failslab+0x5/0xf [ 685.763554] kmem_cache_alloc+0x277/0x370 [ 685.767952] __alloc_file+0x21/0x330 [ 685.771836] alloc_empty_file+0x6d/0x170 [ 685.775998] alloc_file+0x5e/0x4d0 [ 685.779711] alloc_file_pseudo+0x165/0x250 [ 685.784049] ? alloc_file+0x4d0/0x4d0 [ 685.787891] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 685.793575] ? shmem_get_inode+0x44c/0x8d0 [ 685.797843] __shmem_file_setup.part.0+0x102/0x2b0 [ 685.802798] shmem_file_setup+0x61/0x90 [ 685.806814] __se_sys_memfd_create+0x26b/0x440 [ 685.811430] ? memfd_file_seals_ptr+0x150/0x150 [ 685.816124] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 685.821623] ? trace_hardirqs_off_caller+0x6e/0x210 [ 685.826907] ? do_syscall_64+0x21/0x620 [ 685.831287] do_syscall_64+0xf9/0x620 [ 685.835243] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 685.840559] RIP: 0033:0x45e219 [ 685.843987] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 685.863569] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 685.871562] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 685.878917] RDX: 0000000020000218 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 685.886275] RBP: 0000000000010000 R08: 0000000020000218 R09: 0000000000000000 [ 685.894302] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000001 [ 685.902584] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 685.909920] CPU: 1 PID: 19144 Comm: syz-executor.5 Not tainted 4.19.164-syzkaller #0 [ 685.917875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 685.927934] Call Trace: [ 685.930624] dump_stack+0x1fc/0x2fe [ 685.934365] should_fail.cold+0xa/0x14 [ 685.938337] ? setup_fault_attr+0x200/0x200 [ 685.942871] ? lock_acquire+0x170/0x3c0 [ 685.946972] __should_failslab+0x115/0x180 [ 685.951316] should_failslab+0x5/0xf [ 685.955144] kmem_cache_alloc+0x277/0x370 [ 685.959430] __alloc_file+0x21/0x330 [ 685.963279] alloc_empty_file+0x6d/0x170 [ 685.967472] alloc_file+0x5e/0x4d0 [ 685.971287] alloc_file_pseudo+0x165/0x250 [ 685.975628] ? alloc_file+0x4d0/0x4d0 [ 685.979570] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 685.985404] ? shmem_get_inode+0x44c/0x8d0 [ 685.989892] __shmem_file_setup.part.0+0x102/0x2b0 [ 685.995213] shmem_file_setup+0x61/0x90 [ 685.999417] __se_sys_memfd_create+0x26b/0x440 [ 686.004109] ? memfd_file_seals_ptr+0x150/0x150 [ 686.009051] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 686.014565] ? trace_hardirqs_off_caller+0x6e/0x210 [ 686.020073] ? do_syscall_64+0x21/0x620 [ 686.024352] do_syscall_64+0xf9/0x620 [ 686.028355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.033722] RIP: 0033:0x45e219 [ 686.037106] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 686.056253] RSP: 002b:00007fc12ba77a18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 686.064008] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 686.071308] RDX: 0000000020000248 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 686.078594] RBP: 00000000000165c0 R08: 0000000020000248 R09: 0000000000000000 01:55:09 executing program 3 (fault-call:0 fault-nth:4): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 686.086091] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000003 [ 686.093778] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 686.118718] input: syz0 as /devices/virtual/input/input93 01:55:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x608, 0x2}, 0x80, 0x0}, 0x0) 01:55:09 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x3}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 686.232014] FAULT_INJECTION: forcing a failure. [ 686.232014] name failslab, interval 1, probability 0, space 0, times 0 [ 686.263504] CPU: 1 PID: 19174 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 686.271598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.281033] Call Trace: [ 686.283743] dump_stack+0x1fc/0x2fe [ 686.287567] should_fail.cold+0xa/0x14 [ 686.291544] ? setup_fault_attr+0x200/0x200 [ 686.295977] ? lock_acquire+0x170/0x3c0 [ 686.300061] __should_failslab+0x115/0x180 [ 686.304386] should_failslab+0x5/0xf [ 686.308224] kmem_cache_alloc_trace+0x284/0x380 [ 686.312998] apparmor_file_alloc_security+0x394/0xad0 [ 686.318289] ? apparmor_file_receive+0x160/0x160 [ 686.323147] ? __alloc_file+0x21/0x330 [ 686.327142] security_file_alloc+0x40/0x90 [ 686.331479] __alloc_file+0xc9/0x330 [ 686.335429] alloc_empty_file+0x6d/0x170 [ 686.339617] alloc_file+0x5e/0x4d0 [ 686.343248] alloc_file_pseudo+0x165/0x250 [ 686.347595] ? alloc_file+0x4d0/0x4d0 [ 686.351507] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 686.358214] ? shmem_get_inode+0x44c/0x8d0 [ 686.362575] __shmem_file_setup.part.0+0x102/0x2b0 [ 686.367652] shmem_file_setup+0x61/0x90 [ 686.371775] __se_sys_memfd_create+0x26b/0x440 [ 686.376511] ? memfd_file_seals_ptr+0x150/0x150 [ 686.377285] input: syz0 as /devices/virtual/input/input94 [ 686.381358] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 686.381390] ? trace_hardirqs_off_caller+0x6e/0x210 [ 686.381425] ? do_syscall_64+0x21/0x620 [ 686.381441] do_syscall_64+0xf9/0x620 [ 686.381462] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 686.381482] RIP: 0033:0x45e219 [ 686.381539] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:55:09 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', 0x0, 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:09 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x804c}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 686.433103] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 686.440882] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 686.448232] RDX: 0000000020000218 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 686.455606] RBP: 0000000000010000 R08: 0000000020000218 R09: 0000000000000000 [ 686.463114] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000001 [ 686.470473] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 686.488093] input: syz0 as /devices/virtual/input/input95 01:55:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x689, 0x2}, 0x80, 0x0}, 0x0) 01:55:09 executing program 3 (fault-call:0 fault-nth:5): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:09 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:09 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', 0x0, 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:09 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8060}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:09 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x4}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x3580, 0x2}, 0x80, 0x0}, 0x0) [ 686.790960] input: syz0 as /devices/virtual/input/input96 [ 686.801060] FAULT_INJECTION: forcing a failure. [ 686.801060] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 686.820952] CPU: 1 PID: 19218 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 686.829174] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 686.838741] Call Trace: [ 686.841439] dump_stack+0x1fc/0x2fe [ 686.845194] should_fail.cold+0xa/0x14 [ 686.849219] ? lock_acquire+0x170/0x3c0 [ 686.853252] ? setup_fault_attr+0x200/0x200 [ 686.857769] __alloc_pages_nodemask+0x239/0x2890 [ 686.862943] ? __lock_acquire+0x6de/0x3ff0 [ 686.867315] ? static_obj+0x50/0x50 [ 686.871294] ? __lock_acquire+0x6de/0x3ff0 [ 686.875811] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 686.880735] ? __lock_acquire+0x6de/0x3ff0 [ 686.885290] ? deref_stack_reg+0x134/0x1d0 [ 686.889622] ? mark_held_locks+0xf0/0xf0 [ 686.894118] ? mark_held_locks+0xf0/0xf0 [ 686.898629] ? __lock_acquire+0x6de/0x3ff0 [ 686.903177] alloc_pages_vma+0xf2/0x780 [ 686.907355] shmem_alloc_page+0x11c/0x1f0 [ 686.911746] ? shmem_swapin+0x220/0x220 [ 686.915842] ? percpu_counter_add_batch+0x126/0x180 [ 686.921091] ? __vm_enough_memory+0x316/0x650 [ 686.926749] shmem_alloc_and_acct_page+0x15a/0x850 [ 686.931874] shmem_getpage_gfp+0x4e9/0x37f0 [ 686.936325] ? shmem_alloc_and_acct_page+0x850/0x850 [ 686.941734] ? mark_held_locks+0xa6/0xf0 [ 686.945888] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 686.951298] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 686.956602] shmem_write_begin+0xff/0x1e0 [ 686.961079] generic_perform_write+0x1f8/0x4d0 [ 686.965781] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 686.970562] ? current_time+0x1c0/0x1c0 [ 686.974633] ? lock_acquire+0x170/0x3c0 [ 686.980830] __generic_file_write_iter+0x24b/0x610 [ 686.986140] generic_file_write_iter+0x3f8/0x729 [ 686.991187] __vfs_write+0x51b/0x770 [ 686.995245] ? kernel_read+0x110/0x110 [ 686.999613] ? check_preemption_disabled+0x41/0x280 [ 687.005082] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 687.010331] vfs_write+0x1f3/0x540 [ 687.014391] __x64_sys_pwrite64+0x1f7/0x250 [ 687.018782] ? ksys_pwrite64+0x1a0/0x1a0 [ 687.023477] ? trace_hardirqs_off_caller+0x6e/0x210 [ 687.028656] ? do_syscall_64+0x21/0x620 [ 687.032739] do_syscall_64+0xf9/0x620 [ 687.036785] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.042547] RIP: 0033:0x417d77 [ 687.045795] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 07 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 4d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 687.066888] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 687.074935] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417d77 [ 687.082701] RDX: 0000000000000012 RSI: 0000000020010000 RDI: 0000000000000004 01:55:10 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8068}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 687.090404] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 687.098178] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 687.105663] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210 01:55:10 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000064f00)) 01:55:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4888, 0x2}, 0x80, 0x0}, 0x0) [ 687.173417] input: syz0 as /devices/virtual/input/input97 01:55:10 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:10 executing program 3 (fault-call:0 fault-nth:6): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x5}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x5865, 0x2}, 0x80, 0x0}, 0x0) [ 687.402311] FAULT_INJECTION: forcing a failure. [ 687.402311] name failslab, interval 1, probability 0, space 0, times 0 [ 687.414670] CPU: 1 PID: 19257 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 687.422910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 687.433235] Call Trace: [ 687.436275] dump_stack+0x1fc/0x2fe [ 687.440577] should_fail.cold+0xa/0x14 [ 687.445309] ? setup_fault_attr+0x200/0x200 [ 687.449868] ? __lock_acquire+0x6de/0x3ff0 [ 687.455235] __should_failslab+0x115/0x180 [ 687.459687] should_failslab+0x5/0xf [ 687.463831] kmem_cache_alloc+0x3f/0x370 [ 687.469219] radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 687.475447] __radix_tree_create+0x314/0x540 [ 687.479995] __radix_tree_insert+0xbb/0x5f0 [ 687.485184] ? __radix_tree_create+0x540/0x540 [ 687.490712] ? lock_acquire+0x170/0x3c0 [ 687.495380] ? shmem_add_to_page_cache+0x306/0xbb0 [ 687.497532] input: syz0 as /devices/virtual/input/input98 [ 687.500823] shmem_add_to_page_cache+0x616/0xbb0 [ 687.513354] ? shmem_recalc_inode+0x310/0x310 [ 687.518869] ? __radix_tree_preload+0x1fe/0x280 [ 687.524679] shmem_getpage_gfp+0x2004/0x37f0 [ 687.529656] ? shmem_alloc_and_acct_page+0x850/0x850 [ 687.535965] ? mark_held_locks+0xa6/0xf0 [ 687.540362] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 687.546165] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 687.551696] shmem_write_begin+0xff/0x1e0 [ 687.556489] generic_perform_write+0x1f8/0x4d0 [ 687.562113] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 687.569600] ? current_time+0x1c0/0x1c0 [ 687.574733] ? lock_acquire+0x170/0x3c0 [ 687.579422] __generic_file_write_iter+0x24b/0x610 [ 687.585243] generic_file_write_iter+0x3f8/0x729 [ 687.591013] __vfs_write+0x51b/0x770 [ 687.595377] ? kernel_read+0x110/0x110 [ 687.599728] ? check_preemption_disabled+0x41/0x280 [ 687.605769] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 687.611739] vfs_write+0x1f3/0x540 [ 687.615845] __x64_sys_pwrite64+0x1f7/0x250 [ 687.620764] ? ksys_pwrite64+0x1a0/0x1a0 [ 687.625213] ? trace_hardirqs_off_caller+0x6e/0x210 [ 687.630529] ? do_syscall_64+0x21/0x620 [ 687.635183] do_syscall_64+0xf9/0x620 [ 687.641320] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 687.646876] RIP: 0033:0x417d77 [ 687.650481] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 07 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 4d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 687.673116] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 687.681810] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417d77 [ 687.690360] RDX: 0000000000000012 RSI: 0000000020010000 RDI: 0000000000000004 01:55:10 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000064f00)) [ 687.698823] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 687.707896] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 687.715815] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210 01:55:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x6488, 0x2}, 0x80, 0x0}, 0x0) 01:55:10 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:10 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x806c}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 687.794601] input: syz0 as /devices/virtual/input/input99 01:55:10 executing program 3 (fault-call:0 fault-nth:7): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:10 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000064f00)) 01:55:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x3}, 0x80, 0x0}, 0x0) [ 687.987727] FAULT_INJECTION: forcing a failure. [ 687.987727] name failslab, interval 1, probability 0, space 0, times 0 [ 688.053181] CPU: 1 PID: 19294 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 688.063052] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.073848] Call Trace: [ 688.077392] dump_stack+0x1fc/0x2fe [ 688.082165] should_fail.cold+0xa/0x14 [ 688.089243] ? setup_fault_attr+0x200/0x200 [ 688.094283] ? lock_acquire+0x170/0x3c0 [ 688.099271] __should_failslab+0x115/0x180 [ 688.105875] should_failslab+0x5/0xf [ 688.109895] kmem_cache_alloc+0x277/0x370 [ 688.114973] getname_flags+0xce/0x590 [ 688.118917] do_sys_open+0x26c/0x520 [ 688.123867] ? filp_open+0x70/0x70 [ 688.127583] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 688.133866] ? trace_hardirqs_off_caller+0x6e/0x210 [ 688.139753] ? do_syscall_64+0x21/0x620 [ 688.144060] do_syscall_64+0xf9/0x620 [ 688.147997] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.153723] RIP: 0033:0x417d11 [ 688.157114] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 688.178320] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 688.186237] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000417d11 [ 688.194385] RDX: 0000000000000012 RSI: 0000000000000002 RDI: 00007fb2ba6bead0 01:55:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 688.202779] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 688.211624] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 688.219494] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 [ 688.234968] input: syz0 as /devices/virtual/input/input100 01:55:11 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8074}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0xc, 0x0}, 0x0) [ 688.330970] input: syz0 as /devices/virtual/input/input101 01:55:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 688.448155] attempt to access beyond end of device [ 688.459206] loop2: rw=0, want=184, limit=178 [ 688.468406] metapage_read_end_io: I/O error 01:55:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x10, 0x0}, 0x0) 01:55:11 executing program 3 (fault-call:0 fault-nth:8): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 688.567353] input: syz0 as /devices/virtual/input/input102 01:55:11 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x807a}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x11}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x13, 0x0}, 0x0) [ 688.764358] FAULT_INJECTION: forcing a failure. [ 688.764358] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 688.777786] CPU: 1 PID: 19361 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 688.787428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 688.798430] Call Trace: [ 688.801625] dump_stack+0x1fc/0x2fe [ 688.805904] should_fail.cold+0xa/0x14 [ 688.810764] ? iov_iter_fault_in_readable+0x1dd/0x3f0 [ 688.816774] ? setup_fault_attr+0x200/0x200 [ 688.821304] ? do_writepages+0x290/0x290 [ 688.826533] ? unlock_page+0x13d/0x230 [ 688.830998] __alloc_pages_nodemask+0x239/0x2890 [ 688.836702] ? generic_perform_write+0x36c/0x4d0 [ 688.842818] ? __lock_acquire+0x6de/0x3ff0 [ 688.849085] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 688.855573] ? lock_downgrade+0x720/0x720 [ 688.860535] ? lock_acquire+0x170/0x3c0 [ 688.865355] ? up_write+0x18/0x150 [ 688.869872] ? generic_file_write_iter+0x381/0x729 [ 688.875570] cache_grow_begin+0xa4/0x8a0 [ 688.880382] ? setup_fault_attr+0x200/0x200 [ 688.885798] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 688.891303] cache_alloc_refill+0x273/0x340 [ 688.896066] kmem_cache_alloc+0x346/0x370 [ 688.900635] getname_flags+0xce/0x590 [ 688.904967] do_sys_open+0x26c/0x520 [ 688.909566] ? filp_open+0x70/0x70 [ 688.913509] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 688.919107] ? trace_hardirqs_off_caller+0x6e/0x210 [ 688.925927] ? do_syscall_64+0x21/0x620 [ 688.930600] do_syscall_64+0xf9/0x620 [ 688.935458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 688.941481] RIP: 0033:0x417d11 [ 688.945527] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 688.968961] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 688.978378] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000417d11 [ 688.986199] RDX: 0000000000000012 RSI: 0000000000000002 RDI: 00007fb2ba6bead0 [ 688.993957] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 689.001815] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 689.010851] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x20000340, 0x0}, 0x0) [ 689.102118] attempt to access beyond end of device [ 689.109788] loop2: rw=0, want=184, limit=178 [ 689.126204] metapage_read_end_io: I/O error 01:55:12 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x80f0}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 689.171181] input: syz0 as /devices/virtual/input/input104 01:55:12 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 3 (fault-call:0 fault-nth:9): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 689.259767] input: syz0 as /devices/virtual/input/input105 01:55:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x4}, 0x0) 01:55:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x12}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x300, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 689.403804] FAULT_INJECTION: forcing a failure. [ 689.403804] name failslab, interval 1, probability 0, space 0, times 0 [ 689.422743] CPU: 0 PID: 19407 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 689.430905] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.441450] Call Trace: [ 689.444631] dump_stack+0x1fc/0x2fe [ 689.448636] should_fail.cold+0xa/0x14 [ 689.452554] ? setup_fault_attr+0x200/0x200 [ 689.456914] ? lock_acquire+0x170/0x3c0 [ 689.461188] __should_failslab+0x115/0x180 [ 689.466877] should_failslab+0x5/0xf [ 689.470777] kmem_cache_alloc+0x277/0x370 [ 689.475771] __alloc_file+0x21/0x330 [ 689.480877] alloc_empty_file+0x6d/0x170 [ 689.485469] path_openat+0xe9/0x2df0 [ 689.489647] ? __lock_acquire+0x6de/0x3ff0 [ 689.494657] ? path_lookupat+0x8d0/0x8d0 [ 689.500813] ? mark_held_locks+0xf0/0xf0 [ 689.506467] do_filp_open+0x18c/0x3f0 [ 689.511815] ? may_open_dev+0xf0/0xf0 [ 689.516342] ? __alloc_fd+0x28d/0x570 [ 689.521103] ? lock_downgrade+0x720/0x720 [ 689.526404] ? lock_acquire+0x170/0x3c0 [ 689.530541] ? __alloc_fd+0x34/0x570 [ 689.535140] ? do_raw_spin_unlock+0x171/0x230 [ 689.539876] ? _raw_spin_unlock+0x29/0x40 [ 689.545765] ? __alloc_fd+0x28d/0x570 [ 689.550062] do_sys_open+0x3b3/0x520 [ 689.554426] ? filp_open+0x70/0x70 [ 689.558716] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 689.566141] ? trace_hardirqs_off_caller+0x6e/0x210 [ 689.572822] ? do_syscall_64+0x21/0x620 [ 689.578632] do_syscall_64+0xf9/0x620 [ 689.583011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 689.588399] RIP: 0033:0x417d11 [ 689.592486] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 689.614610] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 689.623866] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000417d11 [ 689.632263] RDX: 0000000000000012 RSI: 0000000000000002 RDI: 00007fb2ba6bead0 [ 689.644254] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 01:55:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x8}, 0x0) [ 689.653628] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 689.663427] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:12 executing program 3 (fault-call:0 fault-nth:10): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xe}, 0x0) [ 689.827590] input: syz0 as /devices/virtual/input/input106 [ 689.852812] input: syz0 as /devices/virtual/input/input107 01:55:12 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0xd000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x600, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x14}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 689.945739] FAULT_INJECTION: forcing a failure. [ 689.945739] name failslab, interval 1, probability 0, space 0, times 0 [ 689.961675] CPU: 0 PID: 19439 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 689.971155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 689.981582] Call Trace: [ 689.984770] dump_stack+0x1fc/0x2fe [ 689.988474] should_fail.cold+0xa/0x14 [ 689.992710] ? setup_fault_attr+0x200/0x200 [ 689.997834] ? lock_acquire+0x170/0x3c0 [ 690.002761] __should_failslab+0x115/0x180 [ 690.007785] should_failslab+0x5/0xf [ 690.011660] kmem_cache_alloc_trace+0x284/0x380 [ 690.017173] apparmor_file_alloc_security+0x394/0xad0 [ 690.023544] ? apparmor_file_receive+0x160/0x160 [ 690.029554] ? __alloc_file+0x21/0x330 [ 690.034027] security_file_alloc+0x40/0x90 [ 690.038929] __alloc_file+0xc9/0x330 [ 690.043482] alloc_empty_file+0x6d/0x170 [ 690.045707] input: syz0 as /devices/virtual/input/input108 [ 690.050392] path_openat+0xe9/0x2df0 [ 690.050422] ? __lock_acquire+0x6de/0x3ff0 [ 690.050442] ? path_lookupat+0x8d0/0x8d0 [ 690.050456] ? mark_held_locks+0xf0/0xf0 [ 690.050479] do_filp_open+0x18c/0x3f0 [ 690.050493] ? may_open_dev+0xf0/0xf0 [ 690.050509] ? __alloc_fd+0x28d/0x570 [ 690.050525] ? lock_downgrade+0x720/0x720 [ 690.050535] ? lock_acquire+0x170/0x3c0 [ 690.050563] ? __alloc_fd+0x34/0x570 [ 690.103279] ? do_raw_spin_unlock+0x171/0x230 [ 690.108259] ? _raw_spin_unlock+0x29/0x40 [ 690.112844] ? __alloc_fd+0x28d/0x570 [ 690.117042] do_sys_open+0x3b3/0x520 [ 690.121302] ? filp_open+0x70/0x70 [ 690.125373] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 690.131393] ? trace_hardirqs_off_caller+0x6e/0x210 [ 690.137517] ? do_syscall_64+0x21/0x620 [ 690.142120] do_syscall_64+0xf9/0x620 [ 690.146790] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.153183] RIP: 0033:0x417d11 [ 690.156740] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 690.179517] RSP: 002b:00007fb2ba6bea10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 690.190469] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 0000000000417d11 [ 690.200533] RDX: 0000000000000012 RSI: 0000000000000002 RDI: 00007fb2ba6bead0 [ 690.209254] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 690.218588] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000001 [ 690.227279] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x11}, 0x0) 01:55:13 executing program 3 (fault-call:0 fault-nth:11): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 690.290473] input: syz0 as /devices/virtual/input/input109 01:55:13 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x15}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x60}, 0x0) [ 690.415576] FAULT_INJECTION: forcing a failure. [ 690.415576] name failslab, interval 1, probability 0, space 0, times 0 [ 690.435065] CPU: 0 PID: 19483 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 690.443778] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 690.453837] Call Trace: [ 690.457088] dump_stack+0x1fc/0x2fe [ 690.461305] should_fail.cold+0xa/0x14 [ 690.465668] ? setup_fault_attr+0x200/0x200 [ 690.470668] ? lock_acquire+0x170/0x3c0 [ 690.474719] input: syz0 as /devices/virtual/input/input110 [ 690.474955] __should_failslab+0x115/0x180 [ 690.485372] should_failslab+0x5/0xf [ 690.489164] kmem_cache_alloc_trace+0x284/0x380 [ 690.495455] ? loop_info64_to_compat+0x5e0/0x5e0 [ 690.501138] __kthread_create_on_node+0xd2/0x410 [ 690.507744] ? kthread_parkme+0xa0/0xa0 [ 690.512871] ? lo_ioctl+0x1bb/0x20e0 [ 690.518275] ? __mutex_lock+0x3a8/0x1260 [ 690.524758] ? lock_downgrade+0x720/0x720 [ 690.530744] ? loop_info64_to_compat+0x5e0/0x5e0 [ 690.537788] kthread_create_on_node+0xbb/0xf0 [ 690.544226] ? __kthread_create_on_node+0x410/0x410 [ 690.550136] ? __fget+0x356/0x510 [ 690.553764] ? do_dup2+0x450/0x450 [ 690.557717] ? __lockdep_init_map+0x100/0x5a0 [ 690.562570] ? __lockdep_init_map+0x100/0x5a0 [ 690.568040] lo_ioctl+0xae5/0x20e0 [ 690.572336] ? loop_set_status64+0x110/0x110 [ 690.577518] blkdev_ioctl+0x5cb/0x1a7e [ 690.581638] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.587432] ? blkpg_ioctl+0x9d0/0x9d0 [ 690.591529] ? mark_held_locks+0xf0/0xf0 [ 690.596241] ? mark_held_locks+0xf0/0xf0 [ 690.600955] ? debug_check_no_obj_freed+0x201/0x482 [ 690.606786] ? lock_downgrade+0x720/0x720 [ 690.610999] block_ioctl+0xe9/0x130 [ 690.615072] ? blkdev_fallocate+0x3f0/0x3f0 [ 690.619552] do_vfs_ioctl+0xcdb/0x12e0 [ 690.623819] ? lock_downgrade+0x720/0x720 [ 690.628912] ? check_preemption_disabled+0x41/0x280 [ 690.633988] ? ioctl_preallocate+0x200/0x200 [ 690.640916] ? __fget+0x356/0x510 [ 690.644527] ? do_dup2+0x450/0x450 [ 690.648828] ? do_sys_open+0x2bf/0x520 [ 690.653421] ksys_ioctl+0x9b/0xc0 [ 690.657393] __x64_sys_ioctl+0x6f/0xb0 [ 690.662251] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 690.669423] do_syscall_64+0xf9/0x620 [ 690.673879] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 690.679762] RIP: 0033:0x45e087 [ 690.683031] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 690.706650] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 690.716444] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 690.724884] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 690.733059] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 690.741640] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 690.749465] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:13 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="04c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x700, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x5c8}, 0x0) 01:55:13 executing program 3 (fault-call:0 fault-nth:12): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 690.837165] input: syz0 as /devices/virtual/input/input111 [ 690.873023] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 690.873023] 01:55:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f00, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x16}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:14 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="0cc4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x5cc}, 0x0) 01:55:14 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 691.023105] input: syz0 as /devices/virtual/input/input112 [ 691.032996] FAULT_INJECTION: forcing a failure. [ 691.032996] name failslab, interval 1, probability 0, space 0, times 0 [ 691.059209] CPU: 1 PID: 19521 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 691.067749] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.077768] Call Trace: [ 691.080439] dump_stack+0x1fc/0x2fe [ 691.084351] should_fail.cold+0xa/0x14 [ 691.088877] ? setup_fault_attr+0x200/0x200 [ 691.093702] ? lock_acquire+0x170/0x3c0 [ 691.098022] __should_failslab+0x115/0x180 [ 691.102604] should_failslab+0x5/0xf [ 691.106876] kmem_cache_alloc+0x277/0x370 [ 691.111395] __kernfs_new_node+0xd2/0x680 [ 691.115961] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 691.121012] ? _raw_spin_unlock_irq+0x5a/0x80 [ 691.125582] ? __cpu_to_node+0x7b/0xa0 [ 691.129877] ? mark_held_locks+0xf0/0xf0 [ 691.134366] ? io_schedule_timeout+0x140/0x140 [ 691.140062] ? enqueue_entity+0xf86/0x3850 [ 691.144801] ? set_user_nice.part.0+0x3b9/0xab0 [ 691.149943] kernfs_create_dir_ns+0x9e/0x230 [ 691.155168] internal_create_group+0x1c1/0xb20 [ 691.160150] ? sysfs_remove_link_from_group+0x70/0x70 [ 691.165520] ? lock_downgrade+0x720/0x720 [ 691.170236] lo_ioctl+0xf7c/0x20e0 [ 691.174243] ? loop_set_status64+0x110/0x110 [ 691.178932] blkdev_ioctl+0x5cb/0x1a7e [ 691.183514] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.189074] ? blkpg_ioctl+0x9d0/0x9d0 [ 691.193321] ? mark_held_locks+0xf0/0xf0 [ 691.198548] ? mark_held_locks+0xf0/0xf0 [ 691.204516] ? debug_check_no_obj_freed+0x201/0x482 [ 691.209676] ? lock_downgrade+0x720/0x720 [ 691.214293] block_ioctl+0xe9/0x130 [ 691.218334] ? blkdev_fallocate+0x3f0/0x3f0 [ 691.223559] do_vfs_ioctl+0xcdb/0x12e0 [ 691.227929] ? lock_downgrade+0x720/0x720 [ 691.232631] ? check_preemption_disabled+0x41/0x280 [ 691.237775] ? ioctl_preallocate+0x200/0x200 [ 691.242465] ? __fget+0x356/0x510 [ 691.246089] ? do_dup2+0x450/0x450 [ 691.249825] ? do_sys_open+0x2bf/0x520 [ 691.254018] ksys_ioctl+0x9b/0xc0 [ 691.257648] __x64_sys_ioctl+0x6f/0xb0 [ 691.261967] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 691.267458] do_syscall_64+0xf9/0x620 [ 691.271656] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.277092] RIP: 0033:0x45e087 [ 691.280365] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 691.300164] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 691.308319] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 691.317279] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 691.325035] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 691.332742] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 691.340819] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xe00}, 0x0) [ 691.384606] input: syz0 as /devices/virtual/input/input113 01:55:14 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x165c0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x1100}, 0x0) [ 691.465788] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 691.465788] 01:55:14 executing program 3 (fault-call:0 fault-nth:13): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x2f}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x6000}, 0x0) [ 691.574343] attempt to access beyond end of device [ 691.584494] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 691.584494] [ 691.621700] loop2: rw=0, want=184, limit=178 01:55:14 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 691.648906] metapage_read_end_io: I/O error 01:55:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xc805}, 0x0) 01:55:14 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="1ec4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 691.676942] input: syz0 as /devices/virtual/input/input114 [ 691.715794] input: syz0 as /devices/virtual/input/input115 01:55:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x300}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 691.737092] FAULT_INJECTION: forcing a failure. [ 691.737092] name failslab, interval 1, probability 0, space 0, times 0 [ 691.760136] CPU: 0 PID: 19570 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 691.768345] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 691.778537] Call Trace: [ 691.781946] dump_stack+0x1fc/0x2fe [ 691.787786] should_fail.cold+0xa/0x14 [ 691.792292] ? setup_fault_attr+0x200/0x200 [ 691.797057] ? lock_acquire+0x170/0x3c0 [ 691.802335] __should_failslab+0x115/0x180 [ 691.808298] should_failslab+0x5/0xf [ 691.812949] kmem_cache_alloc+0x277/0x370 [ 691.817939] __kernfs_new_node+0xd2/0x680 [ 691.823600] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 691.830746] ? kernfs_activate+0x2c/0x1d0 [ 691.835942] ? lock_downgrade+0x720/0x720 [ 691.840689] ? kernfs_add_one+0x51/0x4c0 [ 691.845174] ? __mutex_add_waiter+0x160/0x160 [ 691.850392] ? __mutex_unlock_slowpath+0xea/0x610 [ 691.855587] kernfs_new_node+0x92/0x120 [ 691.859849] __kernfs_create_file+0x51/0x33f [ 691.864788] sysfs_add_file_mode_ns+0x226/0x540 [ 691.870356] internal_create_group+0x355/0xb20 [ 691.875514] ? sysfs_remove_link_from_group+0x70/0x70 [ 691.880914] ? lock_downgrade+0x720/0x720 [ 691.885719] lo_ioctl+0xf7c/0x20e0 [ 691.889321] ? loop_set_status64+0x110/0x110 [ 691.894348] blkdev_ioctl+0x5cb/0x1a7e [ 691.898300] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.904350] ? blkpg_ioctl+0x9d0/0x9d0 [ 691.908712] ? mark_held_locks+0xf0/0xf0 [ 691.912988] ? mark_held_locks+0xf0/0xf0 [ 691.917623] ? debug_check_no_obj_freed+0x201/0x482 [ 691.923309] ? lock_downgrade+0x720/0x720 [ 691.927605] block_ioctl+0xe9/0x130 [ 691.931825] ? blkdev_fallocate+0x3f0/0x3f0 [ 691.937136] do_vfs_ioctl+0xcdb/0x12e0 [ 691.941514] ? lock_downgrade+0x720/0x720 [ 691.946209] ? check_preemption_disabled+0x41/0x280 [ 691.951760] ? ioctl_preallocate+0x200/0x200 [ 691.957131] ? __fget+0x356/0x510 [ 691.960637] ? do_dup2+0x450/0x450 [ 691.964539] ? do_sys_open+0x2bf/0x520 [ 691.968932] ksys_ioctl+0x9b/0xc0 [ 691.972693] __x64_sys_ioctl+0x6f/0xb0 [ 691.977159] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 691.982003] do_syscall_64+0xf9/0x620 [ 691.985901] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 691.991744] RIP: 0033:0x45e087 [ 691.994974] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.017811] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.027368] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 01:55:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xcc05}, 0x0) [ 692.035117] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 692.044670] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 692.053785] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 692.061530] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:15 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0}], 0x0, &(0x7f0000064f00)) 01:55:15 executing program 3 (fault-call:0 fault-nth:14): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x34000}, 0x0) [ 692.161733] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 692.161733] [ 692.207281] input: syz0 as /devices/virtual/input/input116 01:55:15 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:15 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="2fc4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 692.272344] input: syz0 as /devices/virtual/input/input117 [ 692.297387] FAULT_INJECTION: forcing a failure. [ 692.297387] name failslab, interval 1, probability 0, space 0, times 0 [ 692.315674] CPU: 0 PID: 19614 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 692.323865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.333693] Call Trace: [ 692.336532] dump_stack+0x1fc/0x2fe [ 692.340748] should_fail.cold+0xa/0x14 [ 692.345758] ? setup_fault_attr+0x200/0x200 [ 692.350572] ? lock_acquire+0x170/0x3c0 [ 692.355320] __should_failslab+0x115/0x180 [ 692.361022] should_failslab+0x5/0xf [ 692.365302] kmem_cache_alloc+0x277/0x370 [ 692.370097] __kernfs_new_node+0xd2/0x680 [ 692.375486] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 692.380899] ? mark_held_locks+0xa6/0xf0 [ 692.385411] ? io_schedule_timeout+0x140/0x140 [ 692.390325] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 692.395885] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 692.401106] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 692.406302] kernfs_new_node+0x92/0x120 [ 692.410367] __kernfs_create_file+0x51/0x33f [ 692.415573] sysfs_add_file_mode_ns+0x226/0x540 [ 692.421282] internal_create_group+0x355/0xb20 [ 692.426697] ? sysfs_remove_link_from_group+0x70/0x70 [ 692.432682] ? lock_downgrade+0x720/0x720 [ 692.437238] lo_ioctl+0xf7c/0x20e0 [ 692.442404] ? loop_set_status64+0x110/0x110 [ 692.447851] blkdev_ioctl+0x5cb/0x1a7e [ 692.451936] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.458013] ? blkpg_ioctl+0x9d0/0x9d0 [ 692.462116] ? mark_held_locks+0xf0/0xf0 [ 692.467457] ? mark_held_locks+0xf0/0xf0 [ 692.472700] ? debug_check_no_obj_freed+0x201/0x482 [ 692.478584] ? lock_downgrade+0x720/0x720 [ 692.484113] block_ioctl+0xe9/0x130 [ 692.488258] ? blkdev_fallocate+0x3f0/0x3f0 [ 692.493054] do_vfs_ioctl+0xcdb/0x12e0 [ 692.497702] ? lock_downgrade+0x720/0x720 [ 692.502489] ? check_preemption_disabled+0x41/0x280 [ 692.508360] ? ioctl_preallocate+0x200/0x200 [ 692.513345] ? __fget+0x356/0x510 [ 692.517916] ? do_dup2+0x450/0x450 [ 692.522239] ? do_sys_open+0x2bf/0x520 [ 692.526428] ksys_ioctl+0x9b/0xc0 [ 692.530605] __x64_sys_ioctl+0x6f/0xb0 [ 692.535357] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 692.540591] do_syscall_64+0xf9/0x620 [ 692.544947] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 692.550979] RIP: 0033:0x45e087 [ 692.554405] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 692.575690] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 692.583871] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 692.591527] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 692.599957] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 692.607666] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 692.615182] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x40000}, 0x0) 01:55:15 executing program 3 (fault-call:0 fault-nth:15): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:15 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0}], 0x0, &(0x7f0000064f00)) [ 692.752549] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 692.752549] 01:55:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x400300}, 0x0) [ 692.800876] input: syz0 as /devices/virtual/input/input118 [ 692.847451] FAULT_INJECTION: forcing a failure. [ 692.847451] name failslab, interval 1, probability 0, space 0, times 0 [ 692.849030] input: syz0 as /devices/virtual/input/input119 [ 692.873080] CPU: 1 PID: 19644 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 692.881594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 692.891373] Call Trace: [ 692.894734] dump_stack+0x1fc/0x2fe [ 692.898646] should_fail.cold+0xa/0x14 [ 692.902699] ? setup_fault_attr+0x200/0x200 [ 692.907576] ? lock_acquire+0x170/0x3c0 [ 692.911654] __should_failslab+0x115/0x180 [ 692.916161] should_failslab+0x5/0xf [ 692.920529] kmem_cache_alloc+0x277/0x370 [ 692.925286] __kernfs_new_node+0xd2/0x680 [ 692.929930] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 692.935389] ? __mutex_unlock_slowpath+0xea/0x610 [ 692.940675] ? wait_for_completion_io+0x10/0x10 [ 692.946107] ? kernfs_next_descendant_post+0x19c/0x290 [ 692.952432] kernfs_new_node+0x92/0x120 [ 692.957077] __kernfs_create_file+0x51/0x33f [ 692.961684] sysfs_add_file_mode_ns+0x226/0x540 [ 692.967522] internal_create_group+0x355/0xb20 [ 692.972552] ? sysfs_remove_link_from_group+0x70/0x70 [ 692.978821] ? lock_downgrade+0x720/0x720 [ 692.983605] lo_ioctl+0xf7c/0x20e0 [ 692.987427] ? loop_set_status64+0x110/0x110 [ 692.992610] blkdev_ioctl+0x5cb/0x1a7e [ 692.996866] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.002528] ? blkpg_ioctl+0x9d0/0x9d0 [ 693.006798] ? mark_held_locks+0xf0/0xf0 [ 693.011235] ? mark_held_locks+0xf0/0xf0 [ 693.015945] ? debug_check_no_obj_freed+0x201/0x482 [ 693.021644] ? lock_downgrade+0x720/0x720 [ 693.025925] block_ioctl+0xe9/0x130 [ 693.029698] ? blkdev_fallocate+0x3f0/0x3f0 [ 693.034219] do_vfs_ioctl+0xcdb/0x12e0 [ 693.034243] ? lock_downgrade+0x720/0x720 [ 693.034257] ? check_preemption_disabled+0x41/0x280 [ 693.034269] ? ioctl_preallocate+0x200/0x200 [ 693.034287] ? __fget+0x356/0x510 [ 693.034303] ? do_dup2+0x450/0x450 [ 693.034318] ? do_sys_open+0x2bf/0x520 [ 693.034338] ksys_ioctl+0x9b/0xc0 [ 693.034354] __x64_sys_ioctl+0x6f/0xb0 [ 693.034366] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 693.034387] do_syscall_64+0xf9/0x620 [ 693.083354] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.089158] RIP: 0033:0x45e087 [ 693.093029] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 693.113535] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 693.122352] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 693.130149] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 693.138105] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 01:55:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 693.146047] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 693.153777] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 [ 693.179542] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 693.179542] 01:55:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x1000000}, 0x0) 01:55:16 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0}], 0x0, &(0x7f0000064f00)) 01:55:16 executing program 3 (fault-call:0 fault-nth:16): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x4000000}, 0x0) 01:55:16 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="5fc4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 693.382531] input: syz0 as /devices/virtual/input/input120 [ 693.419942] input: syz0 as /devices/virtual/input/input121 01:55:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x700}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:16 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 693.485418] FAULT_INJECTION: forcing a failure. [ 693.485418] name failslab, interval 1, probability 0, space 0, times 0 [ 693.512780] CPU: 1 PID: 19696 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 693.520780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 693.530222] Call Trace: 01:55:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x8000000}, 0x0) [ 693.532884] dump_stack+0x1fc/0x2fe [ 693.536594] should_fail.cold+0xa/0x14 [ 693.540578] ? setup_fault_attr+0x200/0x200 [ 693.544977] ? lock_acquire+0x170/0x3c0 [ 693.549404] __should_failslab+0x115/0x180 [ 693.553727] should_failslab+0x5/0xf [ 693.557501] kmem_cache_alloc+0x277/0x370 [ 693.561726] __kernfs_new_node+0xd2/0x680 [ 693.566039] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 693.570889] ? __mutex_unlock_slowpath+0xea/0x610 [ 693.575852] ? wait_for_completion_io+0x10/0x10 [ 693.580583] ? kernfs_next_descendant_post+0x19c/0x290 [ 693.586089] kernfs_new_node+0x92/0x120 [ 693.590122] __kernfs_create_file+0x51/0x33f [ 693.594580] sysfs_add_file_mode_ns+0x226/0x540 [ 693.599326] internal_create_group+0x355/0xb20 [ 693.604132] ? sysfs_remove_link_from_group+0x70/0x70 [ 693.609397] ? lock_downgrade+0x720/0x720 [ 693.613617] lo_ioctl+0xf7c/0x20e0 [ 693.617387] ? loop_set_status64+0x110/0x110 [ 693.621838] blkdev_ioctl+0x5cb/0x1a7e [ 693.626078] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.632150] ? blkpg_ioctl+0x9d0/0x9d0 [ 693.636073] ? mark_held_locks+0xf0/0xf0 [ 693.640408] ? mark_held_locks+0xf0/0xf0 [ 693.644776] ? debug_check_no_obj_freed+0x201/0x482 [ 693.650130] ? lock_downgrade+0x720/0x720 [ 693.654310] block_ioctl+0xe9/0x130 [ 693.657972] ? blkdev_fallocate+0x3f0/0x3f0 [ 693.662523] do_vfs_ioctl+0xcdb/0x12e0 [ 693.666769] ? lock_downgrade+0x720/0x720 [ 693.671057] ? check_preemption_disabled+0x41/0x280 [ 693.676241] ? ioctl_preallocate+0x200/0x200 [ 693.680712] ? __fget+0x356/0x510 [ 693.684324] ? do_dup2+0x450/0x450 [ 693.687920] ? do_sys_open+0x2bf/0x520 [ 693.691893] ksys_ioctl+0x9b/0xc0 [ 693.695605] __x64_sys_ioctl+0x6f/0xb0 [ 693.699570] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 693.704578] do_syscall_64+0xf9/0x620 [ 693.708578] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 693.713858] RIP: 0033:0x45e087 [ 693.717121] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 693.736170] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 693.743919] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 693.751218] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 693.758538] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 693.765834] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 693.773629] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xe000000}, 0x0) [ 693.813292] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 693.813292] 01:55:16 executing program 3 (fault-call:0 fault-nth:17): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 693.891745] input: syz0 as /devices/virtual/input/input122 01:55:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x11000000}, 0x0) [ 693.933808] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 693.933808] [ 693.947562] input: syz0 as /devices/virtual/input/input123 01:55:17 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 693.981164] FAULT_INJECTION: forcing a failure. [ 693.981164] name failslab, interval 1, probability 0, space 0, times 0 [ 693.992904] CPU: 0 PID: 19745 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 694.000848] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.010350] Call Trace: [ 694.013025] dump_stack+0x1fc/0x2fe [ 694.016841] should_fail.cold+0xa/0x14 [ 694.020818] ? is_bpf_text_address+0xfc/0x1b0 [ 694.025416] ? setup_fault_attr+0x200/0x200 [ 694.029919] ? kernel_text_address+0xbd/0xf0 [ 694.034911] ? __kernel_text_address+0x9/0x30 [ 694.039782] ? unwind_get_return_address+0x51/0x90 [ 694.045266] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.051116] __should_failslab+0x115/0x180 [ 694.055419] should_failslab+0x5/0xf [ 694.059191] kmem_cache_alloc+0x3f/0x370 [ 694.063369] radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 694.069035] idr_get_free+0x50e/0xa09 [ 694.072876] idr_alloc_u32+0x1a5/0x320 [ 694.076809] ? __fprop_inc_percpu_max+0x210/0x210 [ 694.081698] ? node_tag_clear+0xb5/0x1b0 [ 694.085834] ? should_fail+0x142/0x7b0 [ 694.089849] ? fs_reclaim_release+0xd0/0x110 [ 694.094302] idr_alloc_cyclic+0x102/0x230 [ 694.098658] ? idr_alloc+0x130/0x130 [ 694.102523] ? __kernfs_new_node+0xf9/0x680 [ 694.107060] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 694.112169] __kernfs_new_node+0x11a/0x680 [ 694.116491] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 694.121288] ? __mutex_unlock_slowpath+0xea/0x610 [ 694.126528] ? wait_for_completion_io+0x10/0x10 [ 694.131263] ? kernfs_next_descendant_post+0x19c/0x290 [ 694.136756] kernfs_new_node+0x92/0x120 [ 694.140778] __kernfs_create_file+0x51/0x33f [ 694.145586] sysfs_add_file_mode_ns+0x226/0x540 [ 694.150548] internal_create_group+0x355/0xb20 [ 694.155346] ? sysfs_remove_link_from_group+0x70/0x70 [ 694.160728] ? lock_downgrade+0x720/0x720 [ 694.164904] lo_ioctl+0xf7c/0x20e0 [ 694.168709] ? loop_set_status64+0x110/0x110 [ 694.173152] blkdev_ioctl+0x5cb/0x1a7e [ 694.177208] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.183159] ? blkpg_ioctl+0x9d0/0x9d0 [ 694.187238] ? mark_held_locks+0xf0/0xf0 [ 694.191521] ? mark_held_locks+0xf0/0xf0 [ 694.195631] ? debug_check_no_obj_freed+0x201/0x482 [ 694.200694] ? lock_downgrade+0x720/0x720 [ 694.204888] block_ioctl+0xe9/0x130 [ 694.208565] ? blkdev_fallocate+0x3f0/0x3f0 [ 694.212937] do_vfs_ioctl+0xcdb/0x12e0 [ 694.217040] ? lock_downgrade+0x720/0x720 [ 694.221282] ? check_preemption_disabled+0x41/0x280 [ 694.226364] ? ioctl_preallocate+0x200/0x200 [ 694.230823] ? __fget+0x356/0x510 [ 694.234321] ? do_dup2+0x450/0x450 [ 694.237907] ? do_sys_open+0x2bf/0x520 [ 694.241880] ksys_ioctl+0x9b/0xc0 [ 694.245428] __x64_sys_ioctl+0x6f/0xb0 [ 694.249392] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 694.254023] do_syscall_64+0xf9/0x620 [ 694.257870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.263847] RIP: 0033:0x45e087 01:55:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x60000000}, 0x0) 01:55:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1100}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 694.267171] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.287039] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 694.294811] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 694.302109] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 694.309509] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 694.316840] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 694.324163] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x89ffffff}, 0x0) 01:55:17 executing program 3 (fault-call:0 fault-nth:18): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xc8050000}, 0x0) 01:55:17 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="60c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 694.490395] input: syz0 as /devices/virtual/input/input124 [ 694.524220] input: syz0 as /devices/virtual/input/input125 01:55:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1200}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xcc050000}, 0x0) [ 694.629464] FAULT_INJECTION: forcing a failure. [ 694.629464] name failslab, interval 1, probability 0, space 0, times 0 [ 694.656609] CPU: 1 PID: 19786 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 694.664577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 694.674376] Call Trace: [ 694.677024] dump_stack+0x1fc/0x2fe [ 694.680873] should_fail.cold+0xa/0x14 [ 694.685421] ? setup_fault_attr+0x200/0x200 [ 694.689972] ? lock_acquire+0x170/0x3c0 [ 694.694018] __should_failslab+0x115/0x180 [ 694.698417] should_failslab+0x5/0xf [ 694.702201] kmem_cache_alloc+0x277/0x370 [ 694.706491] __kernfs_new_node+0xd2/0x680 [ 694.710853] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 694.715675] ? __mutex_unlock_slowpath+0xea/0x610 [ 694.720586] ? wait_for_completion_io+0x10/0x10 [ 694.725368] ? kernfs_next_descendant_post+0x19c/0x290 [ 694.730882] kernfs_new_node+0x92/0x120 [ 694.734963] __kernfs_create_file+0x51/0x33f [ 694.739541] sysfs_add_file_mode_ns+0x226/0x540 [ 694.744472] internal_create_group+0x355/0xb20 [ 694.744496] ? sysfs_remove_link_from_group+0x70/0x70 [ 694.744520] ? lock_downgrade+0x720/0x720 [ 694.744552] lo_ioctl+0xf7c/0x20e0 [ 694.744572] ? loop_set_status64+0x110/0x110 [ 694.744608] blkdev_ioctl+0x5cb/0x1a7e [ 694.771217] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.776947] ? blkpg_ioctl+0x9d0/0x9d0 [ 694.781074] ? mark_held_locks+0xf0/0xf0 [ 694.785342] ? mark_held_locks+0xf0/0xf0 [ 694.789941] ? debug_check_no_obj_freed+0x201/0x482 [ 694.795061] ? lock_downgrade+0x720/0x720 [ 694.799431] block_ioctl+0xe9/0x130 [ 694.803276] ? blkdev_fallocate+0x3f0/0x3f0 [ 694.807888] do_vfs_ioctl+0xcdb/0x12e0 [ 694.812316] ? lock_downgrade+0x720/0x720 [ 694.816700] ? check_preemption_disabled+0x41/0x280 [ 694.823166] ? ioctl_preallocate+0x200/0x200 [ 694.827788] ? __fget+0x356/0x510 [ 694.831314] ? do_dup2+0x450/0x450 [ 694.835165] ? do_sys_open+0x2bf/0x520 [ 694.839107] ksys_ioctl+0x9b/0xc0 [ 694.842784] __x64_sys_ioctl+0x6f/0xb0 [ 694.846876] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 694.851511] do_syscall_64+0xf9/0x620 [ 694.855501] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 694.860916] RIP: 0033:0x45e087 01:55:17 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 694.864361] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 694.883575] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 694.891335] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 694.898665] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 694.906551] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 694.914174] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 694.921966] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xeffdffff}, 0x0) [ 694.976409] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 694.976409] 01:55:18 executing program 3 (fault-call:0 fault-nth:19): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 695.037895] input: syz0 as /devices/virtual/input/input126 01:55:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xfffffdef}, 0x0) 01:55:18 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 695.093738] input: syz0 as /devices/virtual/input/input127 [ 695.121369] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 695.121369] 01:55:18 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:18 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="d0c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 695.197839] FAULT_INJECTION: forcing a failure. [ 695.197839] name failslab, interval 1, probability 0, space 0, times 0 [ 695.228094] CPU: 0 PID: 19823 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 695.236246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.246182] Call Trace: [ 695.248844] dump_stack+0x1fc/0x2fe [ 695.252555] should_fail.cold+0xa/0x14 [ 695.256508] ? setup_fault_attr+0x200/0x200 [ 695.261274] ? lock_acquire+0x170/0x3c0 [ 695.265623] __should_failslab+0x115/0x180 [ 695.270001] should_failslab+0x5/0xf [ 695.273722] kmem_cache_alloc+0x277/0x370 [ 695.278058] __kernfs_new_node+0xd2/0x680 [ 695.282572] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 695.287644] ? __mutex_unlock_slowpath+0xea/0x610 [ 695.292582] ? wait_for_completion_io+0x10/0x10 [ 695.297703] ? kernfs_next_descendant_post+0x19c/0x290 [ 695.303331] kernfs_new_node+0x92/0x120 [ 695.307338] __kernfs_create_file+0x51/0x33f [ 695.311774] sysfs_add_file_mode_ns+0x226/0x540 [ 695.316512] internal_create_group+0x355/0xb20 [ 695.321113] ? sysfs_remove_link_from_group+0x70/0x70 [ 695.326571] ? lock_downgrade+0x720/0x720 [ 695.330768] lo_ioctl+0xf7c/0x20e0 [ 695.334487] ? loop_set_status64+0x110/0x110 [ 695.338989] blkdev_ioctl+0x5cb/0x1a7e [ 695.342929] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.348730] ? blkpg_ioctl+0x9d0/0x9d0 [ 695.352712] ? mark_held_locks+0xf0/0xf0 [ 695.356864] ? mark_held_locks+0xf0/0xf0 [ 695.361100] ? debug_check_no_obj_freed+0x201/0x482 [ 695.366169] ? lock_downgrade+0x720/0x720 [ 695.370617] block_ioctl+0xe9/0x130 [ 695.374330] ? blkdev_fallocate+0x3f0/0x3f0 [ 695.378909] do_vfs_ioctl+0xcdb/0x12e0 [ 695.382911] ? lock_downgrade+0x720/0x720 [ 695.387342] ? check_preemption_disabled+0x41/0x280 [ 695.392475] ? ioctl_preallocate+0x200/0x200 [ 695.396907] ? __fget+0x356/0x510 [ 695.400619] ? do_dup2+0x450/0x450 [ 695.404250] ? do_sys_open+0x2bf/0x520 [ 695.408228] ksys_ioctl+0x9b/0xc0 [ 695.411890] __x64_sys_ioctl+0x6f/0xb0 [ 695.415880] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 695.420536] do_syscall_64+0xf9/0x620 [ 695.424382] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.429628] RIP: 0033:0x45e087 [ 695.432969] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.452532] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.460604] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 695.468436] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 695.476525] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 695.483996] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 695.491611] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xffffff7f}, 0x0) 01:55:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1400}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xffffff89}, 0x0) 01:55:18 executing program 3 (fault-call:0 fault-nth:20): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 695.630623] input: syz0 as /devices/virtual/input/input128 [ 695.655884] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 695.655884] 01:55:18 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:18 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x4000000000000}, 0x0) 01:55:18 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 695.698682] input: syz0 as /devices/virtual/input/input129 [ 695.737956] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 695.737956] [ 695.765034] FAULT_INJECTION: forcing a failure. [ 695.765034] name failslab, interval 1, probability 0, space 0, times 0 [ 695.792649] CPU: 0 PID: 19866 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 695.800659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 695.810316] Call Trace: 01:55:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 695.812965] dump_stack+0x1fc/0x2fe [ 695.816660] should_fail.cold+0xa/0x14 [ 695.820632] ? setup_fault_attr+0x200/0x200 [ 695.825015] ? lock_acquire+0x170/0x3c0 [ 695.829089] ? dev_uevent_filter+0xd0/0xd0 [ 695.833518] __should_failslab+0x115/0x180 [ 695.837919] should_failslab+0x5/0xf [ 695.841708] kmem_cache_alloc_trace+0x284/0x380 [ 695.846520] ? dev_uevent_filter+0xd0/0xd0 [ 695.850918] kobject_uevent_env+0x236/0x14a0 [ 695.855500] lo_ioctl+0xff9/0x20e0 [ 695.859288] ? loop_set_status64+0x110/0x110 [ 695.863958] blkdev_ioctl+0x5cb/0x1a7e [ 695.868040] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.873467] ? blkpg_ioctl+0x9d0/0x9d0 [ 695.877888] ? mark_held_locks+0xf0/0xf0 [ 695.882023] ? mark_held_locks+0xf0/0xf0 [ 695.886686] ? debug_check_no_obj_freed+0x201/0x482 [ 695.892334] ? lock_downgrade+0x720/0x720 [ 695.896716] block_ioctl+0xe9/0x130 [ 695.900561] ? blkdev_fallocate+0x3f0/0x3f0 [ 695.905138] do_vfs_ioctl+0xcdb/0x12e0 [ 695.909212] ? lock_downgrade+0x720/0x720 [ 695.913568] ? check_preemption_disabled+0x41/0x280 [ 695.919106] ? ioctl_preallocate+0x200/0x200 [ 695.923811] ? __fget+0x356/0x510 [ 695.927295] ? do_dup2+0x450/0x450 [ 695.931377] ? do_sys_open+0x2bf/0x520 [ 695.935345] ksys_ioctl+0x9b/0xc0 [ 695.939105] __x64_sys_ioctl+0x6f/0xb0 [ 695.943256] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 695.947872] do_syscall_64+0xf9/0x620 [ 695.951725] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 695.957311] RIP: 0033:0x45e087 [ 695.960752] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 695.980694] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 695.988657] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 695.996146] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 696.003862] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x40030000000000}, 0x0) [ 696.011538] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 696.018833] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:19 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10d0645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x100000000000000}, 0x0) 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x400000000000000}, 0x0) 01:55:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc0650100, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:19 executing program 3 (fault-call:0 fault-nth:21): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x800000000000000}, 0x0) 01:55:19 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{0x0, 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 696.288141] input: syz0 as /devices/virtual/input/input130 [ 696.302420] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 696.302420] 01:55:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 696.350191] input: syz0 as /devices/virtual/input/input131 [ 696.375001] FAULT_INJECTION: forcing a failure. [ 696.375001] name failslab, interval 1, probability 0, space 0, times 0 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xe00000000000000}, 0x0) 01:55:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 696.397427] CPU: 1 PID: 19912 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 696.405429] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.415027] Call Trace: [ 696.417690] dump_stack+0x1fc/0x2fe [ 696.421389] should_fail.cold+0xa/0x14 [ 696.425499] ? setup_fault_attr+0x200/0x200 [ 696.429891] ? lock_acquire+0x170/0x3c0 [ 696.433926] __should_failslab+0x115/0x180 [ 696.438214] should_failslab+0x5/0xf [ 696.442018] __kmalloc+0x2ab/0x3c0 [ 696.445847] ? kobject_get_path+0xbf/0x240 01:55:19 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c40a5f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 696.450450] kobject_get_path+0xbf/0x240 [ 696.454542] kobject_uevent_env+0x25c/0x14a0 [ 696.459155] lo_ioctl+0xff9/0x20e0 [ 696.462855] ? loop_set_status64+0x110/0x110 [ 696.467314] blkdev_ioctl+0x5cb/0x1a7e [ 696.472384] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.478008] ? blkpg_ioctl+0x9d0/0x9d0 [ 696.482083] ? mark_held_locks+0xf0/0xf0 [ 696.486199] ? mark_held_locks+0xf0/0xf0 [ 696.490320] ? debug_check_no_obj_freed+0x201/0x482 [ 696.495560] ? lock_downgrade+0x720/0x720 [ 696.499829] block_ioctl+0xe9/0x130 [ 696.503623] ? blkdev_fallocate+0x3f0/0x3f0 [ 696.507992] do_vfs_ioctl+0xcdb/0x12e0 [ 696.512288] ? lock_downgrade+0x720/0x720 [ 696.516567] ? check_preemption_disabled+0x41/0x280 [ 696.521798] ? ioctl_preallocate+0x200/0x200 [ 696.526266] ? __fget+0x356/0x510 [ 696.529758] ? do_dup2+0x450/0x450 [ 696.533528] ? do_sys_open+0x2bf/0x520 [ 696.537450] ksys_ioctl+0x9b/0xc0 [ 696.540951] __x64_sys_ioctl+0x6f/0xb0 [ 696.544873] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 696.549488] do_syscall_64+0xf9/0x620 [ 696.553405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 696.558755] RIP: 0033:0x45e087 [ 696.561987] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 696.580896] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 696.588858] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 696.596185] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 696.603646] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 696.611058] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 696.618652] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x1100000000000000}, 0x0) 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x6000000000000000}, 0x0) [ 696.706966] input: syz0 as /devices/virtual/input/input132 01:55:19 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:19 executing program 3 (fault-call:0 fault-nth:22): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 696.772734] input: syz0 as /devices/virtual/input/input133 01:55:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfcfdffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x1f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 696.826791] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 696.826791] 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x89ffffff00000000}, 0x0) 01:55:19 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xc805000000000000}, 0x0) [ 696.944402] FAULT_INJECTION: forcing a failure. [ 696.944402] name failslab, interval 1, probability 0, space 0, times 0 [ 696.956068] CPU: 0 PID: 19962 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 696.964007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 696.973417] Call Trace: [ 696.976062] dump_stack+0x1fc/0x2fe [ 696.979748] should_fail.cold+0xa/0x14 [ 696.983708] ? setup_fault_attr+0x200/0x200 [ 696.988309] ? lock_acquire+0x170/0x3c0 [ 696.992334] __should_failslab+0x115/0x180 [ 696.996603] should_failslab+0x5/0xf [ 697.000596] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 697.005980] __kmalloc_node_track_caller+0x38/0x70 [ 697.011419] __alloc_skb+0xae/0x560 [ 697.015094] alloc_uevent_skb+0x7b/0x210 [ 697.019241] kobject_uevent_env+0xa83/0x14a0 [ 697.023903] lo_ioctl+0xff9/0x20e0 [ 697.027519] ? loop_set_status64+0x110/0x110 [ 697.032091] blkdev_ioctl+0x5cb/0x1a7e [ 697.036038] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe 01:55:20 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4255f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 697.041660] ? blkpg_ioctl+0x9d0/0x9d0 [ 697.045614] ? mark_held_locks+0xf0/0xf0 [ 697.050681] ? mark_held_locks+0xf0/0xf0 [ 697.054955] ? debug_check_no_obj_freed+0x201/0x482 [ 697.060045] ? lock_downgrade+0x720/0x720 [ 697.064332] block_ioctl+0xe9/0x130 [ 697.068023] ? blkdev_fallocate+0x3f0/0x3f0 [ 697.072447] do_vfs_ioctl+0xcdb/0x12e0 [ 697.076472] ? lock_downgrade+0x720/0x720 [ 697.080683] ? check_preemption_disabled+0x41/0x280 [ 697.085771] ? ioctl_preallocate+0x200/0x200 [ 697.090348] ? __fget+0x356/0x510 [ 697.093990] ? do_dup2+0x450/0x450 [ 697.097808] ? do_sys_open+0x2bf/0x520 [ 697.101719] ksys_ioctl+0x9b/0xc0 [ 697.105375] __x64_sys_ioctl+0x6f/0xb0 [ 697.109328] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 697.113927] do_syscall_64+0xf9/0x620 [ 697.117774] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.123013] RIP: 0033:0x45e087 [ 697.126418] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.146220] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 697.154147] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 697.161906] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 697.169617] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 697.177161] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 697.184726] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 [ 697.196542] input: syz0 as /devices/virtual/input/input134 01:55:20 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:20 executing program 3 (fault-call:0 fault-nth:23): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:20 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 697.289409] input: syz0 as /devices/virtual/input/input135 01:55:20 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xcc05000000000000}, 0x0) 01:55:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x2f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 697.400311] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 697.400311] [ 697.460430] FAULT_INJECTION: forcing a failure. [ 697.460430] name failslab, interval 1, probability 0, space 0, times 0 [ 697.472382] CPU: 0 PID: 20001 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 697.480433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 697.489991] Call Trace: [ 697.492664] dump_stack+0x1fc/0x2fe [ 697.496474] should_fail.cold+0xa/0x14 [ 697.500391] ? setup_fault_attr+0x200/0x200 [ 697.504741] ? lock_acquire+0x170/0x3c0 [ 697.508859] __should_failslab+0x115/0x180 [ 697.513408] should_failslab+0x5/0xf [ 697.517176] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 697.522469] __kmalloc_node_track_caller+0x38/0x70 [ 697.527597] __alloc_skb+0xae/0x560 [ 697.531648] alloc_uevent_skb+0x7b/0x210 [ 697.536091] kobject_uevent_env+0xa83/0x14a0 [ 697.540603] lo_ioctl+0xff9/0x20e0 [ 697.544456] ? loop_set_status64+0x110/0x110 [ 697.549892] blkdev_ioctl+0x5cb/0x1a7e [ 697.554095] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.559903] ? blkpg_ioctl+0x9d0/0x9d0 [ 697.564059] ? mark_held_locks+0xf0/0xf0 [ 697.568383] ? mark_held_locks+0xf0/0xf0 [ 697.573720] ? debug_check_no_obj_freed+0x201/0x482 [ 697.579359] ? lock_downgrade+0x720/0x720 [ 697.583793] block_ioctl+0xe9/0x130 [ 697.587950] ? blkdev_fallocate+0x3f0/0x3f0 [ 697.592695] do_vfs_ioctl+0xcdb/0x12e0 [ 697.597040] ? lock_downgrade+0x720/0x720 [ 697.601281] ? check_preemption_disabled+0x41/0x280 [ 697.606453] ? ioctl_preallocate+0x200/0x200 [ 697.610910] ? __fget+0x356/0x510 [ 697.614539] ? do_dup2+0x450/0x450 [ 697.618147] ? do_sys_open+0x2bf/0x520 [ 697.622070] ksys_ioctl+0x9b/0xc0 [ 697.625543] __x64_sys_ioctl+0x6f/0xb0 [ 697.629706] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 697.634594] do_syscall_64+0xf9/0x620 [ 697.638475] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 697.643892] RIP: 0033:0x45e087 [ 697.647678] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 697.667343] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 697.675124] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 697.683433] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 697.690771] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 697.698170] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 697.705623] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:20 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c42e5f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:20 executing program 3 (fault-call:0 fault-nth:24): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 697.801678] input: syz0 as /devices/virtual/input/input136 01:55:20 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:20 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xeffdffff00000000}, 0x0) 01:55:20 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000), 0x0, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 697.890717] input: syz0 as /devices/virtual/input/input137 01:55:20 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x3f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 698.004785] FAULT_INJECTION: forcing a failure. [ 698.004785] name failslab, interval 1, probability 0, space 0, times 0 [ 698.016787] CPU: 0 PID: 20043 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 698.024896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.034562] Call Trace: [ 698.037217] dump_stack+0x1fc/0x2fe [ 698.040921] should_fail.cold+0xa/0x14 [ 698.044988] ? setup_fault_attr+0x200/0x200 [ 698.049386] ? lock_acquire+0x170/0x3c0 [ 698.053908] __should_failslab+0x115/0x180 [ 698.058195] should_failslab+0x5/0xf [ 698.061935] kmem_cache_alloc_trace+0x284/0x380 [ 698.066624] ? wait_for_completion_io+0x10/0x10 [ 698.071347] ? kobject_init_and_add.cold+0x16/0x16 [ 698.076337] call_usermodehelper_setup+0x84/0x300 [ 698.081243] kobject_uevent_env+0xe87/0x14a0 [ 698.085698] lo_ioctl+0xff9/0x20e0 [ 698.089285] ? loop_set_status64+0x110/0x110 [ 698.093747] blkdev_ioctl+0x5cb/0x1a7e [ 698.097663] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.103085] ? blkpg_ioctl+0x9d0/0x9d0 [ 698.107033] ? mark_held_locks+0xf0/0xf0 [ 698.111128] ? mark_held_locks+0xf0/0xf0 [ 698.115258] ? debug_check_no_obj_freed+0x201/0x482 [ 698.120451] ? lock_downgrade+0x720/0x720 [ 698.124663] block_ioctl+0xe9/0x130 [ 698.128338] ? blkdev_fallocate+0x3f0/0x3f0 [ 698.132696] do_vfs_ioctl+0xcdb/0x12e0 [ 698.136618] ? lock_downgrade+0x720/0x720 [ 698.140786] ? check_preemption_disabled+0x41/0x280 [ 698.145823] ? ioctl_preallocate+0x200/0x200 [ 698.150301] ? __fget+0x356/0x510 [ 698.153820] ? do_dup2+0x450/0x450 [ 698.157440] ? do_sys_open+0x2bf/0x520 [ 698.161394] ksys_ioctl+0x9b/0xc0 [ 698.164889] __x64_sys_ioctl+0x6f/0xb0 [ 698.168835] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 698.173507] do_syscall_64+0xf9/0x620 [ 698.177378] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.182691] RIP: 0033:0x45e087 [ 698.185905] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.204905] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 698.212790] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 698.220077] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 698.227388] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 698.235004] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 698.242445] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 [ 698.265296] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 698.265296] 01:55:21 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfc, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0xffffff7f00000000}, 0x0) 01:55:21 executing program 3 (fault-call:0 fault-nth:25): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 698.320730] input: syz0 as /devices/virtual/input/input138 [ 698.358304] input: syz0 as /devices/virtual/input/input139 01:55:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x4}, 0x0) 01:55:21 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600", 0xb, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 698.412396] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 698.412396] 01:55:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:21 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c42f5f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 698.480081] FAULT_INJECTION: forcing a failure. [ 698.480081] name failslab, interval 1, probability 0, space 0, times 0 01:55:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x8}, 0x0) [ 698.532365] CPU: 0 PID: 20077 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 698.540324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 698.549942] Call Trace: [ 698.552675] dump_stack+0x1fc/0x2fe [ 698.556530] should_fail.cold+0xa/0x14 [ 698.560481] ? setup_fault_attr+0x200/0x200 [ 698.564883] ? lock_acquire+0x170/0x3c0 [ 698.565828] input: syz0 as /devices/virtual/input/input140 [ 698.569199] __should_failslab+0x115/0x180 [ 698.569217] should_failslab+0x5/0xf [ 698.569236] kmem_cache_alloc_trace+0x284/0x380 [ 698.569258] ? wait_for_completion_io+0x10/0x10 [ 698.569285] ? kobject_init_and_add.cold+0x16/0x16 [ 698.569316] call_usermodehelper_setup+0x84/0x300 [ 698.602661] kobject_uevent_env+0xe87/0x14a0 [ 698.607133] lo_ioctl+0xff9/0x20e0 [ 698.610714] ? loop_set_status64+0x110/0x110 [ 698.615356] blkdev_ioctl+0x5cb/0x1a7e [ 698.619461] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 698.624244] ? blkpg_ioctl+0x9d0/0x9d0 [ 698.628191] ? retint_kernel+0x2d/0x2d [ 698.632128] block_ioctl+0xe9/0x130 [ 698.636031] ? blkdev_fallocate+0x3f0/0x3f0 [ 698.640634] do_vfs_ioctl+0xcdb/0x12e0 [ 698.644768] ? lock_downgrade+0x720/0x720 [ 698.648958] ? check_preemption_disabled+0x41/0x280 [ 698.654037] ? ioctl_preallocate+0x200/0x200 [ 698.658500] ? __fget+0x356/0x510 [ 698.662004] ? do_dup2+0x450/0x450 [ 698.665622] ? do_sys_open+0x2bf/0x520 [ 698.669754] ksys_ioctl+0x9b/0xc0 [ 698.673390] __x64_sys_ioctl+0x6f/0xb0 [ 698.677319] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 698.682254] do_syscall_64+0xf9/0x620 [ 698.686124] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 698.691336] RIP: 0033:0x45e087 [ 698.694549] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 698.713812] RSP: 002b:00007fb2ba6bea18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 698.721553] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 698.728911] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 698.736349] RBP: 0000000000000000 R08: 0000000020000218 R09: 0000000000000000 [ 698.743798] R10: 0000000000008000 R11: 0000000000000246 R12: 0000000000000001 [ 698.751087] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000228 01:55:21 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfd, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 698.781458] input: syz0 as /devices/virtual/input/input141 01:55:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xe}, 0x0) 01:55:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:21 executing program 3 (fault-call:0 fault-nth:26): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:21 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:21 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x11}, 0x0) [ 698.915054] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 698.915054] [ 698.938928] input: syz0 as /devices/virtual/input/input142 01:55:22 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600", 0xb, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 698.995830] input: syz0 as /devices/virtual/input/input143 [ 699.029922] FAULT_INJECTION: forcing a failure. [ 699.029922] name failslab, interval 1, probability 0, space 0, times 0 [ 699.046026] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 699.046026] [ 699.093684] CPU: 0 PID: 20129 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 699.101709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.111119] Call Trace: [ 699.113787] dump_stack+0x1fc/0x2fe [ 699.117485] should_fail.cold+0xa/0x14 [ 699.121465] ? setup_fault_attr+0x200/0x200 [ 699.125861] __should_failslab+0x115/0x180 [ 699.130183] should_failslab+0x5/0xf [ 699.133950] kmem_cache_alloc+0x277/0x370 [ 699.138181] ? ext4_sync_fs+0x8d0/0x8d0 [ 699.142230] ext4_alloc_inode+0x1a/0x630 [ 699.146411] ? ext4_sync_fs+0x8d0/0x8d0 [ 699.150455] alloc_inode+0x5d/0x180 [ 699.154147] new_inode+0x1d/0xf0 [ 699.157666] __ext4_new_inode+0x400/0x5a20 [ 699.162029] ? putname+0xe1/0x120 [ 699.165575] ? do_mkdirat+0xa0/0x2d0 [ 699.169347] ? ext4_free_inode+0x1780/0x1780 [ 699.174002] ? debug_check_no_obj_freed+0x201/0x482 [ 699.179130] ? __dquot_initialize+0x298/0xb70 [ 699.183718] ? lock_acquire+0x170/0x3c0 [ 699.187795] ? dquot_initialize_needed+0x290/0x290 [ 699.192991] ? trace_hardirqs_off+0x64/0x200 [ 699.197511] ? common_perm+0x4be/0x800 [ 699.201459] ext4_mkdir+0x396/0xe10 [ 699.205514] ? putname+0xe1/0x120 [ 699.209016] ? ext4_init_dot_dotdot+0x600/0x600 [ 699.214332] ? generic_permission+0x116/0x4d0 [ 699.218902] ? security_inode_permission+0xc5/0xf0 [ 699.223910] ? inode_permission.part.0+0x10c/0x450 [ 699.228889] vfs_mkdir+0x508/0x7a0 [ 699.232877] do_mkdirat+0x262/0x2d0 [ 699.236590] ? __ia32_sys_mknod+0x120/0x120 [ 699.240981] ? trace_hardirqs_off_caller+0x6e/0x210 [ 699.246111] ? do_syscall_64+0x21/0x620 [ 699.250163] do_syscall_64+0xf9/0x620 [ 699.254025] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.259327] RIP: 0033:0x45d637 [ 699.262586] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 699.281560] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 01:55:22 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x60}, 0x0) [ 699.289316] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 [ 699.296630] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 699.303945] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 699.311280] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 699.318610] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x3}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffffe, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:22 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4d05f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:22 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600", 0xb, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 699.471725] input: syz0 as /devices/virtual/input/input144 01:55:22 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0) 01:55:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x225c17d03, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 699.529515] input: syz0 as /devices/virtual/input/input145 [ 699.541585] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 699.541585] 01:55:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x4}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:22 executing program 3 (fault-call:0 fault-nth:27): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:22 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x5cc}, 0x0) 01:55:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 699.720818] input: syz0 as /devices/virtual/input/input146 [ 699.740767] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 699.740767] [ 699.762418] input: syz0 as /devices/virtual/input/input147 01:55:22 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000", 0x10, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x5}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 699.887665] FAULT_INJECTION: forcing a failure. [ 699.887665] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 699.899678] CPU: 0 PID: 20216 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 699.907602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 699.916987] Call Trace: [ 699.919621] dump_stack+0x1fc/0x2fe [ 699.923316] should_fail.cold+0xa/0x14 [ 699.927429] ? setup_fault_attr+0x200/0x200 [ 699.931789] ? __mutex_unlock_slowpath+0xea/0x610 [ 699.936760] __alloc_pages_nodemask+0x239/0x2890 [ 699.941559] ? __lock_acquire+0x6de/0x3ff0 [ 699.945841] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 699.950351] input: syz0 as /devices/virtual/input/input148 [ 699.950726] ? blkdev_ioctl+0x11a/0x1a7e [ 699.950743] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 699.950764] ? blkpg_ioctl+0x9d0/0x9d0 [ 699.969841] ? debug_check_no_obj_freed+0x201/0x482 [ 699.974915] ? lock_downgrade+0x720/0x720 [ 699.977847] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 699.977847] 01:55:22 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46402010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:22 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xe00}, 0x0) [ 699.979118] cache_grow_begin+0xa4/0x8a0 [ 699.979143] ? setup_fault_attr+0x200/0x200 [ 699.979156] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 699.979186] cache_alloc_refill+0x273/0x340 [ 700.005386] kmem_cache_alloc+0x346/0x370 [ 700.009696] getname_flags+0xce/0x590 [ 700.013564] do_mkdirat+0x8d/0x2d0 [ 700.017169] ? __ia32_sys_mknod+0x120/0x120 [ 700.021572] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 700.026975] ? trace_hardirqs_off_caller+0x6e/0x210 [ 700.033245] ? do_syscall_64+0x21/0x620 [ 700.037316] do_syscall_64+0xf9/0x620 [ 700.041151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.046467] RIP: 0033:0x45d637 [ 700.049661] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 700.068611] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 700.076526] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 01:55:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x100000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 700.083832] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 700.091106] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 700.098896] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 700.106183] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x1100}, 0x0) [ 700.142779] input: syz0 as /devices/virtual/input/input149 01:55:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:23 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000", 0x10, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x6000}, 0x0) [ 700.245283] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 700.245283] 01:55:23 executing program 3 (fault-call:0 fault-nth:28): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x200000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46403010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xc805}, 0x0) [ 700.328652] input: syz0 as /devices/virtual/input/input150 [ 700.403168] input: syz0 as /devices/virtual/input/input151 01:55:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 700.446785] FAULT_INJECTION: forcing a failure. [ 700.446785] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 700.459213] CPU: 0 PID: 20278 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 700.467198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 700.476652] Call Trace: [ 700.479332] dump_stack+0x1fc/0x2fe [ 700.483029] should_fail.cold+0xa/0x14 [ 700.486966] ? setup_fault_attr+0x200/0x200 [ 700.490549] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 700.490549] [ 700.491474] ? wake_up_q+0x93/0xe0 [ 700.491501] ? __mutex_unlock_slowpath+0x2be/0x610 [ 700.491538] __alloc_pages_nodemask+0x239/0x2890 [ 700.513351] ? __lock_acquire+0x6de/0x3ff0 [ 700.517788] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 700.522698] ? blkdev_ioctl+0x11a/0x1a7e [ 700.526924] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.532333] ? blkpg_ioctl+0x9d0/0x9d0 [ 700.536413] ? debug_check_no_obj_freed+0x201/0x482 [ 700.541583] ? lock_downgrade+0x720/0x720 [ 700.545782] cache_grow_begin+0xa4/0x8a0 [ 700.549898] ? setup_fault_attr+0x200/0x200 [ 700.554264] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 700.559051] cache_alloc_refill+0x273/0x340 [ 700.563429] kmem_cache_alloc+0x346/0x370 [ 700.567634] getname_flags+0xce/0x590 [ 700.571501] do_mkdirat+0x8d/0x2d0 [ 700.575074] ? __ia32_sys_mknod+0x120/0x120 [ 700.579439] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 700.584870] ? trace_hardirqs_off_caller+0x6e/0x210 [ 700.589955] ? do_syscall_64+0x21/0x620 [ 700.594159] do_syscall_64+0xf9/0x620 [ 700.598118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 700.603472] RIP: 0033:0x45d637 [ 700.606850] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 700.625794] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 700.633536] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xcc05}, 0x0) [ 700.640831] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 700.648513] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 700.655801] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 700.663115] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x300000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000", 0x10, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x34000}, 0x0) [ 700.746759] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 700.746759] [ 700.783314] input: syz0 as /devices/virtual/input/input152 [ 700.821626] input: syz0 as /devices/virtual/input/input153 01:55:23 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46404010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 3 (fault-call:0 fault-nth:29): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x11}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x37dc12502000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:23 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x40000}, 0x0) 01:55:23 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000", 0x13, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 701.013219] FAULT_INJECTION: forcing a failure. [ 701.013219] name failslab, interval 1, probability 0, space 0, times 0 [ 701.030488] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 701.030488] [ 701.049191] CPU: 1 PID: 20331 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 701.057193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.066668] Call Trace: [ 701.069354] dump_stack+0x1fc/0x2fe [ 701.073056] should_fail.cold+0xa/0x14 [ 701.077146] ? setup_fault_attr+0x200/0x200 [ 701.081568] __should_failslab+0x115/0x180 [ 701.086964] should_failslab+0x5/0xf [ 701.090749] kmem_cache_alloc+0x277/0x370 [ 701.094226] input: syz0 as /devices/virtual/input/input154 [ 701.094952] ? ext4_sync_fs+0x8d0/0x8d0 [ 701.104728] ext4_alloc_inode+0x1a/0x630 [ 701.108875] ? ext4_sync_fs+0x8d0/0x8d0 [ 701.114000] alloc_inode+0x5d/0x180 [ 701.117776] new_inode+0x1d/0xf0 [ 701.121276] __ext4_new_inode+0x400/0x5a20 [ 701.125622] ? putname+0xe1/0x120 [ 701.129450] ? do_mkdirat+0xa0/0x2d0 [ 701.133310] ? ext4_free_inode+0x1780/0x1780 [ 701.137837] ? debug_check_no_obj_freed+0x201/0x482 [ 701.142937] ? __dquot_initialize+0x298/0xb70 [ 701.147629] ? lock_acquire+0x170/0x3c0 [ 701.151645] ? dquot_initialize_needed+0x290/0x290 [ 701.156625] ? trace_hardirqs_off+0x64/0x200 [ 701.161107] ? common_perm+0x4be/0x800 [ 701.165775] ext4_mkdir+0x396/0xe10 [ 701.169571] ? putname+0xe1/0x120 [ 701.173138] ? ext4_init_dot_dotdot+0x600/0x600 [ 701.177857] ? generic_permission+0x116/0x4d0 [ 701.182374] ? security_inode_permission+0xc5/0xf0 [ 701.187713] ? inode_permission.part.0+0x10c/0x450 [ 701.192802] vfs_mkdir+0x508/0x7a0 [ 701.196391] do_mkdirat+0x262/0x2d0 [ 701.200163] ? __ia32_sys_mknod+0x120/0x120 [ 701.204602] ? trace_hardirqs_off_caller+0x6e/0x210 [ 701.209839] ? do_syscall_64+0x21/0x620 [ 701.213883] do_syscall_64+0xf9/0x620 [ 701.217744] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.222977] RIP: 0033:0x45d637 [ 701.226640] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 701.245584] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 701.253351] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 01:55:24 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x400300}, 0x0) [ 701.260683] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 701.268011] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 701.275427] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 701.282750] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 701.299426] input: syz0 as /devices/virtual/input/input155 01:55:24 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000", 0x13, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x400000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 701.343839] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 701.343839] 01:55:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x12}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:24 executing program 3 (fault-call:0 fault-nth:30): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:24 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x1000000}, 0x0) 01:55:24 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46405010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 701.552384] FAULT_INJECTION: forcing a failure. [ 701.552384] name failslab, interval 1, probability 0, space 0, times 0 [ 701.564187] CPU: 0 PID: 20376 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 701.572824] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 701.583160] Call Trace: [ 701.585868] dump_stack+0x1fc/0x2fe [ 701.589569] should_fail.cold+0xa/0x14 [ 701.593541] ? setup_fault_attr+0x200/0x200 [ 701.597976] ? __es_tree_search.isra.0+0x1af/0x210 01:55:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x600000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 701.603004] __should_failslab+0x115/0x180 [ 701.608201] should_failslab+0x5/0xf [ 701.612207] kmem_cache_alloc+0x3f/0x370 [ 701.614814] input: syz0 as /devices/virtual/input/input156 [ 701.616321] __es_insert_extent+0x39b/0x13b0 [ 701.626466] ? lock_acquire+0x170/0x3c0 [ 701.630486] ? ext4_es_insert_extent+0x17e/0x5e0 [ 701.635292] ext4_es_insert_extent+0x22e/0x5e0 [ 701.639924] ? lock_downgrade+0x720/0x720 [ 701.644158] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 701.649981] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 701.655034] ? ext4_es_find_delayed_extent_range+0x7d9/0x9f0 [ 701.660886] ext4_ext_map_blocks+0x2129/0x7390 [ 701.665530] ? __lock_acquire+0x6de/0x3ff0 [ 701.669855] ? __lock_acquire+0x6de/0x3ff0 [ 701.674141] ? mark_held_locks+0xf0/0xf0 [ 701.678397] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 701.684052] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 701.689469] ? mark_held_locks+0xf0/0xf0 [ 701.693686] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 701.698626] ? ext4_es_lookup_extent+0x375/0xb60 [ 701.703590] ? check_preemption_disabled+0x41/0x280 [ 701.708674] ? lock_acquire+0x170/0x3c0 [ 701.712742] ? ext4_map_blocks+0x33e/0x1a50 [ 701.717155] ext4_map_blocks+0xd88/0x1a50 [ 701.721357] ? check_preemption_disabled+0x41/0x280 [ 701.726550] ? ext4_issue_zeroout+0x160/0x160 [ 701.731138] ? __brelse+0x84/0xa0 [ 701.734740] ? __ext4_new_inode+0x2eb/0x5a20 [ 701.739224] ext4_getblk+0xad/0x4f0 [ 701.743089] ? ext4_iomap_begin+0xe00/0xe00 [ 701.747441] ? ext4_free_inode+0x1780/0x1780 [ 701.752016] ? debug_check_no_obj_freed+0x201/0x482 [ 701.757087] ? __dquot_initialize+0x298/0xb70 [ 701.761651] ext4_bread+0x7c/0x210 [ 701.765277] ? ext4_getblk+0x4f0/0x4f0 [ 701.769395] ? dquot_initialize_needed+0x290/0x290 [ 701.774536] ? trace_hardirqs_off+0x64/0x200 [ 701.779014] ext4_append+0x155/0x370 [ 701.782798] ext4_mkdir+0x5bd/0xe10 [ 701.786615] ? ext4_init_dot_dotdot+0x600/0x600 [ 701.791660] ? generic_permission+0x116/0x4d0 [ 701.796397] ? inode_permission.part.0+0x10c/0x450 [ 701.801431] vfs_mkdir+0x508/0x7a0 [ 701.805253] do_mkdirat+0x262/0x2d0 [ 701.809090] ? __ia32_sys_mknod+0x120/0x120 [ 701.813461] ? trace_hardirqs_off_caller+0x6e/0x210 [ 701.818571] ? do_syscall_64+0x21/0x620 [ 701.822599] do_syscall_64+0xf9/0x620 [ 701.826456] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 701.831973] RIP: 0033:0x45d637 [ 701.835221] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 701.854583] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 701.862471] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 [ 701.869799] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 701.877523] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 701.884934] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 701.892377] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:24 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000", 0x13, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:25 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x4000000}, 0x0) 01:55:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x14}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 701.977475] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 701.977475] 01:55:25 executing program 3 (fault-call:0 fault-nth:31): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 702.076764] input: syz0 as /devices/virtual/input/input158 [ 702.108462] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 702.108462] 01:55:25 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000000000000100000", 0x14, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x700000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:25 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x8000000}, 0x0) 01:55:25 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46406010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 702.173675] input: syz0 as /devices/virtual/input/input159 [ 702.200331] FAULT_INJECTION: forcing a failure. [ 702.200331] name failslab, interval 1, probability 0, space 0, times 0 01:55:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x15}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 702.253319] CPU: 0 PID: 20419 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 702.261289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.270717] Call Trace: [ 702.273414] dump_stack+0x1fc/0x2fe [ 702.277144] should_fail.cold+0xa/0x14 [ 702.281315] ? setup_fault_attr+0x200/0x200 [ 702.285917] ? lock_downgrade+0x720/0x720 [ 702.290274] __should_failslab+0x115/0x180 [ 702.294571] should_failslab+0x5/0xf [ 702.298338] __kmalloc+0x2ab/0x3c0 [ 702.301950] ? ext4_find_extent+0x9bb/0xc70 [ 702.306344] ext4_find_extent+0x9bb/0xc70 [ 702.310582] ext4_ext_map_blocks+0x1c0/0x7390 [ 702.315133] ? __lock_acquire+0x6de/0x3ff0 [ 702.319409] ? mark_held_locks+0xf0/0xf0 [ 702.323657] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 702.329070] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 702.334437] ? mark_held_locks+0xf0/0xf0 [ 702.338654] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 702.343582] ? ext4_es_lookup_extent+0x375/0xb60 [ 702.348364] ? ext4_map_blocks+0x59f/0x1a50 [ 702.352738] ? lock_acquire+0x170/0x3c0 [ 702.356792] ? ext4_map_blocks+0x740/0x1a50 [ 702.361181] ext4_map_blocks+0x7a2/0x1a50 [ 702.365528] ? check_preemption_disabled+0x41/0x280 [ 702.371055] ? ext4_issue_zeroout+0x160/0x160 [ 702.375713] ? __brelse+0x84/0xa0 [ 702.379203] ? __ext4_new_inode+0x2eb/0x5a20 [ 702.383690] ext4_getblk+0xad/0x4f0 [ 702.387626] ? ext4_iomap_begin+0xe00/0xe00 [ 702.392049] ? ext4_free_inode+0x1780/0x1780 [ 702.396517] ? debug_check_no_obj_freed+0x201/0x482 [ 702.401606] ? __dquot_initialize+0x298/0xb70 [ 702.406430] ext4_bread+0x7c/0x210 [ 702.410038] ? ext4_getblk+0x4f0/0x4f0 [ 702.414006] ? dquot_initialize_needed+0x290/0x290 [ 702.419063] ? trace_hardirqs_off+0x64/0x200 [ 702.424384] ext4_append+0x155/0x370 [ 702.428179] ext4_mkdir+0x5bd/0xe10 [ 702.431878] ? ext4_init_dot_dotdot+0x600/0x600 [ 702.436622] ? generic_permission+0x116/0x4d0 [ 702.441187] ? inode_permission.part.0+0x10c/0x450 [ 702.446186] vfs_mkdir+0x508/0x7a0 [ 702.449823] do_mkdirat+0x262/0x2d0 [ 702.453673] ? __ia32_sys_mknod+0x120/0x120 [ 702.458479] ? trace_hardirqs_off_caller+0x6e/0x210 [ 702.463563] ? do_syscall_64+0x21/0x620 [ 702.467768] do_syscall_64+0xf9/0x620 [ 702.471629] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.476848] RIP: 0033:0x45d637 [ 702.480059] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.498977] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 702.506713] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 [ 702.514016] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 702.521543] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 702.528866] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 702.536477] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:25 executing program 3 (fault-call:0 fault-nth:32): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:25 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xe000000}, 0x0) 01:55:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x800000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 702.665677] input: syz0 as /devices/virtual/input/input160 [ 702.677241] FAULT_INJECTION: forcing a failure. [ 702.677241] name failslab, interval 1, probability 0, space 0, times 0 [ 702.689571] CPU: 0 PID: 20450 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 702.697540] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 702.707254] Call Trace: [ 702.709882] dump_stack+0x1fc/0x2fe 01:55:25 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000000000000100000", 0x14, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 702.713704] should_fail.cold+0xa/0x14 [ 702.717676] ? setup_fault_attr+0x200/0x200 [ 702.722102] ? lock_downgrade+0x720/0x720 [ 702.726339] ? check_preemption_disabled+0x41/0x280 [ 702.731432] __should_failslab+0x115/0x180 [ 702.735744] should_failslab+0x5/0xf [ 702.739546] kmem_cache_alloc+0x277/0x370 [ 702.743782] ext4_mb_new_blocks+0x60a/0x4370 [ 702.748295] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 702.753413] ? ext4_cache_extents+0x68/0x2d0 [ 702.757884] ? ext4_find_extent+0x9bb/0xc70 [ 702.762273] ? ext4_discard_preallocations+0xfb0/0xfb0 [ 702.768663] ? ext4_ext_search_right+0x2c7/0xb60 [ 702.773512] ? ext4_inode_to_goal_block+0x2d2/0x3e0 [ 702.778712] ext4_ext_map_blocks+0x2aa2/0x7390 [ 702.783405] ? __lock_acquire+0x6de/0x3ff0 [ 702.787773] ? mark_held_locks+0xf0/0xf0 [ 702.791944] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 702.795235] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 702.795235] [ 702.797478] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 702.811534] ? mark_held_locks+0xf0/0xf0 01:55:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f00000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 702.815655] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 702.820578] ? ext4_es_lookup_extent+0x375/0xb60 [ 702.825393] ? ext4_map_blocks+0x59f/0x1a50 [ 702.829821] ext4_map_blocks+0x7a2/0x1a50 [ 702.834023] ? check_preemption_disabled+0x41/0x280 [ 702.839182] ? ext4_issue_zeroout+0x160/0x160 [ 702.843708] ? __brelse+0x84/0xa0 [ 702.847186] ? __ext4_new_inode+0x2eb/0x5a20 [ 702.851627] ext4_getblk+0xad/0x4f0 [ 702.855314] ? ext4_iomap_begin+0xe00/0xe00 [ 702.859664] ? ext4_free_inode+0x1780/0x1780 [ 702.864250] ? debug_check_no_obj_freed+0x201/0x482 [ 702.869362] ? __dquot_initialize+0x298/0xb70 [ 702.873942] ext4_bread+0x7c/0x210 [ 702.877542] ? ext4_getblk+0x4f0/0x4f0 [ 702.881540] ? dquot_initialize_needed+0x290/0x290 [ 702.886524] ? trace_hardirqs_off+0x64/0x200 [ 702.890982] ext4_append+0x155/0x370 [ 702.894852] ext4_mkdir+0x5bd/0xe10 [ 702.898541] ? ext4_init_dot_dotdot+0x600/0x600 [ 702.903276] ? generic_permission+0x116/0x4d0 [ 702.907828] ? inode_permission.part.0+0x10c/0x450 [ 702.912879] vfs_mkdir+0x508/0x7a0 [ 702.916475] do_mkdirat+0x262/0x2d0 [ 702.920144] ? __ia32_sys_mknod+0x120/0x120 [ 702.924546] ? trace_hardirqs_off_caller+0x6e/0x210 [ 702.929622] ? do_syscall_64+0x21/0x620 [ 702.933667] do_syscall_64+0xf9/0x620 [ 702.937518] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 702.942760] RIP: 0033:0x45d637 [ 702.945977] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 702.965123] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 702.973136] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 [ 702.980467] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 702.987798] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 [ 702.995212] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 703.002533] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x11000000}, 0x0) [ 703.041489] input: syz0 as /devices/virtual/input/input161 01:55:26 executing program 3 (fault-call:0 fault-nth:33): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 703.096538] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 703.096538] 01:55:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x16}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x60000000}, 0x0) [ 703.233833] FAULT_INJECTION: forcing a failure. [ 703.233833] name failslab, interval 1, probability 0, space 0, times 0 [ 703.245832] CPU: 0 PID: 20489 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 703.253804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.263240] Call Trace: [ 703.265901] dump_stack+0x1fc/0x2fe [ 703.269618] should_fail.cold+0xa/0x14 [ 703.273576] ? setup_fault_attr+0x200/0x200 [ 703.277645] input: syz0 as /devices/virtual/input/input162 [ 703.277954] ? __es_tree_search.isra.0+0x1af/0x210 [ 703.288669] __should_failslab+0x115/0x180 [ 703.293017] should_failslab+0x5/0xf [ 703.296815] kmem_cache_alloc+0x3f/0x370 [ 703.300937] __es_insert_extent+0x39b/0x13b0 [ 703.305396] ext4_es_insert_extent+0x22e/0x5e0 [ 703.310014] ? ext4_map_blocks+0x59f/0x1a50 [ 703.314365] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 703.320211] ext4_map_blocks+0xa2a/0x1a50 [ 703.324422] ? ext4_issue_zeroout+0x160/0x160 [ 703.328969] ? __brelse+0x84/0xa0 [ 703.332486] ? __ext4_new_inode+0x2eb/0x5a20 [ 703.336959] ext4_getblk+0xad/0x4f0 [ 703.340644] ? ext4_iomap_begin+0xe00/0xe00 [ 703.345058] ? ext4_free_inode+0x1780/0x1780 [ 703.349533] ? debug_check_no_obj_freed+0x201/0x482 [ 703.354598] ? __dquot_initialize+0x298/0xb70 [ 703.359195] ext4_bread+0x7c/0x210 [ 703.362817] ? ext4_getblk+0x4f0/0x4f0 [ 703.366763] ? dquot_initialize_needed+0x290/0x290 [ 703.371909] ? trace_hardirqs_off+0x64/0x200 [ 703.376378] ext4_append+0x155/0x370 [ 703.380165] ext4_mkdir+0x5bd/0xe10 [ 703.383863] ? ext4_init_dot_dotdot+0x600/0x600 [ 703.388588] ? generic_permission+0x116/0x4d0 [ 703.393286] ? inode_permission.part.0+0x10c/0x450 [ 