem_cache_alloc_trace+0x2e9/0x790 [ 546.347723] btrfs_mount+0x1069/0x2b28 [ 546.351611] ? lock_downgrade+0x740/0x740 [ 546.355770] ? find_held_lock+0x35/0x130 [ 546.359844] ? pcpu_alloc+0x3af/0x1050 [ 546.363803] ? btrfs_remount+0x11f0/0x11f0 [ 546.368060] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.373090] ? __lockdep_init_map+0x10c/0x570 [ 546.377606] mount_fs+0x97/0x2a1 [ 546.380988] vfs_kern_mount.part.0+0x5e/0x3d0 [ 546.385482] ? find_held_lock+0x35/0x130 [ 546.389551] vfs_kern_mount+0x40/0x60 [ 546.393354] btrfs_mount+0x3ce/0x2b28 [ 546.397163] ? lock_downgrade+0x740/0x740 [ 546.401319] ? find_held_lock+0x35/0x130 [ 546.405417] ? pcpu_alloc+0x3af/0x1050 [ 546.409372] ? btrfs_remount+0x11f0/0x11f0 [ 546.413626] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.418745] ? __lockdep_init_map+0x10c/0x570 [ 546.423280] ? __lockdep_init_map+0x10c/0x570 [ 546.427798] mount_fs+0x97/0x2a1 [ 546.431185] vfs_kern_mount.part.0+0x5e/0x3d0 [ 546.435692] do_mount+0x417/0x27d0 [ 546.439259] ? copy_mount_options+0x5c/0x2f0 [ 546.443686] ? rcu_read_lock_sched_held+0x110/0x130 [ 546.448879] ? copy_mount_string+0x40/0x40 [ 546.453389] ? copy_mount_options+0x1fe/0x2f0 [ 546.457898] SyS_mount+0xab/0x120 [ 546.461359] ? copy_mnt_ns+0x8c0/0x8c0 [ 546.465265] do_syscall_64+0x1e8/0x640 [ 546.469162] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 546.474025] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 546.479744] RIP: 0033:0x45de0a [ 546.482932] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 546.490646] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 546.497922] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 546.505199] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 546.512477] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 02:48:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 546.519762] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004e 02:48:41 executing program 3: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x14) [ 546.550774] BTRFS error (device loop4): open_ctree failed 02:48:41 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair(0x11, 0x3, 0x9, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) sendmsg$nl_netfilter(r1, &(0x7f0000000440)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000180)={&(0x7f0000000200)={0x224, 0x2, 0x6, 0x5, 0x70bd2a, 0x25dfdbfe, {0x5, 0x0, 0x7}, [@nested={0x148, 0x4e, 0x0, 0x1, [@typed={0x8, 0x2e, 0x0, 0x0, @fd=r2}, @generic="6dfb7d89ba6c347a093812260bcda6f50d7c7286e4bc5e9625759ca0596aafede16d500c13eaa545c79f84dd771cf3fd83cb2d208a4570441685b741745d77135ba26d05a2059472f432cae69ee201c56920a825348f1bbc6162ef99d5a4aa355cc98b8e76f7fd98985856632a6880b73e043de41828a1c7abbe42263023d6992e89669a2f0ec940814cad3a0415164e94858e9cfe87fa211e6bf6a56e85d9573c336e3b867ec2c18a89c8eef757b792a1", @generic="3aeceb9eed0711d3388599a194aa543b8f1f3a4498c1", @typed={0x8, 0x4, 0x0, 0x0, @pid}, @typed={0x8, 0x0, 0x0, 0x0, @pid=r3}, @typed={0x14, 0x7a, 0x0, 0x0, @ipv6=@rand_addr="cb28669f781f22191e4daf3af6da282d"}, @generic="f412a01cde127896ce7d77482311b11d04d880f398c79ed3069936b1d8569247986ae58228112c3158e807867e57049b3b0fb553ba3a22ffcf7f79e0a58b78448cf06e4ead890222a9d6a91d3b9079a238"]}, @generic="aaa29ad52bff4a10206d6fdb9d4fa4674294046eca688bfbbd716cab35ccae9842dd20afc62ac655e3020b3bba3dc532ce5d6713f67606d939b11ee60fbd6cbec862baa6c9fc3ccc008331c1763ec85810f654f7406ac38ce2aeb8b5bccf5c85234e84750c259b8cd31203121aeeb5420b8817387aebd5b3de476fad21a06e438121b36eca8f5cd870fa405b1935507caac8250c54a4fa20719953a9e3ee53f934a55d8e77035eea509059d5c1b7dea2472f2dd8e1b80e8cb0f2723f7057d6cf925d05ed24a0b4"]}, 0x224}, 0x1, 0x0, 0x0, 0x24000004}, 0x4080) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 02:48:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) socketpair$unix(0x1, 0x0, 0x0, 0x0) 02:48:41 executing program 5 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 546.765657] BTRFS error (device loop4): superblock checksum mismatch [ 546.852111] FAULT_INJECTION: forcing a failure. [ 546.852111] name failslab, interval 1, probability 0, space 0, times 0 [ 546.870786] BTRFS error (device loop4): open_ctree failed [ 546.878790] CPU: 0 PID: 30926 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 546.886721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 546.896106] Call Trace: [ 546.898825] dump_stack+0x142/0x197 [ 546.902469] should_fail.cold+0x10f/0x159 [ 546.906653] should_failslab+0xdb/0x130 [ 546.910777] kmem_cache_alloc_node_trace+0x280/0x770 [ 546.915896] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 