703.398314] vfs_mkdir+0x508/0x7a0 [ 703.401969] do_mkdirat+0x262/0x2d0 [ 703.405745] ? __ia32_sys_mknod+0x120/0x120 [ 703.410362] ? trace_hardirqs_off_caller+0x6e/0x210 [ 703.415611] ? do_syscall_64+0x21/0x620 [ 703.419695] do_syscall_64+0xf9/0x620 [ 703.423763] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.429048] RIP: 0033:0x45d637 [ 703.432311] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 703.451445] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 703.459395] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 000000000045d637 [ 703.466748] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 703.474111] RBP: 00007fb2ba6bead0 R08: 0000000020000218 R09: 0000000000000000 01:55:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x89ffffff}, 0x0) [ 703.481596] R10: 0000000000008000 R11: 0000000000000213 R12: 0000000020000000 [ 703.489008] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 703.517198] input: syz0 as /devices/virtual/input/input163 01:55:26 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46407010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:26 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000000000000100000", 0x14, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:26 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8000000000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:26 executing program 3 (fault-call:0 fault-nth:34): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x2f}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:26 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xc8050000}, 0x0) 01:55:26 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc065010000000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 703.766074] input: syz0 as /devices/virtual/input/input164 [ 703.793521] FAULT_INJECTION: forcing a failure. [ 703.793521] name failslab, interval 1, probability 0, space 0, times 0 [ 703.807148] CPU: 0 PID: 20527 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 703.815151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 703.824573] Call Trace: [ 703.827492] dump_stack+0x1fc/0x2fe [ 703.831464] should_fail.cold+0xa/0x14 [ 703.835435] ? setup_fault_attr+0x200/0x200 [ 703.839850] ? lock_acquire+0x170/0x3c0 [ 703.843878] __should_failslab+0x115/0x180 [ 703.848196] should_failslab+0x5/0xf [ 703.851980] __kmalloc_track_caller+0x2a6/0x3c0 [ 703.856705] ? strndup_user+0x70/0x120 [ 703.860668] memdup_user+0x22/0xb0 [ 703.864280] strndup_user+0x70/0x120 [ 703.868211] ksys_mount+0x34/0x130 [ 703.871988] __x64_sys_mount+0xba/0x150 [ 703.876245] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 703.880946] do_syscall_64+0xf9/0x620 [ 703.884841] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 703.890275] RIP: 0033:0x460c6a [ 703.893644] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 01:55:26 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 703.913072] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 703.920822] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 703.928867] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 703.936216] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 703.943917] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 703.951737] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xcc050000}, 0x0) [ 703.983017] input: syz0 as /devices/virtual/input/input165 01:55:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x300}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:27 executing program 3 (fault-call:0 fault-nth:35): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 704.159911] input: syz0 as /devices/virtual/input/input166 [ 704.195858] input: syz0 as /devices/virtual/input/input167 [ 704.210825] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 704.210825] [ 704.298092] FAULT_INJECTION: forcing a failure. [ 704.298092] name failslab, interval 1, probability 0, space 0, times 0 [ 704.313828] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 704.313828] [ 704.352852] CPU: 1 PID: 20582 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 704.360973] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.370757] Call Trace: [ 704.373527] dump_stack+0x1fc/0x2fe [ 704.377236] should_fail.cold+0xa/0x14 [ 704.381250] ? setup_fault_attr+0x200/0x200 [ 704.386130] ? lock_acquire+0x170/0x3c0 [ 704.390192] __should_failslab+0x115/0x180 [ 704.394649] should_failslab+0x5/0xf [ 704.398469] __kmalloc_track_caller+0x2a6/0x3c0 [ 704.403223] ? strndup_user+0x70/0x120 [ 704.407206] ? _copy_from_user+0xd2/0x130 [ 704.411465] memdup_user+0x22/0xb0 [ 704.415119] strndup_user+0x70/0x120 [ 704.418942] ksys_mount+0x6f/0x130 [ 704.422656] __x64_sys_mount+0xba/0x150 [ 704.426857] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 704.431687] do_syscall_64+0xf9/0x620 [ 704.435714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.440974] RIP: 0033:0x460c6a [ 704.444338] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 704.463470] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 704.471407] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 704.479190] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 704.486738] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 704.494142] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 704.501484] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:27 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46408010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfcfdffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:27 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xeffdffff}, 0x0) 01:55:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:27 executing program 3 (fault-call:0 fault-nth:36): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 704.618912] input: syz0 as /devices/virtual/input/input168 01:55:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xfffffdef}, 0x0) 01:55:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:27 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 704.751089] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 704.751089] [ 704.781356] FAULT_INJECTION: forcing a failure. [ 704.781356] name failslab, interval 1, probability 0, space 0, times 0 [ 704.817743] CPU: 0 PID: 20620 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 704.825768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 704.835323] Call Trace: [ 704.838037] dump_stack+0x1fc/0x2fe [ 704.841856] should_fail.cold+0xa/0x14 [ 704.845878] ? setup_fault_attr+0x200/0x200 [ 704.850297] ? lock_acquire+0x170/0x3c0 [ 704.854404] __should_failslab+0x115/0x180 [ 704.858784] should_failslab+0x5/0xf [ 704.862771] kmem_cache_alloc_trace+0x284/0x380 [ 704.867596] ? _copy_from_user+0xd2/0x130 [ 704.871953] copy_mount_options+0x59/0x380 [ 704.876350] ksys_mount+0x9b/0x130 [ 704.880370] __x64_sys_mount+0xba/0x150 [ 704.884440] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 704.889260] do_syscall_64+0xf9/0x620 [ 704.893178] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 704.898504] RIP: 0033:0x460c6a 01:55:27 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0) [ 704.901740] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 704.921151] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 704.929407] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 704.936768] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 704.944138] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 704.951506] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 704.959105] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x700}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 705.019057] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 705.019057] 01:55:28 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46409010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xffffff89}, 0x0) 01:55:28 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:28 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, 0x0) 01:55:28 executing program 3 (fault-call:0 fault-nth:37): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 705.188853] input: syz0 as /devices/virtual/input/input171 [ 705.243660] input: syz0 as /devices/virtual/input/input172 01:55:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1100}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 705.319916] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 705.319916] [ 705.355554] FAULT_INJECTION: forcing a failure. [ 705.355554] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 705.367541] CPU: 0 PID: 20671 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 705.375491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 705.384939] Call Trace: [ 705.387175] input: syz0 as /devices/virtual/input/input173 [ 705.387601] dump_stack+0x1fc/0x2fe [ 705.387649] should_fail.cold+0xa/0x14 [ 705.387676] ? setup_fault_attr+0x200/0x200 [ 705.387724] __alloc_pages_nodemask+0x239/0x2890 [ 705.387753] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 705.387783] ? is_bpf_text_address+0xd5/0x1b0 [ 705.387809] ? __lock_acquire+0x6de/0x3ff0 [ 705.387836] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 705.387850] ? is_bpf_text_address+0xfc/0x1b0 [ 705.387864] ? unwind_get_return_address+0x51/0x90 [ 705.387877] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.387896] ? __save_stack_trace+0xaf/0x190 [ 705.387918] cache_grow_begin+0xa4/0x8a0 [ 705.387933] ? setup_fault_attr+0x200/0x200 [ 705.387944] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 705.387959] cache_alloc_refill+0x273/0x340 [ 705.387976] kmem_cache_alloc+0x346/0x370 [ 705.387998] getname_flags+0xce/0x590 [ 705.388026] user_path_at_empty+0x2a/0x50 [ 705.480119] do_mount+0x147/0x2f10 [ 705.484048] ? setup_fault_attr+0x200/0x200 [ 705.488640] ? lock_acquire+0x170/0x3c0 [ 705.492815] ? check_preemption_disabled+0x41/0x280 [ 705.498120] ? copy_mount_string+0x40/0x40 [ 705.502699] ? copy_mount_options+0x59/0x380 [ 705.507653] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 705.513266] ? kmem_cache_alloc_trace+0x323/0x380 [ 705.518568] ? copy_mount_options+0x26f/0x380 [ 705.523363] ksys_mount+0xcf/0x130 [ 705.527385] __x64_sys_mount+0xba/0x150 [ 705.531580] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 705.536615] do_syscall_64+0xf9/0x620 [ 705.540780] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 705.546260] RIP: 0033:0x460c6a [ 705.549505] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 01:55:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x4000000000000}, 0x0) [ 705.569095] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 705.576964] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 705.584370] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 705.591986] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 705.599341] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 705.607056] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1200}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 705.639963] input: syz0 as /devices/virtual/input/input174 [ 705.663432] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 705.663432] 01:55:28 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, 0x0) 01:55:28 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffffff00000000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x40030000000000}, 0x0) [ 705.806581] input: syz0 as /devices/virtual/input/input175 01:55:28 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:28 executing program 3 (fault-call:0 fault-nth:38): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:28 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x100000000000000}, 0x0) 01:55:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1400}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 706.015797] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 706.015797] [ 706.020891] input: syz0 as /devices/virtual/input/input177 [ 706.035959] FAULT_INJECTION: forcing a failure. [ 706.035959] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 706.047910] CPU: 0 PID: 20731 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 706.055851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.065266] Call Trace: [ 706.067930] dump_stack+0x1fc/0x2fe [ 706.071640] should_fail.cold+0xa/0x14 [ 706.075721] ? setup_fault_attr+0x200/0x200 [ 706.080119] __alloc_pages_nodemask+0x239/0x2890 [ 706.085204] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 706.091286] ? __lock_acquire+0x6de/0x3ff0 [ 706.095648] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 706.100749] ? __update_load_avg_se+0x5ec/0xa00 [ 706.105511] ? mark_held_locks+0xf0/0xf0 [ 706.109788] ? set_next_entity+0xb52/0x1dc0 [ 706.114349] ? check_preemption_disabled+0x41/0x280 [ 706.119676] ? finish_task_switch+0x146/0x760 [ 706.124255] cache_grow_begin+0xa4/0x8a0 [ 706.128419] ? setup_fault_attr+0x200/0x200 [ 706.132815] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 706.139050] cache_alloc_refill+0x273/0x340 [ 706.143458] kmem_cache_alloc+0x346/0x370 [ 706.147697] getname_flags+0xce/0x590 [ 706.152841] user_path_at_empty+0x2a/0x50 [ 706.157092] do_mount+0x147/0x2f10 [ 706.160709] ? copy_mount_string+0x40/0x40 [ 706.165016] ? copy_mount_options+0x1da/0x380 [ 706.169581] ? copy_mount_options+0x1ec/0x380 [ 706.174201] ? copy_mount_options+0x26f/0x380 [ 706.178792] ksys_mount+0xcf/0x130 [ 706.182501] __x64_sys_mount+0xba/0x150 [ 706.186563] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 706.191465] do_syscall_64+0xf9/0x620 [ 706.195487] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.200735] RIP: 0033:0x460c6a [ 706.203994] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 706.223043] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 706.231108] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 706.238429] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 706.245733] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 706.253275] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 01:55:29 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, 0x0) [ 706.260650] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x400000000000000}, 0x0) 01:55:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 706.302525] input: syz0 as /devices/virtual/input/input178 [ 706.435289] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 706.435289] 01:55:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x4, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x800000000000000}, 0x0) 01:55:29 executing program 3 (fault-call:0 fault-nth:39): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 706.482203] input: syz0 as /devices/virtual/input/input179 01:55:29 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:29 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xe00000000000000}, 0x0) [ 706.696011] FAULT_INJECTION: forcing a failure. [ 706.696011] name failslab, interval 1, probability 0, space 0, times 0 01:55:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 706.736362] input: syz0 as /devices/virtual/input/input181 [ 706.782838] CPU: 0 PID: 20779 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 706.790820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 706.800230] Call Trace: [ 706.802899] dump_stack+0x1fc/0x2fe [ 706.806640] should_fail.cold+0xa/0x14 [ 706.810629] ? setup_fault_attr+0x200/0x200 [ 706.815051] ? lock_acquire+0x170/0x3c0 [ 706.819148] __should_failslab+0x115/0x180 [ 706.823611] should_failslab+0x5/0xf [ 706.827419] kmem_cache_alloc+0x277/0x370 [ 706.831703] alloc_vfsmnt+0x23/0x780 [ 706.835493] ? _raw_read_unlock+0x29/0x40 [ 706.839718] vfs_kern_mount.part.0+0x27/0x470 [ 706.842078] input: syz0 as /devices/virtual/input/input182 [ 706.844359] do_mount+0x113c/0x2f10 [ 706.844404] ? lock_acquire+0x170/0x3c0 [ 706.844423] ? check_preemption_disabled+0x41/0x280 [ 706.844436] ? copy_mount_string+0x40/0x40 [ 706.844448] ? copy_mount_options+0x59/0x380 [ 706.844468] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 706.844484] ? kmem_cache_alloc_trace+0x323/0x380 [ 706.844513] ? copy_mount_options+0x26f/0x380 [ 706.886859] ksys_mount+0xcf/0x130 [ 706.890514] __x64_sys_mount+0xba/0x150 [ 706.894587] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 706.899282] do_syscall_64+0xf9/0x620 [ 706.903204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 706.908497] RIP: 0033:0x460c6a [ 706.911788] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 01:55:29 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46404010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 706.930820] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 706.938616] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 706.945959] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 706.953315] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 706.960683] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 706.968042] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 706.989951] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 706.989951] 01:55:30 executing program 3 (fault-call:0 fault-nth:40): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x1f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x1100000000000000}, 0x0) [ 707.109869] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 707.109869] [ 707.126505] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 707.126505] 01:55:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0xf, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x6000000000000000}, 0x0) [ 707.182123] input: syz0 as /devices/virtual/input/input183 [ 707.212212] input: syz0 as /devices/virtual/input/input184 [ 707.235903] FAULT_INJECTION: forcing a failure. [ 707.235903] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 707.247804] CPU: 0 PID: 20827 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 707.255765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.265217] Call Trace: [ 707.267901] dump_stack+0x1fc/0x2fe [ 707.271612] should_fail.cold+0xa/0x14 [ 707.275672] ? setup_fault_attr+0x200/0x200 [ 707.280046] ? is_bpf_text_address+0xfc/0x1b0 [ 707.284578] ? kernel_text_address+0xbd/0xf0 [ 707.289064] ? __kernel_text_address+0x9/0x30 [ 707.293606] __alloc_pages_nodemask+0x239/0x2890 [ 707.298407] ? __lock_acquire+0x6de/0x3ff0 [ 707.302676] ? __x64_sys_mount+0xba/0x150 [ 707.306873] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 707.311981] ? ext4_mkdir+0x82b/0xe10 [ 707.315882] ? mark_held_locks+0xf0/0xf0 [ 707.320063] ? mark_held_locks+0xf0/0xf0 [ 707.324221] ? list_lru_add+0x292/0x600 [ 707.328282] ? mntput_no_expire+0xf2/0xa30 [ 707.332788] cache_grow_begin+0xa4/0x8a0 [ 707.336940] ? setup_fault_attr+0x200/0x200 [ 707.341357] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 707.346198] cache_alloc_refill+0x273/0x340 [ 707.350597] kmem_cache_alloc_trace+0x354/0x380 [ 707.355346] copy_mount_options+0x59/0x380 [ 707.359675] ksys_mount+0x9b/0x130 [ 707.363303] __x64_sys_mount+0xba/0x150 [ 707.367347] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 707.372036] do_syscall_64+0xf9/0x620 [ 707.375930] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.381211] RIP: 0033:0x460c6a [ 707.384493] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 707.403473] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 707.411266] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 707.418607] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 707.425928] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 01:55:30 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x223, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 707.434339] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 707.441792] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 707.480000] attempt to access beyond end of device 01:55:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x2f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:30 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331020000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x89ffffff00000000}, 0x0) [ 707.504519] loop2: rw=0, want=184, limit=178 [ 707.509184] metapage_read_end_io: I/O error 01:55:30 executing program 3 (fault-call:0 fault-nth:41): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 707.581183] input: syz0 as /devices/virtual/input/input185 01:55:30 executing program 2 (fault-call:0 fault-nth:0): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x3f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:30 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xc805000000000000}, 0x0) [ 707.733391] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 707.733391] 01:55:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331030000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 707.773624] FAULT_INJECTION: forcing a failure. [ 707.773624] name failslab, interval 1, probability 0, space 0, times 0 [ 707.806367] FAULT_INJECTION: forcing a failure. [ 707.806367] name failslab, interval 1, probability 0, space 0, times 0 [ 707.827909] CPU: 1 PID: 20885 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 707.836488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 707.845941] Call Trace: [ 707.848667] dump_stack+0x1fc/0x2fe [ 707.852419] should_fail.cold+0xa/0x14 [ 707.856501] ? setup_fault_attr+0x200/0x200 [ 707.860974] ? lock_acquire+0x170/0x3c0 [ 707.865198] __should_failslab+0x115/0x180 [ 707.869572] should_failslab+0x5/0xf [ 707.873366] __kmalloc+0x2ab/0x3c0 [ 707.877037] ? __se_sys_memfd_create+0xf8/0x440 [ 707.881947] __se_sys_memfd_create+0xf8/0x440 [ 707.886565] ? memfd_file_seals_ptr+0x150/0x150 [ 707.891320] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 707.896924] ? trace_hardirqs_off_caller+0x6e/0x210 [ 707.902060] ? do_syscall_64+0x21/0x620 [ 707.906144] do_syscall_64+0xf9/0x620 [ 707.910047] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 707.915311] RIP: 0033:0x45e219 [ 707.918542] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 707.937502] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 707.945290] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 707.952717] RDX: 0000000020000230 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 707.960054] RBP: 0000000000016400 R08: 0000000020000230 R09: 0000000000000000 [ 707.967382] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000002 [ 707.975260] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 707.982626] CPU: 0 PID: 20884 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 707.990785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.000419] Call Trace: [ 708.003167] dump_stack+0x1fc/0x2fe [ 708.007034] should_fail.cold+0xa/0x14 [ 708.011022] ? setup_fault_attr+0x200/0x200 [ 708.015413] ? lock_acquire+0x170/0x3c0 [ 708.019416] __should_failslab+0x115/0x180 [ 708.023656] should_failslab+0x5/0xf [ 708.027376] kmem_cache_alloc+0x277/0x370 [ 708.031537] getname_kernel+0x4e/0x370 [ 708.035443] kern_path+0x1b/0x40 [ 708.038835] lookup_bdev+0xfc/0x220 [ 708.042472] ? bd_acquire+0x440/0x440 [ 708.046524] blkdev_get_by_path+0x1b/0xd0 [ 708.050786] mount_bdev+0x5b/0x3b0 [ 708.054728] ? parse_options+0xe70/0xe70 [ 708.058934] mount_fs+0xa3/0x30c [ 708.062438] vfs_kern_mount.part.0+0x68/0x470 [ 708.067007] do_mount+0x113c/0x2f10 [ 708.070806] ? lock_acquire+0x170/0x3c0 [ 708.074820] ? check_preemption_disabled+0x41/0x280 [ 708.079880] ? copy_mount_string+0x40/0x40 [ 708.084148] ? copy_mount_options+0x59/0x380 [ 708.088622] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 708.093694] ? kmem_cache_alloc_trace+0x323/0x380 [ 708.098597] ? copy_mount_options+0x26f/0x380 [ 708.103129] ksys_mount+0xcf/0x130 [ 708.106736] __x64_sys_mount+0xba/0x150 [ 708.110793] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 708.115551] do_syscall_64+0xf9/0x620 [ 708.119606] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.124876] RIP: 0033:0x460c6a [ 708.128116] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 708.147212] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 708.154994] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 708.162507] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 708.170042] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 708.177520] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 708.184853] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:31 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:31 executing program 2 (fault-call:0 fault-nth:1): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 708.248701] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 708.248701] 01:55:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xcc05000000000000}, 0x0) 01:55:31 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:31 executing program 3 (fault-call:0 fault-nth:42): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:31 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331040000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 708.380029] input: syz0 as /devices/virtual/input/input188 01:55:31 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xeffdffff00000000}, 0x0) [ 708.445766] FAULT_INJECTION: forcing a failure. [ 708.445766] name failslab, interval 1, probability 0, space 0, times 0 [ 708.475158] input: syz0 as /devices/virtual/input/input189 [ 708.509593] CPU: 1 PID: 20911 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 708.517661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.527687] Call Trace: [ 708.530385] dump_stack+0x1fc/0x2fe [ 708.531581] FAULT_INJECTION: forcing a failure. [ 708.531581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 708.534339] should_fail.cold+0xa/0x14 [ 708.534376] ? setup_fault_attr+0x200/0x200 [ 708.534401] ? lock_acquire+0x170/0x3c0 [ 708.534438] __should_failslab+0x115/0x180 [ 708.534476] should_failslab+0x5/0xf [ 708.534502] kmem_cache_alloc+0x277/0x370 [ 708.534523] ? shmem_destroy_callback+0xb0/0xb0 [ 708.534567] shmem_alloc_inode+0x18/0x40 [ 708.579904] ? shmem_destroy_callback+0xb0/0xb0 [ 708.584662] alloc_inode+0x5d/0x180 [ 708.588427] new_inode+0x1d/0xf0 [ 708.591881] shmem_get_inode+0x96/0x8d0 [ 708.595971] __shmem_file_setup.part.0+0x7a/0x2b0 [ 708.600938] shmem_file_setup+0x61/0x90 [ 708.605011] __se_sys_memfd_create+0x26b/0x440 [ 708.609681] ? memfd_file_seals_ptr+0x150/0x150 [ 708.614537] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 708.620028] ? trace_hardirqs_off_caller+0x6e/0x210 [ 708.625169] ? do_syscall_64+0x21/0x620 [ 708.629280] do_syscall_64+0xf9/0x620 [ 708.633219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.638509] RIP: 0033:0x45e219 [ 708.641810] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 708.660949] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 708.668766] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 708.676417] RDX: 0000000020000230 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 708.684109] RBP: 0000000000016400 R08: 0000000020000230 R09: 0000000000000000 [ 708.691479] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000002 [ 708.699089] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 708.718502] CPU: 1 PID: 20923 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 708.726519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 708.735905] Call Trace: [ 708.738536] dump_stack+0x1fc/0x2fe [ 708.742188] should_fail.cold+0xa/0x14 [ 708.746220] ? lock_acquire+0x170/0x3c0 [ 708.750227] ? setup_fault_attr+0x200/0x200 [ 708.754581] __alloc_pages_nodemask+0x239/0x2890 [ 708.759352] ? pcpu_alloc+0x91f/0x1190 [ 708.763294] ? mark_held_locks+0xf0/0xf0 01:55:31 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331050000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 708.767397] ? pcpu_alloc+0xe78/0x1190 [ 708.771377] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 708.776324] ? check_preemption_disabled+0x41/0x280 [ 708.781519] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 708.786682] ? pcpu_alloc+0xc9/0x1190 [ 708.791002] alloc_pages_current+0x193/0x2a0 [ 708.795631] ? __lockdep_init_map+0x100/0x5a0 [ 708.800250] get_zeroed_page+0x10/0x40 [ 708.804386] mount_fs+0x203/0x30c [ 708.807960] vfs_kern_mount.part.0+0x68/0x470 [ 708.812550] do_mount+0x113c/0x2f10 [ 708.816306] ? do_raw_spin_unlock+0x171/0x230 [ 708.820889] ? check_preemption_disabled+0x41/0x280 [ 708.826163] ? copy_mount_string+0x40/0x40 [ 708.830596] ? copy_mount_options+0x59/0x380 [ 708.835129] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 708.840376] ? kmem_cache_alloc_trace+0x323/0x380 [ 708.845316] ? copy_mount_options+0x26f/0x380 [ 708.850191] ksys_mount+0xcf/0x130 [ 708.854023] __x64_sys_mount+0xba/0x150 [ 708.858136] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 708.862852] do_syscall_64+0xf9/0x620 01:55:31 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331070000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 708.866856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 708.872163] RIP: 0033:0x460c6a [ 708.875443] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 708.894489] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 708.902302] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 708.909666] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 708.917021] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 708.924373] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 708.932766] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 708.952056] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 708.952056] 01:55:32 executing program 2 (fault-call:0 fault-nth:2): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:32 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:32 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xffffff7f00000000}, 0x0) [ 709.026881] FAULT_INJECTION: forcing a failure. [ 709.026881] name failslab, interval 1, probability 0, space 0, times 0 [ 709.055460] CPU: 1 PID: 20947 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 709.063819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 709.073859] Call Trace: [ 709.076555] dump_stack+0x1fc/0x2fe [ 709.080306] should_fail.cold+0xa/0x14 [ 709.084334] ? setup_fault_attr+0x200/0x200 [ 709.088821] ? lock_acquire+0x170/0x3c0 [ 709.093004] __should_failslab+0x115/0x180 [ 709.097352] should_failslab+0x5/0xf [ 709.101208] kmem_cache_alloc+0x277/0x370 [ 709.105780] __d_alloc+0x2b/0xa10 [ 709.109367] d_alloc_pseudo+0x19/0x70 [ 709.113553] alloc_file_pseudo+0xc6/0x250 [ 709.117828] ? alloc_file+0x4d0/0x4d0 [ 709.121754] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 709.127776] ? shmem_get_inode+0x44c/0x8d0 [ 709.132139] __shmem_file_setup.part.0+0x102/0x2b0 [ 709.137165] shmem_file_setup+0x61/0x90 [ 709.141163] __se_sys_memfd_create+0x26b/0x440 [ 709.145764] ? memfd_file_seals_ptr+0x150/0x150 [ 709.150451] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 709.155842] ? trace_hardirqs_off_caller+0x6e/0x210 [ 709.160877] ? do_syscall_64+0x21/0x620 [ 709.165014] do_syscall_64+0xf9/0x620 [ 709.168846] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.174038] RIP: 0033:0x45e219 [ 709.177251] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 709.196184] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 709.204102] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 709.211428] RDX: 0000000020000230 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 709.219041] RBP: 0000000000016400 R08: 0000000020000230 R09: 0000000000000000 01:55:32 executing program 3 (fault-call:0 fault-nth:43): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 709.226370] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000002 [ 709.233683] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:32 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 709.271108] input: syz0 as /devices/virtual/input/input190 [ 709.309058] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 709.309058] 01:55:32 executing program 2 (fault-call:0 fault-nth:3): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 709.359566] input: syz0 as /devices/virtual/input/input191 [ 709.383273] FAULT_INJECTION: forcing a failure. [ 709.383273] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 709.395266] CPU: 1 PID: 20967 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 01:55:32 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:32 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331080000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 709.403226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 709.412645] Call Trace: [ 709.415491] dump_stack+0x1fc/0x2fe [ 709.419244] should_fail.cold+0xa/0x14 [ 709.423248] ? setup_fault_attr+0x200/0x200 [ 709.427680] ? get_page_from_freelist+0x1d60/0x4170 [ 709.432824] ? bad_range+0x260/0x3c0 [ 709.436656] __alloc_pages_nodemask+0x239/0x2890 [ 709.441527] ? kernel_poison_pages+0x2c/0x2a0 [ 709.446492] ? get_page_from_freelist+0x1d01/0x4170 [ 709.451602] ? preempt_count_add+0xaf/0x190 [ 709.455992] ? __lock_acquire+0x6de/0x3ff0 [ 709.460259] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 709.465116] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.470509] ? should_fail+0x142/0x7b0 [ 709.474418] ? lock_acquire+0x170/0x3c0 [ 709.478428] ? check_preemption_disabled+0x41/0x280 [ 709.483471] cache_grow_begin+0xa4/0x8a0 [ 709.487556] ? setup_fault_attr+0x200/0x200 [ 709.491898] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 709.496875] cache_alloc_refill+0x273/0x340 [ 709.501316] kmem_cache_alloc+0x346/0x370 [ 709.505657] getname_kernel+0x4e/0x370 [ 709.509676] kern_path+0x1b/0x40 [ 709.513179] lookup_bdev+0xfc/0x220 [ 709.516900] ? bd_acquire+0x440/0x440 [ 709.520819] blkdev_get_by_path+0x1b/0xd0 [ 709.525275] mount_bdev+0x5b/0x3b0 [ 709.528923] ? parse_options+0xe70/0xe70 [ 709.533072] mount_fs+0xa3/0x30c [ 709.536537] vfs_kern_mount.part.0+0x68/0x470 [ 709.541161] do_mount+0x113c/0x2f10 [ 709.544897] ? do_raw_spin_unlock+0x171/0x230 [ 709.549537] ? check_preemption_disabled+0x41/0x280 [ 709.555150] ? copy_mount_string+0x40/0x40 [ 709.559599] ? copy_mount_options+0x59/0x380 [ 709.564106] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 709.569211] ? kmem_cache_alloc_trace+0x323/0x380 [ 709.574152] ? copy_mount_options+0x26f/0x380 [ 709.579197] ksys_mount+0xcf/0x130 [ 709.579479] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 709.579479] [ 709.582815] __x64_sys_mount+0xba/0x150 [ 709.582837] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 709.582857] do_syscall_64+0xf9/0x620 [ 709.582876] entry_SYSCALL_64_after_hwframe+0x49/0xbe 01:55:32 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310f0000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 709.582891] RIP: 0033:0x460c6a [ 709.582941] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 709.631539] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 709.639351] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 709.646703] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 01:55:32 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0) [ 709.654109] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 709.661449] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 709.668792] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:32 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x3}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 709.735927] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 709.735927] [ 709.750561] FAULT_INJECTION: forcing a failure. [ 709.750561] name failslab, interval 1, probability 0, space 0, times 0 [ 709.807307] CPU: 0 PID: 20976 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 709.815362] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 709.824807] Call Trace: [ 709.827522] dump_stack+0x1fc/0x2fe [ 709.831260] should_fail.cold+0xa/0x14 [ 709.835447] ? setup_fault_attr+0x200/0x200 [ 709.839860] ? lock_acquire+0x170/0x3c0 [ 709.843922] __should_failslab+0x115/0x180 [ 709.843999] input: syz0 as /devices/virtual/input/input192 [ 709.848303] should_failslab+0x5/0xf [ 709.848325] kmem_cache_alloc+0x277/0x370 [ 709.848361] __alloc_file+0x21/0x330 [ 709.848379] alloc_empty_file+0x6d/0x170 [ 709.848393] alloc_file+0x5e/0x4d0 [ 709.848410] alloc_file_pseudo+0x165/0x250 [ 709.848422] ? alloc_file+0x4d0/0x4d0 [ 709.848450] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 709.848466] ? shmem_get_inode+0x44c/0x8d0 [ 709.848481] __shmem_file_setup.part.0+0x102/0x2b0 [ 709.848502] shmem_file_setup+0x61/0x90 [ 709.900700] __se_sys_memfd_create+0x26b/0x440 [ 709.905392] ? memfd_file_seals_ptr+0x150/0x150 [ 709.910449] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 709.916136] ? trace_hardirqs_off_caller+0x6e/0x210 [ 709.921228] ? do_syscall_64+0x21/0x620 [ 709.925565] do_syscall_64+0xf9/0x620 [ 709.929498] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 709.934751] RIP: 0033:0x45e219 [ 709.937967] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:55:33 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331000300006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:33 executing program 3 (fault-call:0 fault-nth:44): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 709.957013] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 709.964799] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 709.972298] RDX: 0000000020000230 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 709.979868] RBP: 0000000000016400 R08: 0000000020000230 R09: 0000000000000000 [ 709.987221] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000002 [ 709.994670] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:33 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4640f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 710.054253] input: syz0 as /devices/virtual/input/input193 01:55:33 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x0) 01:55:33 executing program 2 (fault-call:0 fault-nth:4): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 710.151144] FAULT_INJECTION: forcing a failure. [ 710.151144] name failslab, interval 1, probability 0, space 0, times 0 [ 710.179455] CPU: 1 PID: 21020 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 710.187553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.196997] Call Trace: 01:55:33 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x4}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 710.199782] dump_stack+0x1fc/0x2fe [ 710.203514] should_fail.cold+0xa/0x14 [ 710.207538] ? setup_fault_attr+0x200/0x200 [ 710.212002] ? lock_acquire+0x170/0x3c0 [ 710.216332] __should_failslab+0x115/0x180 [ 710.220606] should_failslab+0x5/0xf [ 710.224572] kmem_cache_alloc+0x277/0x370 [ 710.228834] getname_kernel+0x4e/0x370 [ 710.232821] kern_path+0x1b/0x40 [ 710.236302] lookup_bdev+0xfc/0x220 [ 710.240034] ? bd_acquire+0x440/0x440 [ 710.243980] blkdev_get_by_path+0x1b/0xd0 01:55:33 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653314c2912006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 710.248298] mount_bdev+0x5b/0x3b0 [ 710.252106] ? parse_options+0xe70/0xe70 [ 710.256306] mount_fs+0xa3/0x30c [ 710.259765] vfs_kern_mount.part.0+0x68/0x470 [ 710.264361] do_mount+0x113c/0x2f10 [ 710.268055] ? lock_acquire+0x170/0x3c0 [ 710.272071] ? check_preemption_disabled+0x41/0x280 [ 710.277302] ? copy_mount_string+0x40/0x40 [ 710.281670] ? copy_mount_options+0x59/0x380 [ 710.286208] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 710.291351] ? kmem_cache_alloc_trace+0x323/0x380 [ 710.296316] ? copy_mount_options+0x26f/0x380 [ 710.300932] ksys_mount+0xcf/0x130 [ 710.304591] __x64_sys_mount+0xba/0x150 [ 710.308664] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 710.313313] do_syscall_64+0xf9/0x620 [ 710.317204] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 710.322514] RIP: 0033:0x460c6a [ 710.325807] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 710.344788] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 710.352595] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 710.359937] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 710.367274] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 710.372812] input: syz0 as /devices/virtual/input/input194 [ 710.374591] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 710.374604] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:33 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xe}, 0x0) [ 710.484026] input: syz0 as /devices/virtual/input/input195 [ 710.490328] FAULT_INJECTION: forcing a failure. [ 710.490328] name failslab, interval 1, probability 0, space 0, times 0 [ 710.501828] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 710.501828] 01:55:33 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653311fffffff6076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 710.533677] CPU: 1 PID: 21043 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 710.541650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 710.551052] Call Trace: [ 710.553686] dump_stack+0x1fc/0x2fe [ 710.557377] should_fail.cold+0xa/0x14 [ 710.561334] ? setup_fault_attr+0x200/0x200 [ 710.565725] ? lock_acquire+0x170/0x3c0 [ 710.569912] __should_failslab+0x115/0x180 [ 710.574262] should_failslab+0x5/0xf [ 710.578094] kmem_cache_alloc_trace+0x284/0x380 [ 710.582868] apparmor_file_alloc_security+0x394/0xad0 [ 710.588180] ? apparmor_file_receive+0x160/0x160 [ 710.593044] ? __alloc_file+0x21/0x330 [ 710.597038] security_file_alloc+0x40/0x90 [ 710.601378] __alloc_file+0xc9/0x330 [ 710.605196] alloc_empty_file+0x6d/0x170 [ 710.609370] alloc_file+0x5e/0x4d0 [ 710.613028] alloc_file_pseudo+0x165/0x250 [ 710.617349] ? alloc_file+0x4d0/0x4d0 [ 710.621255] ? lockdep_annotate_inode_mutex_key+0x43/0x130 [ 710.627030] ? shmem_get_inode+0x44c/0x8d0 [ 710.631355] __shmem_file_setup.part.0+0x102/0x2b0 [ 710.636378] shmem_file_setup+0x61/0x90 [ 710.640443] __se_sys_memfd_create+0x26b/0x440 [ 710.645146] ? memfd_file_seals_ptr+0x150/0x150 [ 710.650010] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 710.655517] ? trace_hardirqs_off_caller+0x6e/0x210 [ 710.660629] ? do_syscall_64+0x21/0x620 [ 710.664718] do_syscall_64+0xf9/0x620 [ 710.668652] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 710.673940] RIP: 0033:0x45e219 01:55:33 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010200006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 710.677223] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 710.696249] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 710.704036] RAX: ffffffffffffffda RBX: 0000000020000200 RCX: 000000000045e219 [ 710.711338] RDX: 0000000020000230 RSI: 0000000000000000 RDI: 00000000004c2c87 [ 710.718652] RBP: 0000000000016400 R08: 0000000020000230 R09: 0000000000000000 [ 710.726020] R10: fe03f80fe03f80ff R11: 0000000000000246 R12: 0000000000000002 01:55:33 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x5}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 710.733596] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 710.742410] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 710.742410] 01:55:33 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x0) 01:55:33 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46410010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 710.808599] input: syz0 as /devices/virtual/input/input196 [ 710.847553] input: syz0 as /devices/virtual/input/input197 01:55:33 executing program 3 (fault-call:0 fault-nth:45): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:33 executing program 2 (fault-call:0 fault-nth:5): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:33 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:34 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x60}, 0x0) 01:55:34 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010300006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 711.061177] input: syz0 as /devices/virtual/input/input198 [ 711.073072] FAULT_INJECTION: forcing a failure. [ 711.073072] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 711.078750] FAULT_INJECTION: forcing a failure. [ 711.078750] name failslab, interval 1, probability 0, space 0, times 0 [ 711.099126] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 711.099126] [ 711.108290] CPU: 1 PID: 21092 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 711.116291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.125809] Call Trace: [ 711.128428] dump_stack+0x1fc/0x2fe [ 711.132096] should_fail.cold+0xa/0x14 [ 711.135999] ? setup_fault_attr+0x200/0x200 [ 711.140336] ? lock_acquire+0x170/0x3c0 [ 711.144328] __should_failslab+0x115/0x180 [ 711.148571] should_failslab+0x5/0xf [ 711.152308] __kmalloc+0x2ab/0x3c0 [ 711.155868] ? prealloc_shrinker+0x15d/0x340 [ 711.160290] prealloc_shrinker+0x15d/0x340 [ 711.164540] sget_userns+0x7b4/0xcd0 [ 711.168370] ? set_bdev_super+0x110/0x110 [ 711.172560] ? ns_test_super+0x50/0x50 [ 711.176458] ? set_bdev_super+0x110/0x110 [ 711.180607] ? ns_test_super+0x50/0x50 [ 711.184522] sget+0x102/0x140 [ 711.187640] mount_bdev+0xf8/0x3b0 [ 711.191192] ? parse_options+0xe70/0xe70 [ 711.195478] mount_fs+0xa3/0x30c [ 711.198926] vfs_kern_mount.part.0+0x68/0x470 [ 711.203515] do_mount+0x113c/0x2f10 [ 711.207260] ? lock_acquire+0x170/0x3c0 [ 711.211516] ? check_preemption_disabled+0x41/0x280 [ 711.216645] ? copy_mount_string+0x40/0x40 [ 711.220952] ? copy_mount_options+0x59/0x380 [ 711.225452] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 711.230572] ? kmem_cache_alloc_trace+0x323/0x380 [ 711.235523] ? copy_mount_options+0x26f/0x380 [ 711.240116] ksys_mount+0xcf/0x130 [ 711.243739] __x64_sys_mount+0xba/0x150 [ 711.247825] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 711.252504] do_syscall_64+0xf9/0x620 [ 711.256422] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.261684] RIP: 0033:0x460c6a [ 711.264949] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 711.284216] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 711.292032] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 711.299347] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 711.306663] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 711.314009] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 711.321366] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 711.349218] CPU: 1 PID: 21094 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 711.357336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.366754] Call Trace: [ 711.369407] dump_stack+0x1fc/0x2fe [ 711.373188] should_fail.cold+0xa/0x14 [ 711.377295] ? lock_acquire+0x170/0x3c0 [ 711.381378] ? setup_fault_attr+0x200/0x200 [ 711.385808] __alloc_pages_nodemask+0x239/0x2890 [ 711.390654] ? __lock_acquire+0x6de/0x3ff0 [ 711.395003] ? static_obj+0x50/0x50 [ 711.398755] ? __lock_acquire+0x6de/0x3ff0 [ 711.403071] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 711.408003] ? __lock_acquire+0x6de/0x3ff0 01:55:34 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46411010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 711.412324] ? deref_stack_reg+0x134/0x1d0 [ 711.416674] ? mark_held_locks+0xf0/0xf0 [ 711.420818] ? mark_held_locks+0xf0/0xf0 [ 711.424981] ? unwind_next_frame+0x10a9/0x1c60 [ 711.429754] alloc_pages_vma+0xf2/0x780 [ 711.433834] shmem_alloc_page+0x11c/0x1f0 [ 711.438357] ? shmem_swapin+0x220/0x220 [ 711.442447] ? percpu_counter_add_batch+0x126/0x180 [ 711.447579] ? __vm_enough_memory+0x316/0x650 [ 711.452168] shmem_alloc_and_acct_page+0x15a/0x850 [ 711.457197] shmem_getpage_gfp+0x4e9/0x37f0 01:55:34 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010400006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:34 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x5c8}, 0x0) [ 711.461626] ? shmem_alloc_and_acct_page+0x850/0x850 [ 711.466832] ? mark_held_locks+0xa6/0xf0 [ 711.470967] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 711.476282] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 711.481594] shmem_write_begin+0xff/0x1e0 [ 711.485834] generic_perform_write+0x1f8/0x4d0 [ 711.490514] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 711.496271] ? current_time+0x1c0/0x1c0 [ 711.500347] ? lock_acquire+0x170/0x3c0 [ 711.504508] __generic_file_write_iter+0x24b/0x610 [ 711.509569] generic_file_write_iter+0x3f8/0x729 [ 711.514476] __vfs_write+0x51b/0x770 [ 711.518287] ? kernel_read+0x110/0x110 [ 711.522398] ? check_preemption_disabled+0x41/0x280 [ 711.527527] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 711.532672] vfs_write+0x1f3/0x540 [ 711.536289] __x64_sys_pwrite64+0x1f7/0x250 [ 711.540708] ? ksys_pwrite64+0x1a0/0x1a0 [ 711.544995] ? trace_hardirqs_off_caller+0x6e/0x210 [ 711.550173] ? do_syscall_64+0x21/0x620 [ 711.554250] do_syscall_64+0xf9/0x620 [ 711.558149] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 711.563407] RIP: 0033:0x417d77 [ 711.566682] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 07 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 4d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 711.585651] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 711.593433] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417d77 [ 711.600789] RDX: 0000000000000015 RSI: 0000000020010000 RDI: 0000000000000004 [ 711.608133] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 711.615459] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000002 [ 711.623112] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210 [ 711.637435] input: syz0 as /devices/virtual/input/input199 01:55:34 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010600006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:34 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x5cc}, 0x0) 01:55:34 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:34 executing program 3 (fault-call:0 fault-nth:46): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:34 executing program 2 (fault-call:0 fault-nth:6): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 711.806797] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 711.806797] 01:55:34 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010700006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 711.909943] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 711.909943] [ 711.967279] FAULT_INJECTION: forcing a failure. [ 711.967279] name failslab, interval 1, probability 0, space 0, times 0 [ 711.972698] input: syz0 as /devices/virtual/input/input200 [ 711.978674] CPU: 1 PID: 21145 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 711.978689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 711.978701] Call Trace: [ 711.978771] dump_stack+0x1fc/0x2fe [ 711.978807] should_fail.cold+0xa/0x14 [ 711.978829] ? setup_fault_attr+0x200/0x200 [ 711.978859] ? __lock_acquire+0x6de/0x3ff0 [ 711.978896] __should_failslab+0x115/0x180 [ 711.978935] should_failslab+0x5/0xf [ 711.978957] kmem_cache_alloc+0x3f/0x370 [ 711.979008] radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 712.039268] __radix_tree_create+0x314/0x540 [ 712.043826] __radix_tree_insert+0xbb/0x5f0 [ 712.048289] ? __radix_tree_create+0x540/0x540 [ 712.052963] ? lock_acquire+0x170/0x3c0 [ 712.057038] ? shmem_add_to_page_cache+0x306/0xbb0 [ 712.062132] shmem_add_to_page_cache+0x616/0xbb0 [ 712.067009] ? shmem_recalc_inode+0x310/0x310 [ 712.071600] ? __radix_tree_preload+0x1fe/0x280 [ 712.076371] shmem_getpage_gfp+0x2004/0x37f0 [ 712.080937] ? shmem_alloc_and_acct_page+0x850/0x850 [ 712.086177] ? mark_held_locks+0xa6/0xf0 [ 712.090532] ? ktime_get_coarse_real_ts64+0x1c7/0x290 [ 712.095932] ? iov_iter_fault_in_readable+0x1fc/0x3f0 [ 712.101375] shmem_write_begin+0xff/0x1e0 [ 712.105641] generic_perform_write+0x1f8/0x4d0 [ 712.110376] ? filemap_page_mkwrite+0x2f0/0x2f0 [ 712.115177] ? current_time+0x1c0/0x1c0 [ 712.119266] ? lock_acquire+0x170/0x3c0 [ 712.123361] __generic_file_write_iter+0x24b/0x610 [ 712.129411] generic_file_write_iter+0x3f8/0x729 [ 712.134308] __vfs_write+0x51b/0x770 [ 712.138167] ? kernel_read+0x110/0x110 [ 712.142192] ? check_preemption_disabled+0x41/0x280 [ 712.147554] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 712.152816] vfs_write+0x1f3/0x540 [ 712.156594] __x64_sys_pwrite64+0x1f7/0x250 [ 712.161037] ? ksys_pwrite64+0x1a0/0x1a0 [ 712.165291] ? trace_hardirqs_off_caller+0x6e/0x210 [ 712.170452] ? do_syscall_64+0x21/0x620 [ 712.174537] do_syscall_64+0xf9/0x620 [ 712.178644] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 712.183964] RIP: 0033:0x417d77 [ 712.187290] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 07 fa ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 4d fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 712.206921] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 01:55:35 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xe00}, 0x0) 01:55:35 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46412010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 712.215306] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000417d77 [ 712.223194] RDX: 0000000000000015 RSI: 0000000020010000 RDI: 0000000000000004 [ 712.230654] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 712.238159] R10: 0000000000008000 R11: 0000000000000293 R12: 0000000000000002 [ 712.245968] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000210 [ 712.310921] FAULT_INJECTION: forcing a failure. [ 712.310921] name failslab, interval 1, probability 0, space 0, times 0 [ 712.314958] input: syz0 as /devices/virtual/input/input201 [ 712.355900] attempt to access beyond end of device [ 712.360931] loop2: rw=0, want=184, limit=178 [ 712.373004] CPU: 1 PID: 21149 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 712.381214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.381652] metapage_read_end_io: I/O error [ 712.390875] Call Trace: [ 712.391242] dump_stack+0x1fc/0x2fe [ 712.391299] should_fail.cold+0xa/0x14 [ 712.406021] ? setup_fault_attr+0x200/0x200 [ 712.410815] ? lock_acquire+0x170/0x3c0 [ 712.414974] __should_failslab+0x115/0x180 [ 712.419365] should_failslab+0x5/0xf [ 712.423283] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 712.428629] __kmalloc_node+0x38/0x70 [ 712.433934] kvmalloc_node+0x61/0xf0 [ 712.437742] __list_lru_init+0x4c6/0x7f0 [ 712.441881] ? up_read+0x103/0x110 [ 712.445609] sget_userns+0x7e2/0xcd0 [ 712.449404] ? set_bdev_super+0x110/0x110 [ 712.453742] ? ns_test_super+0x50/0x50 [ 712.457859] ? set_bdev_super+0x110/0x110 [ 712.462146] ? ns_test_super+0x50/0x50 [ 712.466137] sget+0x102/0x140 [ 712.469371] mount_bdev+0xf8/0x3b0 [ 712.473090] ? parse_options+0xe70/0xe70 [ 712.477246] mount_fs+0xa3/0x30c [ 712.480816] vfs_kern_mount.part.0+0x68/0x470 [ 712.485824] do_mount+0x113c/0x2f10 [ 712.489803] ? lock_acquire+0x170/0x3c0 [ 712.493863] ? check_preemption_disabled+0x41/0x280 [ 712.498976] ? copy_mount_string+0x40/0x40 [ 712.503588] ? copy_mount_options+0x59/0x380 [ 712.508044] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 712.513176] ? kmem_cache_alloc_trace+0x323/0x380 [ 712.518161] ? copy_mount_options+0x26f/0x380 [ 712.522829] ksys_mount+0xcf/0x130 [ 712.526481] __x64_sys_mount+0xba/0x150 [ 712.530553] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 712.535224] do_syscall_64+0xf9/0x620 [ 712.539133] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 712.544461] RIP: 0033:0x460c6a [ 712.547897] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 712.567042] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 712.574961] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 712.582452] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 712.589971] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 712.597312] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 01:55:35 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010800006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:35 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1100}, 0x0) [ 712.605212] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:35 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x11}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:35 executing program 2 (fault-call:0 fault-nth:7): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:35 executing program 3 (fault-call:0 fault-nth:47): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 712.714996] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 712.714996] 01:55:35 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6000}, 0x0) [ 712.819909] FAULT_INJECTION: forcing a failure. [ 712.819909] name failslab, interval 1, probability 0, space 0, times 0 [ 712.829388] input: syz0 as /devices/virtual/input/input202 [ 712.857108] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 712.857108] [ 712.873373] CPU: 0 PID: 21186 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 712.881503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 712.891094] Call Trace: [ 712.893799] dump_stack+0x1fc/0x2fe [ 712.897562] should_fail.cold+0xa/0x14 [ 712.901539] ? setup_fault_attr+0x200/0x200 [ 712.906037] ? lock_acquire+0x170/0x3c0 [ 712.910141] __should_failslab+0x115/0x180 [ 712.914488] should_failslab+0x5/0xf [ 712.918331] kmem_cache_alloc+0x277/0x370 [ 712.922603] getname_flags+0xce/0x590 [ 712.926787] do_sys_open+0x26c/0x520 [ 712.930585] ? filp_open+0x70/0x70 [ 712.934238] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 712.940046] ? trace_hardirqs_off_caller+0x6e/0x210 [ 712.945255] ? do_syscall_64+0x21/0x620 [ 712.949290] do_syscall_64+0xf9/0x620 [ 712.953179] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 712.958441] RIP: 0033:0x417d11 [ 712.961669] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 712.980766] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 712.988783] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000417d11 [ 712.996312] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f5fada0cad0 [ 713.003710] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 713.011268] R10: 000000000000b200 R11: 0000000000000293 R12: 0000000000000002 01:55:36 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010003006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 713.019007] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:36 executing program 2 (fault-call:0 fault-nth:8): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:36 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46413010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 713.057667] input: syz0 as /devices/virtual/input/input203 [ 713.088307] FAULT_INJECTION: forcing a failure. [ 713.088307] name failslab, interval 1, probability 0, space 0, times 0 01:55:36 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xc805}, 0x0) [ 713.136836] FAULT_INJECTION: forcing a failure. [ 713.136836] name failslab, interval 1, probability 0, space 0, times 0 [ 713.181147] CPU: 0 PID: 21197 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 713.189454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.199023] Call Trace: [ 713.201790] dump_stack+0x1fc/0x2fe [ 713.205655] should_fail.cold+0xa/0x14 [ 713.209630] ? setup_fault_attr+0x200/0x200 [ 713.214335] ? lock_acquire+0x170/0x3c0 [ 713.218429] __should_failslab+0x115/0x180 [ 713.222851] should_failslab+0x5/0xf [ 713.226681] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 713.231870] __kmalloc_node+0x38/0x70 [ 713.235779] kvmalloc_node+0x61/0xf0 [ 713.239636] __list_lru_init+0x4c6/0x7f0 [ 713.243846] ? up_read+0x103/0x110 [ 713.247556] sget_userns+0x7e2/0xcd0 [ 713.251566] ? set_bdev_super+0x110/0x110 [ 713.256139] ? ns_test_super+0x50/0x50 [ 713.260368] ? set_bdev_super+0x110/0x110 [ 713.264753] ? ns_test_super+0x50/0x50 [ 713.269976] sget+0x102/0x140 [ 713.273304] mount_bdev+0xf8/0x3b0 [ 713.276949] ? parse_options+0xe70/0xe70 [ 713.281141] mount_fs+0xa3/0x30c [ 713.284579] vfs_kern_mount.part.0+0x68/0x470 [ 713.289220] do_mount+0x113c/0x2f10 [ 713.292983] ? lock_acquire+0x170/0x3c0 [ 713.297036] ? check_preemption_disabled+0x41/0x280 [ 713.302234] ? copy_mount_string+0x40/0x40 [ 713.306627] ? copy_mount_options+0x59/0x380 [ 713.311160] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 713.316278] ? kmem_cache_alloc_trace+0x323/0x380 [ 713.323775] ? copy_mount_options+0x26f/0x380 [ 713.328361] ksys_mount+0xcf/0x130 [ 713.332003] __x64_sys_mount+0xba/0x150 [ 713.336045] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 713.340706] do_syscall_64+0xf9/0x620 [ 713.344605] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.349934] RIP: 0033:0x460c6a [ 713.353206] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 713.372810] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 713.380832] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 713.388312] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 713.395843] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 713.403154] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 713.410455] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 713.437436] CPU: 0 PID: 21214 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 713.445462] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 713.455106] Call Trace: [ 713.457861] dump_stack+0x1fc/0x2fe [ 713.463807] should_fail.cold+0xa/0x14 [ 713.468093] ? setup_fault_attr+0x200/0x200 [ 713.472649] ? lock_acquire+0x170/0x3c0 [ 713.476874] __should_failslab+0x115/0x180 [ 713.481302] should_failslab+0x5/0xf [ 713.485100] kmem_cache_alloc+0x277/0x370 [ 713.489582] __alloc_file+0x21/0x330 [ 713.493704] alloc_empty_file+0x6d/0x170 [ 713.498017] path_openat+0xe9/0x2df0 [ 713.501889] ? __lock_acquire+0x6de/0x3ff0 [ 713.506265] ? path_lookupat+0x8d0/0x8d0 [ 713.510458] ? mark_held_locks+0xf0/0xf0 [ 713.515688] ? mark_held_locks+0xf0/0xf0 [ 713.521301] do_filp_open+0x18c/0x3f0 [ 713.526644] ? may_open_dev+0xf0/0xf0 [ 713.530713] ? __alloc_fd+0x28d/0x570 [ 713.534668] ? lock_downgrade+0x720/0x720 [ 713.539170] ? lock_acquire+0x170/0x3c0 [ 713.543200] ? __alloc_fd+0x34/0x570 [ 713.546951] ? do_raw_spin_unlock+0x171/0x230 [ 713.551480] ? _raw_spin_unlock+0x29/0x40 [ 713.555729] ? __alloc_fd+0x28d/0x570 [ 713.559567] do_sys_open+0x3b3/0x520 [ 713.563289] ? filp_open+0x70/0x70 [ 713.566841] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 713.572234] ? trace_hardirqs_off_caller+0x6e/0x210 [ 713.578944] ? do_syscall_64+0x21/0x620 [ 713.583026] do_syscall_64+0xf9/0x620 [ 713.586995] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 713.592351] RIP: 0033:0x417d11 [ 713.595653] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 713.614601] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 713.622499] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000417d11 [ 713.629862] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f5fada0cad0 01:55:36 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010006006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:36 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x12}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 713.637234] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 713.644628] R10: 000000000000b200 R11: 0000000000000293 R12: 0000000000000002 [ 713.651993] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:36 executing program 3 (fault-call:0 fault-nth:48): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:36 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xcc05}, 0x0) [ 713.769573] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 713.769573] 01:55:36 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010007006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 713.845692] input: syz0 as /devices/virtual/input/input204 01:55:36 executing program 2 (fault-call:0 fault-nth:9): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 713.923592] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 713.923592] [ 713.936748] input: syz0 as /devices/virtual/input/input205 01:55:36 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x34000}, 0x0) 01:55:37 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101003f006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46414010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x14}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 714.165284] FAULT_INJECTION: forcing a failure. [ 714.165284] name failslab, interval 1, probability 0, space 0, times 0 [ 714.176901] FAULT_INJECTION: forcing a failure. [ 714.176901] name failslab, interval 1, probability 0, space 0, times 0 [ 714.176947] CPU: 1 PID: 21262 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 714.176959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.176968] Call Trace: [ 714.177013] dump_stack+0x1fc/0x2fe [ 714.177073] should_fail.cold+0xa/0x14 [ 714.177129] ? setup_fault_attr+0x200/0x200 [ 714.221073] ? lock_acquire+0x170/0x3c0 [ 714.225291] __should_failslab+0x115/0x180 [ 714.229674] should_failslab+0x5/0xf [ 714.233592] __kmalloc+0x2ab/0x3c0 [ 714.237229] ? __list_lru_init+0xd3/0x7f0 [ 714.241467] __list_lru_init+0xd3/0x7f0 [ 714.245633] ? up_write+0x18/0x150 [ 714.249320] sget_userns+0x7e2/0xcd0 [ 714.253155] ? set_bdev_super+0x110/0x110 [ 714.257387] ? ns_test_super+0x50/0x50 [ 714.261482] ? set_bdev_super+0x110/0x110 [ 714.265719] ? ns_test_super+0x50/0x50 [ 714.269685] sget+0x102/0x140 [ 714.272913] mount_bdev+0xf8/0x3b0 [ 714.276529] ? parse_options+0xe70/0xe70 [ 714.280818] mount_fs+0xa3/0x30c [ 714.284313] vfs_kern_mount.part.0+0x68/0x470 [ 714.288897] do_mount+0x113c/0x2f10 [ 714.292626] ? lock_acquire+0x170/0x3c0 [ 714.296717] ? check_preemption_disabled+0x41/0x280 [ 714.301863] ? copy_mount_string+0x40/0x40 [ 714.306240] ? copy_mount_options+0x59/0x380 [ 714.308159] input: syz0 as /devices/virtual/input/input206 [ 714.310772] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 714.310789] ? kmem_cache_alloc_trace+0x323/0x380 [ 714.310811] ? copy_mount_options+0x26f/0x380 [ 714.310829] ksys_mount+0xcf/0x130 [ 714.310847] __x64_sys_mount+0xba/0x150 [ 714.310877] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 714.343778] do_syscall_64+0xf9/0x620 [ 714.347659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.352960] RIP: 0033:0x460c6a [ 714.356236] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 714.376397] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 714.384962] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 714.392315] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 714.400393] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 714.402841] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt 01:55:37 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010002006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 714.402841] [ 714.407968] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 714.407981] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 714.445675] CPU: 0 PID: 21265 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 714.453991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.463484] Call Trace: [ 714.466178] dump_stack+0x1fc/0x2fe [ 714.469906] should_fail.cold+0xa/0x14 [ 714.473906] ? setup_fault_attr+0x200/0x200 [ 714.478520] ? lock_acquire+0x170/0x3c0 [ 714.482794] __should_failslab+0x115/0x180 [ 714.487662] should_failslab+0x5/0xf [ 714.491472] kmem_cache_alloc+0x277/0x370 [ 714.495836] __alloc_file+0x21/0x330 [ 714.499817] alloc_empty_file+0x6d/0x170 [ 714.504365] path_openat+0xe9/0x2df0 [ 714.508298] ? __lock_acquire+0x6de/0x3ff0 [ 714.512662] ? path_lookupat+0x8d0/0x8d0 [ 714.516822] ? mark_held_locks+0xf0/0xf0 [ 714.521150] do_filp_open+0x18c/0x3f0 [ 714.525202] ? may_open_dev+0xf0/0xf0 [ 714.529158] ? __alloc_fd+0x28d/0x570 [ 714.533081] ? lock_downgrade+0x720/0x720 [ 714.537334] ? lock_acquire+0x170/0x3c0 [ 714.541389] ? __alloc_fd+0x34/0x570 [ 714.545242] ? do_raw_spin_unlock+0x171/0x230 [ 714.550012] ? _raw_spin_unlock+0x29/0x40 [ 714.554341] ? __alloc_fd+0x28d/0x570 [ 714.558307] do_sys_open+0x3b3/0x520 [ 714.562094] ? filp_open+0x70/0x70 [ 714.565675] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 714.571167] ? trace_hardirqs_off_caller+0x6e/0x210 [ 714.576278] ? do_syscall_64+0x21/0x620 [ 714.580312] do_syscall_64+0xf9/0x620 [ 714.584185] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 714.589489] RIP: 0033:0x417d11 [ 714.592724] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 714.611809] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 714.619578] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000417d11 [ 714.626894] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f5fada0cad0 [ 714.634270] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 714.641705] R10: 000000000000b200 R11: 0000000000000293 R12: 0000000000000002 [ 714.649058] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:37 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x40000}, 0x0) [ 714.718038] input: syz0 as /devices/virtual/input/input207 [ 714.732398] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 714.732398] 01:55:37 executing program 2 (fault-call:0 fault-nth:10): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 3 (fault-call:0 fault-nth:49): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010003006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x15}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:37 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46415010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:37 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x400300}, 0x0) [ 714.913427] FAULT_INJECTION: forcing a failure. [ 714.913427] name failslab, interval 1, probability 0, space 0, times 0 [ 714.968859] CPU: 0 PID: 21307 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 714.977699] FAULT_INJECTION: forcing a failure. [ 714.977699] name failslab, interval 1, probability 0, space 0, times 0 [ 714.978016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 714.998910] Call Trace: [ 715.001586] dump_stack+0x1fc/0x2fe [ 715.005372] should_fail.cold+0xa/0x14 [ 715.009622] ? setup_fault_attr+0x200/0x200 [ 715.014408] ? lock_acquire+0x170/0x3c0 [ 715.018501] __should_failslab+0x115/0x180 [ 715.023549] should_failslab+0x5/0xf [ 715.027455] kmem_cache_alloc_trace+0x284/0x380 [ 715.032561] apparmor_file_alloc_security+0x394/0xad0 [ 715.038797] ? apparmor_file_receive+0x160/0x160 [ 715.043710] ? __alloc_file+0x21/0x330 [ 715.047774] security_file_alloc+0x40/0x90 [ 715.052103] __alloc_file+0xc9/0x330 [ 715.055968] alloc_empty_file+0x6d/0x170 [ 715.060506] path_openat+0xe9/0x2df0 [ 715.064561] ? __lock_acquire+0x6de/0x3ff0 [ 715.070708] ? path_lookupat+0x8d0/0x8d0 [ 715.075339] ? mark_held_locks+0xf0/0xf0 [ 715.079607] do_filp_open+0x18c/0x3f0 [ 715.083530] ? may_open_dev+0xf0/0xf0 [ 715.087426] ? __alloc_fd+0x28d/0x570 [ 715.091327] ? lock_downgrade+0x720/0x720 [ 715.095533] ? lock_acquire+0x170/0x3c0 [ 715.101691] ? __alloc_fd+0x34/0x570 [ 715.105564] ? do_raw_spin_unlock+0x171/0x230 [ 715.110110] ? _raw_spin_unlock+0x29/0x40 [ 715.114310] ? __alloc_fd+0x28d/0x570 [ 715.118166] do_sys_open+0x3b3/0x520 [ 715.122484] ? filp_open+0x70/0x70 [ 715.126165] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 715.131771] ? trace_hardirqs_off_caller+0x6e/0x210 [ 715.136982] ? do_syscall_64+0x21/0x620 [ 715.141168] do_syscall_64+0xf9/0x620 [ 715.146078] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 715.151461] RIP: 0033:0x417d11 [ 715.154799] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 6a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 b3 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 715.175491] RSP: 002b:00007f5fada0ca10 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 715.183306] RAX: ffffffffffffffda RBX: 0000000000000002 RCX: 0000000000417d11 [ 715.190660] RDX: 0000000000000000 RSI: 0000000000000002 RDI: 00007f5fada0cad0 [ 715.198037] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 715.206611] R10: 000000000000b200 R11: 0000000000000293 R12: 0000000000000002 [ 715.215388] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 715.222853] CPU: 1 PID: 21310 Comm: syz-executor.3 Not tainted 4.19.164-syzkaller #0 [ 715.232000] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.241419] Call Trace: [ 715.244048] dump_stack+0x1fc/0x2fe [ 715.247730] should_fail.cold+0xa/0x14 [ 715.251881] ? setup_fault_attr+0x200/0x200 [ 715.256228] ? lock_acquire+0x170/0x3c0 [ 715.260344] __should_failslab+0x115/0x180 [ 715.264750] should_failslab+0x5/0xf [ 715.268504] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 715.273637] __kmalloc_node+0x38/0x70 [ 715.277482] kvmalloc_node+0x61/0xf0 [ 715.281242] __list_lru_init+0x4c6/0x7f0 [ 715.285554] ? up_read+0x103/0x110 [ 715.289118] sget_userns+0x7e2/0xcd0 [ 715.292954] ? set_bdev_super+0x110/0x110 [ 715.297147] ? ns_test_super+0x50/0x50 [ 715.301162] ? set_bdev_super+0x110/0x110 [ 715.304486] input: syz0 as /devices/virtual/input/input208 [ 715.305347] ? ns_test_super+0x50/0x50 [ 715.315000] sget+0x102/0x140 [ 715.318131] mount_bdev+0xf8/0x3b0 [ 715.321695] ? parse_options+0xe70/0xe70 [ 715.325988] mount_fs+0xa3/0x30c [ 715.329468] vfs_kern_mount.part.0+0x68/0x470 [ 715.334079] do_mount+0x113c/0x2f10 [ 715.338072] ? lock_acquire+0x170/0x3c0 [ 715.342198] ? check_preemption_disabled+0x41/0x280 [ 715.347319] ? copy_mount_string+0x40/0x40 [ 715.351716] ? copy_mount_options+0x59/0x380 [ 715.356627] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 715.362040] ? kmem_cache_alloc_trace+0x323/0x380 [ 715.367146] ? copy_mount_options+0x26f/0x380 [ 715.371761] ksys_mount+0xcf/0x130 [ 715.375390] __x64_sys_mount+0xba/0x150 [ 715.379444] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 715.384174] do_syscall_64+0xf9/0x620 [ 715.388071] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 715.393358] RIP: 0033:0x460c6a [ 715.396618] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 01:55:38 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010004006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 715.415831] RSP: 002b:00007fb2ba6bea78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 715.423662] RAX: ffffffffffffffda RBX: 00007fb2ba6beb10 RCX: 0000000000460c6a [ 715.430985] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007fb2ba6bead0 [ 715.438464] RBP: 00007fb2ba6bead0 R08: 00007fb2ba6beb10 R09: 0000000020000000 [ 715.445925] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 715.453324] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:38 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x1000000}, 0x0) [ 715.473944] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 715.473944] [ 715.480764] input: syz0 as /devices/virtual/input/input209 01:55:38 executing program 2 (fault-call:0 fault-nth:11): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:38 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46416010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:38 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x16}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 715.736651] FAULT_INJECTION: forcing a failure. [ 715.736651] name failslab, interval 1, probability 0, space 0, times 0 [ 715.774707] CPU: 0 PID: 21343 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 715.782939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 715.792359] Call Trace: [ 715.795210] dump_stack+0x1fc/0x2fe [ 715.799385] should_fail.cold+0xa/0x14 [ 715.803397] ? setup_fault_attr+0x200/0x200 [ 715.807846] ? lock_acquire+0x170/0x3c0 [ 715.811999] __should_failslab+0x115/0x180 [ 715.816313] should_failslab+0x5/0xf [ 715.819369] input: syz0 as /devices/virtual/input/input210 [ 715.820074] kmem_cache_alloc_trace+0x284/0x380 [ 715.830559] ? loop_info64_to_compat+0x5e0/0x5e0 [ 715.835391] __kthread_create_on_node+0xd2/0x410 [ 715.840291] ? kthread_parkme+0xa0/0xa0 [ 715.844443] ? lo_ioctl+0x1bb/0x20e0 [ 715.848289] ? __mutex_lock+0x3a8/0x1260 [ 715.852758] ? lock_downgrade+0x720/0x720 [ 715.857041] ? loop_info64_to_compat+0x5e0/0x5e0 [ 715.862498] kthread_create_on_node+0xbb/0xf0 [ 715.867400] ? __kthread_create_on_node+0x410/0x410 [ 715.872937] ? __fget+0x356/0x510 [ 715.876798] ? do_dup2+0x450/0x450 [ 715.880621] ? __lockdep_init_map+0x100/0x5a0 [ 715.885190] ? __lockdep_init_map+0x100/0x5a0 [ 715.889781] lo_ioctl+0xae5/0x20e0 [ 715.893480] ? loop_set_status64+0x110/0x110 [ 715.898068] blkdev_ioctl+0x5cb/0x1a7e [ 715.902041] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 715.907599] ? blkpg_ioctl+0x9d0/0x9d0 [ 715.911670] ? mark_held_locks+0xf0/0xf0 [ 715.915832] ? mark_held_locks+0xf0/0xf0 [ 715.921651] ? debug_check_no_obj_freed+0x201/0x482 [ 715.926932] ? lock_downgrade+0x720/0x720 [ 715.931267] block_ioctl+0xe9/0x130 [ 715.935068] ? blkdev_fallocate+0x3f0/0x3f0 [ 715.939460] do_vfs_ioctl+0xcdb/0x12e0 [ 715.943759] ? lock_downgrade+0x720/0x720 [ 715.948197] ? check_preemption_disabled+0x41/0x280 [ 715.953415] ? ioctl_preallocate+0x200/0x200 [ 715.957957] ? __fget+0x356/0x510 [ 715.961525] ? do_dup2+0x450/0x450 [ 715.965176] ? do_sys_open+0x2bf/0x520 [ 715.969217] ksys_ioctl+0x9b/0xc0 [ 715.972733] __x64_sys_ioctl+0x6f/0xb0 [ 715.976677] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 715.981283] do_syscall_64+0xf9/0x620 [ 715.985144] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 715.990369] RIP: 0033:0x45e087 [ 715.993569] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 716.012643] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.020586] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 716.028019] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 01:55:39 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010006006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x4000000}, 0x0) [ 716.035418] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 716.042726] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 716.050043] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 716.079869] input: syz0 as /devices/virtual/input/input211 [ 716.136291] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 716.136291] 01:55:39 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 2 (fault-call:0 fault-nth:12): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010007006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x2f}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:39 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46417010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 716.319177] FAULT_INJECTION: forcing a failure. [ 716.319177] name failslab, interval 1, probability 0, space 0, times 0 [ 716.341535] CPU: 1 PID: 21372 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 716.349716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.359177] Call Trace: [ 716.361871] dump_stack+0x1fc/0x2fe [ 716.365606] should_fail.cold+0xa/0x14 [ 716.369582] ? setup_fault_attr+0x200/0x200 [ 716.373979] ? lock_acquire+0x170/0x3c0 [ 716.378076] __should_failslab+0x115/0x180 [ 716.382415] should_failslab+0x5/0xf [ 716.386244] kmem_cache_alloc+0x277/0x370 [ 716.390494] __kernfs_new_node+0xd2/0x680 [ 716.394780] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 716.399662] ? _raw_spin_unlock_irq+0x5a/0x80 [ 716.404253] ? __cpu_to_node+0x7b/0xa0 [ 716.408390] ? mark_held_locks+0xf0/0xf0 [ 716.412631] ? io_schedule_timeout+0x140/0x140 01:55:39 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x8000000}, 0x0) [ 716.416849] input: syz0 as /devices/virtual/input/input212 [ 716.417237] ? enqueue_entity+0xf86/0x3850 [ 716.417262] ? set_user_nice.part.0+0x3b9/0xab0 [ 716.432034] kernfs_create_dir_ns+0x9e/0x230 [ 716.436687] internal_create_group+0x1c1/0xb20 [ 716.441375] ? sysfs_remove_link_from_group+0x70/0x70 [ 716.446721] ? lock_downgrade+0x720/0x720 [ 716.451144] lo_ioctl+0xf7c/0x20e0 [ 716.454803] ? loop_set_status64+0x110/0x110 [ 716.459293] blkdev_ioctl+0x5cb/0x1a7e [ 716.463899] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.469622] ? blkpg_ioctl+0x9d0/0x9d0 [ 716.473739] ? mark_held_locks+0xf0/0xf0 [ 716.478009] ? mark_held_locks+0xf0/0xf0 [ 716.482265] ? debug_check_no_obj_freed+0x201/0x482 [ 716.487392] ? lock_downgrade+0x720/0x720 [ 716.491656] block_ioctl+0xe9/0x130 [ 716.495478] ? blkdev_fallocate+0x3f0/0x3f0 [ 716.500223] do_vfs_ioctl+0xcdb/0x12e0 [ 716.504314] ? lock_downgrade+0x720/0x720 [ 716.508546] ? check_preemption_disabled+0x41/0x280 [ 716.513684] ? ioctl_preallocate+0x200/0x200 [ 716.518290] ? __fget+0x356/0x510 [ 716.521855] ? do_dup2+0x450/0x450 [ 716.525671] ? do_sys_open+0x2bf/0x520 [ 716.529680] ksys_ioctl+0x9b/0xc0 [ 716.533461] __x64_sys_ioctl+0x6f/0xb0 [ 716.537573] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 716.542347] do_syscall_64+0xf9/0x620 [ 716.546254] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 716.551509] RIP: 0033:0x45e087 [ 716.554786] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 716.573794] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 716.581570] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 716.588875] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 716.596398] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 716.603938] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 716.611234] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 716.657133] attempt to access beyond end of device [ 716.669204] loop2: rw=0, want=184, limit=178 [ 716.685556] metapage_read_end_io: I/O error [ 716.692238] input: syz0 as /devices/virtual/input/input213 01:55:39 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010008006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 2 (fault-call:0 fault-nth:13): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:39 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xe000000}, 0x0) [ 716.796198] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 716.796198] 01:55:39 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x300}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 716.915565] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 716.915565] [ 716.931877] FAULT_INJECTION: forcing a failure. [ 716.931877] name failslab, interval 1, probability 0, space 0, times 0 01:55:39 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000036076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 716.960249] CPU: 1 PID: 21414 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 716.968243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 716.977674] Call Trace: [ 716.980330] dump_stack+0x1fc/0x2fe [ 716.982347] input: syz0 as /devices/virtual/input/input214 [ 716.983997] should_fail.cold+0xa/0x14 [ 716.984016] ? setup_fault_attr+0x200/0x200 [ 716.984032] ? lock_acquire+0x170/0x3c0 [ 716.984055] __should_failslab+0x115/0x180 [ 717.006426] should_failslab+0x5/0xf [ 717.010205] kmem_cache_alloc+0x277/0x370 [ 717.014455] __kernfs_new_node+0xd2/0x680 [ 717.018838] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 717.023650] ? kernfs_activate+0x2c/0x1d0 [ 717.027836] ? lock_downgrade+0x720/0x720 [ 717.032037] ? kernfs_add_one+0x51/0x4c0 [ 717.036169] ? __mutex_add_waiter+0x160/0x160 [ 717.040772] ? __mutex_unlock_slowpath+0xea/0x610 [ 717.045707] kernfs_new_node+0x92/0x120 [ 717.049790] __kernfs_create_file+0x51/0x33f [ 717.054409] sysfs_add_file_mode_ns+0x226/0x540 [ 717.059173] internal_create_group+0x355/0xb20 [ 717.063822] ? sysfs_remove_link_from_group+0x70/0x70 [ 717.069085] ? lock_downgrade+0x720/0x720 [ 717.073333] lo_ioctl+0xf7c/0x20e0 [ 717.076972] ? loop_set_status64+0x110/0x110 [ 717.081497] blkdev_ioctl+0x5cb/0x1a7e [ 717.085532] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.091085] ? blkpg_ioctl+0x9d0/0x9d0 [ 717.095155] ? mark_held_locks+0xf0/0xf0 [ 717.099324] ? mark_held_locks+0xf0/0xf0 [ 717.103493] ? debug_check_no_obj_freed+0x201/0x482 [ 717.108640] ? lock_downgrade+0x720/0x720 [ 717.112940] block_ioctl+0xe9/0x130 [ 717.116622] ? blkdev_fallocate+0x3f0/0x3f0 [ 717.120997] do_vfs_ioctl+0xcdb/0x12e0 [ 717.124962] ? lock_downgrade+0x720/0x720 [ 717.129213] ? check_preemption_disabled+0x41/0x280 [ 717.134343] ? ioctl_preallocate+0x200/0x200 [ 717.138821] ? __fget+0x356/0x510 [ 717.142376] ? do_dup2+0x450/0x450 [ 717.146017] ? do_sys_open+0x2bf/0x520 [ 717.149988] ksys_ioctl+0x9b/0xc0 [ 717.153764] __x64_sys_ioctl+0x6f/0xb0 [ 717.157871] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 717.162538] do_syscall_64+0xf9/0x620 [ 717.166659] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.171920] RIP: 0033:0x45e087 [ 717.175430] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 717.194809] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 717.202726] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 717.210276] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 717.217706] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 717.225025] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 717.232645] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 717.270844] input: syz0 as /devices/virtual/input/input215 01:55:40 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0) 01:55:40 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:40 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46418010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 717.314968] attempt to access beyond end of device [ 717.320204] loop2: rw=0, want=184, limit=178 [ 717.343121] metapage_read_end_io: I/O error 01:55:40 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x60000000}, 0x0) [ 717.449151] input: syz0 as /devices/virtual/input/input216 [ 717.479271] input: syz0 as /devices/virtual/input/input217 01:55:40 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:40 executing program 2 (fault-call:0 fault-nth:14): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:40 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:40 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000066076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:40 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x89ffffff}, 0x0) [ 717.642967] input: syz0 as /devices/virtual/input/input218 01:55:40 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000076076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 717.700382] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 717.700382] [ 717.727035] FAULT_INJECTION: forcing a failure. [ 717.727035] name failslab, interval 1, probability 0, space 0, times 0 [ 717.743660] input: syz0 as /devices/virtual/input/input219 [ 717.753183] CPU: 1 PID: 21487 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 717.761210] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 717.770649] Call Trace: [ 717.773372] dump_stack+0x1fc/0x2fe [ 717.777336] should_fail.cold+0xa/0x14 [ 717.781333] ? setup_fault_attr+0x200/0x200 [ 717.785770] ? lock_acquire+0x170/0x3c0 [ 717.789839] __should_failslab+0x115/0x180 [ 717.794419] should_failslab+0x5/0xf [ 717.798230] kmem_cache_alloc+0x277/0x370 [ 717.802473] __kernfs_new_node+0xd2/0x680 [ 717.806690] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 717.811788] ? __mutex_unlock_slowpath+0xea/0x610 [ 717.816854] ? wait_for_completion_io+0x10/0x10 [ 717.821792] ? kernfs_next_descendant_post+0x19c/0x290 [ 717.827290] kernfs_new_node+0x92/0x120 [ 717.831513] __kernfs_create_file+0x51/0x33f [ 717.836029] sysfs_add_file_mode_ns+0x226/0x540 [ 717.840787] internal_create_group+0x355/0xb20 [ 717.845623] ? sysfs_remove_link_from_group+0x70/0x70 [ 717.851109] ? lock_downgrade+0x720/0x720 [ 717.855344] lo_ioctl+0xf7c/0x20e0 [ 717.859217] ? loop_set_status64+0x110/0x110 [ 717.863791] blkdev_ioctl+0x5cb/0x1a7e [ 717.867709] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.873441] ? blkpg_ioctl+0x9d0/0x9d0 [ 717.877383] ? mark_held_locks+0xf0/0xf0 [ 717.881602] ? mark_held_locks+0xf0/0xf0 [ 717.885746] ? debug_check_no_obj_freed+0x201/0x482 [ 717.890838] ? lock_downgrade+0x720/0x720 [ 717.895234] block_ioctl+0xe9/0x130 [ 717.898924] ? blkdev_fallocate+0x3f0/0x3f0 [ 717.903504] do_vfs_ioctl+0xcdb/0x12e0 [ 717.907595] ? lock_downgrade+0x720/0x720 [ 717.911980] ? check_preemption_disabled+0x41/0x280 [ 717.917075] ? ioctl_preallocate+0x200/0x200 [ 717.921564] ? __fget+0x356/0x510 [ 717.925273] ? do_dup2+0x450/0x450 [ 717.928873] ? do_sys_open+0x2bf/0x520 [ 717.932982] ksys_ioctl+0x9b/0xc0 [ 717.936512] __x64_sys_ioctl+0x6f/0xb0 [ 717.940483] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 717.945137] do_syscall_64+0xf9/0x620 [ 717.949040] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 717.954429] RIP: 0033:0x45e087 [ 717.957699] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 717.976679] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 717.984490] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 717.995089] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 718.002447] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 718.009769] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 718.017070] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xc8050000}, 0x0) 01:55:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x700}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 718.086563] attempt to access beyond end of device [ 718.096130] loop2: rw=0, want=184, limit=178 [ 718.103327] metapage_read_end_io: I/O error [ 718.167357] input: syz0 as /devices/virtual/input/input220 [ 718.219696] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 718.219696] [ 718.252083] input: syz0 as /devices/virtual/input/input221 01:55:41 executing program 2 (fault-call:0 fault-nth:15): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:41 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100003f6076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1100}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:41 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xcc050000}, 0x0) 01:55:41 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46419010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:41 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000002076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xeffdffff}, 0x0) [ 718.459193] FAULT_INJECTION: forcing a failure. [ 718.459193] name failslab, interval 1, probability 0, space 0, times 0 [ 718.471356] input: syz0 as /devices/virtual/input/input222 [ 718.498155] CPU: 1 PID: 21543 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 718.506233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 718.515661] Call Trace: [ 718.518335] dump_stack+0x1fc/0x2fe [ 718.522105] should_fail.cold+0xa/0x14 [ 718.526122] ? setup_fault_attr+0x200/0x200 [ 718.530534] ? lock_acquire+0x170/0x3c0 [ 718.534619] __should_failslab+0x115/0x180 [ 718.538954] should_failslab+0x5/0xf [ 718.542767] kmem_cache_alloc+0x277/0x370 [ 718.546995] __kernfs_new_node+0xd2/0x680 [ 718.551227] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 718.556057] ? __mutex_unlock_slowpath+0xea/0x610 [ 718.561109] ? wait_for_completion_io+0x10/0x10 [ 718.565976] ? kernfs_next_descendant_post+0x19c/0x290 [ 718.571510] kernfs_new_node+0x92/0x120 [ 718.575702] __kernfs_create_file+0x51/0x33f [ 718.580217] sysfs_add_file_mode_ns+0x226/0x540 [ 718.585151] internal_create_group+0x355/0xb20 [ 718.589972] ? sysfs_remove_link_from_group+0x70/0x70 [ 718.595252] ? lock_downgrade+0x720/0x720 [ 718.600013] lo_ioctl+0xf7c/0x20e0 [ 718.603638] ? loop_set_status64+0x110/0x110 [ 718.608411] blkdev_ioctl+0x5cb/0x1a7e [ 718.612384] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 718.617849] ? blkpg_ioctl+0x9d0/0x9d0 [ 718.621814] ? mark_held_locks+0xf0/0xf0 [ 718.626147] ? mark_held_locks+0xf0/0xf0 [ 718.630322] ? debug_check_no_obj_freed+0x201/0x482 [ 718.635438] ? lock_downgrade+0x720/0x720 [ 718.639651] block_ioctl+0xe9/0x130 [ 718.643339] ? blkdev_fallocate+0x3f0/0x3f0 [ 718.647762] do_vfs_ioctl+0xcdb/0x12e0 [ 718.651723] ? lock_downgrade+0x720/0x720 [ 718.656066] ? check_preemption_disabled+0x41/0x280 [ 718.661320] ? ioctl_preallocate+0x200/0x200 [ 718.665924] ? __fget+0x356/0x510 [ 718.669435] ? do_dup2+0x450/0x450 [ 718.673024] ? do_sys_open+0x2bf/0x520 [ 718.676978] ksys_ioctl+0x9b/0xc0 [ 718.680739] __x64_sys_ioctl+0x6f/0xb0 [ 718.684818] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 718.689602] do_syscall_64+0xf9/0x620 [ 718.693740] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 718.699138] RIP: 0033:0x45e087 [ 718.702525] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 718.721468] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 718.729377] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 718.736988] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 718.744417] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 718.751732] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 718.759155] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 718.800072] input: syz0 as /devices/virtual/input/input223 01:55:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xfffffdef}, 0x0) [ 718.832029] attempt to access beyond end of device [ 718.840359] loop2: rw=0, want=184, limit=178 [ 718.848814] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 718.848814] 01:55:41 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x5, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 718.893052] metapage_read_end_io: I/O error 01:55:41 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1200}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:41 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xffffff7f}, 0x0) [ 719.011741] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 719.011741] 01:55:42 executing program 2 (fault-call:0 fault-nth:16): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:42 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000004076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:42 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x0, 0xffffff89}, 0x0) 01:55:42 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4641a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 719.128196] input: syz0 as /devices/virtual/input/input224 01:55:42 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x4) 01:55:42 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1400}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 719.334679] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 719.334679] [ 719.357728] FAULT_INJECTION: forcing a failure. [ 719.357728] name failslab, interval 1, probability 0, space 0, times 0 01:55:42 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000026076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 719.390252] CPU: 1 PID: 21614 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 719.398355] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 719.407751] Call Trace: [ 719.410401] dump_stack+0x1fc/0x2fe [ 719.414070] should_fail.cold+0xa/0x14 [ 719.414303] input: syz0 as /devices/virtual/input/input226 [ 719.418014] ? setup_fault_attr+0x200/0x200 [ 719.418032] ? lock_acquire+0x170/0x3c0 [ 719.418058] __should_failslab+0x115/0x180 [ 719.418084] should_failslab+0x5/0xf [ 719.440142] kmem_cache_alloc+0x277/0x370 [ 719.444423] __kernfs_new_node+0xd2/0x680 [ 719.448914] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 719.453755] ? __mutex_unlock_slowpath+0xea/0x610 [ 719.458662] ? wait_for_completion_io+0x10/0x10 [ 719.463394] ? kernfs_next_descendant_post+0x19c/0x290 [ 719.468743] kernfs_new_node+0x92/0x120 [ 719.472785] __kernfs_create_file+0x51/0x33f [ 719.477275] sysfs_add_file_mode_ns+0x226/0x540 [ 719.482039] internal_create_group+0x355/0xb20 [ 719.487054] ? sysfs_remove_link_from_group+0x70/0x70 [ 719.492454] ? lock_downgrade+0x720/0x720 [ 719.496688] lo_ioctl+0xf7c/0x20e0 [ 719.500468] ? loop_set_status64+0x110/0x110 [ 719.505228] blkdev_ioctl+0x5cb/0x1a7e [ 719.509339] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 719.514903] ? blkpg_ioctl+0x9d0/0x9d0 [ 719.518854] ? mark_held_locks+0xf0/0xf0 [ 719.523218] ? mark_held_locks+0xf0/0xf0 [ 719.527376] ? debug_check_no_obj_freed+0x201/0x482 [ 719.532646] ? lock_downgrade+0x720/0x720 [ 719.536856] block_ioctl+0xe9/0x130 [ 719.540588] ? blkdev_fallocate+0x3f0/0x3f0 [ 719.544983] do_vfs_ioctl+0xcdb/0x12e0 [ 719.548983] ? lock_downgrade+0x720/0x720 [ 719.553334] ? check_preemption_disabled+0x41/0x280 [ 719.558409] ? ioctl_preallocate+0x200/0x200 [ 719.563158] ? __fget+0x356/0x510 [ 719.566717] ? do_dup2+0x450/0x450 [ 719.570447] ? do_sys_open+0x2bf/0x520 [ 719.574467] ksys_ioctl+0x9b/0xc0 [ 719.578012] __x64_sys_ioctl+0x6f/0xb0 [ 719.581974] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 719.586621] do_syscall_64+0xf9/0x620 [ 719.590528] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 719.595819] RIP: 0033:0x45e087 [ 719.599040] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 719.618165] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 719.625922] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 719.633518] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 01:55:42 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 719.641046] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 719.649221] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 719.656721] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:42 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x8) 01:55:42 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 719.705151] input: syz0 as /devices/virtual/input/input227 [ 719.734898] attempt to access beyond end of device [ 719.739995] loop2: rw=0, want=184, limit=178 [ 719.750545] metapage_read_end_io: I/O error 01:55:42 executing program 2 (fault-call:0 fault-nth:17): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 719.838158] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 719.838158] 01:55:42 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xe) [ 719.892498] input: syz0 as /devices/virtual/input/input228 01:55:42 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000036076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:43 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4641b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 719.980840] FAULT_INJECTION: forcing a failure. [ 719.980840] name failslab, interval 1, probability 0, space 0, times 0 [ 720.004046] input: syz0 as /devices/virtual/input/input229 [ 720.022545] CPU: 1 PID: 21663 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 01:55:43 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 720.030583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.040007] Call Trace: [ 720.042785] dump_stack+0x1fc/0x2fe [ 720.046526] should_fail.cold+0xa/0x14 [ 720.050533] ? setup_fault_attr+0x200/0x200 [ 720.054922] ? lock_acquire+0x170/0x3c0 [ 720.059132] __should_failslab+0x115/0x180 [ 720.063460] should_failslab+0x5/0xf [ 720.067509] kmem_cache_alloc+0x277/0x370 [ 720.071867] __kernfs_new_node+0xd2/0x680 [ 720.076218] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 720.081178] ? __mutex_unlock_slowpath+0xea/0x610 [ 720.086250] ? wait_for_completion_io+0x10/0x10 [ 720.091019] ? kernfs_next_descendant_post+0x19c/0x290 [ 720.096370] kernfs_new_node+0x92/0x120 [ 720.100412] __kernfs_create_file+0x51/0x33f [ 720.104859] sysfs_add_file_mode_ns+0x226/0x540 [ 720.109601] internal_create_group+0x355/0xb20 [ 720.114273] ? sysfs_remove_link_from_group+0x70/0x70 [ 720.119518] ? lock_downgrade+0x720/0x720 [ 720.123750] lo_ioctl+0xf7c/0x20e0 [ 720.127360] ? loop_set_status64+0x110/0x110 [ 720.131826] blkdev_ioctl+0x5cb/0x1a7e [ 720.135776] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.141246] ? blkpg_ioctl+0x9d0/0x9d0 [ 720.145308] ? mark_held_locks+0xf0/0xf0 [ 720.149449] ? mark_held_locks+0xf0/0xf0 [ 720.153613] ? debug_check_no_obj_freed+0x201/0x482 [ 720.158693] ? lock_downgrade+0x720/0x720 [ 720.162928] block_ioctl+0xe9/0x130 [ 720.167743] ? blkdev_fallocate+0x3f0/0x3f0 [ 720.172075] do_vfs_ioctl+0xcdb/0x12e0 [ 720.176008] ? lock_downgrade+0x720/0x720 [ 720.180181] ? check_preemption_disabled+0x41/0x280 [ 720.185219] ? ioctl_preallocate+0x200/0x200 [ 720.189675] ? __fget+0x356/0x510 [ 720.193290] ? do_dup2+0x450/0x450 [ 720.196861] ? do_sys_open+0x2bf/0x520 [ 720.200788] ksys_ioctl+0x9b/0xc0 [ 720.204304] __x64_sys_ioctl+0x6f/0xb0 [ 720.208239] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 720.212904] do_syscall_64+0xf9/0x620 [ 720.216772] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.221984] RIP: 0033:0x45e087 [ 720.225203] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 720.244164] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 720.251998] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 720.259685] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 720.267399] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 720.274849] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 01:55:43 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x11) [ 720.282349] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:43 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 720.384746] attempt to access beyond end of device [ 720.393980] loop2: rw=0, want=184, limit=178 01:55:43 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x60) [ 720.429743] metapage_read_end_io: I/O error 01:55:43 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000046076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 720.485136] input: syz0 as /devices/virtual/input/input230 01:55:43 executing program 2 (fault-call:0 fault-nth:18): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:43 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x5c8) [ 720.527969] input: syz0 as /devices/virtual/input/input231 [ 720.546791] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 720.546791] 01:55:43 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x1f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:43 