546.921372] __kmalloc_node_track_caller+0x3d/0x80 [ 546.926320] __kmalloc_reserve.isra.0+0x40/0xe0 [ 546.931009] __alloc_skb+0xcf/0x500 [ 546.934645] ? skb_trim+0x180/0x180 [ 546.938279] ? netlink_has_listeners+0x20a/0x330 [ 546.943130] kobject_uevent_env+0x6ea/0xc80 [ 546.947449] ? lock_downgrade+0x740/0x740 [ 546.951591] kobject_uevent+0x20/0x30 [ 546.955390] loop_clr_fd+0x4a7/0xae0 [ 546.959112] lo_ioctl+0x8d6/0x1cd0 [ 546.962758] ? SyS_mount+0xcf/0x120 [ 546.966380] ? loop_probe+0x160/0x160 [ 546.970229] blkdev_ioctl+0x95f/0x1850 [ 546.974111] ? blkpg_ioctl+0x970/0x970 [ 546.977999] ? __might_sleep+0x93/0xb0 [ 546.981891] ? __fget+0x210/0x370 [ 546.985366] block_ioctl+0xde/0x120 [ 546.988993] ? blkdev_fallocate+0x3b0/0x3b0 [ 546.993458] do_vfs_ioctl+0x7ae/0x1060 [ 546.997351] ? selinux_file_mprotect+0x5d0/0x5d0 [ 547.002100] ? lock_downgrade+0x740/0x740 [ 547.006249] ? ioctl_preallocate+0x1c0/0x1c0 [ 547.010655] ? __fget+0x237/0x370 [ 547.014110] ? security_file_ioctl+0x89/0xb0 [ 547.018654] SyS_ioctl+0x8f/0xc0 [ 547.022122] ? do_vfs_ioctl+0x1060/0x1060 [ 547.026310] do_syscall_64+0x1e8/0x640 [ 547.030220] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 547.035192] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 547.040389] RIP: 0033:0x45b227 [ 547.043687] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 547.051390] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 547.058655] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 [ 547.065928] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 547.073203] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 [ 547.080667] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 000000000000004f 02:48:41 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60fe01, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600004, 0x4) 02:48:41 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) socketpair$unix(0x1, 0x0, 0x0, 0x0) 02:48:41 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$bt_BT_FLUSHABLE(r1, 0x112, 0x8, &(0x7f0000000040)=0x2, 0x4) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$selinux_avc_cache_stats(0xffffffffffffff9c, &(0x7f0000000080)='/selinux/avc/cache_stats\x00', 0x0, 0x0) ioctl$SNDCTL_DSP_NONBLOCK(r4, 0x500e, 0x0) write$FUSE_DIRENT(r3, &(0x7f0000000000)={0x30, 0x0, 0x6, [{0x4, 0x9, 0x5, 0x9, 'hash\x00'}]}, 0x30) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) 02:48:41 executing program 5 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:41 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f}}, 0xffaf) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r3}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r3}}, 0x48) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$P9_RLINK(r6, &(0x7f0000000200)={0x7, 0x47, 0x2}, 0x7) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x0, 0x0) fcntl$lock(r2, 0x25, &(0x7f0000000100)={0x2, 0x4, 0x40, 0xac93, r4}) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440)='/dev/infiniband/rdma_cm\x00', 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x26, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000240)={0x3, 0x40, 0xfa00, {{}, {0xa, 0x0, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, r8}}, 0x48) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f00000002c0)={0x3, 0x40, 0xfa00, {{0xa, 0x0, 0x0, @mcast2}, {0xa, 0x0, 0x0, @loopback}, r8}}, 0x48) fsetxattr$security_capability(r7, &(0x7f0000000140)='security.capability\x00', &(0x7f0000000180)=@v2={0x2000000, [{0x3ff, 0x1}, {0x3ff, 0x9}]}, 0x14, 0x0) 02:48:41 executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "000002", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@sack={0x4, 0x2}]}}}}}}}}, 0x0) [ 547.204793] FAULT_INJECTION: forcing a failure. [ 547.204793] name failslab, interval 1, probability 0, space 0, times 0 [ 547.239200] CPU: 1 PID: 30942 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 547.247154] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 547.256546] Call Trace: [ 547.259210] dump_stack+0x142/0x197 [ 547.262839] should_fail.cold+0x10f/0x159 [ 547.266993] should_failslab+0xdb/0x130 [ 547.270994] kmem_cache_alloc+0x2d7/0x780 [ 547.275153] ? out_of_line_wait_on_bit+0xba/0xd0 [ 547.279924] ? __wait_on_bit+0x130/0x130 [ 547.284165] getname_kernel+0x53/0x350 [ 547.288061] kern_path+0x20/0x40 [ 547.291432] lookup_bdev.part.0+0x63/0x160 [ 547.295673] ? blkdev_open+0x260/0x260 [ 547.299552] ? btrfs_read_dev_super+0x77/0xb0 [ 547.304150] blkdev_get_by_path+0x76/0xf0 [ 547.308306] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 547.312811] __btrfs_open_devices+0x194/0xab0 [ 547.317335] ? find_device+0x100/0x100 [ 547.321221] ? btrfs_mount+0x1069/0x2b28 [ 547.325382] ? rcu_read_lock_sched_held+0x110/0x130 [ 547.330397] btrfs_open_devices+0xa4/0xb0 [ 547.334665] btrfs_mount+0x11b4/0x2b28 [ 547.338547] ? lock_downgrade+0x740/0x740 [ 547.342804] ? find_held_lock+0x35/0x130 [ 547.346884] ? pcpu_alloc+0x3af/0x1050 [ 547.350786] ? btrfs_remount+0x11f0/0x11f0 [ 547.355027] ? rcu_read_lock_sched_held+0x110/0x130 [ 547.360061] ? __lockdep_init_map+0x10c/0x570 [ 547.364713] mount_fs+0x97/0x2a1 [ 547.368218] vfs_kern_mount.part.0+0x5e/0x3d0 [ 547.372716] ? find_held_lock+0x35/0x130 [ 547.376890] vfs_kern_mount+0x40/0x60 [ 547.380815] btrfs_mount+0x3ce/0x2b28 [ 547.384737] ? lock_downgrade+0x740/0x740 [ 547.389155] ? find_held_lock+0x35/0x130 [ 547.393229] ? pcpu_alloc+0x3af/0x1050 [ 547.397231] ? btrfs_remount+0x11f0/0x11f0 [ 547.401589] ? rcu_read_lock_sched_held+0x110/0x130 [ 547.406641] ? __lockdep_init_map+0x10c/0x570 [ 547.411174] ? __lockdep_init_map+0x10c/0x570 [ 547.416554] mount_fs+0x97/0x2a1 [ 547.420018] vfs_kern_mount.part.0+0x5e/0x3d0 [ 547.424536] do_mount+0x417/0x27d0 [ 547.428099] ? copy_mount_options+0x5c/0x2f0 [ 547.432641] ? rcu_read_lock_sched_held+0x110/0x130 [ 547.437667] ? copy_mount_string+0x40/0x40 [ 547.441928] ? copy_mount_options+0x1fe/0x2f0 [ 547.446419] SyS_mount+0xab/0x120 [ 547.449869] ? copy_mnt_ns+0x8c0/0x8c0 [ 547.453764] do_syscall_64+0x1e8/0x640 [ 547.457662] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 547.462504] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 547.467694] RIP: 0033:0x45de0a [ 547.470875] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 547.478579] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 547.485855] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 547.493145] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 02:48:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 547.500436] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 547.507708] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000050 02:48:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) socketpair$unix(0x1, 0x0, 0x0, 0x0) 02:48:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60fe01, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600004, 0x15) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) [ 547.602143] BTRFS error (device loop4): superblock checksum mismatch 02:48:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000ffa000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) [ 547.700341] BTRFS error (device loop4): open_ctree failed 02:48:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) socketpair$unix(0x1, 0x0, 0x0, 0x0) 02:48:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000ffa000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) 02:48:42 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000340)='/proc/self/net/pfkey\x00', 0x0, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, &(0x7f0000000680)={0x8, &(0x7f0000000600)=[{}, {}, {}, {0x0}, {}, {}, {}, {}]}) ioctl$DRM_IOCTL_SET_SAREA_CTX(0xffffffffffffffff, 0x4010641c, &(0x7f00000016c0)={r3, &(0x7f00000006c0)=""/4096}) ioctl$DRM_IOCTL_GET_SAREA_CTX(r2, 0xc010641d, &(0x7f00000003c0)={r3, &(0x7f0000000a00)=""/215}) ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f0000000100)={r3, 0x1}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 547.842865] audit: type=1800 audit(1581562122.525:92): pid=30981 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=229378 res=0 02:48:42 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$TIPC_CONN_TIMEOUT(r2, 0x10f, 0x82, &(0x7f0000000000), &(0x7f0000000040)=0x4) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r3 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) [ 547.988691] BTRFS error (device loop4): superblock checksum mismatch [ 547.995809] audit: type=1800 audit(1581562122.675:93): pid=30994 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=262147 res=0 02:48:42 executing program 5 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000ffa000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) 02:48:42 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) [ 548.081688] BTRFS error (device loop4): open_ctree failed 02:48:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x200}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x8100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000ffa000/0x1000)=nil) shmat(r0, &(0x7f0000000000/0x4000)=nil, 0xffffffffffffffff) [ 