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 720.656602] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 720.656602] 01:55:43 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000066076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:43 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x5cc) [ 720.741251] FAULT_INJECTION: forcing a failure. [ 720.741251] name failslab, interval 1, probability 0, space 0, times 0 [ 720.763932] CPU: 0 PID: 21727 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 720.771923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 720.781367] Call Trace: [ 720.784018] dump_stack+0x1fc/0x2fe [ 720.787692] should_fail.cold+0xa/0x14 01:55:43 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4641c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 720.791635] ? setup_fault_attr+0x200/0x200 [ 720.795554] input: syz0 as /devices/virtual/input/input232 [ 720.795993] ? lock_acquire+0x170/0x3c0 [ 720.805704] __should_failslab+0x115/0x180 [ 720.810017] should_failslab+0x5/0xf [ 720.813799] kmem_cache_alloc+0x277/0x370 [ 720.818009] __kernfs_new_node+0xd2/0x680 [ 720.822240] ? kernfs_dop_revalidate+0x3a0/0x3a0 [ 720.827200] ? __mutex_unlock_slowpath+0xea/0x610 [ 720.832214] ? wait_for_completion_io+0x10/0x10 [ 720.836954] ? kernfs_next_descendant_post+0x19c/0x290 [ 720.842530] kernfs_new_node+0x92/0x120 [ 720.846718] __kernfs_create_file+0x51/0x33f [ 720.851350] sysfs_add_file_mode_ns+0x226/0x540 [ 720.856059] internal_create_group+0x355/0xb20 [ 720.860984] ? sysfs_remove_link_from_group+0x70/0x70 [ 720.866332] ? lock_downgrade+0x720/0x720 [ 720.870740] lo_ioctl+0xf7c/0x20e0 [ 720.874336] ? loop_set_status64+0x110/0x110 [ 720.878804] blkdev_ioctl+0x5cb/0x1a7e [ 720.882869] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.888380] ? blkpg_ioctl+0x9d0/0x9d0 [ 720.892350] ? mark_held_locks+0xf0/0xf0 [ 720.896632] ? mark_held_locks+0xf0/0xf0 [ 720.900786] ? debug_check_no_obj_freed+0x201/0x482 [ 720.906020] ? lock_downgrade+0x720/0x720 [ 720.910389] block_ioctl+0xe9/0x130 [ 720.914196] ? blkdev_fallocate+0x3f0/0x3f0 [ 720.918576] do_vfs_ioctl+0xcdb/0x12e0 [ 720.922510] ? lock_downgrade+0x720/0x720 [ 720.927005] ? check_preemption_disabled+0x41/0x280 [ 720.932209] ? ioctl_preallocate+0x200/0x200 [ 720.936665] ? __fget+0x356/0x510 [ 720.940149] ? do_dup2+0x450/0x450 [ 720.943732] ? do_sys_open+0x2bf/0x520 [ 720.947703] ksys_ioctl+0x9b/0xc0 [ 720.951202] __x64_sys_ioctl+0x6f/0xb0 [ 720.955160] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 720.959839] do_syscall_64+0xf9/0x620 [ 720.963722] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 720.969003] RIP: 0033:0x45e087 [ 720.972453] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 720.992269] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 721.000120] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 721.007438] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 721.014948] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 721.022385] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 721.029702] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 721.064664] attempt to access beyond end of device [ 721.070646] loop2: rw=0, want=184, limit=178 [ 721.078748] metapage_read_end_io: I/O error [ 721.094757] input: syz0 as /devices/virtual/input/input233 01:55:44 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xe00) 01:55:44 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000076076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:44 executing program 2 (fault-call:0 fault-nth:19): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:44 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x2f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 721.210849] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 721.210849] 01:55:44 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x1100) [ 721.317863] FAULT_INJECTION: forcing a failure. [ 721.317863] name failslab, interval 1, probability 0, space 0, times 0 [ 721.332036] CPU: 0 PID: 21768 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 721.340038] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.349617] Call Trace: [ 721.352385] dump_stack+0x1fc/0x2fe [ 721.356211] should_fail.cold+0xa/0x14 [ 721.360318] ? setup_fault_attr+0x200/0x200 [ 721.364807] ? lock_acquire+0x170/0x3c0 [ 721.369182] __should_failslab+0x115/0x180 [ 721.373467] should_failslab+0x5/0xf [ 721.377233] __kmalloc+0x2ab/0x3c0 [ 721.380836] ? kobject_get_path+0xbf/0x240 [ 721.385298] kobject_get_path+0xbf/0x240 [ 721.389598] kobject_uevent_env+0x25c/0x14a0 [ 721.394211] lo_ioctl+0xff9/0x20e0 [ 721.397825] ? loop_set_status64+0x110/0x110 [ 721.402292] blkdev_ioctl+0x5cb/0x1a7e [ 721.406574] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 721.412182] ? blkpg_ioctl+0x9d0/0x9d0 [ 721.416158] ? mark_held_locks+0xf0/0xf0 [ 721.420293] ? mark_held_locks+0xf0/0xf0 [ 721.424611] ? debug_check_no_obj_freed+0x201/0x482 [ 721.429747] ? lock_downgrade+0x720/0x720 [ 721.434022] block_ioctl+0xe9/0x130 [ 721.437720] ? blkdev_fallocate+0x3f0/0x3f0 [ 721.442616] do_vfs_ioctl+0xcdb/0x12e0 [ 721.446745] ? lock_downgrade+0x720/0x720 [ 721.450967] ? check_preemption_disabled+0x41/0x280 [ 721.456037] ? ioctl_preallocate+0x200/0x200 [ 721.460497] ? __fget+0x356/0x510 [ 721.464039] ? do_dup2+0x450/0x450 [ 721.467655] ? do_sys_open+0x2bf/0x520 [ 721.471615] ksys_ioctl+0x9b/0xc0 [ 721.475137] __x64_sys_ioctl+0x6f/0xb0 [ 721.479452] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 721.484136] do_syscall_64+0xf9/0x620 [ 721.488015] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 721.493270] RIP: 0033:0x45e087 [ 721.496632] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:55:44 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4641d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 721.515975] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 721.523768] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 721.531100] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 721.538712] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 721.546034] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 721.553758] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:44 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x6000) 01:55:44 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x9, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 721.643329] attempt to access beyond end of device [ 721.653599] loop2: rw=0, want=184, limit=178 [ 721.671482] input: syz0 as /devices/virtual/input/input234 [ 721.682690] metapage_read_end_io: I/O error 01:55:44 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000086076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:44 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xc805) [ 721.738394] input: syz0 as /devices/virtual/input/input235 01:55:44 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x3f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:44 executing program 2 (fault-call:0 fault-nth:20): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:44 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xcc05) [ 721.826498] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 721.826498] 01:55:44 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076020000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 721.910141] input: syz0 as /devices/virtual/input/input236 [ 721.931276] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 721.931276] [ 721.950760] FAULT_INJECTION: forcing a failure. [ 721.950760] name failslab, interval 1, probability 0, space 0, times 0 [ 721.958907] input: syz0 as /devices/virtual/input/input237 [ 721.965798] CPU: 1 PID: 21820 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 721.975966] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 721.985403] Call Trace: [ 721.988059] dump_stack+0x1fc/0x2fe [ 721.991773] should_fail.cold+0xa/0x14 [ 721.995755] ? setup_fault_attr+0x200/0x200 [ 722.000176] ? lock_acquire+0x170/0x3c0 [ 722.004360] __should_failslab+0x115/0x180 [ 722.008644] should_failslab+0x5/0xf [ 722.012359] __kmalloc+0x2ab/0x3c0 [ 722.016013] ? kobject_get_path+0xbf/0x240 [ 722.020345] kobject_get_path+0xbf/0x240 [ 722.024420] kobject_uevent_env+0x25c/0x14a0 [ 722.028851] lo_ioctl+0xff9/0x20e0 [ 722.032690] ? loop_set_status64+0x110/0x110 [ 722.037276] blkdev_ioctl+0x5cb/0x1a7e [ 722.041401] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.046832] ? blkpg_ioctl+0x9d0/0x9d0 [ 722.051128] ? mark_held_locks+0xf0/0xf0 [ 722.055278] ? mark_held_locks+0xf0/0xf0 [ 722.059428] ? debug_check_no_obj_freed+0x201/0x482 [ 722.065018] ? lock_downgrade+0x720/0x720 [ 722.069253] block_ioctl+0xe9/0x130 [ 722.072932] ? blkdev_fallocate+0x3f0/0x3f0 [ 722.077350] do_vfs_ioctl+0xcdb/0x12e0 [ 722.081312] ? lock_downgrade+0x720/0x720 [ 722.085726] ? check_preemption_disabled+0x41/0x280 [ 722.090794] ? ioctl_preallocate+0x200/0x200 [ 722.095268] ? __fget+0x356/0x510 [ 722.098769] ? do_dup2+0x450/0x450 [ 722.102341] ? do_sys_open+0x2bf/0x520 [ 722.106270] ksys_ioctl+0x9b/0xc0 [ 722.110383] __x64_sys_ioctl+0x6f/0xb0 [ 722.114356] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 722.119012] do_syscall_64+0xf9/0x620 [ 722.122972] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.128205] RIP: 0033:0x45e087 [ 722.131575] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 722.150554] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 722.158326] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 722.165670] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 722.173004] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 722.180429] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 722.187758] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:45 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x34000) 01:55:45 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4641e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 722.268615] attempt to access beyond end of device [ 722.280377] loop2: rw=0, want=184, limit=178 [ 722.287779] metapage_read_end_io: I/O error 01:55:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x40000) 01:55:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x400300) [ 722.366109] input: syz0 as /devices/virtual/input/input238 [ 722.387435] input: syz0 as /devices/virtual/input/input239 01:55:45 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:45 executing program 2 (fault-call:0 fault-nth:21): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:45 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076030000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:45 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x2}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 722.539157] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 722.539157] [ 722.560360] FAULT_INJECTION: forcing a failure. [ 722.560360] name failslab, interval 1, probability 0, space 0, times 0 [ 722.586290] CPU: 1 PID: 21874 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 722.594589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 722.604204] Call Trace: [ 722.607081] dump_stack+0x1fc/0x2fe [ 722.610898] should_fail.cold+0xa/0x14 [ 722.614986] ? setup_fault_attr+0x200/0x200 [ 722.619431] ? lock_acquire+0x170/0x3c0 [ 722.623501] __should_failslab+0x115/0x180 [ 722.627856] should_failslab+0x5/0xf [ 722.631665] kmem_cache_alloc_node+0x245/0x3b0 [ 722.636424] __alloc_skb+0x71/0x560 [ 722.640144] alloc_uevent_skb+0x7b/0x210 [ 722.644295] kobject_uevent_env+0xa83/0x14a0 [ 722.649260] lo_ioctl+0xff9/0x20e0 [ 722.652907] ? loop_set_status64+0x110/0x110 [ 722.657456] blkdev_ioctl+0x5cb/0x1a7e [ 722.661434] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.666855] ? blkpg_ioctl+0x9d0/0x9d0 [ 722.670848] ? mark_held_locks+0xf0/0xf0 [ 722.675001] ? mark_held_locks+0xf0/0xf0 [ 722.679182] ? debug_check_no_obj_freed+0x201/0x482 [ 722.684321] ? lock_downgrade+0x720/0x720 [ 722.689104] block_ioctl+0xe9/0x130 [ 722.693060] ? blkdev_fallocate+0x3f0/0x3f0 [ 722.697855] do_vfs_ioctl+0xcdb/0x12e0 [ 722.701779] ? lock_downgrade+0x720/0x720 [ 722.706123] ? check_preemption_disabled+0x41/0x280 [ 722.711239] ? ioctl_preallocate+0x200/0x200 [ 722.715725] ? __fget+0x356/0x510 [ 722.719348] ? do_dup2+0x450/0x450 [ 722.723221] ? do_sys_open+0x2bf/0x520 [ 722.727177] ksys_ioctl+0x9b/0xc0 [ 722.730822] __x64_sys_ioctl+0x6f/0xb0 [ 722.734791] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 722.739410] do_syscall_64+0xf9/0x620 [ 722.743420] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 722.748645] RIP: 0033:0x45e087 [ 722.752004] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 722.770926] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 722.779247] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 01:55:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x1000000) [ 722.786533] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 722.794349] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 722.801663] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 722.808985] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 722.824503] input: syz0 as /devices/virtual/input/input240 [ 722.852338] input: syz0 as /devices/virtual/input/input241 [ 722.887670] attempt to access beyond end of device [ 722.895122] loop2: rw=0, want=184, limit=178 01:55:45 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x4000000) 01:55:45 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076040000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 722.907032] metapage_read_end_io: I/O error [ 722.925437] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 722.925437] 01:55:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x3}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:46 executing program 2 (fault-call:0 fault-nth:22): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46421010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x8000000) 01:55:46 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x10, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 723.136080] input: syz0 as /devices/virtual/input/input242 [ 723.165009] FAULT_INJECTION: forcing a failure. [ 723.165009] name failslab, interval 1, probability 0, space 0, times 0 01:55:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xe000000) [ 723.190195] CPU: 0 PID: 21920 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 723.198261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.207714] Call Trace: [ 723.210406] dump_stack+0x1fc/0x2fe [ 723.214147] should_fail.cold+0xa/0x14 [ 723.218150] ? setup_fault_attr+0x200/0x200 [ 723.222569] ? lock_acquire+0x170/0x3c0 [ 723.226624] __should_failslab+0x115/0x180 [ 723.230929] should_failslab+0x5/0xf [ 723.234889] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 723.240254] __kmalloc_node_track_caller+0x38/0x70 [ 723.245549] __alloc_skb+0xae/0x560 [ 723.249322] alloc_uevent_skb+0x7b/0x210 [ 723.253472] kobject_uevent_env+0xa83/0x14a0 [ 723.257948] lo_ioctl+0xff9/0x20e0 [ 723.261577] ? loop_set_status64+0x110/0x110 [ 723.266107] blkdev_ioctl+0x5cb/0x1a7e [ 723.270089] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.275554] ? blkpg_ioctl+0x9d0/0x9d0 [ 723.279499] ? mark_held_locks+0xf0/0xf0 [ 723.283639] ? mark_held_locks+0xf0/0xf0 [ 723.287754] ? debug_check_no_obj_freed+0x201/0x482 [ 723.292849] ? lock_downgrade+0x720/0x720 [ 723.297159] block_ioctl+0xe9/0x130 [ 723.300847] ? blkdev_fallocate+0x3f0/0x3f0 [ 723.305254] do_vfs_ioctl+0xcdb/0x12e0 [ 723.309258] ? lock_downgrade+0x720/0x720 [ 723.313518] ? check_preemption_disabled+0x41/0x280 [ 723.318780] ? ioctl_preallocate+0x200/0x200 [ 723.323264] ? __fget+0x356/0x510 [ 723.326776] ? do_dup2+0x450/0x450 [ 723.330374] ? do_sys_open+0x2bf/0x520 [ 723.334358] ksys_ioctl+0x9b/0xc0 [ 723.337870] __x64_sys_ioctl+0x6f/0xb0 [ 723.341811] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 723.346463] do_syscall_64+0xf9/0x620 [ 723.350337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.355624] RIP: 0033:0x45e087 [ 723.358865] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 723.377895] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:55:46 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076060000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 723.385645] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 723.392953] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 723.400267] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 723.407605] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 723.414996] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 723.459582] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 723.459582] [ 723.473806] attempt to access beyond end of device 01:55:46 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x12, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x11000000) [ 723.508094] loop2: rw=0, want=184, limit=178 [ 723.518020] input: syz0 as /devices/virtual/input/input243 [ 723.532296] metapage_read_end_io: I/O error 01:55:46 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076070000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x4}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:46 executing program 2 (fault-call:0 fault-nth:23): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x60000000) [ 723.674233] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 723.674233] 01:55:46 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x89ffffff) [ 723.720608] input: syz0 as /devices/virtual/input/input244 01:55:46 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46422010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:46 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x5}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 723.787626] FAULT_INJECTION: forcing a failure. [ 723.787626] name failslab, interval 1, probability 0, space 0, times 0 [ 723.812336] CPU: 0 PID: 21966 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 723.820387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 723.829821] Call Trace: [ 723.832624] dump_stack+0x1fc/0x2fe [ 723.836311] should_fail.cold+0xa/0x14 [ 723.840284] ? setup_fault_attr+0x200/0x200 [ 723.844791] ? lock_acquire+0x170/0x3c0 [ 723.848970] __should_failslab+0x115/0x180 [ 723.853279] should_failslab+0x5/0xf [ 723.857175] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 723.862337] __kmalloc_node_track_caller+0x38/0x70 [ 723.867498] __alloc_skb+0xae/0x560 [ 723.871216] alloc_uevent_skb+0x7b/0x210 [ 723.875374] kobject_uevent_env+0xa83/0x14a0 [ 723.879883] lo_ioctl+0xff9/0x20e0 [ 723.883488] ? loop_set_status64+0x110/0x110 [ 723.887964] blkdev_ioctl+0x5cb/0x1a7e [ 723.891928] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.897571] ? blkpg_ioctl+0x9d0/0x9d0 [ 723.901989] ? mark_held_locks+0xf0/0xf0 [ 723.907285] ? mark_held_locks+0xf0/0xf0 [ 723.911409] ? debug_check_no_obj_freed+0x201/0x482 [ 723.916503] ? lock_downgrade+0x720/0x720 [ 723.920919] block_ioctl+0xe9/0x130 [ 723.924891] ? blkdev_fallocate+0x3f0/0x3f0 [ 723.929306] do_vfs_ioctl+0xcdb/0x12e0 [ 723.933393] ? lock_downgrade+0x720/0x720 [ 723.937733] ? check_preemption_disabled+0x41/0x280 [ 723.942959] ? ioctl_preallocate+0x200/0x200 [ 723.947445] ? __fget+0x356/0x510 [ 723.951088] ? do_dup2+0x450/0x450 [ 723.954678] ? do_sys_open+0x2bf/0x520 [ 723.958635] ksys_ioctl+0x9b/0xc0 [ 723.962247] __x64_sys_ioctl+0x6f/0xb0 [ 723.966191] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 723.970811] do_syscall_64+0xf9/0x620 [ 723.974798] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 723.980164] RIP: 0033:0x45e087 [ 723.983381] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 724.002738] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 724.010509] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 724.017912] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 724.025514] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 724.032991] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 724.040585] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 01:55:47 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076080000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:47 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x23, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 724.114763] attempt to access beyond end of device [ 724.123347] loop2: rw=0, want=184, limit=178 [ 724.149755] metapage_read_end_io: I/O error 01:55:47 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xc8050000) [ 724.184031] input: syz0 as /devices/virtual/input/input246 [ 724.232565] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 724.232565] [ 724.238291] input: syz0 as /devices/virtual/input/input247 01:55:47 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000300000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:47 executing program 2 (fault-call:0 fault-nth:24): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:47 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x6}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:47 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xcc050000) [ 724.355526] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 724.355526] 01:55:47 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xeffdffff) [ 724.404550] input: syz0 as /devices/virtual/input/input248 01:55:47 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46423010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 724.476280] input: syz0 as /devices/virtual/input/input249 [ 724.510579] FAULT_INJECTION: forcing a failure. [ 724.510579] name failslab, interval 1, probability 0, space 0, times 0 [ 724.523347] CPU: 1 PID: 22033 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 724.531341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 724.540786] Call Trace: [ 724.543470] dump_stack+0x1fc/0x2fe [ 724.547221] should_fail.cold+0xa/0x14 [ 724.551247] ? setup_fault_attr+0x200/0x200 [ 724.555679] ? lock_acquire+0x170/0x3c0 [ 724.559781] __should_failslab+0x115/0x180 [ 724.564095] should_failslab+0x5/0xf [ 724.567894] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 724.573264] __kmalloc_node_track_caller+0x38/0x70 [ 724.578280] __alloc_skb+0xae/0x560 [ 724.581951] alloc_uevent_skb+0x7b/0x210 [ 724.586085] kobject_uevent_env+0xa83/0x14a0 [ 724.590577] lo_ioctl+0xff9/0x20e0 [ 724.594209] ? loop_set_status64+0x110/0x110 [ 724.598700] blkdev_ioctl+0x5cb/0x1a7e [ 724.602646] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 724.608056] ? blkpg_ioctl+0x9d0/0x9d0 [ 724.613693] ? mark_held_locks+0xf0/0xf0 [ 724.617816] ? mark_held_locks+0xf0/0xf0 [ 724.622045] ? debug_check_no_obj_freed+0x201/0x482 [ 724.627404] ? lock_downgrade+0x720/0x720 [ 724.631764] block_ioctl+0xe9/0x130 [ 724.635492] ? blkdev_fallocate+0x3f0/0x3f0 [ 724.640321] do_vfs_ioctl+0xcdb/0x12e0 [ 724.645024] ? lock_downgrade+0x720/0x720 [ 724.649343] ? check_preemption_disabled+0x41/0x280 [ 724.654594] ? ioctl_preallocate+0x200/0x200 [ 724.659339] ? __fget+0x356/0x510 [ 724.663006] ? do_dup2+0x450/0x450 [ 724.666660] ? do_sys_open+0x2bf/0x520 [ 724.670874] ksys_ioctl+0x9b/0xc0 [ 724.674430] __x64_sys_ioctl+0x6f/0xb0 [ 724.678572] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 724.683559] do_syscall_64+0xf9/0x620 [ 724.687613] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 724.693384] RIP: 0033:0x45e087 [ 724.696654] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 724.716619] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 01:55:47 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x48, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:47 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xfffffdef) 01:55:47 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x7}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 724.724585] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 [ 724.731922] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 724.739214] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 724.746516] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 724.754312] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 724.824913] attempt to access beyond end of device 01:55:47 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000600000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 724.851155] loop2: rw=0, want=184, limit=178 01:55:47 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xffffff7f) [ 724.883984] metapage_read_end_io: I/O error [ 724.887946] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 724.887946] [ 724.918173] input: syz0 as /devices/virtual/input/input250 01:55:47 executing program 2 (fault-call:0 fault-nth:25): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 724.968879] input: syz0 as /devices/virtual/input/input251 01:55:48 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4c, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 725.029029] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 725.029029] 01:55:48 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xffffff89) 01:55:48 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000700000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:48 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x11}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 725.121504] FAULT_INJECTION: forcing a failure. [ 725.121504] name failslab, interval 1, probability 0, space 0, times 0 [ 725.160282] CPU: 1 PID: 22086 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 01:55:48 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46424010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 725.168379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.177960] Call Trace: [ 725.180653] dump_stack+0x1fc/0x2fe [ 725.184365] should_fail.cold+0xa/0x14 [ 725.188349] ? setup_fault_attr+0x200/0x200 [ 725.192788] ? lock_acquire+0x170/0x3c0 [ 725.196939] __should_failslab+0x115/0x180 [ 725.201289] should_failslab+0x5/0xf [ 725.205100] kmem_cache_alloc_trace+0x284/0x380 [ 725.209992] ? wait_for_completion_io+0x10/0x10 [ 725.214774] ? kobject_init_and_add.cold+0x16/0x16 [ 725.219936] call_usermodehelper_setup+0x84/0x300 [ 725.225083] kobject_uevent_env+0xe87/0x14a0 [ 725.230217] lo_ioctl+0xff9/0x20e0 [ 725.233865] ? loop_set_status64+0x110/0x110 [ 725.238462] blkdev_ioctl+0x5cb/0x1a7e [ 725.242471] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.248562] ? blkpg_ioctl+0x9d0/0x9d0 [ 725.252553] ? mark_held_locks+0xf0/0xf0 [ 725.256996] ? mark_held_locks+0xf0/0xf0 [ 725.261744] ? debug_check_no_obj_freed+0x201/0x482 [ 725.266890] ? lock_downgrade+0x720/0x720 [ 725.271147] block_ioctl+0xe9/0x130 [ 725.274845] ? blkdev_fallocate+0x3f0/0x3f0 [ 725.279376] do_vfs_ioctl+0xcdb/0x12e0 [ 725.283349] ? lock_downgrade+0x720/0x720 [ 725.287604] ? check_preemption_disabled+0x41/0x280 [ 725.292772] ? ioctl_preallocate+0x200/0x200 [ 725.297238] ? __fget+0x356/0x510 [ 725.300761] ? do_dup2+0x450/0x450 [ 725.304395] ? do_sys_open+0x2bf/0x520 [ 725.308538] ksys_ioctl+0x9b/0xc0 [ 725.313253] __x64_sys_ioctl+0x6f/0xb0 [ 725.317474] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 725.322147] do_syscall_64+0xf9/0x620 [ 725.326011] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.331267] RIP: 0033:0x45e087 [ 725.334508] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 725.353444] RSP: 002b:00007f5fada0ca18 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 725.361209] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e087 01:55:48 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x4000000000000) [ 725.368509] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 725.375831] RBP: 0000000000000000 R08: 0000000020000230 R09: 0000000000000000 [ 725.383156] R10: 000000000000b200 R11: 0000000000000246 R12: 0000000000000002 [ 725.390619] R13: 0000000000000004 R14: 0000000000000004 R15: 0000000020000240 [ 725.432892] attempt to access beyond end of device [ 725.442950] loop2: rw=0, want=184, limit=178 [ 725.462532] metapage_read_end_io: I/O error [ 725.494438] input: syz0 as /devices/virtual/input/input252 01:55:48 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x40030000000000) 01:55:48 executing program 2 (fault-call:0 fault-nth:26): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 725.550990] input: syz0 as /devices/virtual/input/input253 01:55:48 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x60, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:48 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076003f00000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 725.607326] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 725.607326] 01:55:48 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x12}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 725.690506] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 725.690506] [ 725.709411] FAULT_INJECTION: forcing a failure. [ 725.709411] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 725.721436] CPU: 1 PID: 22132 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 725.729364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 725.738760] Call Trace: [ 725.741438] dump_stack+0x1fc/0x2fe [ 725.745207] should_fail.cold+0xa/0x14 [ 725.749191] ? setup_fault_attr+0x200/0x200 [ 725.749498] input: syz0 as /devices/virtual/input/input254 [ 725.753651] ? wake_up_q+0x93/0xe0 [ 725.753689] ? __mutex_unlock_slowpath+0x2be/0x610 [ 725.753725] __alloc_pages_nodemask+0x239/0x2890 [ 725.753767] ? __lock_acquire+0x6de/0x3ff0 [ 725.753798] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 725.782157] ? blkdev_ioctl+0x11a/0x1a7e 01:55:48 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x100000000000000) [ 725.786491] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.791994] ? blkpg_ioctl+0x9d0/0x9d0 [ 725.795974] ? debug_check_no_obj_freed+0x201/0x482 [ 725.802075] ? lock_downgrade+0x720/0x720 [ 725.806340] cache_grow_begin+0xa4/0x8a0 [ 725.810668] ? setup_fault_attr+0x200/0x200 [ 725.815103] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 725.819975] cache_alloc_refill+0x273/0x340 [ 725.824421] kmem_cache_alloc+0x346/0x370 [ 725.828675] getname_flags+0xce/0x590 [ 725.832828] do_mkdirat+0x8d/0x2d0 [ 725.836525] ? __ia32_sys_mknod+0x120/0x120 [ 725.840959] ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe [ 725.846636] ? trace_hardirqs_off_caller+0x6e/0x210 [ 725.851776] ? do_syscall_64+0x21/0x620 [ 725.855886] do_syscall_64+0xf9/0x620 [ 725.859803] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 725.865454] RIP: 0033:0x45d637 [ 725.868746] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 725.888204] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 725.896298] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 725.903643] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 725.911188] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 725.918672] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 725.925975] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:48 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x400000000000000) 01:55:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x14}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 725.969802] input: syz0 as /devices/virtual/input/input255 [ 726.004773] attempt to access beyond end of device [ 726.042670] loop2: rw=0, want=184, limit=178 01:55:49 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46425010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076c06501000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 726.092956] metapage_read_end_io: I/O error 01:55:49 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x68, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 2 (fault-call:0 fault-nth:27): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x800000000000000) [ 726.196312] input: syz0 as /devices/virtual/input/input256 [ 726.246641] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 726.246641] [ 726.266842] input: syz0 as /devices/virtual/input/input257 [ 726.291661] FAULT_INJECTION: forcing a failure. 01:55:49 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000010000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 726.291661] name failslab, interval 1, probability 0, space 0, times 0 01:55:49 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xe00000000000000) 01:55:49 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x15}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 726.339405] CPU: 0 PID: 22185 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 726.347509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.356958] Call Trace: [ 726.359696] dump_stack+0x1fc/0x2fe [ 726.363528] should_fail.cold+0xa/0x14 [ 726.367554] ? setup_fault_attr+0x200/0x200 [ 726.372013] __should_failslab+0x115/0x180 [ 726.376379] should_failslab+0x5/0xf [ 726.380294] kmem_cache_alloc+0x277/0x370 [ 726.385023] ? ext4_sync_fs+0x8d0/0x8d0 [ 726.389589] ext4_alloc_inode+0x1a/0x630 [ 726.393888] ? ext4_sync_fs+0x8d0/0x8d0 [ 726.398021] alloc_inode+0x5d/0x180 [ 726.401843] new_inode+0x1d/0xf0 [ 726.405399] __ext4_new_inode+0x400/0x5a20 [ 726.409684] ? putname+0xe1/0x120 [ 726.413199] ? do_mkdirat+0xa0/0x2d0 [ 726.417010] ? ext4_free_inode+0x1780/0x1780 [ 726.421519] ? debug_check_no_obj_freed+0x201/0x482 [ 726.426583] ? __dquot_initialize+0x298/0xb70 [ 726.431169] ? lock_acquire+0x170/0x3c0 [ 726.435230] ? dquot_initialize_needed+0x290/0x290 [ 726.440376] ? trace_hardirqs_off+0x64/0x200 [ 726.444857] ? common_perm+0x4be/0x800 [ 726.448764] ext4_mkdir+0x396/0xe10 [ 726.452408] ? putname+0xe1/0x120 [ 726.456047] ? ext4_init_dot_dotdot+0x600/0x600 [ 726.460934] ? generic_permission+0x116/0x4d0 [ 726.465501] ? security_inode_permission+0xc5/0xf0 [ 726.470521] ? inode_permission.part.0+0x10c/0x450 [ 726.475697] vfs_mkdir+0x508/0x7a0 [ 726.480396] do_mkdirat+0x262/0x2d0 [ 726.484095] ? __ia32_sys_mknod+0x120/0x120 [ 726.488529] ? trace_hardirqs_off_caller+0x6e/0x210 [ 726.493658] ? do_syscall_64+0x21/0x620 [ 726.497698] do_syscall_64+0xf9/0x620 [ 726.501585] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 726.506887] RIP: 0033:0x45d637 [ 726.510402] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 726.529358] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 01:55:49 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46426010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x1100000000000000) [ 726.537354] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 726.544769] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 726.552323] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 726.559656] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 726.567651] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:49 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x6000000000000000) 01:55:49 executing program 2 (fault-call:0 fault-nth:28): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000020000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 726.757879] input: syz0 as /devices/virtual/input/input258 01:55:49 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6c, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:49 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x89ffffff00000000) [ 726.819284] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 726.819284] 01:55:49 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000030000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 726.888321] FAULT_INJECTION: forcing a failure. [ 726.888321] name failslab, interval 1, probability 0, space 0, times 0 [ 726.933000] CPU: 0 PID: 22229 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 726.941053] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 726.949902] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 726.949902] [ 726.950478] Call Trace: [ 726.950525] dump_stack+0x1fc/0x2fe [ 726.950571] should_fail.cold+0xa/0x14 [ 726.969593] ? setup_fault_attr+0x200/0x200 [ 726.974020] ? __lock_acquire+0x6de/0x3ff0 [ 726.978382] __should_failslab+0x115/0x180 [ 726.982828] should_failslab+0x5/0xf [ 726.986666] __kmalloc+0x2ab/0x3c0 [ 726.990338] ? ext4_find_extent+0x9bb/0xc70 [ 726.994772] ext4_find_extent+0x9bb/0xc70 [ 726.999123] ext4_ext_map_blocks+0x1c0/0x7390 [ 727.003745] ? __lock_acquire+0x6de/0x3ff0 [ 727.008072] ? __lock_acquire+0x6de/0x3ff0 [ 727.012610] ? mark_held_locks+0xf0/0xf0 [ 727.016791] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 727.022252] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 727.027704] ? mark_held_locks+0xf0/0xf0 01:55:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x16}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 727.031858] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 727.036796] ? ext4_es_lookup_extent+0x375/0xb60 [ 727.041698] ? lock_downgrade+0x720/0x720 [ 727.045929] ? lock_acquire+0x170/0x3c0 [ 727.050014] ? check_preemption_disabled+0x41/0x280 [ 727.055128] ? lock_acquire+0x170/0x3c0 [ 727.059232] ? ext4_map_blocks+0x33e/0x1a50 [ 727.063036] input: syz0 as /devices/virtual/input/input260 [ 727.063640] ext4_map_blocks+0xd88/0x1a50 [ 727.073528] ? check_preemption_disabled+0x41/0x280 [ 727.078747] ? ext4_issue_zeroout+0x160/0x160 [ 727.083344] ? __brelse+0x84/0xa0 [ 727.086874] ? __ext4_new_inode+0x2eb/0x5a20 [ 727.091400] ext4_getblk+0xad/0x4f0 [ 727.095123] ? ext4_iomap_begin+0xe00/0xe00 [ 727.099551] ? ext4_free_inode+0x1780/0x1780 [ 727.104042] ? debug_check_no_obj_freed+0x201/0x482 [ 727.109131] ? __dquot_initialize+0x298/0xb70 [ 727.113992] ext4_bread+0x7c/0x210 [ 727.117630] ? ext4_getblk+0x4f0/0x4f0 [ 727.121921] ? dquot_initialize_needed+0x290/0x290 [ 727.127054] ? trace_hardirqs_off+0x64/0x200 [ 727.132012] ext4_append+0x155/0x370 [ 727.135822] ext4_mkdir+0x5bd/0xe10 [ 727.139533] ? ext4_init_dot_dotdot+0x600/0x600 [ 727.144379] ? generic_permission+0x116/0x4d0 [ 727.148978] ? inode_permission.part.0+0x10c/0x450 [ 727.154010] vfs_mkdir+0x508/0x7a0 [ 727.157613] do_mkdirat+0x262/0x2d0 [ 727.161309] ? __ia32_sys_mknod+0x120/0x120 [ 727.165697] ? trace_hardirqs_off_caller+0x6e/0x210 [ 727.170762] ? do_syscall_64+0x21/0x620 [ 727.174811] do_syscall_64+0xf9/0x620 [ 727.178685] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 727.183917] RIP: 0033:0x45d637 [ 727.187143] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 727.206107] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 727.213890] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 727.221231] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 727.228660] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 727.236021] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 727.243660] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:50 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46427010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:50 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xc805000000000000) [ 727.300710] attempt to access beyond end of device [ 727.312442] loop2: rw=0, want=184, limit=178 [ 727.332782] metapage_read_end_io: I/O error [ 727.340932] input: syz0 as /devices/virtual/input/input261 01:55:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x2f}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:50 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000040000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 727.460094] input: syz0 as /devices/virtual/input/input262 01:55:50 executing program 2 (fault-call:0 fault-nth:29): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 727.504029] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 727.504029] [ 727.508477] input: syz0 as /devices/virtual/input/input263 01:55:50 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x74, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:50 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x300}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:50 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xcc05000000000000) [ 727.626755] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 727.626755] 01:55:50 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xeffdffff00000000) 01:55:50 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46428010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 727.702943] input: syz0 as /devices/virtual/input/input264 [ 727.729244] input: syz0 as /devices/virtual/input/input265 [ 727.757949] FAULT_INJECTION: forcing a failure. [ 727.757949] name failslab, interval 1, probability 0, space 0, times 0 [ 727.769970] CPU: 1 PID: 22315 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 727.777928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 727.787341] Call Trace: [ 727.790004] dump_stack+0x1fc/0x2fe [ 727.793723] should_fail.cold+0xa/0x14 [ 727.797728] ? setup_fault_attr+0x200/0x200 [ 727.802199] __should_failslab+0x115/0x180 [ 727.806703] should_failslab+0x5/0xf [ 727.810497] kmem_cache_alloc+0x277/0x370 [ 727.814741] ? ext4_sync_fs+0x8d0/0x8d0 [ 727.818797] ext4_alloc_inode+0x1a/0x630 [ 727.822964] ? ext4_sync_fs+0x8d0/0x8d0 [ 727.827049] alloc_inode+0x5d/0x180 [ 727.830777] new_inode+0x1d/0xf0 [ 727.834436] __ext4_new_inode+0x400/0x5a20 [ 727.838803] ? putname+0xe1/0x120 [ 727.842520] ? do_mkdirat+0xa0/0x2d0 [ 727.846304] ? ext4_free_inode+0x1780/0x1780 [ 727.850792] ? debug_check_no_obj_freed+0x201/0x482 [ 727.855892] ? __dquot_initialize+0x298/0xb70 [ 727.860524] ? lock_acquire+0x170/0x3c0 [ 727.864671] ? dquot_initialize_needed+0x290/0x290 [ 727.869692] ? trace_hardirqs_off+0x64/0x200 [ 727.874360] ? common_perm+0x4be/0x800 [ 727.878344] ext4_mkdir+0x396/0xe10 [ 727.882308] ? putname+0xe1/0x120 [ 727.886041] ? ext4_init_dot_dotdot+0x600/0x600 [ 727.890772] ? generic_permission+0x116/0x4d0 [ 727.895296] ? security_inode_permission+0xc5/0xf0 [ 727.900496] ? inode_permission.part.0+0x10c/0x450 [ 727.905772] vfs_mkdir+0x508/0x7a0 [ 727.909437] do_mkdirat+0x262/0x2d0 [ 727.913155] ? __ia32_sys_mknod+0x120/0x120 [ 727.917560] ? trace_hardirqs_off_caller+0x6e/0x210 [ 727.922759] ? do_syscall_64+0x21/0x620 [ 727.926786] do_syscall_64+0xf9/0x620 [ 727.930661] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 727.935896] RIP: 0033:0x45d637 [ 727.939124] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 727.958072] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 727.965866] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 727.973235] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 727.980539] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 727.987855] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 01:55:51 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000060000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 728.004176] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:51 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xffffff7f00000000) 01:55:51 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:51 executing program 0: sendmsg(0xffffffffffffffff, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:55:51 executing program 2 (fault-call:0 fault-nth:30): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:51 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7a, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:51 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$TCSETSW2(0xffffffffffffffff, 0x402c542c, &(0x7f00000000c0)={0x14274ddf, 0x7f, 0x0, 0x589, 0x6, "f352b74f7fb03eb126f3b9d2eaee0560a9eb54", 0x1ff, 0x10000}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) getsockopt$CAN_RAW_RECV_OWN_MSGS(r1, 0x65, 0x4, &(0x7f0000000000), &(0x7f0000000040)=0x4) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 728.258363] input: syz0 as /devices/virtual/input/input266 01:55:51 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000070000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 728.305897] FAULT_INJECTION: forcing a failure. [ 728.305897] name failslab, interval 1, probability 0, space 0, times 0 [ 728.317583] CPU: 0 PID: 22358 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 728.325554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 728.334964] Call Trace: [ 728.337644] dump_stack+0x1fc/0x2fe [ 728.341355] should_fail.cold+0xa/0x14 [ 728.345320] ? setup_fault_attr+0x200/0x200 [ 728.349970] ? __es_tree_search.isra.0+0x1af/0x210 [ 728.355137] __should_failslab+0x115/0x180 [ 728.359930] should_failslab+0x5/0xf [ 728.363771] kmem_cache_alloc+0x3f/0x370 [ 728.367985] __es_insert_extent+0x39b/0x13b0 [ 728.373078] ? lock_acquire+0x170/0x3c0 [ 728.377118] ? ext4_es_insert_extent+0x17e/0x5e0 [ 728.381988] ext4_es_insert_extent+0x22e/0x5e0 [ 728.386718] ? lock_downgrade+0x720/0x720 [ 728.390966] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 728.396862] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 728.401964] ? ext4_es_find_delayed_extent_range+0x7d9/0x9f0 [ 728.407874] ext4_ext_map_blocks+0x2129/0x7390 [ 728.412546] ? __lock_acquire+0x6de/0x3ff0 [ 728.416871] ? __lock_acquire+0x6de/0x3ff0 [ 728.421202] ? mark_held_locks+0xf0/0xf0 [ 728.425387] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 728.430831] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 728.436089] ? mark_held_locks+0xf0/0xf0 [ 728.440250] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 728.445325] ? ext4_es_lookup_extent+0x375/0xb60 [ 728.450400] ? check_preemption_disabled+0x41/0x280 [ 728.455737] ? lock_acquire+0x170/0x3c0 [ 728.459975] ? ext4_map_blocks+0x33e/0x1a50 [ 728.464559] ext4_map_blocks+0xd88/0x1a50 [ 728.468764] ? check_preemption_disabled+0x41/0x280 [ 728.473849] ? ext4_issue_zeroout+0x160/0x160 [ 728.478412] ? __brelse+0x84/0xa0 [ 728.481930] ? __ext4_new_inode+0x2eb/0x5a20 [ 728.486451] ext4_getblk+0xad/0x4f0 [ 728.490165] ? ext4_iomap_begin+0xe00/0xe00 [ 728.494550] ? ext4_free_inode+0x1780/0x1780 [ 728.499133] ? debug_check_no_obj_freed+0x201/0x482 [ 728.504419] ? __dquot_initialize+0x298/0xb70 [ 728.509046] ext4_bread+0x7c/0x210 [ 728.512653] ? ext4_getblk+0x4f0/0x4f0 [ 728.516597] ? dquot_initialize_needed+0x290/0x290 [ 728.521598] ? trace_hardirqs_off+0x64/0x200 [ 728.526134] ext4_append+0x155/0x370 [ 728.529991] ext4_mkdir+0x5bd/0xe10 [ 728.533699] ? ext4_init_dot_dotdot+0x600/0x600 [ 728.538594] ? generic_permission+0x116/0x4d0 [ 728.543202] ? inode_permission.part.0+0x10c/0x450 [ 728.548233] vfs_mkdir+0x508/0x7a0 [ 728.551849] do_mkdirat+0x262/0x2d0 [ 728.555556] ? __ia32_sys_mknod+0x120/0x120 [ 728.560201] ? trace_hardirqs_off_caller+0x6e/0x210 [ 728.565415] ? do_syscall_64+0x21/0x620 [ 728.569471] do_syscall_64+0xf9/0x620 [ 728.573467] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 728.579704] RIP: 0033:0x45d637 [ 728.582944] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 728.601875] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 728.609608] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 728.616911] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 728.624190] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 728.631517] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 728.638926] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 728.669126] attempt to access beyond end of device [ 728.675483] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 728.675483] [ 728.676176] loop2: rw=0, want=184, limit=178 [ 728.694971] input: syz0 as /devices/virtual/input/input267 01:55:51 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xb0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:51 executing program 0: socket$packet(0x11, 0x2, 0x300) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 728.752944] metapage_read_end_io: I/O error 01:55:51 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 728.845733] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 728.845733] 01:55:51 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46429010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:51 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000080000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:51 executing program 2 (fault-call:0 fault-nth:31): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 728.977112] input: syz0 as /devices/virtual/input/input268 01:55:52 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000003f0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:52 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xe0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 729.190813] FAULT_INJECTION: forcing a failure. [ 729.190813] name failslab, interval 1, probability 0, space 0, times 0 [ 729.204528] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 729.204528] [ 729.245507] CPU: 0 PID: 22415 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 729.253574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.263011] Call Trace: [ 729.265826] dump_stack+0x1fc/0x2fe [ 729.269550] should_fail.cold+0xa/0x14 [ 729.273537] ? setup_fault_attr+0x200/0x200 [ 729.277924] ? lock_downgrade+0x720/0x720 [ 729.282167] __should_failslab+0x115/0x180 [ 729.286477] should_failslab+0x5/0xf [ 729.290601] __kmalloc+0x2ab/0x3c0 [ 729.294217] ? ext4_find_extent+0x9bb/0xc70 [ 729.298819] ext4_find_extent+0x9bb/0xc70 [ 729.303075] ext4_ext_map_blocks+0x1c0/0x7390 [ 729.307674] ? __lock_acquire+0x6de/0x3ff0 [ 729.311992] ? mark_held_locks+0xf0/0xf0 [ 729.316131] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 729.321713] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 729.327000] ? mark_held_locks+0xf0/0xf0 [ 729.331166] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 729.336066] ? ext4_es_lookup_extent+0x375/0xb60 [ 729.341238] ? ext4_map_blocks+0x59f/0x1a50 [ 729.345771] ? lock_acquire+0x170/0x3c0 [ 729.349812] ? ext4_map_blocks+0x740/0x1a50 [ 729.354253] ext4_map_blocks+0x7a2/0x1a50 [ 729.358519] ? check_preemption_disabled+0x41/0x280 [ 729.363621] ? ext4_issue_zeroout+0x160/0x160 [ 729.368312] ? __brelse+0x84/0xa0 [ 729.371814] ? __ext4_new_inode+0x2eb/0x5a20 [ 729.376377] ext4_getblk+0xad/0x4f0 [ 729.380278] ? ext4_iomap_begin+0xe00/0xe00 [ 729.384684] ? ext4_free_inode+0x1780/0x1780 [ 729.389353] ? debug_check_no_obj_freed+0x201/0x482 [ 729.394558] ? __dquot_initialize+0x298/0xb70 [ 729.399133] ext4_bread+0x7c/0x210 [ 729.402737] ? ext4_getblk+0x4f0/0x4f0 [ 729.406682] ? dquot_initialize_needed+0x290/0x290 [ 729.411692] ? trace_hardirqs_off+0x64/0x200 [ 729.416172] ext4_append+0x155/0x370 [ 729.419995] ext4_mkdir+0x5bd/0xe10 [ 729.423740] ? ext4_init_dot_dotdot+0x600/0x600 [ 729.428497] ? generic_permission+0x116/0x4d0 [ 729.433121] ? inode_permission.part.0+0x10c/0x450 [ 729.438130] vfs_mkdir+0x508/0x7a0 [ 729.441772] do_mkdirat+0x262/0x2d0 [ 729.445574] ? __ia32_sys_mknod+0x120/0x120 [ 729.450236] ? trace_hardirqs_off_caller+0x6e/0x210 [ 729.455368] ? do_syscall_64+0x21/0x620 [ 729.459414] do_syscall_64+0xf9/0x620 [ 729.463269] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 729.468509] RIP: 0033:0x45d637 [ 729.471739] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 729.490686] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 729.498477] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 729.506321] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 729.513771] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 729.521083] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 729.528537] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:52 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x700}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:52 executing program 2 (fault-call:0 fault-nth:32): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:52 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000165c00000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 729.607429] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 729.607429] 01:55:52 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:52 executing program 0: ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0x4148, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x8e800) r2 = openat(r0, &(0x7f0000000100)='./file0\x00', 0x1, 0xbbdccaf105dc65ee) ioctl$SOUND_OLD_MIXER_INFO(r2, 0x80304d65, &(0x7f0000000140)) ioctl$sock_SIOCDELRT(r1, 0x890c, &(0x7f0000000080)={0x0, @isdn={0x22, 0xfe, 0x7f, 0xff, 0x6}, @isdn={0x22, 0x5, 0x0, 0x8, 0x81}, @ax25={0x3, @null, 0x8}, 0x3f, 0x0, 0x0, 0x0, 0x89dc, &(0x7f0000000040)='veth1_to_team\x00', 0x814, 0x401, 0xff}) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$RTC_WIE_OFF(r3, 0x7010) sendmsg(0xffffffffffffffff, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$BLKREPORTZONE(r4, 0xc0101282, &(0x7f00000001c0)={0xffffffff, 0x2, 0x0, [{0x7f, 0xffffffffffffffff, 0x7, 0x1f, 0x1, 0x0, 0x7f}, {0x0, 0x7, 0xfffffffffffffff7, 0xe8, 0x6, 0x4, 0x68}]}) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f0000000180)={0x2, 'veth1_to_bridge\x00', {0x1}, 0x7}) [ 729.783520] input: syz0 as /devices/virtual/input/input270 [ 729.810156] FAULT_INJECTION: forcing a failure. [ 729.810156] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 729.822368] CPU: 1 PID: 22447 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 729.827797] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 729.827797] [ 729.830500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 729.830512] Call Trace: [ 729.830564] dump_stack+0x1fc/0x2fe [ 729.830596] should_fail.cold+0xa/0x14 [ 729.830618] ? setup_fault_attr+0x200/0x200 [ 729.830662] __alloc_pages_nodemask+0x239/0x2890 [ 729.830711] ? __lock_acquire+0x6de/0x3ff0 [ 729.872634] ? deref_stack_reg+0x134/0x1d0 [ 729.876951] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 729.881869] ? mark_held_locks+0xf0/0xf0 [ 729.886024] ? mark_held_locks+0xa6/0xf0 [ 729.890180] ? finish_task_switch+0x118/0x760 [ 729.894771] ? unwind_next_frame+0x10a9/0x1c60 [ 729.899463] ? __save_stack_trace+0x72/0x190 [ 729.903945] ? deref_stack_reg+0x134/0x1d0 [ 729.908246] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 729.914181] ? is_bpf_text_address+0xd5/0x1b0 [ 729.918720] cache_grow_begin+0xa4/0x8a0 [ 729.922843] ? setup_fault_attr+0x200/0x200 [ 729.927236] ? cache_alloc_pfmemalloc+0x1e/0x140 01:55:52 executing program 0: socket$packet(0x11, 0x2, 0x300) perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000000)='./file0\x00', 0x0) write$P9_RLOPEN(0xffffffffffffffff, &(0x7f0000000040)={0x18, 0xd, 0x2, {{0x0, 0x0, 0x1}, 0x7fffffff}}, 0x18) openat$dir(0xffffff9c, &(0x7f0000000100)='./file1\x00', 0x0, 0x0) mount(0x0, 0x0, 0x0, 0x80, 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x0, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_subtree(r0, &(0x7f0000000080)='cgroup.subtree_control\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000600)=ANY=[@ANYBLOB='-io'], 0x4) keyctl$link(0x8, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000240), 0x0) accept$alg(r0, 0x0, 0x0) setuid(0x0) statx(0xffffffffffffffff, &(0x7f0000000440)='./file1\x00', 0x0, 0x0, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8983, 0x0) mount$fuseblk(&(0x7f0000000380)='/dev/loop0\x00', &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400)='fuseblk\x00', 0x200000, &(0x7f0000000480)=ANY=[]) keyctl$reject(0x13, 0x0, 0x9, 0xfff, 0x0) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000140)={[{0x2b, 'io'}]}, 0xd2) [ 729.932063] cache_alloc_refill+0x273/0x340 [ 729.936509] kmem_cache_alloc+0x346/0x370 [ 729.940759] ? ext4_sync_fs+0x8d0/0x8d0 [ 729.944819] ext4_alloc_inode+0x1a/0x630 [ 729.948968] ? ext4_sync_fs+0x8d0/0x8d0 [ 729.953012] alloc_inode+0x5d/0x180 [ 729.956733] new_inode+0x1d/0xf0 [ 729.960166] __ext4_new_inode+0x400/0x5a20 [ 729.964472] ? putname+0xe1/0x120 [ 729.968005] ? do_mkdirat+0xa0/0x2d0 [ 729.971789] ? ext4_free_inode+0x1780/0x1780 [ 729.976267] ? debug_check_no_obj_freed+0x201/0x482 [ 729.981674] ? __dquot_initialize+0x298/0xb70 [ 729.986267] ? lock_acquire+0x170/0x3c0 [ 729.990327] ? dquot_initialize_needed+0x290/0x290 [ 729.995349] ? trace_hardirqs_off+0x64/0x200 [ 729.999934] ? common_perm+0x4be/0x800 [ 730.003922] ext4_mkdir+0x396/0xe10 [ 730.007638] ? putname+0xe1/0x120 [ 730.012046] ? ext4_init_dot_dotdot+0x600/0x600 [ 730.016912] ? generic_permission+0x116/0x4d0 [ 730.021494] ? security_inode_permission+0xc5/0xf0 [ 730.026698] ? inode_permission.part.0+0x10c/0x450 [ 730.031731] vfs_mkdir+0x508/0x7a0 [ 730.035364] do_mkdirat+0x262/0x2d0 [ 730.039087] ? __ia32_sys_mknod+0x120/0x120 [ 730.043499] ? trace_hardirqs_off_caller+0x6e/0x210 [ 730.048635] ? do_syscall_64+0x21/0x620 [ 730.052725] do_syscall_64+0xf9/0x620 [ 730.056614] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.061874] RIP: 0033:0x45d637 [ 730.065134] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 01:55:53 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x300, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 730.084095] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 730.092045] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 730.099393] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 730.106741] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 730.114295] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 730.121651] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 730.169022] attempt to access beyond end of device [ 730.176268] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 730.176268] [ 730.184486] loop2: rw=0, want=184, limit=178 [ 730.216195] input: syz0 as /devices/virtual/input/input271 [ 730.233048] metapage_read_end_io: I/O error 01:55:53 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="3000005e742d509088e200", @ANYRES16=r2, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r3, @ANYBLOB="0a00180003030303030300000800700004000500"], 0x30}}, 0x0) sendmsg$NL80211_CMD_SET_STATION(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x24, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x3be}]}, 0x24}, 0x1, 0x0, 0x0, 0x4000}, 0x4000001) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280)='nl80211\x00') sendmsg$NL80211_CMD_ABORT_SCAN(r1, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000380)={&(0x7f0000000340)={0x1c, r4, 0x324, 0x70bd26, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r3}, @void}}, ["", "", "", "", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x50}, 0x20008080) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:55:53 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fffffff60000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:53 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1100}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:53 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:53 executing program 2 (fault-call:0 fault-nth:33): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 730.395820] input: syz0 as /devices/virtual/input/input272 01:55:53 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fffffdfc0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:53 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) prctl$PR_MPX_DISABLE_MANAGEMENT(0x2c) ioctl$KVM_ASSIGN_SET_MSIX_NR(0xffffffffffffffff, 0x4008ae73, &(0x7f0000000000)={0x5, 0x7}) 01:55:53 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1200}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:53 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x500, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 730.536574] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 730.536574] [ 730.593429] FAULT_INJECTION: forcing a failure. [ 730.593429] name failslab, interval 1, probability 0, space 0, times 0 [ 730.609478] CPU: 1 PID: 22515 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 730.617526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 730.620500] input: syz0 as /devices/virtual/input/input274 [ 730.626963] Call Trace: [ 730.627062] dump_stack+0x1fc/0x2fe [ 730.627092] should_fail.cold+0xa/0x14 [ 730.627109] ? setup_fault_attr+0x200/0x200 [ 730.627127] ? lock_downgrade+0x720/0x720 [ 730.627146] ? check_preemption_disabled+0x41/0x280 [ 730.627180] __should_failslab+0x115/0x180 [ 730.627196] should_failslab+0x5/0xf [ 730.627224] kmem_cache_alloc+0x277/0x370 [ 730.627249] ext4_mb_new_blocks+0x60a/0x4370 [ 730.627276] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 730.627298] ? ext4_cache_extents+0x68/0x2d0 [ 730.627308] ? ext4_find_extent+0x9bb/0xc70 [ 730.627322] ? ext4_discard_preallocations+0xfb0/0xfb0 [ 730.627332] ? ext4_ext_search_right+0x2c7/0xb60 [ 730.627345] ? ext4_inode_to_goal_block+0x2d2/0x3e0 [ 730.627363] ext4_ext_map_blocks+0x2aa2/0x7390 [ 730.627384] ? __lock_acquire+0x6de/0x3ff0 [ 730.627407] ? mark_held_locks+0xf0/0xf0 [ 730.715805] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 730.721250] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 730.726552] ? mark_held_locks+0xf0/0xf0 [ 730.730704] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 730.735641] ? ext4_es_lookup_extent+0x375/0xb60 [ 730.740542] ? ext4_map_blocks+0x59f/0x1a50 [ 730.744964] ext4_map_blocks+0x7a2/0x1a50 [ 730.749217] ? check_preemption_disabled+0x41/0x280 [ 730.754331] ? ext4_issue_zeroout+0x160/0x160 [ 730.758931] ? __brelse+0x84/0xa0 [ 730.762443] ? __ext4_new_inode+0x2eb/0x5a20 [ 730.767083] ext4_getblk+0xad/0x4f0 [ 730.770928] ? ext4_iomap_begin+0xe00/0xe00 [ 730.775458] ? ext4_free_inode+0x1780/0x1780 [ 730.779949] ? debug_check_no_obj_freed+0x201/0x482 [ 730.785051] ? __dquot_initialize+0x298/0xb70 [ 730.789669] ext4_bread+0x7c/0x210 [ 730.793453] ? ext4_getblk+0x4f0/0x4f0 [ 730.797402] ? dquot_initialize_needed+0x290/0x290 [ 730.802466] ? trace_hardirqs_off+0x64/0x200 [ 730.807162] ext4_append+0x155/0x370 [ 730.810976] ext4_mkdir+0x5bd/0xe10 [ 730.814850] ? ext4_init_dot_dotdot+0x600/0x600 [ 730.819609] ? generic_permission+0x116/0x4d0 [ 730.824503] ? inode_permission.part.0+0x10c/0x450 [ 730.829539] vfs_mkdir+0x508/0x7a0 [ 730.833174] do_mkdirat+0x262/0x2d0 [ 730.836893] ? __ia32_sys_mknod+0x120/0x120 [ 730.841426] ? trace_hardirqs_off_caller+0x6e/0x210 [ 730.846547] ? do_syscall_64+0x21/0x620 [ 730.850779] do_syscall_64+0xf9/0x620 [ 730.854683] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 730.859928] RIP: 0033:0x45d637 [ 730.863149] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 730.882431] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 730.890190] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 730.897524] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 730.904859] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 730.912202] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 730.919553] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:53 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788}, 0x80, 0x0}, 0x0) syz_open_dev$vbi(&(0x7f0000000000)='/dev/vbi#\x00', 0x0, 0x2) [ 730.967688] input: syz0 as /devices/virtual/input/input275 [ 731.007066] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 731.007066] 01:55:54 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fffffdfd0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:54 executing program 2 (fault-call:0 fault-nth:34): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:54 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1400}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:54 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 731.134632] input: syz0 as /devices/virtual/input/input276 01:55:54 executing program 0: openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x10000, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) lsetxattr$trusted_overlay_origin(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='trusted.overlay.origin\x00', &(0x7f00000000c0)='y\x00', 0x2, 0x1) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788}, 0x80, 0x0}, 0x0) [ 731.189413] input: syz0 as /devices/virtual/input/input277 [ 731.251132] FAULT_INJECTION: forcing a failure. [ 731.251132] name failslab, interval 1, probability 0, space 0, times 0 [ 731.262988] CPU: 1 PID: 22569 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 731.271012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.280561] Call Trace: [ 731.283586] dump_stack+0x1fc/0x2fe [ 731.287492] should_fail.cold+0xa/0x14 [ 731.291091] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 731.291091] [ 731.291464] ? setup_fault_attr+0x200/0x200 [ 731.304707] ? __es_tree_search.isra.0+0x1af/0x210 [ 731.309780] __should_failslab+0x115/0x180 [ 731.314147] should_failslab+0x5/0xf [ 731.317980] kmem_cache_alloc+0x3f/0x370 [ 731.322145] __es_insert_extent+0x39b/0x13b0 [ 731.326659] ext4_es_insert_extent+0x22e/0x5e0 [ 731.331356] ? ext4_map_blocks+0x59f/0x1a50 [ 731.335805] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 731.341767] ext4_map_blocks+0xa2a/0x1a50 [ 731.346079] ? ext4_issue_zeroout+0x160/0x160 01:55:54 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fffffffe0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:54 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1500}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:54 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x600, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 731.350681] ? __brelse+0x84/0xa0 [ 731.354266] ? __ext4_new_inode+0x2eb/0x5a20 [ 731.358796] ext4_getblk+0xad/0x4f0 [ 731.362503] ? ext4_iomap_begin+0xe00/0xe00 [ 731.368665] ? ext4_free_inode+0x1780/0x1780 [ 731.373191] ? __dquot_initialize+0x298/0xb70 [ 731.377785] ext4_bread+0x7c/0x210 [ 731.381424] ? ext4_getblk+0x4f0/0x4f0 [ 731.385428] ? dquot_initialize_needed+0x290/0x290 [ 731.390460] ext4_append+0x155/0x370 [ 731.394282] ext4_mkdir+0x5bd/0xe10 [ 731.398013] ? ext4_init_dot_dotdot+0x600/0x600 [ 731.402772] ? generic_permission+0x116/0x4d0 [ 731.407496] ? inode_permission.part.0+0x10c/0x450 [ 731.412714] vfs_mkdir+0x508/0x7a0 [ 731.416379] do_mkdirat+0x262/0x2d0 [ 731.420070] ? __ia32_sys_mknod+0x120/0x120 [ 731.424677] ? trace_hardirqs_off_caller+0x6e/0x210 [ 731.430277] ? do_syscall_64+0x21/0x620 [ 731.434582] do_syscall_64+0xf9/0x620 [ 731.438691] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 731.443984] RIP: 0033:0x45d637 [ 731.447462] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 731.466741] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 731.475005] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 731.482633] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 731.490202] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 731.497913] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 731.505480] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 731.530001] attempt to access beyond end of device [ 731.537814] loop2: rw=0, want=184, limit=178 [ 731.551905] metapage_read_end_io: I/O error 01:55:54 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) accept$packet(r0, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, &(0x7f0000000040)=0x14) [ 731.576386] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 731.576386] 01:55:54 executing program 2 (fault-call:0 fault-nth:35): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 731.646439] input: syz0 as /devices/virtual/input/input278 01:55:54 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:54 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000080), &(0x7f00000000c0)=0x4) setitimer(0x1, &(0x7f0000000000)={{}, {0x0, 0x2710}}, &(0x7f0000000040)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 731.694094] input: syz0 as /devices/virtual/input/input279 [ 731.747551] FAULT_INJECTION: forcing a failure. [ 731.747551] name failslab, interval 1, probability 0, space 0, times 0 [ 731.785582] CPU: 0 PID: 22614 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 731.793572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 731.802970] Call Trace: [ 731.805593] dump_stack+0x1fc/0x2fe [ 731.809301] should_fail.cold+0xa/0x14 [ 731.813242] ? setup_fault_attr+0x200/0x200 [ 731.817627] ? lock_downgrade+0x720/0x720 [ 731.825448] ? check_preemption_disabled+0x41/0x280 [ 731.830681] __should_failslab+0x115/0x180 [ 731.835418] should_failslab+0x5/0xf [ 731.839216] kmem_cache_alloc+0x277/0x370 [ 731.843419] ext4_mb_new_blocks+0x60a/0x4370 [ 731.848014] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 731.853090] ? ext4_cache_extents+0x68/0x2d0 [ 731.857567] ? ext4_find_extent+0x9bb/0xc70 [ 731.861947] ? ext4_discard_preallocations+0xfb0/0xfb0 [ 731.867264] ? ext4_ext_search_right+0x2c7/0xb60 [ 731.872067] ? ext4_inode_to_goal_block+0x2d2/0x3e0 [ 731.877165] ext4_ext_map_blocks+0x2aa2/0x7390 [ 731.881842] ? __lock_acquire+0x6de/0x3ff0 [ 731.886531] ? mark_held_locks+0xf0/0xf0 [ 731.890689] ? __ext4_handle_dirty_metadata+0x1e0/0x590 [ 731.896355] ? ext4_find_delalloc_cluster+0x1f0/0x1f0 [ 731.901730] ? mark_held_locks+0xf0/0xf0 [ 731.905990] ? ext4_mark_iloc_dirty+0x1af6/0x2b10 [ 731.911008] ? ext4_es_lookup_extent+0x375/0xb60 [ 731.915854] ? ext4_map_blocks+0x59f/0x1a50 [ 731.920256] ext4_map_blocks+0x7a2/0x1a50 [ 731.924492] ? check_preemption_disabled+0x41/0x280 [ 731.929648] ? ext4_issue_zeroout+0x160/0x160 [ 731.934214] ? __brelse+0x84/0xa0 [ 731.937842] ? __ext4_new_inode+0x2eb/0x5a20 [ 731.942333] ext4_getblk+0xad/0x4f0 [ 731.946051] ? ext4_iomap_begin+0xe00/0xe00 [ 731.950478] ? ext4_free_inode+0x1780/0x1780 [ 731.954995] ? debug_check_no_obj_freed+0x201/0x482 [ 731.960066] ? __dquot_initialize+0x298/0xb70 [ 731.964622] ext4_bread+0x7c/0x210 [ 731.968258] ? ext4_getblk+0x4f0/0x4f0 [ 731.972295] ? dquot_initialize_needed+0x290/0x290 [ 731.977532] ? trace_hardirqs_off+0x64/0x200 [ 731.982080] ext4_append+0x155/0x370 [ 731.985861] ext4_mkdir+0x5bd/0xe10 [ 731.989594] ? ext4_init_dot_dotdot+0x600/0x600 [ 731.994488] ? generic_permission+0x116/0x4d0 [ 731.999070] ? inode_permission.part.0+0x10c/0x450 [ 732.004065] vfs_mkdir+0x508/0x7a0 [ 732.007850] do_mkdirat+0x262/0x2d0 [ 732.011570] ? __ia32_sys_mknod+0x120/0x120 [ 732.015966] ? trace_hardirqs_off_caller+0x6e/0x210 [ 732.021334] ? do_syscall_64+0x21/0x620 [ 732.025442] do_syscall_64+0xf9/0x620 [ 732.029322] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.034580] RIP: 0033:0x45d637 [ 732.037801] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 dd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 bd bf fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 732.057907] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000213 ORIG_RAX: 0000000000000053 [ 732.065997] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 000000000045d637 [ 732.073812] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 01:55:55 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1600}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 732.081286] RBP: 00007f5fada0cad0 R08: 0000000020000230 R09: 0000000000000000 [ 732.088918] R10: 000000000000b200 R11: 0000000000000213 R12: 0000000020000000 [ 732.096237] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:55 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = signalfd4(r0, &(0x7f0000000000)={[0x6]}, 0x8, 0xc0c00) ioctl$KDSKBENT(r1, 0x4b47, &(0x7f0000000040)={0x88, 0x5, 0x3}) 01:55:55 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x700, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:55 executing program 2 (fault-call:0 fault-nth:36): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:55 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fcfdffff0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 732.249870] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 732.249870] [ 732.292166] input: syz0 as /devices/virtual/input/input280 01:55:55 executing program 0: r0 = socket$packet(0x11, 0x0, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 732.348107] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 732.348107] [ 732.354917] input: syz0 as /devices/virtual/input/input281 [ 732.405344] FAULT_INJECTION: forcing a failure. [ 732.405344] name failslab, interval 1, probability 0, space 0, times 0 01:55:55 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 732.467528] CPU: 0 PID: 22646 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 732.475786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.485243] Call Trace: [ 732.488908] dump_stack+0x1fc/0x2fe [ 732.492779] should_fail.cold+0xa/0x14 [ 732.496786] ? setup_fault_attr+0x200/0x200 [ 732.501391] ? lock_acquire+0x170/0x3c0 [ 732.505490] __should_failslab+0x115/0x180 [ 732.509869] should_failslab+0x5/0xf [ 732.513707] kmem_cache_alloc_trace+0x284/0x380 [ 732.518484] ? _copy_from_user+0xd2/0x130 [ 732.522877] copy_mount_options+0x59/0x380 [ 732.527190] ksys_mount+0x9b/0x130 [ 732.530827] __x64_sys_mount+0xba/0x150 [ 732.535018] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 732.539872] do_syscall_64+0xf9/0x620 [ 732.543732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 732.549030] RIP: 0033:0x460c6a 01:55:55 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x1f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 732.552254] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 732.571314] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 732.579081] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 732.586517] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 732.593878] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 732.601296] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 732.608624] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:55 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076fdfdffff0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:55 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x900, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 732.726037] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 732.726037] 01:55:55 executing program 2 (fault-call:0 fault-nth:37): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 732.817002] input: syz0 as /devices/virtual/input/input282 [ 732.827365] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 732.827365] 01:55:55 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076f6ffffff0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:55 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4642f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 732.879169] input: syz0 as /devices/virtual/input/input283 [ 732.959682] FAULT_INJECTION: forcing a failure. [ 732.959682] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 732.972082] CPU: 0 PID: 22705 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 732.980103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 732.989627] Call Trace: [ 732.992331] dump_stack+0x1fc/0x2fe [ 732.996039] should_fail.cold+0xa/0x14 [ 733.000029] ? setup_fault_attr+0x200/0x200 [ 733.004546] __alloc_pages_nodemask+0x239/0x2890 [ 733.009402] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 733.015541] ? is_bpf_text_address+0xd5/0x1b0 [ 733.020181] ? __lock_acquire+0x6de/0x3ff0 [ 733.024694] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 733.029662] ? is_bpf_text_address+0xfc/0x1b0 [ 733.034265] ? unwind_get_return_address+0x51/0x90 [ 733.039313] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 733.044858] ? __save_stack_trace+0xaf/0x190 [ 733.049778] cache_grow_begin+0xa4/0x8a0 [ 733.054173] ? setup_fault_attr+0x200/0x200 [ 733.058858] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 733.063750] cache_alloc_refill+0x273/0x340 [ 733.068192] kmem_cache_alloc+0x346/0x370 [ 733.072459] getname_flags+0xce/0x590 [ 733.076347] user_path_at_empty+0x2a/0x50 [ 733.080609] do_mount+0x147/0x2f10 [ 733.084294] ? setup_fault_attr+0x200/0x200 [ 733.088734] ? lock_acquire+0x170/0x3c0 [ 733.092836] ? check_preemption_disabled+0x41/0x280 [ 733.097959] ? copy_mount_string+0x40/0x40 [ 733.102329] ? copy_mount_options+0x59/0x380 [ 733.106955] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 733.112018] ? kmem_cache_alloc_trace+0x323/0x380 [ 733.116911] ? copy_mount_options+0x26f/0x380 [ 733.121425] ksys_mount+0xcf/0x130 [ 733.125286] __x64_sys_mount+0xba/0x150 [ 733.129357] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 733.134053] do_syscall_64+0xf9/0x620 [ 733.137954] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 733.143405] RIP: 0033:0x460c6a 01:55:56 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x2f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:56 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076feffffff0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 733.146810] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 733.165777] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 733.173593] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 733.180968] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 733.188447] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 733.195805] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 733.203152] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:56 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 733.358492] input: syz0 as /devices/virtual/input/input284 [ 733.367196] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 733.367196] [ 733.447442] input: syz0 as /devices/virtual/input/input285 [ 733.466922] attempt to access beyond end of device [ 733.473628] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 733.473628] [ 733.501479] loop2: rw=0, want=184, limit=178 01:55:56 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600007fc12ba77a1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:56 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {0x0, 0x0, 0x0, 0x3f00}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 733.523830] metapage_read_end_io: I/O error 01:55:56 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46430010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:56 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1200, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:56 executing program 2 (fault-call:0 fault-nth:38): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:56 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000022300000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 733.721800] input: syz0 as /devices/virtual/input/input286 [ 733.780224] input: syz0 as /devices/virtual/input/input287 01:55:56 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 733.849479] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 733.849479] [ 733.880005] FAULT_INJECTION: forcing a failure. [ 733.880005] name failslab, interval 1, probability 0, space 0, times 0 [ 733.900255] CPU: 1 PID: 22784 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 733.908401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 733.917874] Call Trace: [ 733.920597] dump_stack+0x1fc/0x2fe [ 733.924349] should_fail.cold+0xa/0x14 [ 733.928350] ? setup_fault_attr+0x200/0x200 [ 733.932784] ? lock_acquire+0x170/0x3c0 [ 733.936901] __should_failslab+0x115/0x180 [ 733.941255] should_failslab+0x5/0xf [ 733.945056] __kmalloc_track_caller+0x2a6/0x3c0 [ 733.949827] ? kstrdup_const+0x53/0x80 [ 733.953852] kstrdup+0x36/0x70 [ 733.957203] kstrdup_const+0x53/0x80 [ 733.961019] alloc_vfsmnt+0xb5/0x780 [ 733.964885] ? _raw_read_unlock+0x29/0x40 [ 733.969269] vfs_kern_mount.part.0+0x27/0x470 [ 733.973904] do_mount+0x113c/0x2f10 [ 733.977649] ? lock_acquire+0x170/0x3c0 [ 733.981757] ? check_preemption_disabled+0x41/0x280 [ 733.986889] ? copy_mount_string+0x40/0x40 [ 733.991254] ? copy_mount_options+0x59/0x380 [ 733.995888] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 734.001015] ? kmem_cache_alloc_trace+0x323/0x380 [ 734.005974] ? copy_mount_options+0x26f/0x380 [ 734.010759] ksys_mount+0xcf/0x130 [ 734.014490] __x64_sys_mount+0xba/0x150 [ 734.018588] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 734.023280] do_syscall_64+0xf9/0x620 [ 734.027184] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 734.032482] RIP: 0033:0x460c6a [ 734.035795] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 734.054768] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 734.062601] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 734.069990] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 734.077411] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 734.084772] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 734.092133] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:57 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000200000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:57 executing program 2 (fault-call:0 fault-nth:39): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 734.216182] input: syz0 as /devices/virtual/input/input288 [ 734.249924] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 734.249924] 01:55:57 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1f00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 734.271514] input: syz0 as /devices/virtual/input/input289 01:55:57 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 734.389678] FAULT_INJECTION: forcing a failure. [ 734.389678] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 734.401827] CPU: 1 PID: 22829 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 734.409763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 734.419186] Call Trace: [ 734.421864] dump_stack+0x1fc/0x2fe [ 734.425609] should_fail.cold+0xa/0x14 [ 734.429579] ? setup_fault_attr+0x200/0x200 [ 734.433989] __alloc_pages_nodemask+0x239/0x2890 [ 734.438832] ? __read_once_size_nocheck.constprop.0+0x10/0x10 [ 734.445080] ? is_bpf_text_address+0xd5/0x1b0 [ 734.449675] ? __lock_acquire+0x6de/0x3ff0 [ 734.454026] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 734.458948] ? is_bpf_text_address+0xfc/0x1b0 [ 734.463547] ? unwind_get_return_address+0x51/0x90 [ 734.468566] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 734.474011] ? __save_stack_trace+0xaf/0x190 [ 734.478727] cache_grow_begin+0xa4/0x8a0 [ 734.482899] ? setup_fault_attr+0x200/0x200 [ 734.487346] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 734.492345] cache_alloc_refill+0x273/0x340 [ 734.496779] kmem_cache_alloc+0x346/0x370 [ 734.501233] getname_flags+0xce/0x590 [ 734.502185] input: syz0 as /devices/virtual/input/input290 [ 734.505145] user_path_at_empty+0x2a/0x50 [ 734.505171] do_mount+0x147/0x2f10 [ 734.505201] ? setup_fault_attr+0x200/0x200 [ 734.505218] ? lock_acquire+0x170/0x3c0 [ 734.505232] ? check_preemption_disabled+0x41/0x280 [ 734.505245] ? copy_mount_string+0x40/0x40 01:55:57 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46431010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:57 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000300000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:57 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f00000000c0)) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$NL80211_CMD_TRIGGER_SCAN(r2, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000200)={&(0x7f0000000140)={0xbc, 0x0, 0x10, 0x70bd29, 0x25dfdbfc, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_SCHED_SCAN_DELAY={0x8, 0xdc, 0x7d}, @NL80211_ATTR_SCHED_SCAN_MATCH={0x98, 0x84, 0x0, 0x1, [@NL80211_SCHED_SCAN_MATCH_ATTR_RSSI={0x8, 0x2, 0x9484}, @NL80211_SCHED_SCAN_MATCH_ATTR_BSSID={0xa, 0x5, @from_mac}, @NL80211_SCHED_SCAN_MATCH_ATTR_SSID={0x13, 0x1, @random="3b6feeb777f9821805f4619a942640"}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x24, 0x6, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x8, 0x0, 0xffffffff}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x4b}, @NL80211_BAND_2GHZ={0x8, 0x0, 0xe9f}, @NL80211_BAND_60GHZ={0x8, 0x2, 0xf6df}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x14, 0x6, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x8, 0x1, 0x2}, @NL80211_BAND_5GHZ={0x8, 0x1, 0x40}]}, @NL80211_SCHED_SCAN_MATCH_PER_BAND_RSSI={0x34, 0x6, 0x0, 0x1, [@NL80211_BAND_60GHZ={0x8, 0x2, 0x68}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x4}, @NL80211_BAND_6GHZ={0x8, 0x3, 0xffff}, @NL80211_BAND_6GHZ={0x8, 0x3, 0x8}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x4}, @NL80211_BAND_60GHZ={0x8, 0x2, 0x1}]}]}]}, 0xbc}, 0x1, 0x0, 0x0, 0x40044002}, 0x81) ioctl$SNDRV_PCM_IOCTL_DRAIN(0xffffffffffffffff, 0x4144, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/sync_threshold\x00', 0x2, 0x0) setsockopt$packet_int(r3, 0x107, 0x7, &(0x7f0000000000)=0x1ab, 0x5c) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x280000000000000, 0x0}) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000000080)={0x0, r5}) ioctl$DRM_IOCTL_SG_ALLOC(r4, 0xc0106438, &(0x7f0000000280)={0x5, r5}) [ 734.505257] ? copy_mount_options+0x59/0x380 [ 734.505276] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 734.505293] ? kmem_cache_alloc_trace+0x323/0x380 [ 734.505319] ? copy_mount_options+0x26f/0x380 [ 734.505333] ksys_mount+0xcf/0x130 [ 734.505347] __x64_sys_mount+0xba/0x150 [ 734.505360] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 734.505378] do_syscall_64+0xf9/0x620 [ 734.505400] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 734.505415] RIP: 0033:0x460c6a [ 734.505435] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 734.505458] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 734.607206] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 734.614568] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 734.621905] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 734.629278] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 734.636634] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 734.659269] input: syz0 as /devices/virtual/input/input291 [ 734.673067] attempt to access beyond end of device [ 734.682460] loop2: rw=0, want=184, limit=178 [ 734.693108] metapage_read_end_io: I/O error 01:55:57 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$SIOCX25GCALLUSERDATA(r1, 0x89e4, &(0x7f0000000180)={0x24, "765d6258bba0270cb98147c3368bfb1493fbc3abcd7e43e5f67f139bde97b9dcfda46b49777e35ebe329942189c5c95550f2348bbb6e90b638c9cfd022eea7026843d69b35055a418567a0ceb186c23ecb72d638820f36986fc2c4affe45681b10e6a0f2d65b485d473301b5368191de931e6a9ceb4c4d1ad8bead6d68419f9c"}) r2 = accept(r0, &(0x7f00000000c0)=@caif=@dgm, &(0x7f0000000140)=0x80) ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r2, 0x81f8943c, &(0x7f0000000340)) lsetxattr$trusted_overlay_redirect(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='trusted.overlay.redirect\x00', &(0x7f0000000080)='./file0\x00', 0x8, 0x3) 01:55:57 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x3, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:57 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:55:57 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 734.854858] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 734.854858] 01:55:57 executing program 2 (fault-call:0 fault-nth:40): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:57 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000400000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000040)={&(0x7f0000000000)='./file0\x00'}, 0x10) getsockopt$IP_SET_OP_GET_BYINDEX(r0, 0x1, 0x53, &(0x7f0000000080)={0x7, 0x7, 0x2}, &(0x7f00000000c0)=0x28) [ 734.990334] input: syz0 as /devices/virtual/input/input292 [ 735.005124] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 735.005124] 01:55:58 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x4, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 735.118189] FAULT_INJECTION: forcing a failure. [ 735.118189] name failslab, interval 1, probability 0, space 0, times 0 [ 735.143496] CPU: 0 PID: 22899 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 735.151570] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.161014] Call Trace: [ 735.163718] dump_stack+0x1fc/0x2fe 01:55:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$BTRFS_IOC_FS_INFO(r1, 0x8400941f, &(0x7f0000000340)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 735.167465] should_fail.cold+0xa/0x14 [ 735.171580] ? setup_fault_attr+0x200/0x200 [ 735.176006] ? lock_acquire+0x170/0x3c0 [ 735.180089] __should_failslab+0x115/0x180 [ 735.184451] should_failslab+0x5/0xf [ 735.188268] kmem_cache_alloc+0x277/0x370 [ 735.193509] alloc_vfsmnt+0x23/0x780 [ 735.197426] ? _raw_read_unlock+0x29/0x40 [ 735.201682] vfs_kern_mount.part.0+0x27/0x470 [ 735.206281] do_mount+0x113c/0x2f10 [ 735.206292] input: syz0 as /devices/virtual/input/input294 [ 735.215698] ? do_raw_spin_unlock+0x171/0x230 [ 735.220269] ? check_preemption_disabled+0x41/0x280 [ 735.225403] ? copy_mount_string+0x40/0x40 [ 735.229752] ? copy_mount_options+0x59/0x380 [ 735.234771] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 735.239967] ? kmem_cache_alloc_trace+0x323/0x380 [ 735.245198] ? copy_mount_options+0x26f/0x380 [ 735.250171] ksys_mount+0xcf/0x130 [ 735.253984] __x64_sys_mount+0xba/0x150 [ 735.258171] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 735.262946] do_syscall_64+0xf9/0x620 [ 735.266847] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.272235] RIP: 0033:0x460c6a [ 735.275624] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 735.294859] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 735.302629] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 735.310142] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 01:55:58 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46432010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 735.317464] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 735.324792] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 735.332202] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:58 executing program 0: r0 = openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x400080, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY(0xffffffffffffffff, 0x5000940f, &(0x7f0000000340)={{r0}, "0542e24c0dc8d0f00eddb97ec080bb0ddf550f35c8275df0117e2051bf8568b5addb1c19c7560e8dad6823c40739093f009c66b847e231fba2b57833ec17f45f27a319ba048834dfa22aa80124f3de6a908177f95c55c66ac2d8ef86cf73c778274ac4b3b24336de70b3a65a82ab8771e3f23b9bcee8180c7b492859fd9c7a61fe95b387f66df4ff30dccb30a7e967e21f1fff7497a7afdc896d25e5bed1ad321ff244940158fb1a0e87562384da83c09b0003718a17922a441a6c20325d69fbaa7050a7a02568325dcf39efd1628522e8c0c5b652a5fa520f9441330b08ef14d6205a403ba97760035e7170ee11613153a73d7abde0030158ca45a8eb2e10642aecd4df2dee789a60a3719618edf2bf771c0441b8ce1eab666b3f113a60a7c7c7619dd36c542271830d41cb1f3ec84eab2defb7f85e0fea8b51d36d3b856ff5232a3088420dac874c94e904ef5ba8ab98f172eaddf32f3648e50143362a4d20f0f82145abe318053535ae2709dfa960e7ea0f74b1f8ac52ef56539830def3e5b917f3f1d15079f7a099b3c5454ae9943abd4220ef380d91dde80912f65b2c765a3f642c999557f2f2f5bb935261c5a92848c9240916ab0cab63cd954598d1122f21830e314192eda01cf447cf9debea51fc9e808b81d99cebd3407e6b70f0c719d165799dc1663e2da0a7ef5601b5086a078ce4017ef4d32d92ba6f167cd37f593093ac374612ac83f50f229bb7cc15e4e4b55e24eac3478dc57c3f8b44c5c035e1613213496fc2aa3c1149fefb28390fac8a407b5ef01a9c008a321cf706b43baa6b05957ef3d1e631bc7c52fdbe5f2cff1f46da3dea85eef585b9ef14e7aded7b3e80b3ade33d130164c1c3f1372d76ff2dea6d08d3298355866eac7294563b0404d6cabf8659ba131a5ad23a1ef48120cf3bd3034b1cad19cda0dd39aa1138537747a92317afbb85e92e05d5c6bdf8d138c18260ff1acae27c8b071ad9edf4ecfb7b6840f41bbf51bd4f40cc09b4046bbc51f74a4d0d36c976f1e449ffea7f058394ee80810a78b604e867d25310e71846fc214d9eefab528665c10434d4fbaf9c8e3cfc99035a83b53e4a993d6f7f5ca11dc4ca7057c7ef16427f04b37786358b55848c1c2016c7b44da21166ad81fb98b4d70d9c7e57eb701d51ed10ff5a6aecc5eaf3bef3790e7179447e29595b782429e5997f4b9c2bdaa8aa6262e84b01df4c3452d84a285f8c9ea7e1d35fcaf1bcf64ed2584aa952139f216ab8fe8e13d29a3e90795636c521a5ac75c03f842abcfc35daaa11aa8e8056e0422f411eb1a811497f8a97b0971dbcfb85e44203ab3e553ad95a5f95bdc8205853f5b6b51a17e3a49a65354f7909856bb07ac1d70361ad741492e47213eaee2e34b2c3cbf75c8ea17141eea6ea8ebc3ccdde39a7c22672cdfb115ef382c8fa449449ad4f4c45df91793f91e467e6d8c786ae5c1cc4d4a5a4e80944672819fad71cab6c90026bd35f56b71173bb37e6e06bef047324b616d75e2907f4574520bd93d9807fe67436753e4cc91efedbc61f07f67b07e74fee43dec6ec85347d87f617fd828aef255c6ff8450241ab4e7660777847cd015f0336f79a660fa49f18e26ca209402b24d040be940387bb9c119a4aa4c8ab19534ef82fab1657c1f83d9db329fbeaef30527a29ab9143670ad2549ea15c403ef8834f3305798d36500cd0e333d2bd412cf1031e166d61f97e8c1190816bb5e30485eb77c4e88ad6e7b5f7ff07b5c6dbda2b6dfa6d4cf78d6dbc294c2933e39b332f91ed8dee07738b6bf5e6df178d1f09cf96e4aacde3ddb0cecf0a51417f870dc73f90930a7361f3edf2a173a24918403ce59903c99624775ac7e0d1b0d74d54621dad63eedaeaad1b2fdf566f09f7b9a4975868a2bef840adf210a3c199c5e29683142df71ba4649cca54dbf12aa3768cebdce221703b73c82033877ddf2c0de926e04f0cf257eecd7b13eefe7d5857e3905318b12dc4f2422a491a2305d9dffcdddc3cebeff7d8eefeaa49ff3397de3e41b7222424c83a3cbbc60d85740f1815ebf97447bc1e10b535b787ed5d1f8a2cd6287e2dd91ad4f8eea442fdc47a387ac35b69c0c07498a0f6ca8f107f887d431565cdfbadab7b942ab73f8be082d71006180c17da78e34efe588d48e58cac7caf1b853e85243086f0da28e2c3cb7444a8f044408aabfd0922c5c1075c976bb162a5c6e3847ce65e9e6c624ba6abc5b450777e76dc8013a68f79a49ca833dbf6d35e9b0ad969a6e9e90e18fe312f6a869fa8b65c2486f384413cbef20ddea5730fc3a5125f027d2b2278b1f8b5fe481a74f52149498a364ae4cc9f17804aff6c40def1c3c8293ece396a186223336f2e41b95a0c0973e5b0d504c99909790f553a2aa55beacabef8f5f42550e78286221c08a3a858a2503154b9499774996c880e31fcb6f30a94702caefe54efbd23c124708e8ed27833b76490ae8229e84a7838585ff07b5d8533eb9b923a29d3d67672c07c25bda6e9194754b3297b10d55239b1a94f7fe54b38eca0b5ce86de0ffbb0b4951374d631006a23ade623efbd7762bf5ea53909380f99a33077eb601d5729268d50b96b32dd5ea621282680d633afbdc375034a3d3cf2b9ad8738db636ce4604da27e64d49ccfc925a51d3bfe006b4a769939d555c28f937e3e7a1aa5e504a2cd187352ef6fcc961bfb11f63b2db478beb76dc1e5fd2bb57d7664d4ad1d19a3cdcbad75456dae8fd92159dcd70686aa5b19054920d7c178c5635eec1093696721c1004e66884cd1e550f35d0e71fffe2914e4cb6a7164db3629c4818392685d3eee0ee2d80f841bad7cad46a1b3143d21bc53c4bb5d017eb3b35c09e4285475444ee7544b83dd349bc5d20711182d95e5a0edf8e2a5df54d927399426c04baef8666d8f9a81ef748e12ee110be5232ee26e2d49ce1fa5ac2171615c6a81d3cb7f1f1ad2a92ed928b3afff68a432bdf7223bfc35ff5c959d3202abfe91dc4bbbd59eede7983c9580019313e4571288699ed3c7aeebc577f8abe8709280a7f0b08a014537de7888509adad6e5cc078aca86529459b18ddc2fe2c1a6d7aa8ba432ee9b3880677477cf5225aa3fcb807cb4aea634545e2f7cc68d0b50c46377af3d0680a0f8ce61147f6bd241045f1f560e7981c37d7a8901fec99b4f3c7883662047729e1a164f3d03f2b774c3eec3715a2006174cb012799c7ed0af1c74e26c6f4a2a3038759161cb17bd2d6c5f1e52fad12e19a54c407703858248582a2d20d03e3e433d29365e29ec4ec0a51d34f24765ec710100c72feec97dd011d32f56b2bcb4e7600032af532f4a5aacd4a3d933bbfa7c9f0694ca6b62dd82d6de17f3391cdfe1e64e46b149c7ad128050cb8ef50a5583381f85dd4a4e887122df08c71d7d13a9f8af55e924dfcfd82e0ae2664f56c40a7d46781cb9c7853af33df52e181b3fbdc6370f33fd5809427d0a5a4968a8f1e676bd592d24568a000dacafe1c9572c0a09f02ef8a26bab474fc4cfc125d64055f5bb5df492bee6ece6e964c12426edd4b2ed46201cf9da918a692cfb25d8b53483174105ba7a578b21e107673e26ce7b5dba5ea153bdd8ad8723fb8dc8884f7450103609262e76a93dffc88674bbd17c802e99115c5379df56c9292c49e4220aadae8d129552b0cf44388592303673ce4a1184e3dc6a76c471c5e86d786f1079a2be02b163068b543ed429181e82a34fc722e4c9653134e493ee0cadd9da09d7c48b2e9b8b70004239419c7a875c78e41eb90efa6c5d3d997c080336a98baa5c781854010a95402b42afdeaee56e7097b4ac1fa0cf68c6eedf26faec50541875bd23cdac65000307d35a56151f0796d87fb352da2fb8696f58203419809c1edaf6ce6726a38bdc3dc7f6b57f4c271c77346e43ad8f6c94ccb8ee742e4876bb468540c97602dd9fb13c150e5fe9c011369bf88e1058e0249757a25dbb15e45b22da8c36252f5e0e9c10fed2389448284742b224b675f96f7a085c55d700f67f4ff7093097dbf8a2b557da304974bc833c20fdec91054cc674bd07a9dfb2374dbf7f5c8b2061ad1a9339543157b7a29f48ee3320cdc82034f7b35d2723e94c9b499b0899e74fe8798d0ec10fdcec171d4700faea5787d931a55f6d33e4df73cd7ae4e5e9fdc3e92d4e6cac5eb6f35d720b5dabc8a73055efec00e5891169e0ea0f9d48778b03adeb9dcdf71933083036fec404d41674131284589ee84b20748bcff804909c28b72a8c4f60e75196944617894bb78b0573630a48aa5d04d510319abeac8afc7514a78809ae1c8c4a8733817e9474c7ce0b1f1cbc965f7607dba787f3f525b366e3e032430784261341ef64120884d890daa65e60dfc0f80fd49e1e02a0a6b6755be656646d1e79feedca313c3d294c90b6892d1f84d555222af106546102a70b5cd8e855c56fe70681b2ab79defedede395ba2b734e1fae00617ef58253d47fb3fca71f67ce49cdfbbc91b78351af63bc8c8d05638ee59c10e21cbf68e0d7faa38a975dde5ff641a5242178b69c9c6673aad9f135419d62503d715ca5f5c2caebba92ec129fea7930d2fb2328112ddbd38917f8cd9a4f20d1208fa8af29f608774554bc5f51970a89959a98807fefdfa6550a694529790dc41f0be30dd4cc221469ea5ba2658427346a8e547dd4d5a653c0386ae039a6de162fdf1a54c41dac7d213f37612ac7e7e9db4263b46cf546cd0523952772005c3321be5337a2e28636d186d55165f0c202c4cd28c454e36230a279e45d99c66f0ba344f7206b32c2a3067c5432de3bf1633608cfee3715a8730f42f8bb28184cc61a38c37b0032d3dedd56ba08a6d7543094e5aa17cdbb3406bb9d2cd4c54e4925e0bc025a8ccf5efde7e20ab87816215444b41c8e21f12cb70ad677d87c5b29b6812c174178a2a7482cde7f345acd179c44bc549ea2c244ce2b35d8ce84de8f32f57cabbcc6961c537c5a0419bb6900a2a5909f5744a2739b81ab5b9f9d9f8e375133d8f7204c2e627b4bd53f3088aee4f4d4e69f8857d1711329f8b4337c2225e56452ebf69510751d9d17dc837a39e1761c1f57a62b5edda566c925f5eccf2096cac2acce2f80c965ca1993ac8b7990949a530eb06349bc6776018b21b351d51c70a7f1742c34bca92314d6265e6ee243cb3e4e6cd82374a4c235ca2a3ea9bbdbb54822497d83e686337360fd994c6bbc5b694bc889408e34b364b60837c4ae12850fa4833510f26c21e40ecc653d15c9047fe4ff55dab780b9da481dda48c064ba0a2cb8a2b6ea459022cec6ecb334e138ba072f56963cf24841bd43f8dd891b4a4eb863228641654aad970842da4bd4bcf00d5c3a42a8e081cd92ff4779f2bf5509702f3f460e22df79ab95ef44a268d9fa758386cfc94c7c7116dc92e8ec56417adc6243439c140f3c98aeacbcf511088c7409c268999d065aa22bb44b5a711ebb495dae92a43251c61abcf06654cb3f5b329c9dd5e5c3df1f430caa5f88ac87a827dad287a3a6c318770f58e7bc5370ee8cd71a7ff4e514134e7d04749eb15e1ff26c194544a3ec3360820218850e4f69a517903a890a1b5af57149cc6e2a0f831c3e4ec012151a14cab6da3a997b4b596487f575b36c507f7dc52b60d06ac034eb27b1f8d133e4eca8740f3d7ed9349841426125b63d3e4b5ad713b2cd7db4b3ca3a03256383ac50f884a829626eb5621c73a72931de922f62e54178caf7d7178cdcbb282a8aeb3a45a920abceb6c"}) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@xdp={0x2c, 0xc, 0x0, 0x16}, 0x80, 0x0}, 0x0) 01:55:58 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2300, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:58 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000600000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 735.399804] input: syz0 as /devices/virtual/input/input295 [ 735.434897] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 735.434897] 01:55:58 executing program 2 (fault-call:0 fault-nth:41): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:58 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 735.523912] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 735.523912] 01:55:58 executing program 0: openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvme-fabrics\x00', 0x44c2c1, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x478c, 0x2}, 0x80, 0x0}, 0x40000c1) [ 735.629781] FAULT_INJECTION: forcing a failure. [ 735.629781] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 735.661550] CPU: 0 PID: 22952 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 735.669589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 735.679224] Call Trace: [ 735.681941] dump_stack+0x1fc/0x2fe [ 735.685713] should_fail.cold+0xa/0x14 [ 735.689726] ? lock_acquire+0x170/0x3c0 [ 735.693883] ? setup_fault_attr+0x200/0x200 [ 735.698362] __alloc_pages_nodemask+0x239/0x2890 [ 735.700149] input: syz0 as /devices/virtual/input/input296 [ 735.703373] ? pcpu_alloc+0x91f/0x1190 [ 735.703404] ? mark_held_locks+0xf0/0xf0 [ 735.703416] ? pcpu_alloc+0xe78/0x1190 [ 735.703454] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 735.726351] ? check_preemption_disabled+0x41/0x280 [ 735.731479] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 735.736602] ? pcpu_alloc+0xc9/0x1190 [ 735.740489] alloc_pages_current+0x193/0x2a0 [ 735.744991] ? __lockdep_init_map+0x100/0x5a0 [ 735.749573] get_zeroed_page+0x10/0x40 [ 735.753512] mount_fs+0x203/0x30c [ 735.757996] vfs_kern_mount.part.0+0x68/0x470 [ 735.762544] do_mount+0x113c/0x2f10 [ 735.766234] ? lock_acquire+0x170/0x3c0 [ 735.770318] ? check_preemption_disabled+0x41/0x280 [ 735.771615] device wlan1 entered promiscuous mode 01:55:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000040)='wlan1\x00\x1b\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9=\x9b\xa0\xf5\xee\x16\x1f\xb9\xf2-\xda\fC\xfdj\xe3\x8d\xe3\xd6\xe0|cL\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5\\f\xcb\xe8%OArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2') ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r1, 0x8983, &(0x7f0000000000)={0x6, 'gretap0\x00', {}, 0x3}) 01:55:58 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000700000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 735.775403] ? copy_mount_string+0x40/0x40 [ 735.775419] ? copy_mount_options+0x59/0x380 [ 735.775438] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 735.775453] ? kmem_cache_alloc_trace+0x323/0x380 [ 735.775467] ? copy_mount_options+0x26f/0x380 [ 735.775483] ksys_mount+0xcf/0x130 [ 735.775512] __x64_sys_mount+0xba/0x150 [ 735.781679] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 735.784730] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 735.784750] do_syscall_64+0xf9/0x620 [ 735.784769] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 735.784784] RIP: 0033:0x460c6a [ 735.784803] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 735.784810] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 735.784831] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 735.869546] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 01:55:58 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46433010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 