548.144208] audit: type=1800 audit(1581562122.835:94): pid=31006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=294916 res=0 [ 548.170609] BTRFS error (device loop4): superblock checksum mismatch 02:48:42 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:43 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r0, &(0x7f0000000000)=@in6={0x21, 0x4, 0x2, 0x1c}, 0x24) setsockopt$sock_timeval(r0, 0x1, 0x14, &(0x7f0000000080)={0x0, 0x7530}, 0x165) listen(r0, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) [ 548.278971] audit: type=1800 audit(1581562122.955:95): pid=31021 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op="collect_data" cause="failed" comm="syz-executor.0" name="SYSV00000000" dev="hugetlbfs" ino=327685 res=0 [ 548.280285] BTRFS error (device loop4): open_ctree failed [ 548.310983] FAULT_INJECTION: forcing a failure. [ 548.310983] name failslab, interval 1, probability 0, space 0, times 0 [ 548.348824] CPU: 1 PID: 31015 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 548.356753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.366238] Call Trace: [ 548.368837] dump_stack+0x142/0x197 [ 548.372484] should_fail.cold+0x10f/0x159 [ 548.376652] should_failslab+0xdb/0x130 [ 548.380641] __kmalloc+0x2f0/0x7a0 [ 548.384215] ? rcu_lockdep_current_cpu_online+0xf2/0x140 [ 548.389697] ? kobject_uevent_env+0x208/0xc80 [ 548.394203] ? rcu_read_lock_sched_held+0x110/0x130 [ 548.399233] ? kobject_get_path+0xba/0x190 [ 548.403479] kobject_get_path+0xba/0x190 [ 548.407552] kobject_uevent_env+0x22c/0xc80 [ 548.411886] ? lock_downgrade+0x740/0x740 [ 548.416095] kobject_uevent+0x20/0x30 [ 548.419910] loop_clr_fd+0x4a7/0xae0 [ 548.423631] lo_ioctl+0x8d6/0x1cd0 [ 548.427204] ? SyS_mount+0xcf/0x120 [ 548.430833] ? loop_probe+0x160/0x160 [ 548.434821] blkdev_ioctl+0x95f/0x1850 [ 548.438718] ? blkpg_ioctl+0x970/0x970 [ 548.442606] ? __might_sleep+0x93/0xb0 [ 548.446502] ? __fget+0x210/0x370 [ 548.450099] block_ioctl+0xde/0x120 [ 548.453719] ? blkdev_fallocate+0x3b0/0x3b0 [ 548.458102] do_vfs_ioctl+0x7ae/0x1060 [ 548.461998] ? selinux_file_mprotect+0x5d0/0x5d0 [ 548.466848] ? lock_downgrade+0x740/0x740 [ 548.471116] ? ioctl_preallocate+0x1c0/0x1c0 [ 548.475566] ? __fget+0x237/0x370 [ 548.479063] ? security_file_ioctl+0x89/0xb0 [ 548.483515] SyS_ioctl+0x8f/0xc0 [ 548.486890] ? do_vfs_ioctl+0x1060/0x1060 [ 548.491060] do_syscall_64+0x1e8/0x640 [ 548.494946] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 548.499813] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 548.505002] RIP: 0033:0x45b227 [ 548.508401] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 548.516146] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045b227 [ 548.523422] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 [ 548.530693] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 548.537963] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003 02:48:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 548.545244] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000051 02:48:43 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0xaea3, &(0x7f0000000380)={0x7b}) 02:48:43 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0x200881, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 02:48:43 executing program 5 (fault-call:0 fault-nth:82): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) [ 548.705583] BTRFS error (device loop4): superblock checksum mismatch 02:48:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 548.770290] BTRFS error (device loop4): open_ctree failed [ 548.808353] FAULT_INJECTION: forcing a failure. [ 548.808353] name failslab, interval 1, probability 0, space 0, times 0 02:48:43 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r8, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002000000010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) r9 = socket(0x11, 0x800000003, 0x0) setsockopt$packet_add_memb(r9, 0x107, 0x1, &(0x7f0000000280)={r8, 0x1, 0x6, @link_local}, 0x10) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="2000000011000100"/20, @ANYRES32=r8, @ANYBLOB="0000010100000000"], 0x20}}, 0x0) r10 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r10, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r11) setsockopt$inet_IP_IPSEC_POLICY(r4, 0x0, 0x10, &(0x7f0000000000)={{{@in=@broadcast, @in6=@remote, 0x4e22, 0xffff, 0x4e24, 0x0, 0xa, 0x160, 0x20, 0x84, r8, r11}, {0x7ff, 0x9, 0x40000000, 0x8000, 0x9, 0x3, 0x40, 0x6}, {0x9667, 0x10001, 0x3349b9f1, 0x9}, 0x5, 0x6e6bb6, 0x1, 0x1, 0x1}, {{@in6=@mcast2, 0x4d4, 0xff}, 0xa, @in6=@local, 0x0, 0x2, 0x0, 0x3, 0x2, 0x5, 0x4}}, 0xe8) r12 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) [ 548.914138] CPU: 1 PID: 31050 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 548.922320] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 548.931689] Call Trace: [ 548.934416] dump_stack+0x142/0x197 [ 548.938154] should_fail.cold+0x10f/0x159 [ 548.942320] ? __lock_is_held+0xb6/0x140 [ 548.946402] ? mempool_free+0x1d0/0x1d0 [ 548.950408] should_failslab+0xdb/0x130 [ 548.954397] kmem_cache_alloc+0x47/0x780 [ 548.958490] ? mempool_free+0x1d0/0x1d0 [ 548.962482] mempool_alloc_slab+0x47/0x60 [ 548.966642] mempool_alloc+0x138/0x300 [ 548.970545] ? __find_get_block+0x5c4/0xbf0 [ 548.974968] ? remove_element.isra.0+0x1b0/0x1b0 [ 548.979783] ? mark_held_locks+0xb1/0x100 [ 548.983945] ? save_trace+0x290/0x290 [ 548.987761] ? trace_hardirqs_on_caller+0x400/0x590 [ 548.992795] bio_alloc_bioset+0x368/0x680 [ 548.996959] ? pkg_thermal_cpu_online+0x3bc/0x8a0 [ 549.001817] ? bvec_alloc+0x2e0/0x2e0 [ 549.005629] ? __getblk_gfp+0x5c/0x7b0 [ 549.009526] submit_bh_wbc+0xf6/0x720 [ 549.013345] __bread_gfp+0x106/0x290 [ 549.017079] btrfs_read_dev_one_super+0x9f/0x270 [ 549.021860] btrfs_read_dev_super+0x5d/0xb0 [ 549.026202] ? btrfs_read_dev_one_super+0x270/0x270 [ 549.031239] btrfs_get_bdev_and_sb+0xdc/0x2e0 [ 549.035806] __btrfs_open_devices+0x194/0xab0 [ 549.040499] ? find_device+0x100/0x100 [ 549.044550] ? btrfs_mount+0x1069/0x2b28 [ 549.048622] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.053651] btrfs_open_devices+0xa4/0xb0 [ 549.057824] btrfs_mount+0x11b4/0x2b28 [ 549.061729] ? lock_downgrade+0x740/0x740 [ 549.065891] ? find_held_lock+0x35/0x130 [ 549.069988] ? pcpu_alloc+0x3af/0x1050 [ 549.073970] ? btrfs_remount+0x11f0/0x11f0 [ 549.078237] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.083300] ? __lockdep_init_map+0x10c/0x570 [ 549.087845] mount_fs+0x97/0x2a1 [ 549.091232] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.095925] ? find_held_lock+0x35/0x130 [ 549.100013] vfs_kern_mount+0x40/0x60 [ 549.103839] btrfs_mount+0x3ce/0x2b28 [ 549.107661] ? lock_downgrade+0x740/0x740 [ 549.111829] ? find_held_lock+0x35/0x130 [ 549.115897] ? pcpu_alloc+0x3af/0x1050 [ 549.119939] ? btrfs_remount+0x11f0/0x11f0 [ 549.124187] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.129230] ? __lockdep_init_map+0x10c/0x570 [ 549.133746] ? __lockdep_init_map+0x10c/0x570 [ 549.138266] mount_fs+0x97/0x2a1 [ 549.141650] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.146169] do_mount+0x417/0x27d0 [ 549.149723] ? copy_mount_string+0x40/0x40 [ 549.154072] ? copy_mount_options+0x151/0x2f0 [ 549.158582] ? __sanitizer_cov_trace_pc+0x41/0x60 [ 549.163435] ? copy_mount_options+0x1fe/0x2f0 [ 549.167941] SyS_mount+0xab/0x120 [ 549.171396] ? copy_mnt_ns+0x8c0/0x8c0 [ 549.175295] do_syscall_64+0x1e8/0x640 [ 549.179191] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 549.184049] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 549.189350] RIP: 0033:0x45de0a [ 549.192544] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 549.200402] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 549.207790] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 02:48:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:43 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:43 executing program 0: r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r3, 0x4138ae84, &(0x7f0000000080)) ioctl$KVM_S390_VCPU_FAULT(0xffffffffffffffff, 0x4004ae52, &(0x7f0000000000)) connect$unix(0xffffffffffffffff, 0x0, 0x0) accept4$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) fcntl$setpipe(0xffffffffffffffff, 0x407, 0xfffffffffffffffe) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, &(0x7f0000000200)='sit0\x00', 0x10) r4 = syz_open_dev$loop(0x0, 0x2, 0x0) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, 0xffffffffffffffff) [ 549.215069] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 549.222351] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 549.229636] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000052 [ 549.256359] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. 