735.877464] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 735.885240] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 735.892732] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:58 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) write$RDMA_USER_CM_CMD_INIT_QP_ATTR(0xffffffffffffffff, &(0x7f00000000c0)={0xb, 0x10, 0xfa00, {&(0x7f0000000000), 0xffffffffffffffff, 0x5776fd94}}, 0x18) 01:55:59 executing program 2 (fault-call:0 fault-nth:42): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:59 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x6, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:59 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:55:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$nfc_llcp(0xffffffffffffffff, 0x118, 0x3, &(0x7f0000000080)=""/197, 0xc5) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000000)='/dev/audio#\x00', 0x82, 0x1a202) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x5}, 0x4) mmap$binder(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1, 0x11, r1, 0x9) [ 736.079859] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 736.079859] [ 736.099746] FAULT_INJECTION: forcing a failure. [ 736.099746] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 736.141434] CPU: 1 PID: 22985 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 736.149786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 736.159208] Call Trace: [ 736.162069] dump_stack+0x1fc/0x2fe [ 736.165859] should_fail.cold+0xa/0x14 [ 736.169886] ? lock_acquire+0x170/0x3c0 [ 736.173969] ? setup_fault_attr+0x200/0x200 [ 736.178393] __alloc_pages_nodemask+0x239/0x2890 [ 736.183251] ? pcpu_alloc+0x91f/0x1190 [ 736.187251] ? mark_held_locks+0xf0/0xf0 01:55:59 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000800000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 736.191421] ? pcpu_alloc+0xe78/0x1190 [ 736.195434] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 736.200395] ? check_preemption_disabled+0x41/0x280 [ 736.205523] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 736.210628] ? pcpu_alloc+0xc9/0x1190 [ 736.214547] alloc_pages_current+0x193/0x2a0 [ 736.219043] ? __lockdep_init_map+0x100/0x5a0 [ 736.223741] get_zeroed_page+0x10/0x40 [ 736.227305] input: syz0 as /devices/virtual/input/input298 [ 736.227729] mount_fs+0x203/0x30c [ 736.237129] vfs_kern_mount.part.0+0x68/0x470 [ 736.241741] do_mount+0x113c/0x2f10 [ 736.245478] ? lock_acquire+0x170/0x3c0 [ 736.249533] ? check_preemption_disabled+0x41/0x280 [ 736.254658] ? copy_mount_string+0x40/0x40 [ 736.259029] ? copy_mount_options+0x59/0x380 [ 736.263530] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 736.268712] ? kmem_cache_alloc_trace+0x323/0x380 [ 736.273612] ? copy_mount_options+0x26f/0x380 [ 736.278256] ksys_mount+0xcf/0x130 [ 736.281814] __x64_sys_mount+0xba/0x150 [ 736.285808] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 736.290421] do_syscall_64+0xf9/0x620 [ 736.294236] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 736.299471] RIP: 0033:0x460c6a [ 736.302704] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 736.321643] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 736.329389] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 736.336742] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 736.344197] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 736.351533] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 736.358848] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x1e, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xd0, 0x0, 0x0, 0x0, 0xffffff02}, [@map]}, &(0x7f0000000040)='GPL\x00', 0x20, 0xf0, &(0x7f0000000080)=""/240, 0x41100, 0x9, [], 0x0, 0x8, 0xffffffffffffffff, 0x8, &(0x7f0000000180)={0x1, 0x5}, 0x8, 0x10, &(0x7f00000001c0)={0x5, 0x9, 0x0, 0xffffffc1}, 0x10}, 0x78) [ 736.383074] input: syz0 as /devices/virtual/input/input299 01:55:59 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x7, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:55:59 executing program 2 (fault-call:0 fault-nth:43): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:55:59 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000003000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 736.486124] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 736.486124] 01:55:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) write$P9_RCLUNK(0xffffffffffffffff, &(0x7f0000000000)={0x7, 0x79, 0x2}, 0x7) [ 736.626087] input: syz0 as /devices/virtual/input/input300 [ 736.628015] FAULT_INJECTION: forcing a failure. [ 736.628015] name failslab, interval 1, probability 0, space 0, times 0 01:55:59 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46434010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:55:59 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 736.690549] CPU: 0 PID: 23031 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 736.698640] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 736.708041] Call Trace: [ 736.710696] dump_stack+0x1fc/0x2fe [ 736.714415] should_fail.cold+0xa/0x14 [ 736.718411] ? setup_fault_attr+0x200/0x200 [ 736.722840] ? lock_acquire+0x170/0x3c0 [ 736.726902] __should_failslab+0x115/0x180 [ 736.731379] should_failslab+0x5/0xf [ 736.735171] kmem_cache_alloc_trace+0x284/0x380 [ 736.739908] ? set_bdev_super+0x110/0x110 [ 736.744150] ? ns_test_super+0x50/0x50 [ 736.748128] sget_userns+0x122/0xcd0 [ 736.751949] ? set_bdev_super+0x110/0x110 [ 736.756206] ? ns_test_super+0x50/0x50 [ 736.760187] ? set_bdev_super+0x110/0x110 [ 736.764441] ? ns_test_super+0x50/0x50 [ 736.768594] sget+0x102/0x140 [ 736.771881] mount_bdev+0xf8/0x3b0 [ 736.775835] ? parse_options+0xe70/0xe70 [ 736.777772] input: syz0 as /devices/virtual/input/input301 [ 736.780267] mount_fs+0xa3/0x30c [ 736.789418] vfs_kern_mount.part.0+0x68/0x470 [ 736.795235] do_mount+0x113c/0x2f10 [ 736.799505] ? lock_acquire+0x170/0x3c0 [ 736.803981] ? check_preemption_disabled+0x41/0x280 [ 736.809213] ? copy_mount_string+0x40/0x40 [ 736.813664] ? copy_mount_options+0x59/0x380 [ 736.818140] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 736.823466] ? kmem_cache_alloc_trace+0x323/0x380 [ 736.828484] ? copy_mount_options+0x26f/0x380 [ 736.833172] ksys_mount+0xcf/0x130 [ 736.836757] __x64_sys_mount+0xba/0x150 [ 736.840780] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 736.845446] do_syscall_64+0xf9/0x620 [ 736.849290] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 736.854546] RIP: 0033:0x460c6a [ 736.857767] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 736.876729] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 736.884641] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 736.892111] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 736.899434] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 736.906906] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 736.915443] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:55:59 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) getpeername(r0, &(0x7f0000000080)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @loopback}}}, &(0x7f0000000100)=0x80) sendmsg$IPSET_CMD_FLUSH(r1, &(0x7f0000000200)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x20, 0x4, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x4040}, 0x40840) r2 = syz_open_dev$vcsn(&(0x7f0000000000)='/dev/vcs#\x00', 0x200, 0x2000) ioctl$TIOCSRS485(r2, 0x542f, &(0x7f0000000240)={0x1f, 0xffffff01, 0x10000}) ioctl$SNDCTL_SEQ_NRMIDIS(r2, 0x8004510b, &(0x7f0000000040)) 01:56:00 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000006000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x11, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:00 executing program 2 (fault-call:0 fault-nth:44): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 737.083509] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 737.083509] 01:56:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$TIOCGISO7816(0xffffffffffffffff, 0x80285442, &(0x7f0000000000)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:56:00 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4800, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 737.140739] input: syz0 as /devices/virtual/input/input302 [ 737.174772] input: syz0 as /devices/virtual/input/input303 01:56:00 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000007000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 737.228718] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 737.228718] 01:56:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x12, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 737.295344] FAULT_INJECTION: forcing a failure. [ 737.295344] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 737.307313] CPU: 0 PID: 23100 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 737.315291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 737.324920] Call Trace: [ 737.327627] dump_stack+0x1fc/0x2fe [ 737.331357] should_fail.cold+0xa/0x14 [ 737.335363] ? setup_fault_attr+0x200/0x200 [ 737.339780] ? get_page_from_freelist+0x1d60/0x4170 [ 737.344910] ? bad_range+0x260/0x3c0 [ 737.348783] __alloc_pages_nodemask+0x239/0x2890 [ 737.353654] ? kernel_poison_pages+0x2c/0x2a0 [ 737.358249] ? get_page_from_freelist+0x1d01/0x4170 [ 737.363489] ? preempt_count_add+0xaf/0x190 [ 737.367977] ? __lock_acquire+0x6de/0x3ff0 [ 737.372338] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 737.376262] input: syz0 as /devices/virtual/input/input304 [ 737.377258] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 737.377299] ? should_fail+0x142/0x7b0 [ 737.377326] ? lock_acquire+0x170/0x3c0 [ 737.397623] ? check_preemption_disabled+0x41/0x280 [ 737.402843] cache_grow_begin+0xa4/0x8a0 [ 737.407110] ? setup_fault_attr+0x200/0x200 [ 737.411528] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 737.416437] cache_alloc_refill+0x273/0x340 [ 737.420893] kmem_cache_alloc+0x346/0x370 [ 737.425190] getname_kernel+0x4e/0x370 [ 737.429206] kern_path+0x1b/0x40 [ 737.432929] lookup_bdev+0xfc/0x220 [ 737.438497] ? bd_acquire+0x440/0x440 [ 737.442464] blkdev_get_by_path+0x1b/0xd0 [ 737.446735] mount_bdev+0x5b/0x3b0 [ 737.450391] ? parse_options+0xe70/0xe70 [ 737.454671] mount_fs+0xa3/0x30c [ 737.458125] vfs_kern_mount.part.0+0x68/0x470 [ 737.463240] do_mount+0x113c/0x2f10 [ 737.466985] ? lock_acquire+0x170/0x3c0 [ 737.471206] ? check_preemption_disabled+0x41/0x280 [ 737.476385] ? copy_mount_string+0x40/0x40 [ 737.480716] ? copy_mount_options+0x59/0x380 [ 737.485899] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 737.491404] ? kmem_cache_alloc_trace+0x323/0x380 [ 737.496410] ? copy_mount_options+0x26f/0x380 [ 737.501151] ksys_mount+0xcf/0x130 [ 737.504797] __x64_sys_mount+0xba/0x150 [ 737.508887] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 737.513692] do_syscall_64+0xf9/0x620 [ 737.518358] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 737.523668] RIP: 0033:0x460c6a [ 737.526986] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 01:56:00 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46435010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 737.546809] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 737.554605] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 737.562341] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 737.570153] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 737.577488] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 737.584816] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:00 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600003f000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:00 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4c00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 737.628247] attempt to access beyond end of device [ 737.633435] loop2: rw=0, want=184, limit=178 [ 737.648247] metapage_read_end_io: I/O error [ 737.664635] input: syz0 as /devices/virtual/input/input305 01:56:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0xffff, 0x101880) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000140)=0x14) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:56:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x14, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 737.768091] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 737.768091] 01:56:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$LOOP_SET_STATUS64(0xffffffffffffffff, 0x4c04, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2, 0x7, 0x0, 0x1, 0x12, 0x1, "4873292489af60c87177a9044abb5616016177bf1aa68dcc27ad1769f669038cfbe6f7d5125190ce8b9665832d67c7f6dfa703b1cac8c133f279527b0c3781f6", "e08b23d55c05bd78a161093df55f0a362addd1a0200a5acaa6a7edf9f233bc7a4652ffc88de0ed39127bbbe3cfbaff9a2939eab65d0f92efbc1409e2a18f2c07", "82eb95e805faa0c1e8914fb7e5c9d7d147c5c73a505661cdd8c1c6a65f19c882", [0x81e0, 0x4]}) 01:56:00 executing program 2 (fault-call:0 fault-nth:45): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:00 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46436010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 737.848904] input: syz0 as /devices/virtual/input/input306 01:56:00 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600c065010000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:00 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f00000000c0)={'syztnl2\x00', &(0x7f0000000040)={'ip6gre0\x00', 0x0, 0x2f, 0xcb, 0x1, 0x20, 0x9, @private2, @mcast1, 0x10, 0x706, 0x8, 0x3}}) ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000000)=0xd37) sendmsg(r0, &(0x7f0000000100)={&(0x7f00000002c0)=@ll={0x11, 0x1b, r1, 0x1, 0x40}, 0x80, 0x0}, 0x4) 01:56:00 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x15, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 738.015515] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 738.015515] [ 738.029794] FAULT_INJECTION: forcing a failure. [ 738.029794] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 738.041787] CPU: 1 PID: 23168 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 738.049765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.059212] Call Trace: [ 738.062033] dump_stack+0x1fc/0x2fe [ 738.065778] should_fail.cold+0xa/0x14 [ 738.069753] ? __mutex_lock+0x39e/0x1260 [ 738.073918] ? setup_fault_attr+0x200/0x200 [ 738.078343] ? mark_held_locks+0xf0/0xf0 [ 738.082502] __alloc_pages_nodemask+0x239/0x2890 [ 738.087385] ? __lock_acquire+0x6de/0x3ff0 [ 738.091831] ? __lock_acquire+0x6de/0x3ff0 [ 738.096253] ? __lock_acquire+0x6de/0x3ff0 [ 738.100608] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 738.105587] ? mark_held_locks+0xf0/0xf0 [ 738.109762] ? mark_held_locks+0xf0/0xf0 [ 738.113917] ? lock_downgrade+0x720/0x720 [ 738.121930] ? blkdev_get+0x4ce/0x940 [ 738.125837] cache_grow_begin+0xa4/0x8a0 [ 738.130007] ? setup_fault_attr+0x200/0x200 [ 738.134522] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 738.139375] cache_alloc_refill+0x273/0x340 [ 738.143818] kmem_cache_alloc_trace+0x354/0x380 [ 738.148603] ? set_bdev_super+0x110/0x110 [ 738.153001] ? ns_test_super+0x50/0x50 [ 738.156997] sget_userns+0x122/0xcd0 [ 738.160941] ? set_bdev_super+0x110/0x110 [ 738.165199] ? ns_test_super+0x50/0x50 [ 738.169199] ? set_bdev_super+0x110/0x110 [ 738.173472] ? ns_test_super+0x50/0x50 [ 738.177479] sget+0x102/0x140 [ 738.180680] mount_bdev+0xf8/0x3b0 [ 738.184314] ? parse_options+0xe70/0xe70 [ 738.188478] mount_fs+0xa3/0x30c [ 738.191942] vfs_kern_mount.part.0+0x68/0x470 [ 738.196583] do_mount+0x113c/0x2f10 [ 738.200329] ? lock_acquire+0x170/0x3c0 [ 738.204508] ? check_preemption_disabled+0x41/0x280 [ 738.209981] ? copy_mount_string+0x40/0x40 [ 738.214330] ? copy_mount_options+0x59/0x380 [ 738.218851] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 738.223993] ? kmem_cache_alloc_trace+0x323/0x380 [ 738.229696] ? copy_mount_options+0x26f/0x380 [ 738.234426] ksys_mount+0xcf/0x130 [ 738.238059] __x64_sys_mount+0xba/0x150 [ 738.242169] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 738.247070] do_syscall_64+0xf9/0x620 [ 738.250975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 738.256296] RIP: 0033:0x460c6a [ 738.259561] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 738.278495] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 738.286246] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 738.293668] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 738.300978] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 738.308295] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 01:56:01 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 738.315617] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 738.327057] attempt to access beyond end of device [ 738.332148] loop2: rw=0, want=184, limit=178 [ 738.336798] metapage_read_end_io: I/O error 01:56:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = accept(r0, &(0x7f0000000000)=@l2tp={0x2, 0x0, @private}, &(0x7f0000000080)=0x80) sendmsg$ETHTOOL_MSG_CHANNELS_GET(r1, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x34, 0x0, 0x400, 0x70bd27, 0x25dfdbfb, {}, [@HEADER={0x20, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_macvtap\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x10040010}, 0x4000000) [ 738.422579] input: syz0 as /devices/virtual/input/input308 [ 738.443177] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 738.443177] 01:56:01 executing program 2 (fault-call:0 fault-nth:46): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:01 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000100001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 738.498593] input: syz0 as /devices/virtual/input/input309 01:56:01 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:01 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46437010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 738.606409] FAULT_INJECTION: forcing a failure. [ 738.606409] name failslab, interval 1, probability 0, space 0, times 0 [ 738.676807] CPU: 0 PID: 23217 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 738.684934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 738.694346] Call Trace: [ 738.697047] dump_stack+0x1fc/0x2fe [ 738.700882] should_fail.cold+0xa/0x14 [ 738.704895] ? setup_fault_attr+0x200/0x200 [ 738.709328] ? lock_acquire+0x170/0x3c0 [ 738.713578] __should_failslab+0x115/0x180 [ 738.717923] should_failslab+0x5/0xf [ 738.721746] __kmalloc+0x2ab/0x3c0 01:56:01 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6800, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 738.725564] ? __list_lru_init+0xd3/0x7f0 [ 738.729837] __list_lru_init+0xd3/0x7f0 [ 738.733918] ? up_write+0x18/0x150 [ 738.740408] sget_userns+0x7e2/0xcd0 [ 738.744235] ? set_bdev_super+0x110/0x110 [ 738.748533] ? ns_test_super+0x50/0x50 [ 738.752532] ? set_bdev_super+0x110/0x110 [ 738.756774] ? ns_test_super+0x50/0x50 [ 738.760763] sget+0x102/0x140 [ 738.763968] mount_bdev+0xf8/0x3b0 [ 738.767613] ? parse_options+0xe70/0xe70 [ 738.771756] mount_fs+0xa3/0x30c [ 738.775259] vfs_kern_mount.part.0+0x68/0x470 [ 738.778982] input: syz0 as /devices/virtual/input/input310 [ 738.779919] do_mount+0x113c/0x2f10 [ 738.779952] ? do_raw_spin_unlock+0x171/0x230 [ 738.794099] ? check_preemption_disabled+0x41/0x280 [ 738.799265] ? copy_mount_string+0x40/0x40 [ 738.803584] ? copy_mount_options+0x59/0x380 [ 738.808062] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 738.813183] ? kmem_cache_alloc_trace+0x323/0x380 [ 738.818111] ? copy_mount_options+0x26f/0x380 [ 738.822692] ksys_mount+0xcf/0x130 [ 738.826317] __x64_sys_mount+0xba/0x150 [ 738.830524] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 738.835209] do_syscall_64+0xf9/0x620 [ 738.839111] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 738.844375] RIP: 0033:0x460c6a [ 738.847625] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 738.866572] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 01:56:01 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000200001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 738.874499] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 738.881843] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 738.889174] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 738.896792] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 738.904423] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:01 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x8, 0x100) getsockopt$inet_sctp_SCTP_CONTEXT(r1, 0x84, 0x11, &(0x7f0000000080)={0x0, 0xfffffc00}, &(0x7f00000000c0)=0x8) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) recvfrom$l2tp6(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0xdae7dbdb95d6992f, &(0x7f0000000040)={0xa, 0x0, 0x0, @dev}, 0x20) [ 738.929884] input: syz0 as /devices/virtual/input/input311 01:56:02 executing program 2 (fault-call:0 fault-nth:47): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:02 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x2f, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:02 executing program 0: socket$packet(0x11, 0x2, 0x300) r0 = socket$inet6_dccp(0xa, 0x6, 0x0) setsockopt$packet_rx_ring(0xffffffffffffffff, 0x107, 0x5, &(0x7f0000000400)=@req={0x0, 0x5, 0x6e8fa061, 0x1ff}, 0x10) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)=@ethernet={0x306, @local}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000080)="c47369b3f8adb748890da7d7d5431eec3919a12a4dd9d180ce6ea8d213401dd71258bc2fae43906adc1986fd6f9b5a2eaec3500455262aa5dcacf63995488b3c56b77bfbf839692874bbcf8ce3867d0a7ed9ce824abfdae9c008aec9680a4f7539ea8f09f44a5d3af924dafc7bf01e3361f640df2dbc19c0d5ef52186cd17cf30380a3efc7b52300d8fabfdc", 0x8c}, {&(0x7f0000000140)="1686d66a3a1c200f5963cdd4a0a9160e6867c63f09d97770894a3ee30e2d44f8d5673bc11a3abcf583fc4045c4acdb2cd2a3a1b0548377e90201b93c944ffd22f74ea70532fb0071ab226316b3ea0b7c9301c24d468635f61a36d806d211be1a249e458bd58a380a3928fdcde531ca2db7d1f02b986b6a3b4519b3c310c9abfaedc10b2346c207a54717b381aa23c0cbbf8ff4aa04e4221bb2d82b8cccc8b188ec7a4150e2f13d8134f1d5901d9e4966def37e4d0b33d68fc88607b38a133ea6ae5967fba165168b", 0xc8}, {&(0x7f0000000240)="a616a977fb8463a52000eb34820b5d0226ae072c3ef83f4854910e17b34d9c6de3158e382837801b8f10f3", 0x2b}, {&(0x7f0000000340)="f7f5df0cd6817a1c05080fd8ccf443e7fa518cb68bb4c73c61dbba631f26391456616d1dbd2cd7a67c648208704bc7b783bb96fecf5be77674e55f403e9b87aeab37db751f9585e2ceeb7a6c854f93", 0x4f}], 0x4}, 0x10) 01:56:02 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6c00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 739.027126] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 739.027126] 01:56:02 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000300001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 739.114776] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 739.114776] [ 739.126607] input: syz0 as /devices/virtual/input/input312 [ 739.181000] FAULT_INJECTION: forcing a failure. [ 739.181000] name failslab, interval 1, probability 0, space 0, times 0 [ 739.219936] input: syz0 as /devices/virtual/input/input313 [ 739.233397] CPU: 0 PID: 23275 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 739.241803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.251233] Call Trace: [ 739.253889] dump_stack+0x1fc/0x2fe [ 739.257585] should_fail.cold+0xa/0x14 [ 739.261546] ? setup_fault_attr+0x200/0x200 [ 739.265996] ? lock_acquire+0x170/0x3c0 [ 739.270047] __should_failslab+0x115/0x180 [ 739.274347] should_failslab+0x5/0xf [ 739.278104] __kmalloc+0x2ab/0x3c0 [ 739.282125] ? prealloc_shrinker+0x15d/0x340 [ 739.286608] prealloc_shrinker+0x15d/0x340 [ 739.290913] sget_userns+0x7b4/0xcd0 [ 739.294693] ? set_bdev_super+0x110/0x110 [ 739.299039] ? ns_test_super+0x50/0x50 [ 739.302983] ? set_bdev_super+0x110/0x110 [ 739.307195] ? ns_test_super+0x50/0x50 [ 739.311145] sget+0x102/0x140 [ 739.314277] mount_bdev+0xf8/0x3b0 [ 739.317863] ? parse_options+0xe70/0xe70 [ 739.321991] mount_fs+0xa3/0x30c [ 739.325510] vfs_kern_mount.part.0+0x68/0x470 [ 739.330059] do_mount+0x113c/0x2f10 [ 739.333755] ? retint_kernel+0x2d/0x2d [ 739.337667] ? copy_mount_string+0x40/0x40 [ 739.342029] ? copy_mount_options+0x1da/0x380 [ 739.346816] ? __sanitizer_cov_trace_pc+0x40/0x50 [ 739.351993] ? copy_mount_options+0x26f/0x380 [ 739.356598] ksys_mount+0xcf/0x130 [ 739.360513] __x64_sys_mount+0xba/0x150 [ 739.365344] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 739.370154] do_syscall_64+0xf9/0x620 [ 739.374110] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 739.379412] RIP: 0033:0x460c6a [ 739.382628] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 739.402058] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 739.409979] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 739.417446] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 739.425246] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 01:56:02 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46438010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) syz_mount_image$ext4(&(0x7f0000000040)='ext3\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000200)=[{&(0x7f0000000280)="20000000000100000c000000d40000000f000000010000000000000000000000002000000020000020000000d1f4655fd1f4655f0100000053ef010024f20000d0f4655f000000000000000001000000000000000b000000000244bcdc", 0x5d, 0x400}], 0x1, &(0x7f0000000140)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4, 0x2}, 0x80, 0x0}, 0x0) [ 739.432558] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 739.439865] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:02 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000400001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:02 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x300, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:02 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7400, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 739.573923] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 739.573923] 01:56:02 executing program 2 (fault-call:0 fault-nth:48): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x4044) 01:56:02 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000600001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 739.632405] input: syz0 as /devices/virtual/input/input314 [ 739.681237] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 739.681237] [ 739.695383] input: syz0 as /devices/virtual/input/input315 01:56:02 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, &(0x7f0000000000)={0xffffffff, 0xffff7fff, 0x0, 0x1, 0x80000000}) 01:56:02 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x500, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 739.798425] FAULT_INJECTION: forcing a failure. [ 739.798425] name failslab, interval 1, probability 0, space 0, times 0 [ 739.828066] CPU: 0 PID: 23342 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 739.835831] input: syz0 as /devices/virtual/input/input316 01:56:02 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46439010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 739.836117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 739.851227] Call Trace: [ 739.853899] dump_stack+0x1fc/0x2fe [ 739.857803] should_fail.cold+0xa/0x14 [ 739.861746] ? setup_fault_attr+0x200/0x200 [ 739.866113] ? lock_acquire+0x170/0x3c0 [ 739.870301] __should_failslab+0x115/0x180 [ 739.874926] should_failslab+0x5/0xf [ 739.878786] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 739.883946] __kmalloc_node+0x38/0x70 [ 739.887923] kvmalloc_node+0x61/0xf0 [ 739.891703] __list_lru_init+0x4c6/0x7f0 [ 739.895913] ? up_read+0x103/0x110 [ 739.899520] sget_userns+0x7e2/0xcd0 [ 739.903293] ? set_bdev_super+0x110/0x110 [ 739.907544] ? ns_test_super+0x50/0x50 [ 739.911479] ? set_bdev_super+0x110/0x110 [ 739.915646] ? ns_test_super+0x50/0x50 [ 739.919892] sget+0x102/0x140 [ 739.923014] mount_bdev+0xf8/0x3b0 [ 739.926570] ? parse_options+0xe70/0xe70 [ 739.930653] mount_fs+0xa3/0x30c [ 739.934128] vfs_kern_mount.part.0+0x68/0x470 [ 739.938682] do_mount+0x113c/0x2f10 [ 739.942372] ? lock_acquire+0x170/0x3c0 [ 739.946393] ? check_preemption_disabled+0x41/0x280 [ 739.951487] ? copy_mount_string+0x40/0x40 [ 739.955803] ? copy_mount_options+0x59/0x380 [ 739.960287] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 739.965345] ? kmem_cache_alloc_trace+0x323/0x380 [ 739.970243] ? copy_mount_options+0x26f/0x380 [ 739.974800] ksys_mount+0xcf/0x130 [ 739.978380] __x64_sys_mount+0xba/0x150 [ 739.982443] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 739.987924] do_syscall_64+0xf9/0x620 [ 739.991746] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 739.996978] RIP: 0033:0x460c6a [ 740.000364] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 740.019482] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 740.027373] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 740.034803] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 740.042242] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 740.049577] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 740.057117] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 740.089166] input: syz0 as /devices/virtual/input/input317 01:56:03 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000700001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000140)) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r0, 0x8983, &(0x7f0000000180)={0x1, 'veth1_to_bond\x00'}) getsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000000)={{{@in6=@private2, @in6=@local}}, {{@in=@empty}, 0x0, @in6=@local}}, &(0x7f0000000100)=0xe8) 01:56:03 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7a00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 2 (fault-call:0 fault-nth:49): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x600, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 740.205175] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 740.205175] 01:56:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f0000000000)=@pptp={0x18, 0x2, {0x2, @empty}}, 0x80, 0x0}, 0x4) [ 740.263973] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 740.263973] [ 740.287415] FAULT_INJECTION: forcing a failure. [ 740.287415] name failslab, interval 1, probability 0, space 0, times 0 [ 740.300919] CPU: 1 PID: 23393 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 01:56:03 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000800001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 740.303695] input: syz0 as /devices/virtual/input/input318 [ 740.310015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.310031] Call Trace: [ 740.310087] dump_stack+0x1fc/0x2fe [ 740.310121] should_fail.cold+0xa/0x14 [ 740.310144] ? setup_fault_attr+0x200/0x200 [ 740.310161] ? lock_acquire+0x170/0x3c0 [ 740.310194] __should_failslab+0x115/0x180 [ 740.310223] should_failslab+0x5/0xf [ 740.310237] __kmalloc+0x2ab/0x3c0 [ 740.310264] ? __list_lru_init+0xd3/0x7f0 [ 740.310283] __list_lru_init+0xd3/0x7f0 [ 740.310296] ? up_read+0x103/0x110 [ 740.310320] sget_userns+0x810/0xcd0 [ 740.310337] ? set_bdev_super+0x110/0x110 [ 740.310355] ? ns_test_super+0x50/0x50 [ 740.310372] ? set_bdev_super+0x110/0x110 [ 740.310384] ? ns_test_super+0x50/0x50 [ 740.310409] sget+0x102/0x140 [ 740.390701] mount_bdev+0xf8/0x3b0 [ 740.394344] ? parse_options+0xe70/0xe70 [ 740.398496] mount_fs+0xa3/0x30c [ 740.401953] vfs_kern_mount.part.0+0x68/0x470 [ 740.406562] do_mount+0x113c/0x2f10 [ 740.410570] ? lock_acquire+0x170/0x3c0 [ 740.414608] ? check_preemption_disabled+0x41/0x280 [ 740.419644] ? copy_mount_string+0x40/0x40 [ 740.423892] ? copy_mount_options+0x59/0x380 [ 740.428315] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 740.433592] ? kmem_cache_alloc_trace+0x323/0x380 [ 740.438515] ? copy_mount_options+0x26f/0x380 [ 740.443192] ksys_mount+0xcf/0x130 [ 740.446827] __x64_sys_mount+0xba/0x150 [ 740.450881] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 740.455531] do_syscall_64+0xf9/0x620 [ 740.459408] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 740.464684] RIP: 0033:0x460c6a [ 740.467930] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 740.486902] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 740.494678] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 740.502045] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 740.509395] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 740.516820] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 740.524269] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:03 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4643a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 740.559924] input: syz0 as /devices/virtual/input/input319 01:56:03 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000003f00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xb000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 0: ioctl$sock_inet_SIOCSARP(0xffffffffffffffff, 0x8955, &(0x7f0000000080)={{0x2, 0x4e20, @empty}, {0x7, @random="129c75d16fc7"}, 0x40, {0x2, 0x4e22, @broadcast}, 'vlan1\x00'}) r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f0000000000)=@vsock={0x28, 0x0, 0xffffffff, @my=0x1}, 0x80, 0x0, 0xfffffffffffffe2b}, 0x0) dup(r0) 01:56:03 executing program 2 (fault-call:0 fault-nth:50): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:03 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x700, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x404c840) 01:56:03 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)=@hci={0x1f, 0x2}, 0x80, &(0x7f0000000240)=[{&(0x7f0000000080)="13bd2f584e6763a7feb37d7dc5e7a71510e1957e961f384bc729274552ba16745a3902d9a6a6cad108bb6ee5c7d9b77751a9b1d27a8c9ff7bfa7bb1e62cb828a5febb5387a9f4f2d258e78e0", 0x4c}, {&(0x7f0000000100)="bf5ea50ee31caf3a5f5a22d693e4790a0933e485af94f81f7211a3aa3a9494bdb38f105632e6584742a769f6aea540057554caacce7304ee837f9e1bc9497321346b9cbc7d05962a56126302befec699c2b1bf250c789907a023a2822823a162c944a765c8eb0a106913f658294d82bc6c1f4979084a29adb2dfd29bd1132bb9cdb21af6e43b6aab63f5ed64c036", 0x8e}, {&(0x7f00000001c0)="a6346c70499f10193f78ac6cadd90fe16680cb6e7776244da02afd4cb926586135b325f433c203b8e06524b8da44315bbcce873da58f6c347d8e24eb484be731dacabb39d8e45a612f11f16da9d7ba637ed6c4cbc7373d91a141e4dc6646bec13fec6a7a02e3edc51fef7057", 0x6c}], 0x3}, 0x40) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$NL80211_CMD_ASSOCIATE(r1, &(0x7f0000000680)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000640)={&(0x7f00000005c0)={0x70, 0x0, 0x404, 0x70bd25, 0x25dfdbff, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_FILS_KEK={0x33, 0xf2, "6a0a3673974bc5c5315370d7b98a84ea04243237b4053c4dd6f9e000be42b7874ddbac4c25643e3273786aa52ae21d"}, @NL80211_ATTR_USE_MFP={0x8, 0x42, 0x2}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac=@broadcast}]}, 0x70}, 0x1, 0x0, 0x0, 0x800}, 0x44011) r2 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000380)='mptcp_pm\x00') syz_open_dev$midi(&(0x7f0000000540)='/dev/midi#\x00', 0x5, 0x240) openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ashmem\x00', 0x80, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f00000004c0)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000480)={&(0x7f00000003c0)={0xa0, r2, 0x800, 0x70bd29, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x8}, @MPTCP_PM_ATTR_RCV_ADD_ADDRS={0x8, 0x2, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x6}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x7}, @MPTCP_PM_ATTR_ADDR={0x4}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x5}, @MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x4}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0xd}]}, @MPTCP_PM_ATTR_ADDR={0x34, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @private1={0xfc, 0x1, [], 0x1}}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e20}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4004}, 0x4040800) 01:56:03 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000165c000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 740.829642] input: syz0 as /devices/virtual/input/input320 [ 740.869338] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 740.869338] 01:56:03 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xe0ff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 740.880818] FAULT_INJECTION: forcing a failure. [ 740.880818] name failslab, interval 1, probability 0, space 0, times 0 [ 740.912670] input: syz0 as /devices/virtual/input/input321 [ 740.920639] CPU: 0 PID: 23444 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 740.928584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 740.938000] Call Trace: [ 740.940644] dump_stack+0x1fc/0x2fe [ 740.944407] should_fail.cold+0xa/0x14 [ 740.948354] ? setup_fault_attr+0x200/0x200 [ 740.952714] ? lock_acquire+0x170/0x3c0 [ 740.956745] __should_failslab+0x115/0x180 [ 740.961053] should_failslab+0x5/0xf [ 740.964820] kmem_cache_alloc_node_trace+0x244/0x3b0 [ 740.969975] __kmalloc_node+0x38/0x70 [ 740.973931] kvmalloc_node+0x61/0xf0 [ 740.977735] __list_lru_init+0x4c6/0x7f0 [ 740.981890] ? up_read+0x103/0x110 [ 740.985669] sget_userns+0x810/0xcd0 [ 740.989438] ? set_bdev_super+0x110/0x110 [ 740.994694] ? ns_test_super+0x50/0x50 [ 740.998654] ? set_bdev_super+0x110/0x110 [ 741.002862] ? ns_test_super+0x50/0x50 [ 741.006823] sget+0x102/0x140 [ 741.009995] mount_bdev+0xf8/0x3b0 [ 741.013579] ? parse_options+0xe70/0xe70 [ 741.017877] mount_fs+0xa3/0x30c [ 741.021325] vfs_kern_mount.part.0+0x68/0x470 [ 741.025905] do_mount+0x113c/0x2f10 [ 741.029606] ? lock_acquire+0x170/0x3c0 [ 741.033646] ? check_preemption_disabled+0x41/0x280 [ 741.038724] ? copy_mount_string+0x40/0x40 [ 741.043015] ? copy_mount_options+0x59/0x380 [ 741.047491] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 741.052587] ? kmem_cache_alloc_trace+0x323/0x380 [ 741.057503] ? copy_mount_options+0x26f/0x380 [ 741.062075] ksys_mount+0xcf/0x130 [ 741.065668] __x64_sys_mount+0xba/0x150 [ 741.069723] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 741.074374] do_syscall_64+0xf9/0x620 [ 741.078241] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 741.083474] RIP: 0033:0x460c6a [ 741.086724] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 741.105699] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 741.113450] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 741.120763] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 01:56:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@nfc_llcp={0x27, 0x1, 0x0, 0x6, 0x55, 0x8, "da50e718ae9175f31d5efa95788f4339cb13c1469d3c9840266f722a50e1efe70cfe17da76f1083b6d8e72e13b29f8a2d9c39fe84b00078dedcdc2c3b83610", 0x35}, 0x80, 0x0}, 0x8000) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$KVM_ASSIGN_DEV_IRQ(r1, 0x4040ae70, &(0x7f0000000040)={0x8cfa, 0x0, 0xd47, 0x4}) ioctl$VIDIOC_S_AUDIO(0xffffffffffffffff, 0x40345622, &(0x7f0000000000)={0x2ce, "e48b21455b8d99a72031752a9e13b1b6ff88b871ffd141d4669962ad93dfe538"}) [ 741.128080] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 741.135397] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 741.142706] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:04 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fffffff600001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 741.241779] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 741.241779] 01:56:04 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4643b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:04 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xedc0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:04 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1100, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') getpeername(r1, &(0x7f0000000000)=@un=@abs, &(0x7f0000000080)=0x80) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f00000000c0)={0x1a, 0x5, 0x4}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:56:04 executing program 2 (fault-call:0 fault-nth:51): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:04 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fffffdfc00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 741.432711] input: syz0 as /devices/virtual/input/input322 [ 741.459329] device wlan1 left promiscuous mode [ 741.491425] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 741.491425] 01:56:04 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xff0f, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 741.587170] FAULT_INJECTION: forcing a failure. [ 741.587170] name failslab, interval 1, probability 0, space 0, times 0 [ 741.612436] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 741.612436] [ 741.650658] CPU: 0 PID: 23536 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 741.659402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 741.668927] Call Trace: [ 741.671618] dump_stack+0x1fc/0x2fe [ 741.675364] should_fail.cold+0xa/0x14 [ 741.679363] ? setup_fault_attr+0x200/0x200 [ 741.683824] ? lock_acquire+0x170/0x3c0 [ 741.687991] __should_failslab+0x115/0x180 [ 741.692322] should_failslab+0x5/0xf [ 741.696128] __kmalloc+0x2ab/0x3c0 01:56:04 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fffffdfd00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 741.699734] ? __list_lru_init+0xd3/0x7f0 [ 741.704296] __list_lru_init+0xd3/0x7f0 [ 741.708557] ? up_write+0x18/0x150 [ 741.713054] sget_userns+0x7e2/0xcd0 [ 741.717986] ? set_bdev_super+0x110/0x110 [ 741.722477] ? ns_test_super+0x50/0x50 [ 741.726448] ? set_bdev_super+0x110/0x110 [ 741.731944] ? ns_test_super+0x50/0x50 [ 741.737647] sget+0x102/0x140 [ 741.742040] mount_bdev+0xf8/0x3b0 [ 741.746818] ? parse_options+0xe70/0xe70 [ 741.750967] mount_fs+0xa3/0x30c [ 741.754678] vfs_kern_mount.part.0+0x68/0x470 [ 741.759913] do_mount+0x113c/0x2f10 [ 741.763724] ? do_raw_spin_unlock+0x171/0x230 [ 741.769133] ? check_preemption_disabled+0x41/0x280 [ 741.774934] ? copy_mount_string+0x40/0x40 [ 741.779439] ? copy_mount_options+0x59/0x380 [ 741.783902] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 741.789443] ? kmem_cache_alloc_trace+0x323/0x380 [ 741.794454] ? copy_mount_options+0x26f/0x380 [ 741.799111] ksys_mount+0xcf/0x130 [ 741.802680] __x64_sys_mount+0xba/0x150 [ 741.806862] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 741.811536] do_syscall_64+0xf9/0x620 [ 741.815371] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 741.820774] RIP: 0033:0x460c6a [ 741.824009] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 741.843098] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 01:56:04 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1200, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 741.850846] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 741.858169] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 741.866291] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 741.874169] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 741.883959] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:04 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4643c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:04 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@phonet={0x23, 0x40, 0x40, 0x8}, 0x80, 0x0}, 0x0) 01:56:05 executing program 2 (fault-call:0 fault-nth:52): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4787, 0x2}, 0x80, 0x0}, 0x4010) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x5c, 0x0, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bridge_slave_1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x1}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond_slave_1\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz2\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x40}, 0x0) 01:56:05 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fffffffe00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffe0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 742.068347] input: syz0 as /devices/virtual/input/input324 [ 742.103716] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 742.103716] [ 742.132468] FAULT_INJECTION: forcing a failure. [ 742.132468] name failslab, interval 1, probability 0, space 0, times 0 01:56:05 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fcfdffff00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 0: r0 = syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x37e6, 0x40) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) syz_mount_image$hpfs(&(0x7f0000000100)='hpfs\x00', &(0x7f0000000140)='./file0\x00', 0x4b60, 0x3, &(0x7f0000000240)=[{&(0x7f0000000180)="a17bd492f5feafbcf8f3aa5680767210c584b18ff68a5de2ddf54245a28384b7b6cf6b433fb861076a0ea3e11f725b685501c81bdbb9517a78ae4a9e5e6f6522bc5678c41241d7c827cf388ea8aea6d2a596958402832f1a0227382855a4d0c09d66adddcc7bedc478f04c06d344ac1c964d417beacb7c67aebeeffe89fff5e476c33f34721bba700a506a53ae136a5c9bf9c227412593460b8bfe3d65160dec7595fe0477a3", 0xa6, 0x4}, {&(0x7f0000000340)="688d66548a9e2988ffc5869c9105068510c3eca2c9b63c89bde9cc66dc809ec45350ea9013e7dd902fe33777f9d492f77283b6f98f004855dd1ffb3ae0a317369a8194040b21e2d73d8ce2f19a51b3a504edaa5cc6e5f357e496363f7eff484080f7bf59dbb20456da927dc87ca373e5412ab56e36fac723ac3453dcd01ba229b7e232b35eb0f6cd00ded14a6ab9bd8f68d20e37c6896a53e69b6b21e33ac0408151484521fef18d7645f02b5f3a3847d310d44e6502d6", 0xb7, 0x7}, {&(0x7f0000000400)="20d8766a1e3143fc6b98a626a98fde5a5a3999ec386337caa898c6a139d4aaae6625c7ea4d9b2c89dd1da137b5e8256edfded658ccbb27840cef64dc9baa486192d6661ecaf42e0d06a78db609022bea4b4184ae3576bd5e62c8b9876038288e6652c5d0afec4038344f3fa6787c8b64190d0aa2dfb838743c20fb3b9f1397f49bf9a3668fdb3e6a9b16ad32832f60e29d16f40169a0d3f855ab75c0f7f8e5ac43a5d35d91ba07ce72246aa0fadf234ce1271c5660af72ac94ee89b426cfa4e9a9fb2c2ac024d54190250626e71daef6dfc124c5d09f585fcfa1b4803d890bb0ce4aa4", 0xe3, 0x2}], 0x10004, &(0x7f0000000500)={[{'-)-([\xd5])^%'}, {'/dev/input/mouse#\x00'}], [{@uid_eq={'uid', 0x3d, r2}}, {@fsname={'fsname', 0x3d, '/dev/input/mouse#\x00'}}, {@func={'func', 0x3d, 'CREDS_CHECK'}}, {@fowner_gt={'fowner>', r4}}, {@dont_appraise='dont_appraise'}, {@defcontext={'defcontext', 0x3d, 'unconfined_u'}}]}) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r0, 0x84, 0x5, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e22, @remote}}}, 0x84) prctl$PR_SET_NO_NEW_PRIVS(0x26, 0x1) r5 = socket$packet(0x11, 0x2, 0x300) syz_mount_image$nfs(&(0x7f00000005c0)='nfs\x00', &(0x7f0000000600)='./file0\x00', 0x1, 0xa, &(0x7f0000001b80)=[{&(0x7f0000000640)="7169ab3a63acf452cc9b7641a94d0d06cb7d5478cedee4e899b20594234caab06918981c07eed3d76fbf2d951fb4d54dd704af", 0x33, 0x6}, {&(0x7f0000000680)="72b0a6870b8dfde237d698dc272098dbfdbafc028d9d76beccdd2ef9b9ee1bbd771678325787de3676dd0ddb46202bf5a5955e4c854331d61b774705277a28030cd2cad0c415660b19", 0x49, 0x6ba}, {&(0x7f0000000700)="2cf75390ab740114462f40f25b427cafa376b24aec2d057944ce81abc59c79e8fb0bac1dc92258d4073deb4c2bc429172f72ecb31a1ab4131ae019bb4f82038d2e2283b975284c29b44819de7ae828051c8f1f9a7397e5c29ce35b89193abff29e0442dbed7ba8eef6f5af9d0d456732d38302fe1732dbb3379317c3011f09f672fc678619fc004fcc44a1bfd0469521a197f3b61ffae7dca9cbacc17113c7868f5eb4dd810d38877d57539d838027a99b5c549b4c619221a2e9d59a04bd16f50f6f7cad4d4b1579f3cb69f34c031f1831663def248a17afb6d566ebbf6f24e6be10516848b22ed0baa5017bd515ee120ca241c4449ab69e57709b8b90239a6730a755a6d041e194095646b205d4a9e9d26f51d90dedb6db397226d7f4c982dd9faba93570645274cd37016ec951e17e697c2fa46fa4169eb0981ba2de7bccdf1c58a874ba304f0b2b9f6448d47fde3a6fbc98eaf81d1f8cebbef593d4335b31f8cdee6c4f28bcd9710a102121f73451f3858f4760a5d4e47c1e74b4ffd021c57a879e716143c8e6470fd385b0d661fc07c17edff24b480551b7b1619672caf1008560729bb88263674ae93d5ddc4bed29b5707396570ac94ba1ba33f88e4e7d1ea78f95f472a440ea982f34f71a41792981d927e7b0f809ccc067df34f5502c1ffde39168f268fb974f876b7fe3bcce962728e98550a001a72a652e10f4cac35fe3a6f1513209fba500b90d3c37aba5f52e898c7c681d09b5a232446d01d73687482e1eb63be76fca54309eee6cfcda657de220127e3f9895f82da603289d67c19b534a1bb6aa3e18d89b2874a84b90f48263c1c171c29c1dfe842b4abbf20a32c24c435ff93165bb2cb150d550e3fea8aa18db9954a100a7f3b5d5bd9ae0305d9fa2596ab87adb22676aa07828e85038673ab88b1557e2c761ca2308b364901f8b7bf3073f75fd4e6b952c4abe78e780201fd409807b1e46c2d403781ccfe9f16b905dee3f4500bffa3fc77860c0220121a6a6c7cf25dbd3015b31530010b4759107f324e800c44e6d7f3725ca16f2c412b3038c4fcf12c74410f97e46694b2d4b05a9f6bdd71e58fbc7e8af389e651fb47ff352e454abe57b9abdcb532dbb1571dbd7d892e211d51e967e488d19089cc53753a8ceeb9d453040f00d1353bbeab6e62bd3404efa3e967302bcf13aa909035f97e4d15501afb3642c4c0e107c384a293402a306ccf364b189fff3a5c47a839c593115d56bd8e104a51a582e82aa52df893fecc96f37a8627f269e1949ac8c4311fe81572a743d0a491b450804a9e0dcf5e8da2183822baa9fa2e6edd34db775731127cb60bb43fe6a5fa5f070b46f8c6efdc55aed2957e3f6faad6ec26f81b3f103c323c11e34af3f9899253ba99f9207ea8fb66deaa7870b07b5fd1876f470f93e6ded527bffcf16aaf0bb177724844fbb0eb2365cb0826ed6ca3492019dbf9c00018722c0122ebf76feb5bc0dae497365f6253e4415af91d80ccd563cee99c388d09cafd13cfecb7399ba380580569f4610c983edcc9cbfd3cae2e9e212a06b7b7341f624a3c484f786b59a8db0f4b1caeecdfa0169c1a163f7b405aac2d7a69d1facbb6e25a91e8bd7292c0ca9a1539518859fbf097ff212163294008c73f1077f855e67654f66a7c406dbe500d75fc8a8bf6f030f667ff266d6fd870ca19d67ab773e810756f45a94f1209699fbd46d438d868c6d93d4bb43a4991bcc4b26c39fc601e0df2ca091dbddcc6211db1da97d9f452989d4286880ea5da2e4571e1c42727dceb4ca8fbf6c451ca3f1e77738b36a3bbd112b19d423d73b3797f98ed0372df9f830b3fb8ba5b425fe92fbaddb4502461dffdaa71f3720b6ddb35510438bd1f8409f460392e8c043e743e2beab8894ea1d507423958a8b7e4bb983e3ef152291c7fec61b063d150f35e8bc972853929af2eb8b74bc95ecd44e0ca347951e9ab3769c278cf591b3c9778699af387f3081da04a3f1aca5e0c5f144fc492180b6cad000f98d0665d11c4be7b746325679c3f5db670b57e26d10de4497bc311daa6f23683cb28e02e30f47b140a3416d776aa3339156e7ff596ba333f32de943ae65689013ad2deac64eecfa558b128c0efeaa435e533faa258a58a623d99e00a7138333d2ef6d7085933d7fda40f93dc5f4a878536d75ad3f93d41865f89e0414267fbc7c8bbfc5938cabc306f6542a255650dc26aea8f96823a7b183fe71ff07217bcd3e72414572ca5570ba3fa0f9f8bca0c7ab4db88f013737583d212b99da10eaed671f1450a103a3d0093ff1a14c7f41496c9ce63acf17adf484bc98af7652ad21ab02727251fa839780093ebb5cdec8262dff98c2e7efb81149217fd42f02bed8cf178b66dee54648e4425aeb03a4976dbfcc57e84fb42feb5233ba744d9e66ba605e920d7cfbc0d3f662abfe18acd8e409a0aa42088dd11e57dec3ed28e58f4d521c2d112c6514458689456fe36e6ee78325c45f7ec7da5fec5d0a98eb7563f9a9061746850a8a3005eb825e70ab23e9b3c556446e0da0de1d41eb707c47fbfe6cae0266cdd62dd0ecd33c2b8aa093139137cf635eae58f6e9c9951b2c05367d7cb78a85c5ca3582cf2d7c114430ab4ff5a6f32ca215afac8ed7811277c7716a566abafeaca4281fcf76d596d5982215073b42ec8cd89b9c5ed9761e9b45b0f544f8419a5fceaaa9a25f029bf6945287c8cb3993282eaed8a8c39510b49c7e0e29bfe85905cf339acff4aa13be4d5233fc65a216e42a9fc92bd3587d7ccba35d88c5096df8849ceb837b864c0e3f8af22e1df37ee1ca07641b8c8045b28e48ff71fe315d0b80136acd8f5ef46f02ea333ffec20dd71eaa108fa80afc39b36e6775898b967cc9ae91a61fb4845be050cb0501e88556634f22ec36082dcd93135f9c41c73953b5bee1825eae62da1f7a8c5554ae5bd2700920fdd616ea91f230a6c0be2195b14aa9ae81fc56a419d64995d0bc62af101e70595c6d2e2325c8647d3f631779c0e09489ed871447071f3fc5d8cc17fa9180bd8d186e7ae9bc54549ea1c601d578379ca193b3049b75eb21d7a4edf1aabe07802da8145e09bc716191fa0910ac5e7d9e681849bd8dcc5463295ce14fe9903c2771bbfb8e8524a83aba5210b5431a87faa8081d75a4fdbe1510f96effd985a57921a81c2bfc9fbb6135f4a18f45786562886d5947dd247ab476ff0ac1194dc4915d8c4c648df62edaba4bca64a0f31d668e53ea930ea1d0212d34cd72db4aabb501c461930122c29ab129970e648017374584973520daa6781cff4683d0c725d415bf454cd7486a6dcca98265dac1e6b690aa4245f95800dab4cc851d9f5d8caa960b8c9441197dd0f29be802e7ba9a4e7644dfcc9ece48b2174396a7858660bfb1cad8f7918e021eac73da32e5d0be50a961549a05895067e5d670295f84d02e866a29ce30a1ac689d8f2e73b775f38a4f5b2425a33a67c15638ee36b3c20d2a2d409a5b34543dbfba9416e0fb8db95cf7e79191631d46be41f595fc421cb52459827e3b10e9aeb35a083b095fa82f4f1c80abb72290f14329012e35b774263e0b4b0369fb79a288dd36e763c6e8805e6151376022da4961d71fede149ca92e69261ab6810d9442da9f33e3a6a60e797387c4baea241acb4c9ce1d16f02f887b52d204dde7af23a5e91b31a48f50db8fa2a51d3abbd9339eacca6b903cf96bf74538b53f7fadc768503d581b99690b1d50b5c010f0226a48d5f4836d594b09bd3bac4d0d9932e1a84e580bcffb3b44424110793bd2b1088f740022350455dadf4d80773e2cf8baf728a3f706dbaa2e7faf82c1cde706ea41395af1dd83d5e64ce6bd89484a6c9ee501b94f67f694569717b455e1635494029786ac10717b4b477466627a4eb772e55f07f76b747ab957b70c861ab1fc0b855847fae5c767285df730dfb57494f1823e3311da9334128f56540990354fddcce5bf85d0f40310f21a5cdfbc85cb1503b4e7d530fbd1c53befafd65065ceef542718f317bf10d9084055a8474d5da2e2a96a5d638f559210e9ab19e10261649aa5f3dc4af153e2381cef09ab30eab4ede9762f0c845a60f94a2fccc3e04fcef49c1daf3366451f0ce2b149c132b2bd1b726d02e8ed70834f41d3e26ee740aafea894dcdb9720105902875c50833d1ed538f666fdf6eb0c6a8a90c671972cd36fc4adc197636755c48b3b1702e765d7dddc215cd9971e245c91c68a2717931eb5289761d5ed56540862f0ace66f6673407672b991e130ccf5a8c80167049e1f57bcd03157ef45a83fc2e0dab6bc5d65a81586bab15bbbf178b81b5583efdb5548ba2d69c59da15f3fd0f1b03de5730f9761fc9f815eae5f07d9abee43d9cc8a56f94ae4174db1f51ebd6debe73a1482495c632252bfef5ff589eb0ccad83ea1cce3d8a014d7b6949d5cec15145ba5ea42d08c57a33272b2438a534f2c86794c8b0dd65878d71740f25bf697dc9d247d78e8db581a944edd57892d5feb03df6786ea9084f21875ecd52146b0c91e0be6941ad9396c2c72b0b2ff20c1182ab7dbca9fa487a3f662e251a33fd0451e5e9523ac1cc95b016f85a57a4b4c072551adadd1608eb624a1db6009dfd3245af93c6c0e33675c1132999518db2c7f9778f5e74198a8bde7bb0f1a751f062d5fbf9647fbb4d60d011dc558c283adc2bda69e9e0307643d874108d7364164a0ef8dc157010a945f5af43876f425d213927a75a61e0d0c11fdaaf5d46e3b253cfa4cb1e95ef0b558920609ac2a44889de34599da905648e9b9e84c562669a0805fcac1e000f5b33349e946ebf1657d4a643971d001565d4ca74364cca06a0fd4f89b7d0073e30753499c522fa23247fdab8c79a591dbf2182a6d571dac3175ad49a6c111f147f31448ab85d5813a28b22b82a58b88f7232abf0eabcca108cbf202dea4c541cfb10bfd565b2d817003b094ed5332415c502fa1207b6857c30d7fbae26d1f1bd4497b26a7f01c33eb4ebb6404f7e401ea0ffe7d218c9b1d742bafbcb54d2edea7959fa9f32699ab3b919d5a322e5af5bd4c3a7456e25094da86942795847bc060e0fc5bac9d9a9ec0687b340d42eaee63df82b6aefc9a67a00c427905baec19d79eee41c99f9d9c6fa32ada1aa46db98f47a59e3a46cb8d05fb44fa49eeaf614a08a4a5aa6004727cec8f5cb5127c0d69bb50d5a82917dca2a363bd73d1d3cca1d7bcfa074b3e788eade9a182f1764b57fb54053ebb109d8d1981112ed6d508b32eb2078963e009b9fc4eecea72a5e9915ccacbdd48e2c2964f845816c47617e09b569d71523520f134516c4e6ab29b994789223d49b624194ca0d512663b0d9977e47d7e780496b7ae105e216957af9fc762f1127d1263e4b46cc64a9912bd3a563c712dd38bbbdf8c55679880edd3654a8c018c44cad87b81b0fcef56db77bf184da9fafc5c9ce0e1abe6d54256db4f16049d370ca67971e4c274707a501e55c0f0b4504415769320a3ba6eedfc84c19586a950e414bda29c02e971629f22909d49c36392094e3bc7b9eb99e7f1b6c5888fe5ad829745d61ddb1d1e0c1486a2c915440e1f1e3caeb535dd331aefe0d9b2d466f0dbb97a9ecaa835526c4f6600b08d5b0eebe554262bfdc7ab08662c519de89a53e08a4aa93a5c18adcb729b9cc5a5b411c83a4740e1b4bdc9e7c6cc752c4299013ef39f30c62cede94fde95a2ed9025756dece86b17f82d4eb7f71600b1a152d49b25360b64f7b620335b9fa2b40f0d76e8", 0x1000}, {&(0x7f0000001700)="d52209e165164b1cfa759387d18f340b5dc1bc847147e35db9c63adc2c159d4f229738c8efba6e2462531fa95f9c8e54f45d2a24cb3cac8e543f92c82d48c76b557b3b2d543d1240eb618aa143dc59089dcba41a603e79d0ea8f504f40f73518cb575d6eca12a0a5b326e3", 0x6b, 0x1}, {&(0x7f0000001780)="5296c1e43b83472058ae5151e95f08fb77662480c340a986bf48f02e3b972034c77fc7f49e058e77281dc8a5c2d9c026dfaea54fc7a1da78ea4f6a2546b65a6ab134f54293fb585306373997112a2ad9dc56ec9b4dde28a4ddeba39f288f9db367a432274ae440b7824d1a67afde5f9a3691f7f3cfe0850b7a02ed29260324c0ab45b2b82bb6b5a4de335a50e229c61cedfb6d7fec5659aa959c0feff7b4e1ed02a43702889d511b", 0xa8, 0x4}, {&(0x7f0000001840)="f95b030d93852c13dedf877c0228048a2f30afad6d38e629f80bcebabebef7aba4fcf186bc4f29a0b7234735f393617d13b6916ac56be5cba74117f6aa75daf57030eea762cabe9bc30bd1ff3ce78bf3431776bb730c9c014f07c580b6c490c6f0f7689b5f1b472ac1923c71c5c263b027503757d9d007561f1adfecab9d2894a5f55c057144821a4b1ac520b2162479e2b67df768b25aaa28b3b20856bf2ea8102f39c4daef15929d29231356b51d3fb07ba56b30a96dfc6552922080d2", 0xbe, 0x8}, {&(0x7f0000001900)="17269eba554cf550ba1b2ec69be61e5302bbc6da31a5ffb5d42f6a5111482d4c0c0c40004e188f72feae9b61b9b2a02190b491a0ea7651cdb9de7aae632fe7d004c691f14c2df4c5272d7d539c48943309f318fc49f67faa51e0fca12fe151ff42d40b60046fc570def1534a47b00094333728ed42ba27245f688387f41ba7b5e1665b5f2e13a62ab6d39cb1f5a2368abf8484d59f38e79c", 0x98, 0xff}, {&(0x7f00000019c0)="6ff021f966610e0bb9edf015c2a548ed6f87bc8abf85393117dfeb55a4746919bc69e0c05dbc46b33bf338bf569b7e412f126a9b5bbc56cae27cd751818f970e66818efd84a257c6d4d6faa7f01e005d3736ea4c7a75fcb6be18b617a0262f7152f3bbae43c05c18f37746fd540e179ea59ec6d71ef2b82a7b410e744035e6f4dc33b12a9ccb466b2f991b85068bc047645f463788afa19d", 0x98, 0xf1}, {&(0x7f0000001a80)="596e8b8e15795c5691e252955632b5447e133e6694a3a486c8b3e4943b64148efe92ff371fa6ad75a0a7e6e29a7db5f879e9935ec0a89aa40d4045b430edea8ce2bd8a52a91ed94156852b2b1d2f533282c127075184c974ccf7b50335bcb7d362645d1c3a0fa1163953dbb8736910c168fbefb3241f06b75deae19c7ef4718e27aa03bfb2199aaf2a957cbf69e04fe563abf7b7083120a8ac242767b8653cdcf21d3c9a98a3e1be25934d0cf49b330fb688537d3b67e78cc4", 0xb9, 0x154}, {&(0x7f0000001b40)="bd40376066e569ed6f79f737c7720e9a9aef5e84ac986ca202c5539ab9f1b98cf8d009dda45ef8", 0x27, 0x5}], 0x400, &(0x7f0000001c80)={[{'fowner>'}, {'uid'}, {'.