02:48:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000380)={0x7b}) [ 549.322837] device veth37 entered promiscuous mode [ 549.336502] BTRFS error (device loop5): superblock checksum mismatch [ 549.379166] device veth37 left promiscuous mode 02:48:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 549.420787] BTRFS error (device loop5): open_ctree failed 02:48:44 executing program 5 (fault-call:0 fault-nth:83): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:44 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000040)='./file0\x00', 0x7, 0x1, &(0x7f0000000100)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x210000}], 0x242cb0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x80000001) [ 549.543363] FAULT_INJECTION: forcing a failure. [ 549.543363] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 549.555203] CPU: 0 PID: 31087 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 549.563226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 549.572603] Call Trace: [ 549.575237] dump_stack+0x142/0x197 [ 549.578885] should_fail.cold+0x10f/0x159 [ 549.583148] __alloc_pages_nodemask+0x1d6/0x7a0 [ 549.588102] ? __alloc_pages_slowpath+0x2930/0x2930 02:48:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) [ 549.593143] cache_grow_begin+0x80/0x400 [ 549.597312] kmem_cache_alloc+0x6a6/0x780 [ 549.601516] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.1'. [ 549.601555] ? save_stack_trace+0x16/0x20 [ 549.615680] ? save_stack+0x45/0xd0 [ 549.619320] ? kmem_cache_alloc_trace+0x152/0x790 [ 549.624210] getname_kernel+0x53/0x350 [ 549.628115] kern_path+0x20/0x40 [ 549.631484] lookup_bdev.part.0+0x63/0x160 [ 549.635860] ? blkdev_open+0x260/0x260 [ 549.639851] ? btrfs_open_devices+0x27/0xb0 [ 549.644168] blkdev_get_by_path+0x76/0xf0 [ 549.648422] btrfs_get_bdev_and_sb+0x38/0x2e0 [ 549.652925] __btrfs_open_devices+0x194/0xab0 [ 549.657432] ? check_preemption_disabled+0x3c/0x250 [ 549.662459] ? find_device+0x100/0x100 [ 549.666335] ? btrfs_mount+0x1069/0x2b28 [ 549.670402] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.675420] btrfs_open_devices+0xa4/0xb0 [ 549.679610] btrfs_mount+0x11b4/0x2b28 [ 549.683512] ? lock_downgrade+0x740/0x740 [ 549.687663] ? find_held_lock+0x35/0x130 [ 549.691716] ? pcpu_alloc+0x3af/0x1050 [ 549.695610] ? btrfs_remount+0x11f0/0x11f0 [ 549.699865] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.704886] ? __lockdep_init_map+0x10c/0x570 [ 549.709411] mount_fs+0x97/0x2a1 [ 549.712804] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.717308] ? find_held_lock+0x35/0x130 [ 549.721365] vfs_kern_mount+0x40/0x60 [ 549.725157] btrfs_mount+0x3ce/0x2b28 [ 549.728984] ? lock_downgrade+0x740/0x740 [ 549.733157] ? find_held_lock+0x35/0x130 [ 549.737241] ? pcpu_alloc+0x3af/0x1050 [ 549.741137] ? btrfs_remount+0x11f0/0x11f0 [ 549.745366] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.750387] ? __lockdep_init_map+0x10c/0x570 [ 549.754897] ? __lockdep_init_map+0x10c/0x570 [ 549.759388] mount_fs+0x97/0x2a1 [ 549.762749] vfs_kern_mount.part.0+0x5e/0x3d0 [ 549.767248] do_mount+0x417/0x27d0 [ 549.770808] ? copy_mount_options+0x5c/0x2f0 [ 549.775221] ? rcu_read_lock_sched_held+0x110/0x130 [ 549.780328] ? copy_mount_string+0x40/0x40 [ 549.784589] ? copy_mount_options+0x1fe/0x2f0 [ 549.789088] SyS_mount+0xab/0x120 [ 549.792542] ? copy_mnt_ns+0x8c0/0x8c0 [ 549.796578] do_syscall_64+0x1e8/0x640 [ 549.800458] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 549.805301] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 549.810482] RIP: 0033:0x45de0a [ 549.813794] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 549.821521] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 549.828908] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 549.836287] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 549.843686] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 549.850957] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000053 02:48:44 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_ENABLE_CAP_CPU(0xffffffffffffffff, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, 0x0, 0xfffffffffffffdfb, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(0xffffffffffffffff, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(0xffffffffffffffff, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:44 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) io_setup(0x1, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:44 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0x10000}], 0xa1000, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:44 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:44 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_DEBUGREGS(r2, 0x4188aea7, &(0x7f0000000080)) 02:48:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:44 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:45 executing program 5 (fault-call:0 fault-nth:84): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f0000000080)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4d", 0x48, 0x10000}], 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) 02:48:45 executing program 4: syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f00000001c0)='./file0\x00', 0xfffffffffffffffd, 0x1, &(0x7f0000000040)=[{&(0x7f0000000100)="8da4363ac0ed02000a0000000001004d010000000000000000007a000000000001f60180000048aeb81e1b00b10efd9a000019000000000001fffffff60000005f42485266535f4d14acf3c5ea", 0x4d, 0xffff}], 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) 02:48:45 executing program 1: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000003340)=[{{0x0, 0x4000000000000, 0x0}}], 0x600, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r0, 0x9e5505524a86f6ee, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) 02:48:45 executing program 3: openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r0, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:45 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x60fe01, 0x8) madvise(&(0x7f0000000000/0x600000)=nil, 0x600004, 0x15) memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) [ 550.485698] FAULT_INJECTION: forcing a failure. [ 550.485698] name failslab, interval 1, probability 0, space 0, times 0 [ 550.553185] CPU: 1 PID: 31153 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 550.561128] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 550.570686] Call Trace: [ 550.573286] dump_stack+0x142/0x197 [ 550.577058] should_fail.cold+0x10f/0x159 [ 550.581202] should_failslab+0xdb/0x130 [ 550.585180] __kmalloc+0x2f0/0x7a0 [ 550.588724] ? __lock_is_held+0xb6/0x140 [ 550.592778] ? check_preemption_disabled+0x3c/0x250 [ 550.597809] ? bio_alloc_bioset+0x3ae/0x680 [ 550.602136] bio_alloc_bioset+0x3ae/0x680 [ 550.606278] ? btrfs_alloc_device+0xa4/0x6a0 [ 550.610691] ? rcu_read_lock_sched_held+0x110/0x130 [ 550.615809] ? bvec_alloc+0x2e0/0x2e0 [ 550.619604] btrfs_alloc_device+0xc3/0x6a0 [ 550.623842] ? __kmalloc+0x376/0x7a0 [ 550.627563] ? btrfs_find_device_by_devspec+0xf0/0xf0 [ 550.632745] ? __btrfs_close_devices+0x323/0xa90 [ 550.637497] __btrfs_close_devices+0x2c6/0xa90 [ 550.642083] ? btrfs_alloc_device+0x6a0/0x6a0 [ 550.646585] btrfs_close_devices+0x29/0x140 [ 550.650909] btrfs_mount+0x1fd9/0x2b28 [ 550.654828] ? lock_downgrade+0x740/0x740 [ 550.658977] ? find_held_lock+0x35/0x130 [ 550.663032] ? pcpu_alloc+0x3af/0x1050 [ 550.666938] ? btrfs_remount+0x11f0/0x11f0 [ 550.671182] ? rcu_read_lock_sched_held+0x110/0x130 [ 550.676209] ? __lockdep_init_map+0x10c/0x570 [ 550.680716] mount_fs+0x97/0x2a1 [ 550.686703] vfs_kern_mount.part.0+0x5e/0x3d0 [ 550.691187] ? find_held_lock+0x35/0x130 [ 550.695258] vfs_kern_mount+0x40/0x60 [ 550.699063] btrfs_mount+0x3ce/0x2b28 [ 550.702869] ? lock_downgrade+0x740/0x740 [ 550.707007] ? find_held_lock+0x35/0x130 [ 550.711179] ? pcpu_alloc+0x3af/0x1050 [ 550.715179] ? btrfs_remount+0x11f0/0x11f0 [ 550.719408] ? rcu_read_lock_sched_held+0x110/0x130 [ 550.724454] ? __lockdep_init_map+0x10c/0x570 [ 550.728981] ? __lockdep_init_map+0x10c/0x570 [ 550.733486] mount_fs+0x97/0x2a1 [ 550.736861] vfs_kern_mount.part.0+0x5e/0x3d0 [ 550.741381] do_mount+0x417/0x27d0 [ 550.744931] ? copy_mount_options+0x5c/0x2f0 [ 550.749363] ? rcu_read_lock_sched_held+0x110/0x130 [ 550.754391] ? copy_mount_string+0x40/0x40 [ 550.758635] ? copy_mount_options+0x1fe/0x2f0 [ 550.763134] SyS_mount+0xab/0x120 [ 550.766598] ? copy_mnt_ns+0x8c0/0x8c0 [ 550.770492] do_syscall_64+0x1e8/0x640 [ 550.774395] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 550.779252] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 550.784440] RIP: 0033:0x45de0a [ 550.787632] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 550.795345] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 550.802657] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 550.809951] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 550.817223] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 550.824497] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000054 02:48:45 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_ENABLE_CAP_CPU(r2, 0x4008ae8a, &(0x7f0000000380)={0x7b}) 02:48:45 executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x81}, 0x0) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) openat$nvram(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$ipvs(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001600)={0x0, 0x0, 0x0}, 0x0) getsockopt$bt_l2cap_L2CAP_LM(0xffffffffffffffff, 0x6, 0x3, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000000)=0x16c, 0x4) setsockopt$inet_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000280)={@in={{0x2, 0x0, @local}}, 0x0, 0x5, 0x3}, 0xd8) bind$inet(r0, &(0x7f0000deb000)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f00000008c0)={0x2, 0x4e23, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x0, &(0x7f0000000100)=0x1000, 0x4) fchmodat(0xffffffffffffffff, 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000001340)) recvmsg(r0, &(0x7f0000000240)={&(0x7f0000000040)=@nfc, 0x80, &(0x7f00000003c0)=[{&(0x7f0000003ac0)=""/4096, 0xdc00}], 0x1, &(0x7f0000000200)=""/20, 0xffffff28, 0x3e8}, 0x100) write$binfmt_elf64(r0, &(0x7f0000002300)=ANY=[@ANYRES64], 0x1000001bd) 02:48:45 executing program 0: 02:48:45 executing program 0: 02:48:45 executing program 0: [ 551.072108] ------------[ cut here ]------------ [ 551.076902] kernel BUG at fs/btrfs/volumes.c:890! [ 551.097430] invalid opcode: 0000 [#1] PREEMPT SMP KASAN [ 551.102828] Modules linked in: [ 551.106033] CPU: 1 PID: 31153 Comm: syz-executor.5 Not tainted 4.14.170-syzkaller #0 [ 551.113919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 551.123284] task: ffff888089634340 task.stack: ffff888053fa8000 [ 551.129347] RIP: 0010:__btrfs_close_devices+0x7d8/0xa90 [ 551.134796] RSP: 0018:ffff888053faf700 EFLAGS: 00010246 [ 551.140154] RAX: 0000000000040000 RBX: ffff8880a9e5bb40 RCX: ffffc9000743f000 [ 551.147418] RDX: 0000000000040000 RSI: ffffffff829a33a8 RDI: 0000000000000286 [ 551.154683] RBP: ffff888053faf7c8 R08: ffff888089634340 R09: ffff888089634c08 [ 551.161949] R10: 0000000000000000 R11: 0000000000000000 R12: ffff8880a11e7000 [ 551.169225] R13: ffff8880a9e5bc08 R14: fffffffffffffff4 R15: dffffc0000000000 [ 551.176538] FS: 00007f6b0e362700(0000) GS:ffff8880aed00000(0000) knlGS:0000000000000000 [ 551.184761] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 551.190670] CR2: 0000000000718158 CR3: 000000009043b000 CR4: 00000000001406e0 [ 551.197945] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 551.205202] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 551.212469] Call Trace: [ 551.215068] ? btrfs_alloc_device+0x6a0/0x6a0 [ 551.219568] btrfs_close_devices+0x29/0x140 [ 551.223895] btrfs_mount+0x1fd9/0x2b28 [ 551.227785] ? lock_downgrade+0x740/0x740 [ 551.231925] ? find_held_lock+0x35/0x130 [ 551.236139] ? pcpu_alloc+0x3af/0x1050 [ 551.240035] ? btrfs_remount+0x11f0/0x11f0 [ 551.244315] ? rcu_read_lock_sched_held+0x110/0x130 [ 551.249350] ? __lockdep_init_map+0x10c/0x570 [ 551.253880] mount_fs+0x97/0x2a1 [ 551.257236] vfs_kern_mount.part.0+0x5e/0x3d0 [ 551.261717] ? find_held_lock+0x35/0x130 [ 551.265781] vfs_kern_mount+0x40/0x60 [ 551.269587] btrfs_mount+0x3ce/0x2b28 [ 551.273390] ? lock_downgrade+0x740/0x740 [ 551.277524] ? find_held_lock+0x35/0x130 [ 551.281594] ? pcpu_alloc+0x3af/0x1050 [ 551.285475] ? btrfs_remount+0x11f0/0x11f0 [ 551.289709] ? rcu_read_lock_sched_held+0x110/0x130 [ 551.294729] ? __lockdep_init_map+0x10c/0x570 [ 551.299228] ? __lockdep_init_map+0x10c/0x570 [ 551.303776] mount_fs+0x97/0x2a1 [ 551.307154] vfs_kern_mount.part.0+0x5e/0x3d0 [ 551.311649] do_mount+0x417/0x27d0 [ 551.315175] ? copy_mount_options+0x5c/0x2f0 [ 551.319600] ? rcu_read_lock_sched_held+0x110/0x130 [ 551.324732] ? copy_mount_string+0x40/0x40 [ 551.328961] ? copy_mount_options+0x1fe/0x2f0 [ 551.333461] SyS_mount+0xab/0x120 [ 551.336901] ? copy_mnt_ns+0x8c0/0x8c0 [ 551.340820] do_syscall_64+0x1e8/0x640 [ 551.344711] ? trace_hardirqs_off_thunk+0x1a/0x1c [ 551.349810] entry_SYSCALL_64_after_hwframe+0x42/0xb7 [ 551.355241] RIP: 0033:0x45de0a [ 551.358416] RSP: 002b:00007f6b0e361a68 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 551.366121] RAX: ffffffffffffffda RBX: 00007f6b0e3626d4 RCX: 000000000045de0a [ 551.373389] RDX: 00007f6b0e361ae0 RSI: 00000000200001c0 RDI: 00007f6b0e361b00 [ 551.380910] RBP: 000000000075bf20 R08: 00007f6b0e361b40 R09: 00007f6b0e361ae0 [ 551.388170] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000003 [ 551.395531] R13: 0000000000000ba1 R14: 00000000004cc797 R15: 0000000000000054 [ 551.402805] Code: c1 ea 03 0f b6 04 02 84 c0 74 08 3c 03 0f 8e 59 02 00 00 48 8b 45 80 c7 80 10 01 00 00 00 00 00 00 e9 e2 f8 ff ff e8 08 e1 c2 fe <0f> 0b e8 01 e1 c2 fe 0f 0b 48 89 f7 e8 d7 70 ed fe e9 ad f8 ff [ 551.421973] RIP: __btrfs_close_devices+0x7d8/0xa90 RSP: ffff888053faf700 [ 551.446808] ---[ end trace f73841a626b59bf9 ]--- [ 551.451834] Kernel panic - not syncing: Fatal exception [ 551.458897] Kernel Offset: disabled [ 551.462637] Rebooting in 86400 seconds..