^J^%]'}, {}, {'func'}], [{@context={'context', 0x3d, 'root'}}, {@obj_type={'obj_type', 0x3d, 'dont_appraise'}}, {@smackfsfloor={'smackfsfloor', 0x3d, 'CREDS_CHECK'}}, {@audit='audit'}, {@smackfsroot={'smackfsroot', 0x3d, 'dont_appraise'}}, {@pcr={'pcr', 0x3d, 0xf}}, {@context={'context', 0x3d, 'user_u'}}]}) sendmsg(r5, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 742.213573] CPU: 0 PID: 23568 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 742.221586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.230997] Call Trace: [ 742.233664] dump_stack+0x1fc/0x2fe [ 742.237433] should_fail.cold+0xa/0x14 [ 742.241452] ? setup_fault_attr+0x200/0x200 [ 742.246225] __should_failslab+0x115/0x180 [ 742.250700] should_failslab+0x5/0xf [ 742.254824] kmem_cache_alloc+0x3f/0x370 [ 742.258942] ? mempool_alloc+0x350/0x350 [ 742.263074] mempool_alloc+0x146/0x350 [ 742.267192] ? mempool_resize+0x790/0x790 [ 742.271464] ? lock_downgrade+0x720/0x720 [ 742.275661] ? mark_held_locks+0xa6/0xf0 [ 742.279760] bio_alloc_bioset+0x389/0x5e0 [ 742.283955] ? __find_get_block+0x314/0xde0 [ 742.288313] ? bvec_alloc+0x2f0/0x2f0 [ 742.292192] ? __getblk_slow+0x6a3/0x9e0 [ 742.296318] submit_bh_wbc+0x141/0x760 [ 742.300288] __bread_gfp+0x14e/0x300 [ 742.304080] readSuper+0xa6/0x250 [ 742.307643] ? map_id_range_down+0x1c4/0x340 [ 742.312118] chkSuper+0x93/0xa90 [ 742.315704] ? readSuper+0x250/0x250 [ 742.319612] ? lock_downgrade+0x720/0x720 [ 742.324709] ? do_raw_spin_lock+0xcb/0x220 [ 742.329025] jfs_mount+0x47/0x3d0 [ 742.332535] jfs_fill_super+0x55c/0xb50 [ 742.336684] ? parse_options+0xe70/0xe70 [ 742.341197] ? set_blocksize+0x163/0x3f0 [ 742.345394] mount_bdev+0x2fc/0x3b0 [ 742.349919] ? parse_options+0xe70/0xe70 [ 742.354000] mount_fs+0xa3/0x30c [ 742.357406] vfs_kern_mount.part.0+0x68/0x470 [ 742.362057] do_mount+0x113c/0x2f10 [ 742.365753] ? retint_kernel+0x2d/0x2d [ 742.369738] ? copy_mount_string+0x40/0x40 [ 742.374019] ? copy_mount_options+0x1da/0x380 [ 742.378761] ? __sanitizer_cov_trace_pc+0x44/0x50 [ 742.383746] ? copy_mount_options+0x26f/0x380 [ 742.388355] ksys_mount+0xcf/0x130 [ 742.391994] __x64_sys_mount+0xba/0x150 [ 742.396082] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 742.400857] do_syscall_64+0xf9/0x620 [ 742.404702] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 742.410028] RIP: 0033:0x460c6a [ 742.413233] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 742.432172] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 742.448463] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 742.455786] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 01:56:05 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1400, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 742.463104] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 742.470676] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 742.477999] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 742.502148] attempt to access beyond end of device 01:56:05 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') sendfile(r1, r0, 0x0, 0x4) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 742.553600] loop2: rw=0, want=184, limit=178 [ 742.559977] metapage_read_end_io: I/O error [ 742.569604] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 742.569604] 01:56:05 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4643d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 742.645503] input: syz0 as /devices/virtual/input/input326 01:56:05 executing program 2 (fault-call:0 fault-nth:53): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x20000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600fdfdffff00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:05 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1500, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:05 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200)='nl80211\x00') ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000380)={0x30, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}, @NL80211_ATTR_MESH_SETUP={0x8, 0x70, [@NL80211_MESH_SETUP_USERSPACE_AMPE={0x4}]}]}, 0x30}}, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_STOP(r1, &(0x7f0000002a80)={&(0x7f0000002480)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000002a40)={&(0x7f0000002940)={0x28, 0x0, 0x463429d8b17bddcb, 0x70bd2c, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r4}, @val={0xc, 0x99, {0x3, 0x43}}}}, ["", "", "", "", "", ""]}, 0x28}, 0x1, 0x0, 0x0, 0x20008844}, 0x20000000) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') [ 742.819950] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 742.819950] [ 742.820319] FAULT_INJECTION: forcing a failure. [ 742.820319] name failslab, interval 1, probability 0, space 0, times 0 sendmmsg(r0, &(0x7f0000002980)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)="2b85d3145a727437c59c7048f5f0f7777895c4bb82568120d725e3a347e2ac35daec6498fd01479312a1dc805c060946c5bb34529497c1cd040f2d2d67362bdc2520728fa30c4e884727517330f938c4345e802426ee4920d4c5c42281c54b5697c6875a311250cf6f20e162f7b61e4e69f055c3cd7bfe26f740f78e6f373890847f9cbb06eaae00afcd2c9c3982e94ef520a36ee3f047a5a0db4619a9070d4a0cb5099a01", 0xa5}, {&(0x7f00000000c0)="7ce247d103bd535efe4baab7b030d2e28e63626df028354c4280bb23076f093e7e44e9f2626b7a174f465a1fd279a1ba6ac8ca7249", 0x35}, {&(0x7f0000000100)="8138ce09907e2380a8a4390d91e9706a676a389501d91c91683547b0e51adf9f4fe89acc9c4bfda3f1097c2b58dd07549938471ea542237d28856d3c1b4e9a273302614ab7f99d5252ca597c4a3682c421600491c75b10f95218efdf3ba6996628544ce4acc8eda64ae83fbca3a5b1a6ca09dfe7589f2fa0e2f5e4b0a2f9aa41526e7a6e3d7a7342d0022fc5e6da16d22fafeee2c61058518bf4fd4db24d967da91a7e0828e9", 0xa6}, {&(0x7f0000000340)="81fc938e5978d3e14b804ac786c67d29853ea9909ed9f91e3f3e93c12e331cc875c3cf2c398f3ba127220a1911476d7036aac07d3f9c5b18655ef16ede2a5aab83a9a9aeb09ea9f98f071e3eca3e564a8c2910ef813d2b4d504769abdb64858f278467888a970261c402f5515b9ed952c1199afdd68907ac6238c1bd2b3b7142df505aaf045bdc9e958676bf4f5de90d9e715111e008706e6b13e2d3bb5fc05816a176251d059c9f20bd14df6c2845f142d46aeeb9d3d8d680f266439885a0805c45879e02774f374186e6ca20e4d61286242ea0a54add2c9e1d3959cdd7f43d533ed9a19a7023d6162afdc4be9b4b67b4a577a79310f0bf9347ece30ea36bf367755a53bc935b38dd6c139feab6900318ae63c9b9369df353da2456150e0ea57af96fa2c8630e579f6365810a4f08e18c984594778f27012882531c6ae0b78d5199a2779c8d064b6d292b6c6d05219aa31218e0e7412328964a0e08eccbee2477296292d9cf334cf1be2a5af3800560d6412d6f96d4a4b86b5e041b10901abb9a921d5751348753561ae9f1900ec9d5a54c4183e5509e5d59b98de5c88ddb2ef791d4bc8bf757b6c88ae65c7476c9892388ea31a4c387d46e294d9203ecd0e92a4f66535f243b420f16f3405f29edd5c80d2ba17da2c738d10e2231c8c3d5df8fb27d0ba8fae41574bdc27c7c4a007aab8f5a283bc1a3253861e1f66210ed15c130f0ad2a573251c3240f48f407f683e246b001ec22bcb084c218db8c90017843d452087b6001a6d33a33c386b6f0048a2b9b684d09b57cd20da0dff54c1f0b11527f1faa4abfd6f00b486475bb6bab8b9f4bef0d193721ca755114f761f0a29736a07258ba226ea9e01195ce6af4746220b9016cd3ee728b847f598e0f497b24a56d66fed176cbda757715637e0151665a105cf4ac4dedb14788c71bebb94c7f4efbf2228e4a2d6577f758241fd86857088156fab745a7fd3236c1c1f906f10e8a1075c8a7254bd7647aa931dc3f9203c54d3cdc67d19d7bd0d41f7bd16ccc2622bc2ffd5a405cbf47cd718fb2d17451e0c45d141868502956907ddb3da2161b22b4782ed861c4e34c404d1ea70130ea2b1eaa81022eb2432a68a7cd948853c969e4b2783c59fd366b8d38bf63a2879d7175f753588ca0c30c94009b7bf3434264cc35d870e0cca7cfd25f7a40b4d3b188f912309b09521edcef5608e1aed321e6f207826952158ddd153bca87650851faff5aa9f5ad7649cd3726a3dc0f6f6dd2c382647a2b8ed6f0068aa896f1d613693ae4f626d39f4d2e92e1f61a0b52ea08d2aceafaf7ba16dcb4f5cd3d865c5e982ee23345b7e0787480e42312435092ba9b5a252d043666288c2a42c65adc323cfaa74a6c5f90a9dc7f8b394c97d925201c9e7164ba27b864c2642d44a7111968a5a17f9bb79a164c2d95ff6be1c805269d4f556bcf31db0fb305f3a5c7c69e0653583bb5adcfee31df433aef912c80507f7ecfbc453dc8376ac7d0bb6a5060f40b625540752b0c589d56fc9542313a1a7d1df2386e005d8689104b9bf59ed39d8d08f77c95192d88c6347068567504a135246962eccd772d24e35efe65911ad1e7df293f1ad7d7a6b8a1ccccffa9dda3037bbbaa9c81b17c91bddc94e09a9b083a108c19f7fd9b76d0fbd7c8a102289389e52fb5fdc4aa9693089c62c697f235f7e0c6211bc23068f1ab57bddf1d93ff0b869c56b360c189094e4f1886a6704cbc072e14a090bbe6821b3a8b417e829fa3f979c1383a0520f2e30a3b9dfd34357d104bbe526b6f402bde4fe791265f145ac830c9c81d120da551b5d8d439d1867c98079b13cc6311d174fefa96d551af7c1c006100843369da101f798295f2cd8c5be5a05ac00e9d56e6993d8891731d2308bc959d3573d9ca2c09cd099412fe7791365a889857ee04644eeeb111c08715bbe0584079656dd6e5dc729940a1234cb72698142ff7dfd4f278e7512efaff84601c833c514265df78046f539d1a529b57d3484b608d457d2c39d0d823fe673e13806de69ecd6ed64b3c8b9c528a22a5b98038081ba099ed9bea4b35e77ee53d7a491836a99f45a4bc33bdc53118935ab47b4acdfc2ef8b0ac2b5e87f47834ce208259a27681c1702ab12b6255e8bd84991f4c6086699802e8fd158e880506e2670b437969482336f81bd544efbe8df68e0de7aa409192f2c863f82866f46ce1a2c50cd179f5f03b143a59d6c8124b56c6895ff1aa61b2f4145cb753a7b60e6cfec09fc81224d101832a404ea1f919bfa3a37430b382a06fc998ea960fbab04ecdfd058b63a80af3f80915b4501814e051718d272faa45b111d46d9f199020a11b736cd5dd6762a7a5ade237b2230661d9a092ae48a9dfbcdb0d47a18eb798708d8f4249a9e61756c8c82e6fabc08b7035901686132793a246b49201a0f4c0460f1b6c058049c57d4c994fdc50b865c467b964ef0e4f57e770883366a2d41c0e165f18cb7e79c0b68d400cf922fcb3445a3a79563eed51bd47f2532d8ae871a2b34f1c100b1dfca09f4ac4ad80befde6a8892705a9d139cf8db6fbf2d7efca1393e4c1486bca9be141e1ea9f99b3b0740fb6669c8d60770b75a07cd85967b544cf87c19af7cb5396ff4ffab487dd331fb8bd120b375350af506abc66adb553e1ef6d6c9142c127f124a26c2467953648556810d2ef75797ef2f2a0eb05009430e0b272125a988455d08a560391e61d7c86bbce2de47abd4940e33573aacf470f1d6f3ec72122740cc5a917dbb48c2f29a7e817daa097ea7ca4b77a403033d647508dd08feb81fe787eb84dd2a2c341776da7309cfd601eb7f533eb7ed74f3dc6e1eaf6b531742fd0ebdfdbd080f57073e15eaa7859c3f7edef5e1930f78a3bc7c4c7201824acc39df9d38ea6b8ad8e2a23eb5838b1a50a978bea7fab2b65fb7830c0c0d0a4ee76f5024a7b2c0a6a4a7e8fddb2be77647a480ca068de18cd81d0f66859dc1d4ed0a2bda102d2c017ec4e631ce848038fcd3b9315dd82ba8dbf9b2bfb367c535b8949cb26aeac253bace1eed717ad23d4b3f0551dcbd318d477d80e613a8ac8e0b08db94cc968fd50575bb940a31c730d8d99b288ddfeb9a0531b3c2684e051b57c41748031d66cc48feab2919ff149c2923da4af40269564dafc26ac747b82ab8be285ba6bcb58441327b8deb5003930320f4dec576662c2655cebd97d0e036007c464d76b9ea1ddb0166773993f5f11300add338069871866fd0324a7535f7019bfb51ecdc4f182fa7057da4d3440b74f0a518bd42f9b79f39d468ff1d88276225731dac7cf64912a623294b0cf20fcd5e67d35b01e01267860dea8a93037371a088919998bdbcb12dc0b70bf98ca6e0c189411ce8dba32b99f9e802df36500306c8557c25d40b87367245201e04e8d2a17ffc618859bef4f3fc6af208277beb5f4d13fbc6486c848868f75fec7eb3fec262d362422d0b29427e37bda9be7c7a38ce8ac3c65dbecbf0bd94f32bb34a264ccac30e7df8bc0a57e571f23e2b270b3b6e011d4a8bcccad3065377f63f0fb2a7ed425a670cbed75f4da2af11098be86039aa4f0e94d803eec18ba066189c1a948a7994b166de9eccd86a53bbb62d31df5b4f50e34f6b6420ee51afe48eb49ecbe76305efdf7c7c94bfe286a39b53f30cec39e5e76f3dcf16144772cee38a12e178a1d599e1fa1570c4d294ae2434fccc1c659053114719a5abe892003f42e250a66a24990151693d6a32b89e3448e0c05ec23b8873a485ddc8bf6b9df987098bb570503eec33c31a428e523a5cfc4832d617bf323f0e56edf1d786d97e7f206c295391dd43208993fefe8521b16bce1aac83008e539bc01f843ccc3de2ab40237a1c62ff7f29b88eb070fcb8617bdeb2ff25adc0c1b38a194566fcc46b6656008d3abe4ec7c33a4bc91a0c24744a189e4ca9e8ea4c123482f357e47651d2557398b78a2a989a19b7b129c9b581605021dc8d96fb8dafcd39f5f2596847df411c1a5f51ca499d0b369bb599680f3772c7278e2fbb7420bef8229b328a46ae84e7dba1b05c1395839dc3bc186304e3f6592eff5bbfb7ccfb8bf80e768a9f3735aaaf546c38d4a7b6f9d7e65dd7f730deedb2833663b131087eab1f15fca9a94985d91c05354002ee5a36c7cce3b56bbc7c9961ed5677fed9f6339d8b444a2a5aa0162129af54968454c87c6a8a5cf01fb8fdc2ec5f9a044e4a4b0ae801c8a23d476bb96bdc217f35b9f7871bf29de5b21888f632370af6602ad3d08f0191341d4ebf60be078fc6a77674476f244056c5a31478f0f6bb5c5ba33318f67ad8730c8b71aefc05e57554a2cab10192e2cc1b240e5c8dd7e9648ad75ca4558cffa7ad2af4db0b9fb787f7b2bbf820849f531aaf1d2799dd870470019a03abd867c1ef601981e52c7a4b8ffc9ad1ac3c062f1ebe922ab0453417745519741220ff1f7880d2c3b0b29e4699d3e64bba3ca7c10690fa0037bba438c8955b87caec8c960cc650b87315d02dd5b85121b2b1509cb625bfcef374631f18f2a1b986a06dd84d352e7f0bdf409d7faed8c83baf7936e67705b6843af66e4c304d6a8c99cd4f40c613126bfdb0f331b88d03991c5aa9629c19a741ef70b74d0e795325058997617798e9252e7ade00b2b9261aebfde976f3667e92ed15d6b4a95e0b20dd9360c2ef06b656442734e05a91c83ab7e6969da90e722d4fa1b584d8ef86eee44e32ff8530615bfd0191e33b48496cb6f8ce6aac50a29bcd4341913d19a8bc9bfaf56397e9cb7651a0c150392b9638201280602c09f27c314eaede83547f47fe1e6ba2a7762c5548df4ddf258ee329a3915f41550e69bf3e626b809fc64fb4021be8ed10e04bca8158af7f544af4efda140f6d34447073e7469f25f84393bbf95fd58491d7602b1709f6acecaeca1c8b9464216c248a2eb39c4c1967ad5f52cae6bee195cb71ff58e2ad681416ab3283daac2cf34959861d3eb961dcc7a30032c5943f3ba81edc81e25f1173c63646ea7136040ae9764f9d1d54c44440347a650648898d14901de7839a3b8d15b8857ddda319c0b1f315f048658f3b5589da035a13edf9627a5e5ebee77f8c6ffb897cda005b887b72a856f371ccb71bd74b0deb161d2a0d1eba1b93fab8157488ccfce2b0a87810eac231ae0c648342221100932f0bd1cb060851a69341a93456123aca398fa103f4043ebd6a152bd9d460195b3e7a362019f976b65a1e3c87f6c443553697fa488a295185c8b10967e6dd579c036f86c639acee22d69bc0c9ffdfb2286e9416bc87b55f2e8e4bc650c0fb0bab0ce4f42fe54cbd0a36100fa3578bfa9bed4fdb96033d9391ab42c39be187cf29e7627dbbbc7f664b0461c30e7a5450cf8bc9ef0aab934f90fb41b33d5ce6a4b2be6b3279e555903a8cf39d0c7be3e3abfcbf9f33a8db0455cfda88e7925252cd1e793cd31df0c6f37a1e1c3eeea634acbcaff7a0a459cf05fbe5e8ef850103144b77e461a0911325042475ed36b338e762098398affbcff2489406109556506da5afaf3e772ef9769e57065b8cda07a720c80a53e845ba173b7c3120133a506db9bec0025ff105d0a0a56d65468b68e7c5dadad8cbd74cc8579737e53482bf38b8ce81c5cedbda12d5f1dcaf9016ffd7fc2f7979326aeb9cf159e03011fdfe2dcb160a4301d0849cfda3caa98a748c5aec51f36def13af188ac5e65f5769a7e3790e20275084863310ff8db88bbbabce872bb6fe2fa3b5f5610cb566ba73b426541d915f25b2ad364", 0x1000}, {&(0x7f00000001c0)="d49d87b18d42a9fb", 0x8}], 0x5, &(0x7f0000000280)=[{0x38, 0x10f, 0x1, "b1122f1bdb1cdd3f1241a163d0eea11b286692b2f706556e5bf3f216bd8dbf858167d363c2e177"}], 0x38}}, {{&(0x7f0000001340)=@phonet={0x23, 0x4f, 0x81, 0xb0}, 0x80, &(0x7f00000025c0)=[{&(0x7f00000013c0)="f6a3dd5a9cea6133403876651924477675ef5d9ac802580242b852a3a74a237049186b7ec2cb9900450c9323a42aab6f4879d57b134b044767f04efe7e982e77b37706d1bb0b231757fd130ef6c97f089d67769440eb0a0aa1ed3cdea7f8194118eee9a8e36524cb827bd6c1a0e47408deea2198d9f1993c", 0x78}, {&(0x7f0000001440)="2820d6765c9f936c74ded13aabede8b7346aa50b21a4ef41a577485d357af3e0de1e09b1dc68c8121d6b5367c9c22ba7ada290474e12b820438b1785573880dd85a74f955a327fc5397f87859e2b7e269287e4ec69358f4817fd2bbd930246167cd7ef5cf6623e2285560139ff0f792caf303b9ccd7377fdaad08f5db2230a44ac056c031783b6b9654e0ae4b37b6311022c6eebaed5f34b6bd4c20f8d0427cc4496f930b6ae17d02089b265a3ce0cb8ccadede614cf0876fa7713dbca45fd8bda3dad3cdebf8ac1344f7e7f93bd888987887e552e9c3db868da11712af2b1f807f668b8167283d8db4c0d8b847dae6ee21c2c54bab4cfb1fcaa170a2ba71e67d7e6a0f5d212e841f8ec41a728b85a5a00b5de4b42e11907eac827fd2e377ad0d4915863ac4f040d0b9f78b85ab43cea787245b76bac7e66161e8a3249a6738b4bddbf99911dedf4cbdb32604b06fea01464988987e3dede2a2ef52204d6bb602908902d509a4587239fb9e57a7c7401865fd22bbb4d730a78f0fd3c7b64505342a28c65703150f6067f6d160f3f65b340768ffb21dcc200c82b43768edc548bc2155c8ac7cab3325ead7626df7ca643f4ab29ab28bc03852c147bc922318d9239348150a9f6470337ecde0bff5cc964a1845188225d53110cdac93b17aacc7a6ac2f1f64bd2799755523c44b1636917122b3ddf2e06cf1da0dea510cd3ccf51152c409c9dd21f4e74c7431850383b410b02910f3d4ce8645444f0890f190758d999e356ffbae8eac3f5eb3e542c4b89c69d10610114c6984df7a9835948f11a92718b86cf599626497b4356b4c47d342c2f52c7777c3f85cebc756f5cf85826c1ebdaf5291b4f52bcfc69a10fed8df0cbcf13b1d23fdbeaff6cfcee606d5d52208f10ae9483609075cc57c7ffa60bfdf5d3eada77285294821d04c54e901deb5a8f0cea2da0a2fb7f4fb1e1a20c03e712a701c5bf5612ca2f896b0a282693221be407200e67de89db2d4d7ad89c5e3dc374d14ec320f3f2d4c74a902f09a175690e88690cd917b96016be7db67bbbcea6d9ae9fcb3e1de56c1862c949d930aead0b5cf38e46d6f0a6534448dfdaf59cff0313546ca6491ac588a30e5d4ec3157fb93e70cec80d1cb4d3c3844697a28fe057ee12f23c7350c5d56716310624527f2f5627d484eca2e55b832d0007b6d337bfc5463b9f0b92d061866ffdd22c541bcc2525da60bd377210649e28b65359dba0361dd643233a1ae4fa97d989be62812432c001d64ce78a772457a29c58d5c566477b5b12ea76aefffea16d723256dbb46d7bf7651d1e6fb57e4fcc4d30314ff31994cd0b7fcd2a7571b6b85d6d2cf0a3d4515f04de366ae86fe5869c281981ed0fc26d81715779d96ac9df29efa0e04fda41801417fa7142dd5ad094bde1ecf909a946ced9dfe4a38d4c590b067ee3026375697e717c93e23e4246ef1d2459d7b785af92cc0205221c67796c6d2fd08053bc4ab3aa8006a494a26a26b26599d14261ce22da1af77d0edb2e12110d52d24d39e46cd4c9a20119187a9a1d377ebd0f852da3a28c808b6c506acf59ccff785b63195bee805a1379d7a738143856acdb6271c2c5127b639973b72f0e2cf2bff635d8bf2de63006224fc324138500918633d4c76f99df33fb7e9f94b7ea4751ed16d5f13834f2f256b365eaa75f862e7ce4f736eaecdae524da482573f21c2ae843af1d5e3cc9931681a3464d39fc0355a7903befdda366d7cf52e3ef48a8929ca346cd11e723d1a06970eb26e474ca29516ad3a9991875072ceaed7f1771f8e4364ae8ca592e95852f595df21925e5c723cc7c49a106feec6768d912390960f7c5ec8e1ba830539df503d7aa30a3a2cf17dc3ea57e475134c3ac0b9c1b73223b4e3ae5db3a30b5fac557eae1b8e701711978025240e104cb63f2aa48cb43dab19ecc049449dfc5d34b2b5f6c58cf13cdc7096275b408fd21d6256b4d94f1951da92b7edf79e53fe7e00a5abfef84e0d1e9714c0ff2bb971d5455e87693b456b85ab8c06955f56261fb865568efaa0c9728b6e084099578615386923fc22bab535645b46e5dfc3f834c909c7e4f925347bf86d2577920c32bef0b61a8cf5d2ec3567edd237a55c8be796caab9b4afef0ef7b63044c0e622720edca2420299e14521b788f1184f96c5d4791a1fcf0a8a8cb242c9b5f4cea04b3d8dc689e2bcfa362728abb3b38a75e3720390f29426192364475ee694819a1c7d1ef2788a7f7ee3502cf43816c025ab045869ed89157ccb811d13c4bfdebe0254d05d69c5ba4b76db97e97ee522204711530fcfa2a2fa5f61309806996bfc2c4db7988e3dd923cf187bb4e37c589da08cfdd7d0e76633f6ebcc0698d6f6f41b16f31c6711c1d119b5564515b2f3d5b098ee731ff450c4dce5fd5a4deae061b3cbcbe0216868056fb183a461de1d0e50098b9aca966f070ec4190ac6e9c096b33a7c9fc9700f8988207eb3b987804212ee141ee6a860e362981eed7702ad51465d0e239500059c06e3e8ee6436b23cd5d8f98302c83015c63c57a274ccfd73700ef9ed0c3cf9f3cd3ccfa0057f88e521ef83dbff85e611a2c7621889561961443556f3d99a26c3bd69325945096622038c6845d7ed54a8d04e23d58e508cc85295f2d8815e82f9b31669e76df25563ee5bb1c3778faa826e4358e08a84e30f87afea6548d8029ac04cef4b4036ec09f22f2462c932dfa93aac5621322acd8c604c979af34409a18230d0a740c98cf1b97201d5d44e1233eb91b8a986f7b7bf38a242373f62cf0162a8ea91a42dafb3acde2b3738f17b35cd7913f85869dc3fe47574d92fbb2b8cb13a43f883ac29a777be953b8e4d51e173fa6c8ea6741e9e9668d68ab19bff193e1b5888436c650e4ccdb37613400d9dc4bdc46cf7f9af14905c6a38462d74836c0cf1c5ff710b81c001aa783d9f8f41b2540f261a2543b3d52c502caa5db4aa6820a48592de1ed8dbb0e00fa7888a34ba739a761a2c2cd930df2faa4770ce9aca87d615eedde6529ccbb012a78ce80fabf5df1fdc3b93a1a17b223ba6338ae1a997ee0b9414fac6828b40dcfa6ff225ff07aad6e0c2d1088610229dec48b1c2f967a08f37f3507891b8b6842308c0d5229f4494671f888e468ad06a9a8f99890e837b368ea917fed08cb211d9e25c2f639241f02b1029dc016477ba7412144a4e492ef674b0067ccbe24d44c195ef21777d40dccf7aa144be6bdafc4c501f6a97c93f81409949ce3685dbf67f025fdbff3b76a57223ce18da17add5de7b457c4e4861254b1408ff1d1cf734cfb53583488516b8afbf08bebb3da074e84c2818613107c8ae9a6856a2e94b37d40b411742860e1b88402f6435e9d47610ad259118a362feadcd6902b129633173778595d721294be1ec51576096b9bd4ea07fb64b7a96e59e6421b490255721c18c452ca80caf7761ae753ffcd87e19772133af8f3161efdf46e5d494ee56f98a41f181101d3d2fe0c4bca20e839037e3a50274ec8c87b187bc8376e9f84d47f9451208cc666405bb72b89fadbaf2fbeadc7c1d7c53dd822717191c0b26c640ec53bb4ff7a56a6021423d67c9637c4189cb367152472581a55b6b5bb7bf40af4b5f830afc4f72c578f759827178bc1b594f04c284e9cd1ad222d77bf7054fe5c659b113f66241ba8f2753ec7592f626f0fa42e6bd8b7e9a65d867807c51782fc1392e9b12cebfad3dcc38ffbe7974fdd3d3257f329b0e5188ed4e7c31e95fe7b61d4ae94edc105af85ce1f95e1c62a95fe7fbf1a1c8e728bdec6d12580b0ef65cdee2310a5ba1b00ae218f6e1e151017f7637ad4d4d9142567f8650efdde826a20156ed2229a87b1c0c1f15b4c3989d6959dbbb08e7322c0cc717586ebe9538c3cbb4ad69cbab64ed1a5d24f20b33f47a8326bca0bb72f81ab5383b2aee97ec6bdc027b252629bd44f8209f2d2ec3b3899d16b5b69734a25472bbce1f7fe89f494aa1581197dc8ca02deab2e5872ada3ee5e8928d7785016e90f5290e248a96fdb57e6754c6daf92afcffd8df6fbfc4f8daa4ff5d2458b56b95a41fcfc2d7b7bbdf1cb964fe684d14061d25eb574ec580e1a4c565524fff47879b6e849a6ff3ff33af24bba840817556052894dfbe3e63fc9a9932b0015b6f005cff155551315f946b4377b88196e8c5ab294ff87ff74385f7436312244f4b7338badf2d18260cc18d7a335b69198286e4bc3ac454f9d3c7926e9185285548850ed13f18f40b15efeeb3dd323214185d1e78ef287ce4d942820028ffb14ac80fcfed4a492df581c0b0cfc85033d3a68ff43514a9070e0d9e8c91ad8616090429cdb58e83274ef57b1f27d3f4c615671014c952b0b7cb454cbe8de59949634823a4d4aa33ce232051eeb5f9f17d41732730a3e3001f757279d3faba3248021143180bffa6afac18b4299ba4c7857af8a8fd6d824b036082f2516f01897f0ea98061d4e52b06992503eba114d818c8f7a0090de741b5c84203f5340e89c213a44dd1fd2ee4c58497151091fb736a9083c3edd1910b7b412ca17b28cff552e66f5045287ac82841317221091122bf611c8372f633532aecf93240bf1542adf207d10316a59aac0b161eb1e14aa1df21b2297e6ceda2c253f310e1907cc45aef0086707784fd1fd9c3bb748c5bc9afbc2ce105b0cf9b4bad6cb86dfd1d5a9289522ce0e413fccfa910648cafbb56013215243f8178272090a8d136270f0620d3dc7e698388e7e97a97f9f9275991fd367da54897e0de2749a7470d8e706be997f7ac625a917bed8b5274f5f821e3f08dfb31e34639c25a39492f69e033d969d9ecb3771ded6aea4daa244b6306dd15203c9433475c0f06457f0d9679199ad98759ecc9183172d8b37ec16b4afae982ec0fa326b16ceda8bd5f3b146db55429d62627e2bc9468c33721495bdf27384367ed8d76317fc88ea822d537875c612207e9b8f2f791a347291fa956fb6856c423480cfa97f564d81007b1b7e3914cfd4e220f2994c13ed421e85e545848fd5b43b5acafbf6f04f5635fbaffd79f8019fb2f659be5dee8c1586ef933a1598773151037e81ba868f6a270a3d21d34e4ac49b723f57f9a6d33368097841459411a3931fbf758ab05ccc2bd19f921260adcc6454c9392e00dd4a8095816d5dea43f9027ebe276049989fb29de06a37e38ecf5b6c9e671c960114fb468563dd4faeed1ea017cc9cea435309968b130fc4f405d44e068dd7b2a3326966ec3906b96db4dae8990ad1851e74a2c51bc257d42eb933028ae25581c99c07189d7b9353bce217f2395640898c8462a73b85c68a746ede84e625b5c8662b3ac0e774b5f742a19a8f2c5d938476c8a2d14de65852b6968701a0a287bbae96f251842b357fbdc81110fe1baa03d8001c36387244e9be4cb93fbd52a88984526d580c410fa5fe2367ea25ccf3908d4bb8aaeb948e406797ae6134d8eb555730dc122841dbf13065e73368fe3225cc12646612700d8b4311bbfa1727b56cbde8f7e32a655ebd6c709a74bfd622e2bbb40617755342f712d92bc08d0f573d3429a5fb58ec2f9806a0119f64b5f99eaf1b921eb906643f5cdcb50538505b1b71fcd29938f0ac1fa86be038d7748bca374db6da4fd34fb552ed3f911e4212806dc39bf224add096ecfe7c4136fe8e8b255e3f0db690a929f15bbd4f64083cff3e6736a75d6be3a7ec782811b96be6b63cce2c1428790e639fb8305720bf74c10faeb4b985fd94e0717790c97cc7616237848ab39", 0x1000}, {&(0x7f0000002440)="80d202a9f4cc75", 0x7}, {&(0x7f0000002480)}, {&(0x7f00000024c0)="42af5c9102d158092c55f3164067fc0c0720721c66cbee7199ed738031f3", 0x1e}, {&(0x7f0000002500)="219ea829c287e0aa43f38d657bbe78051569bd62286e9dca5122f67da9859aba70fe34f7e6c76f61e27f4c2e3d4a7d0a45d504d1f66e4330db4af08329399419aebba3863ec9a523795d6976b33d31d3c2a7a5ca22250f76e5cdcc207150a5ffeaa75d2effc747ac310a7e7adde623b5b6159dc0cc0b971f5856904c7e338479dcd83ae556bedc87e8bab2010518c6c5c815f56386b0ab853848f902094c46183e048170ffbd51c00e28", 0xaa}], 0x6, &(0x7f0000002640)=[{0x100, 0x105, 0x5, "f811e99e8a635084d2f227c286aa0c95202448335b273c07bddc1c3a9b48a2bbbc2492b0e4e9d182f3bb33d6a251263f59d40eecaa9f15027bab56a27fea20bb6589db55caec75735867959c350ebeb44bd235df0a5e0844462f4c08119adc910826fddcfd8a93002b5c11463e74384f576b8fa3f7400d0dbf080be2ff8be29c99e97ac57203be0e8e04a4b73b5099ca1369e41eab0ed8f3ddfeb5341e6c511734d9ced17637d5c24f92d6ad043d59b4f398418ef367d377a6d89ed978eda03ac303fce80df8108c78a08ddca6681708fa4e8311d0adf589b9a94d06cca25f8fd1fbbcfd4c60bba689"}, {0x38, 0x101, 0x4, "39b223f5ddad5b33d24dc053425772c648d24c136b2667cd9439e099da31b4b45d79f8"}, {0x30, 0x1d, 0x5, "4987e4c64aec21605c11a3a5d7e793d4c53b8d865a4892764867c2"}, {0x40, 0x10f, 0x4, "1e240005b679d0eca8388b2ffd043ea0911f3b80c9ab97e32fca55f6671d943764821e32a9081f4a76"}, {0x18, 0x108, 0x81, "c57bcf04"}, {0x20, 0x10c, 0x7ff, "f18cffbb2c6e0fc52f00210b8329"}, {0x98, 0x10f, 0x7, "157ca6dff6a64dfc5a2766334c35b0dbd7b84f38d572db2406158ebe3878018de7a50c96c0405c011c434f2a2658751ad24ea55fd315ac48e4453e073a0a420f37744cd344964783082f6432b18a928e69306413a31c8cf3e0d7eb43ab03c9f4c754b961d11408007361f04026b96fc8223c058e614477b932874500dbac7d812a9009"}], 0x278}}, {{&(0x7f00000028c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x1, 0x2}, 0x2}}, 0x80, &(0x7f0000002940), 0x0, &(0x7f0000003a40)=[{0x1010, 0x0, 0x8000, "87e9fec7626e760b890f02f02b01273b2cd0a0edf4ca3e56075db44439cfd2ad24d9efce9acf2e5ff72bb8d52c0980356f27c1d9d36879a45a44dbfb12be19f7d413fa97cde2caa8a2e2682dc59d561941de0d05ed66f5741a5535b26284b879d3385622580363bee035dc38e9fe8ead0ec1338f95b886ff4586c196f3880c21a2ddf6eb9708c12de467031f7706e0b06cdfbfb2c864ea1512fd1f0deca96b4095ad7c5cd600db6a874ce1203fde6851fcd17f8c2166deaa7e7b70cd662e314f724fcb036f4afe393646e869af18acf6794d7208b69815aed135362a7796d6cf0be32e3e956f478be52d6bcd987bb42bf0cc16006d2552fee6bec83aac64558b9c911f7b3c33013788a656228c656ae5c4621bb37cc0e86f13d7c8d0378197a8f71d87e91718385a9f8e427b8f25f03309357d94a58263032532b83e30759bf77dd6e9eaa1c8c88eb94606902531e319fd8a8dcb84761b55d79fe6a7ce56bc919a0a8aa4e81c314b6b8273caeac706d6ab7d40756cce290c83f92e0f16cd4775151387ae5e9afdc85f9542dd30003c65b7b1ce83eb5335303daa97044082890a729f97459dde76fb0495129cb4cba0118d9207a3c30a4d101a6324997078b3da2c20d8951ae09f57ac0c6215d9fcee71ac746b0e539a7056ae5118370f0fecc1a3c231b746bed31ff0e06dab774bda6c178eeb5ea3c821d11d74969c31ab1ed1b8e4aceeecb0d155c8db851df30e366a949c04816b7d59baa751c993271bc6ae5d7e94a3f87d9b95ec940159da652eeb043af7f9e54242be3caede3d383d98c13eec7f69337f73431f03ac4a46fbbdebbf864cd4188c3c03be7405d7c12a5c6b03fb52f039fb81a465d98f11a8f691e9623bf87e6f277239a820c6ac99bd742baf9a4bdb449b2e20383bcf5a199602b69dd7ec5b16d83e580c3a91549b4af81078b1499c65b5fbd712a5d75ca1969ccae97fa484ac925291513a4875206c45744ae3b460a726c92d46f79b0d98fe25c19c5fb06d4da1e0e4dd6da2559de61e914ea25f031615c755beb2708f3df0c058a16274fa1b31d4e51d10ee5a54e38b701a93ebc25f7e33a81efe95d67a99fc1ba23770ce55cb5b4fd038a8eb4b255ea8b95fa074cb6ab68f0090ba79abd41240fbcf864b3c0d2b6dcb22be79efb0343ace32788d692dce28eba87b77b8ec68888e55eded8e857e5a02e83d59ae9c875a7cde01890819c3c4aa1596913c2b1020cd1fafceb0216a947c2daac7933f9e8807ea250f96a78112c7ea9b56d289f07e612c2ff05da79e5352f079ffcfb58d808d87c18e23de66f79e13cbb6867f64f69a067ccd12800ad377f84da6b25e2836d573238ca1ddddbe13c404333c2742f1f18a58212ed0334c277406b2dbdf743bd4240d0f084b693f7a204bd256da4bd5421d254a564b4505ff55b6b011c6fb32f838a811d8922dd97b30ada226f4f518022237aecdac8f4e0b4298054e2d74293c7acd8baef422085b334e82e83a970a1c256ef30e3cc065e018c7ca889895b5022d87cc090f2d1c4d38cd36c4ca1d4cc9ba911c568afeec9c8144ad23d7bd206d3b43d99e60da463587053167e4071bf681606d0662d46a1573a8bead03da6d9e62c3a74b4cb756287d87842dc22ba2c2fee30a52d965bdc1a627d3936a4b2f6ae1956270d1ebbe57ff3bc0fb8da04c06da5cda1a60e2256ca4ea8ce0e2ea68f1edf6b6c9942570ad070af59c43478a72cdf192b3131685deda719ef0b152f28c3c659cbc5cf06b88f6cf2048de961112c17f24e746a375790b75e61c4feac4878bba8bff512357abd7b15747ae91e4b29cbd54a42b237e13c4a5ce0e6c683ffcb782ded597d9d545a750300374ef1188ece81a2c8ed90076fd89ec6806cbe5ad7b298508d6917f1751a804ba48f036177627a3fedef54b2d3c9322194f3b37dfb47df09b89331dea3157be4720f36058dd0999a4f9afab7fdd735156c68dc17b96f52bd7bdf1d4fad0ec5492bf43d53d24adffb577b98279e7f7763561fcfad53b8c4d37210151663d1de0c0fcf3da8458ce24e8ef2beda69458ea5d82e71d2b086364f4dd258c3a023626b8f102b787a1bba6d83328a19e57cf9d353acb4f7498dc873a3526de707a314328e130b31ebb2dc3445bb0435c01f69fd6d55e2498d44fa3034d3e428945c1fb65804585cb0459cd0c0a259b50f87d63b66fe56657d5295e3281e9374318f7e2f5515d5aca54d8b0ae08e4004a4c592b1078b0c43596fbf06695ce5320c1d0dfc6b4dc0d03d3c67fd14edb91d4cd02bacbb57be96fbf88ff352bb7707bdadeb9160e683e5916624b9c2ad73e5f8236a6ecbb492fda2569b78dc7010bdecd605c8cedd1a9e7e98a03689822d2edc29b75ec28744502c4f1b70ee29307ba461dbb4152adc5b46658e2d7360d9dd3aaea41b87d1d6115c8316c84c2356074acc6c0cf649ede9e8c756ac6c8483b00e3c1e329925fa11a4a4807f28f8a511f25dcfc6060dd8e4e58a32f61a0f3e785984ec4ae74109a94b41e9e942f19074297c2f12c762265fef4af6903e573aae674d1a2dd50e83772c1ba2261317ad2a25aed19a7fef957334868dc724907c812b4b6e7934843e9962ff1950d9f746cf7196ca109a68ac286b5bae337090b475f96a7ed2eb0796399be5fc5d1f4a58668852549685d992d852c142c2b59a9cb3421a8ed257f4d65f5dbf437e375001de5afb33a1bdccdd11cc340964666c8770967bac96357d37f25106e93d9fa17392495c755bedd5f8bbb2a67f095042dc1434d68370b7c898d793256f36c0a53f7cf2a683161abdd753f1f61d665346db43ee8fd1c865c26197593b74d27b89d430bed3753a26c679cc6c849fd7fac110339169c125d5c5ab3cadaa5db5062f15924a3790ec0a24e95f363d9068dbf1cc09c9b811f7314944e6e6259a3472872adad1c9a8993e00770d82e6893568ad3192971f82354734d6ef010d0a3129927774243f7dfc9c3fc62a5c4f335f0bee2d06eedb9437768cb2297d558be31764c958c20910d6e73364467f38b6bd0f68ff67fe6e9dbb94dc4f103af8b47ad1491ece32b039e3e83da17b9cd8ca340c7764b693fdbc3b3cba0036718b4a62b14bae938da47817d3f65d752ec8f3fe1b58ceb07264f930b3ac6cf4b442a9d1b4d74a99b22077f4574bae3a3dc7ef31e4449b37a06d154edaadbb89ba8d7ef9d67404c829e45890957060d02ff9720e54a8b8a05a662247c16b26a61b87f58e012b3cc4a57d2dd640b220f1922bd7d125d00c4030fe4318bde03645e24cf5ec9c320916c625b508411f232dae3cd1f6c906372916effc41bf38122bb20365b22e1dcf23e066d588331019bc6934031430580ac109108a653d95e9116c36287640ac5256831dee5ba9acdca17463f5ba3a42132095ec36e5d57aaa8062216ec9d4bc832516d0090d9b2a5f8396c8cfd90b5dda3a19a1396e6816d7047ab629a42b4346d65d6e1e56a3d8e27b822fcebb0375c197fe0c77531f7a3ff95b2b26134873cf5712d6fb7f0a4674cfc607155f6c518a9ca440f2dff92d9b0bf981462691f612f632e40ec31bb7cf87cdb3e1d5565df49b33c68a8e1ddd62c1d7192711afc83af1fccfc2102dca16e95c9a8155c0dd4f71ab28ede5aee989c42701629886655d0ef6b4145dc69534283bffa359336785f796a7fe2adaa2b67c69231f5d809d36f5fc9c2a131838f47ea051db50734e41509da18cbb5dde4cc766c6f9094345ea54f899fc948a26e51f4f0c9f04781ca62c0e95052fa4ee93c2c70ea87841552ce4fa3e8574f65c782d66eb56c777064f2a34a905403272195080a0f9e96b72d20e7997adc59e2e312353ae153582585a35b1e19584d355f25fd10e02d62fccce93a10ed35e9673c0bf2201d8258c37dbbdb5b082805b4966bfb87a71e6a88b1fcd5cde24db0d9aa937e4b3c5529e06aca6e3ef1f3b8d2bee41030826a32104e1723fabde6e847b42918adb17326a7e88bd66f5f075bc9abedb2bf67c363d1b76f192232d35215d13c78c064346dd219cfd6c1c02ef0b822efeb5aaf979cd383fafebff48939b3b72d675db3163f6393d816c2ed3fb7e3eef1006a5efdc8bb012f6cdbb87dd7d7edfeef33ea81ee95f961b434ba2ba74c06cc75c34e92b3681236c51c3ad564ed80c41ffa905617e888e33d4e68034ad08783a30ccad84e5362a3f911a3148605c3e729493c53a317643db1ef3fcdb6b873fad697c2465d1e4bedd43904d3f31bff776c3c6c84d1832fd547fd7f4b8d9410422d080dbbcd21f5ce28dbebe2dbaaaccfd7888537d4472c5397e963c9cf1e4af13fe1e67f0a5e4ed0a150235c3146f976060d1c32a18e29cdf8eb70efdd8b464adcca0ee5fa629c5ab8452650acc315a84e23145e887b7a81b3284f31662bc690d58d22cd54cf017cfe16adf2ea6cb09eca2a7805fd7b1d36376667d56610dfd59ffacece13c313b3a513e3ef1b595283bba87fba0b9cb21be2fbb9136c70732f6f055d72e74365e8cdf67a9794fb8f8a8c70f8e1c92bc78ca044fee87f8f55465750f06860ea58e8acfff09a87da187288c0c1d10c32696b7e12dd58f26ad1395498d9d18701bdb4c750b98870250968ea9f8809c727810cd7258cfe21dd572ce856c4f19a24527e792f55ceb15517e6b1e375842b32139919b930ee0afc3fb5dae7261cef016813ec11c5bdabb2307f2c20343fa48f01a9eebaa97191916cf687e63a7e2f6d7864dee6215a571997396bf94c67a9781e77b5c16e2c04422e112ff5427ee63a78504e9676000b10be44dc11e24cadbe9a70bbef0a65c4a851c1ce4d94aa154c934131f54c4f1d1b3af782506df475fb4ee922051b3fb8c7470442236be38cc20bcb3d14ce0c293dadecf0d339cb4401133baa8e256a4fb6ea7ae43b0895b54c26c64b95cd389b37bdbca40a672fccf3c36fab9a3fa87e75cb18dce6be898d0d62d547368fb430df69c06d3e19c866816372e9827b60d476f27f2b39323c72da5e462812faf0eca2a1772778addbd9220790cde1339f9f38d8baf37bbbc3d88ed50cabbccdb6f3cde469fe163ac933543e19032bdf7c751fad0717ee67925df07dd5e3f28e9c8d9108d833f36a0c025e43bf625d31aeee685cc44178b51a889f474753a0a44ad6b1120699b52d16c6128d0f39b25f451e5502fd25c391ecabfb8e3bc0df4b3bacbd1e57ceea7f36393e198b2ca2e52adb636516c2913568571155062f4955c702ce6f95285781f45e0744bff48c463537efce827912a18d9a467d115257800fd7ff55b5a45d410510d2835d2cb26b34487b0d5cb672d87af3e0a769828f895a02d0f887c05ca1ca263f2944d0014afb25a40ed8c5cbb1010bcc6a30686319105b63007fef241bfc683966ff8a26fa7a7f41e9f8c817e10dc5320bb390bd7cba79b7aa607bb44dc8f641fa531e8815bf20c5073901d8e7c2cbf009056abdb44fa17e8798a79ff82fbadffc55fa6ff1b079e4bef02ff7e4043055dcbcefb72ce303054e0da8b6fde04c9c386000838fae471666ecedc0d11d172e267920ff6f0af84ed52f1e5a02367caca57df66951ddcc18b3a53e0969afa3b1a3f8724dfc3c43729cd0100ef8dee176890bc89e755a0a30e09f8a6bd6672ed75792556a8c5246f633ab945c5f4f4c34b739015cbd44b728c1230239075652a413b5537902885083738fad24674d7642cac96e9dce422249d53baa2c3f2d8d310a66599f0d7339d290feacff96f6021f0714be8dce69c745dee5"}, {0x1010, 0x1, 0x1, "5e96b23cfd8d022f47ae0189a1b74dcf65fb2f45d08747393edad65817418aae3d459e898675771ba04e432e62f288e61d88c594fdb3d1d9dc6a0918252467f55fdd521b5ce669dcd2be2738e5a99e2356cb1bdbbf4188647ad56e22a8e41dce39837c2b7f6502288a057156482aa5007be52aa555ec1e86ed6026f98288708506de6fd5f0e799a9156b0de7710555a4fceaa4a037de49c529817d28bddcab6ce84b0b1d377a55b8819c7abce69044b4b0aaa748f4596e25480a4bdb6f77184d986901d6808f0e826f41956b303f5738a3ddecb5993521e28dbf5fcc48fa12c465d01192defd922b219d34d1f1fff39fd4446208540a114d8d303c80315a6c3e9ca5691cfb8342fcfdcaa3ccec2d64ff8da712bf99b400dbaa3a8fa8f22446d72a67cb28cc91e3e8046419ff9ce842d4aa62e9ad624b40291cac1aae5ecb55a1f679ecc613edd7edd644a46f18b04a626fdf1e3c1324fd4bea98f033ec76661adecf82c63c3af6d52d70176975c76d328d5a488365803deaeb55f57a5cb3e7594f1d63b23dfc8c16b5a73f224e7df7613580c32ec51fde7dae46c1e9a361bc818700eff3addf9547a6761db689be5f3b1a2f617209243a26d599cba136078fb4bfa8f97c7813b4705bc4b7f05866e16a2b6582b57cbe98773113f23863a28d5374e74f8886aa441ac16f35e8d71198881e7001f1316969689350758b63466980f11a3b96b3e966719dda64f3b932b62a8353ce2a3ffdbc4a524f6eb6813fa66688dd2a854f46d96829207c597261c2151a4cb1a16377be221591962466f5875048e4357aac0e4bd61f1fcb22c21d58230bbdbfcbaccee591be1fd3a421ac09a9f8221c1cca165444faec2191ea3a45cc150d15534e837434af03c82eaa0076aa772ce4cef9dd9cdd382f84586ce49905e215b161660fd66881bebf6447b672563f889b1f142ffcb03cd67fa6934184124da3dcaf3535430f1c1598c69aa68c99be975be0d70c4dc52b47f014cbdc070b99ea4d4f699699a1d082be3978c8ebe7489a3a729c1568aee33efa643db9468a3d19878667cf6f6d9b3f98f3c4837d80d3298d386c8722eb050e0c5b1ca8fb192b996330f0210faf7ce8b5d46bd27f4f93852a4fba4d802b8be7bb9ef6d8774a437493c4bb7129672888ecc553852527e62bde8f9ef5a3dfc04a6287235a955c95abec8985bd5cd9065c9ffc7c2e5cf4c975daba4eeecae25b61ebc0d185ac96500be1b5d1caf2fe7f899514b531116f34e136e2e4316b7899c8036516edd4200d61d9461a3906b98952dde324c286907ecfdbc54f3efcacad262ed8159119e2355ec4af44117ae7482c096b1cfa5c62e2cf6a18ea2b0b717f347e0e8e08d81af3071bc06114f7381a21c14dc7b2355728fd9c8a4cf5ad4e4810a40db76f2a20670bc900927a9316f4a4289dc5f93bce8a2d0d3565fc1716e4b9f521b124be98af359b975da6adf785d1af4363ab5dbac22516dc43a4926b7433d80e3b4c3caab4163aa60e52c5b13e7e1f1f41842cec3293fd196eff8bead65d70c3d6ec0d4398e71d10f9085e372f35d6c5ce8ddb8777d0419f73eb2ffab36b4f592e3358df48979f19b80a391d32c9176d0078ec34747a9031fcaa331b1ffbe3077577462cbce5829959a253810930ed6a5b9e3d1d0542db8555660f25d855749f007ce5914e3d9a879334cfbacc81ca4f851e3b1204517b8ec6985674d36abdf4a562c77270f722b89c5e60ba744862290e04b25046d7d6149dfef22f679f7a2e3161b7186cda5f039a235d2e0c0875ecc32ac66aa8032bdd2f8f2bcfec734abcdf4a0c887166dd426aa90b332b7c7f90c83dbd7c2f0a1673a4ab6cd93e75e57a1f6bb7f7a40f757f72dc4663ed326d51d726348545ef88d7bb7600a8f039e25dd9880e6906ba1964e9de6d27296e503546536ce06c262089971bf363453c91f26ec9a70620db0032c1829babe26940bb2bae82ec6572e659673836c505ee680e4678c330a9073f4ba225115ba30cc1378c9a9f2c579b75218efd8113cb6bb810c4f0fbd2c8f1cc6043b23f16827852f0ce5d71ae0628f8e9765e172a1cb7429cd531b58b1de6074c59b897d5fe687e7325b7d2fb53a6d907e907d6fa8378ad7916e325c0b1201ef04da3b87c8245829ef0b8f236e7489fae4196d00b543be08a7ddd0cfcc86db26fefaa7674fbf6df67b63badef58dc7fc76e751a8a67aa8b0d98a158b1834acb78879be486fa00c2ad2d55c2dff4419ac174202a8e73923f24c101479c900eef1b524e8df54c19d6a8571456999714ef7f6000f451e01f90025905eb1c1608bd7e3045137835f57ff49ecb84692c36b744d754ed0fdebb787b0868593702a018f5ac2dea7543250da9927265f6c3a621ad4b2d10e8b914d0972399dd381474ac6e29ec34b148a131869da07872a30a91404c72acf381d1d18023273dba46a642b0f4af7c4af434254215c1662a06ad1704f78cd3b7d1e170f3eb6be38ee0d64033a93d89e02a70e2091754002a038da674575cc991d1f7e4831bd649407382d033e310519c8d1f8b65a9b9ef114e44fb7808461f4adeb9ea84ca7dae1ee67b941b25ce308fd3cad39a124bf29e895a5e687779ca4c26752ff40fe56d2eb9544434e5d24f3797e97e034e876cf09fbcec1eab7e1e7a6997d5b6f2649dc80074565a296b3420ce60af584017811b272c7b61299c1e52ed1b709f5f55c22878a1b62a201db7da414c0c4fa13ced9e268b77d46bacd5daae2682e731a1dc6bb0dd0a0b8cb9553a560a4917eb8f7a4a5e35fe438a1c507aedd9949f5044a6984ea43c52c2e71d8f5dc18dfd2fa614a22d2d00aae82a7481385d426cbbd9f20f3145f9b92a09e877c39218fc8d8a983a2a55f8cf302a51544be281a7fa1327c91cd0ede92797724b0923e8b3e08c8450696c6b4692fa3b6d54cfbc60975f440cf756915531a01b1db25d2c0f3b9c7902c5c0827e23fcc8b3088143e97d370ca3bfa84aab0c2ff64d91a81320ac011b5577580285cbb5dda4737874fce05b84345d522bdcc921f21a7048ff8cf29f53f6a47f3bc4cf44f69cca5a6d48fa98c80565f2a503fc0d231953b0c89ef42235b76913632a4a4bac2b6d8071cd51e8d97ead15a7ca23f8a222f385cedafb883a737fa05c6a0b810b3559e60ca31cd7ac90531bb32e899e94856f6dce336bd4add2cf05e813a7b0f7fc4ad53c956688de17424622acd7d2a0b8a64606d5de20cfb5b553f345e63af1a18b93293b956bc2adafd6c421bc64db99f67c681f477285cbd3ad103a5cd48bf41ddba40cdb1e47cbf7ab1c5ff60e4430a27912d222fe894aba0e5a88e10557ecfe2250187b1e2b5ad805f32bbbaddcf324eb8a5b3e7e620f30651ca208d6c0c744762b2ef6f6428fd7478ce5961d516ac3fede1db5cf6cd27959cb3422e86cd1d35bcdc90aa0bd3a71399b619300d4ca669df47f93ec37515fc45b1c7dc759498e82a4d8836251ee0bae4848fc99834314eb84c055bdd8793a9a34524841720bbac93bc03e99503ae8d6fa86d640a1da95093f4cba9ef2d3bdce7dddcaa7f082a0df0d2e882dfc2674853008315f8a38485724ded2532704a3ba1a8e59adad4fde292d3876bb8c8092c05e7fff3c7548abd5aa15cb10b520e2ad1a4f3e0cdec9738b1cb863ee0bd46f0f00d3217a63e8b6abd9d4b2efc174f8f756058a6b907d8de4e6cdab140ebb90b4c78492c97c1b7f171fdea2145955b0d0d423560c0227d5a593846e65477ee01e4f44397b22c9eb2c290cbb7b47abfc438e1ee0d18aa53a805f757df9dc63290aaefcd43e051e2e006b086583a282faf4b7bf5d5cb3dc4baa8771b7a090f6faaa6f674b7315ebf1a2a351da9fb7c8470e3413fdda3df6bc89e7641bdaf236cb6677fe743a5be354b9552d60918ff4ba239bcacacddc6c3403523ae583a358c662d27aebedc14332697d0150bde5663ad7b07a54dd8af7b9ba2575c6acd2d51a4a843d86fcd0a1d4ac0329c1b02f0c20ef2b69010a72cf2fb778c6ec77a0093c96dba3edd3924e3742be878d11c1dada5723a7831876adbdf2403f5d900603ba1ba42dd82b2436c394b9c4ee7acac30e84faaebf846b08aea852b54a65c1082b74f2908832a6f8a43ec4dbf6f4301a2cf158ab18c46f3fa59039052a02463e5718a3842d24022d1f4c52817307449772839390012c2b04417f18e62790dd7b88ed1f736c394fd8c7d505c6f01ab0c15b174d783e0b3b59611dd09a471c2f8f0fd4f4ca304f4501f49aa69c3488ad6b8f979a9ae6e00c2f3e21835fce1dcb012e56842eca9e97430a2883e6261cd5031c217f4f4144374fc6d7420164a1acf015821fad14d7219fe33d7a7a339f250c704f9dcc7ff9078a6a106d41c311eb17e31a7501aaa3e408d86f043364df4b5ed8b973a64bdd55332e447047b5893835600a6055060e51bf05e2d013928595aabed4a9fedb867a025ff1cc2f807afa5d846c04f9ea34cd16dd59be1ec50086a3b645c3319d66fc1a84c0f728c901c8a02a2cc47a257bad25ea7e64ebf4ec763f36ad1e2ef0bda18f11051afe9682c2d54b3908255a7e47aa1b605ebbfa80e68d4c5c1176806e61257d5a5a732c379890dfab5b86f360d527868b2a8c158ec82bd39ef2d49cbbf58082530f249610ecd6753d946ed8ebff3a30aa2ae9e271a0c6f5e515e28b7e7be3ed929a3a86b713cfae8c89cac3563029f26a281ca01b6af4fe49961d8752cedd28caa2955525d5f172e74d1107dbdd5c44bf3ecdd35206a53b7ee440cf860f190b2ba9eab6083811c1aa335e940c21889cac46c1059bf0720c1085b43291060b792a5897bf645baff4421230faab274faf621a8de0af871b4cafd605035c03fcce561fab966609c23a91e9b1042fb5335d4248843a8bdca2f84ed448939c296b182bbdc27cfbef305adadbf75914f36523cbca08796045d05945e8c8aac586f6536e16a821bc8811023fed99a927670564423551675d52c4823856744b63a07bb7bf90558e5ccd2044762320f99ee815ccd5d5832bdba85e5a08ce969b04f041ba4990517ac0ed28b41559811bdb5643b9f3588a5436786fe6fb04c7d6feb09146c2047038d0ab7ac8f313c76ccd54c277cf67d61e029064880c8233f2130b1c7ec71e0ceb9f5434fbc0adaedf66ca1a418e11d0078b0b543340fa75a3cb5ce860deadaa62b28b05f52cbd9a8c5431e948f3a58b36e471cbff920f922a0135915f1da4de9fcbc66a35c2b080a8e864dc6bd389848ae1c5e17cad38348f5962e377cd8afe0e72c03cad58a3da56e45b2f4de93f504711a5ae0503d8b67dd3175356f0fb4b8374bdca3d5d3fd2fc77db644f118cdba8a7603e57c6708a00a542ebc65c6aff5330fd7cf146b37cf0f8898bf91cab8541059c03ce62a413dd9b2dfa1be6d36b05edb0f398622e2814e2ae0ba218048bd1604e3985c58bd9f07c01d49d136785c1edc7581a4281f827ac26371d714f1afe01fb7e18bbc7af82624dd61687f3fee70ad805a21c7b5a1ff14e3bc6a8b1017e8b65491a11a2392d5a49b8addcc997871a5bbae0bc0bbdccd3f44e5288fa4ec6cda68a4e8b4945ec5a3259b4ea89fab00cd5e4b34ca4166e075e7a509dea7730a67102e91a027f07b802700714bd408cc2f3868bb00ccc41b0e2ff8fbd8e8f99ffe5cd4d320dd66c5cefd559a680feb5a2c19af01833d262a422c7b6717edbfa0a8f0a791363432f0073aabb6ebc2242b16a9ad0407774bab6d89f2e0fe1a48a2fd3f5"}], 0x2020}}], 0x3, 0x20040114) r5 = socket$packet(0x11, 0x2, 0x300) sendmsg(r5, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 742.872701] input: syz0 as /devices/virtual/input/input328 [ 742.889662] CPU: 0 PID: 23617 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 742.897630] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 742.907326] Call Trace: [ 742.909978] dump_stack+0x1fc/0x2fe [ 742.913716] should_fail.cold+0xa/0x14 [ 742.917712] ? setup_fault_attr+0x200/0x200 [ 742.922458] __should_failslab+0x115/0x180 [ 742.927130] should_failslab+0x5/0xf [ 742.930925] kmem_cache_alloc+0x277/0x370 [ 742.935137] ? jfs_destroy_inode+0x1e0/0x1e0 [ 742.939607] jfs_alloc_inode+0x18/0x50 [ 742.943581] ? jfs_destroy_inode+0x1e0/0x1e0 [ 742.948038] alloc_inode+0x5d/0x180 [ 742.951732] new_inode+0x1d/0xf0 [ 742.955162] jfs_fill_super+0x3a8/0xb50 [ 742.959200] ? parse_options+0xe70/0xe70 [ 742.963344] ? set_blocksize+0x163/0x3f0 [ 742.967457] mount_bdev+0x2fc/0x3b0 [ 742.971239] ? parse_options+0xe70/0xe70 [ 742.975368] mount_fs+0xa3/0x30c [ 742.978823] vfs_kern_mount.part.0+0x68/0x470 [ 742.983413] do_mount+0x113c/0x2f10 [ 742.987132] ? lock_acquire+0x170/0x3c0 [ 742.992221] ? check_preemption_disabled+0x41/0x280 [ 742.997590] ? copy_mount_string+0x40/0x40 [ 743.001987] ? copy_mount_options+0x59/0x380 [ 743.006471] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 743.011570] ? kmem_cache_alloc_trace+0x323/0x380 [ 743.016472] ? copy_mount_options+0x26f/0x380 [ 743.021125] ksys_mount+0xcf/0x130 [ 743.024765] __x64_sys_mount+0xba/0x150 [ 743.028845] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 743.034472] do_syscall_64+0xf9/0x620 [ 743.038402] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 743.044241] RIP: 0033:0x460c6a [ 743.047544] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 743.066526] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 743.074277] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 743.081585] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 743.088928] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 743.096348] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 743.103788] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000040)='wlan1\x00\x1b\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9=\x9b\xa0\xf5\xee\x16\x1f\xb9\xf2-\xda\fC\xfdj\xe3\x8d\xe3\xd6\xe0|cL\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5\\f\xcb\xe8%OArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2') getpeername$packet(0xffffffffffffffff, &(0x7f00000071c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000007200)=0x14) sendmmsg(r1, &(0x7f0000009680)=[{{&(0x7f0000000000)=@rc={0x1f, @any, 0x85}, 0x80, &(0x7f00000001c0)=[{&(0x7f0000000080)="398f223e4d75afae85f8b47d66b1aaa8337718b5deea4730793f58c75db4817175387ba104d02fd84198ef6ebf366d6a75509be72bfe8265b7cca78804fb054be18a2306fa5f7c1a9a8a015a26ac1ddf56bb80217d119ccc7bc366b64539ede22f8dab3455acc16446896b187ef9655193912579f874a11258a610e60a06ebc04894c9eebd18d02363d8f4ae965bfcc70e0020f2f49e3f310a145c519267491dfb32425ba0a34beb69e6bc949f56b29b2a7b938c1b77b0b9e107548fef2eda1820956498be6ff63c056865839af82c", 0xcf}, {&(0x7f0000000180)="5f639aa476814c3f7b0a", 0xa}], 0x2, &(0x7f0000000340)=[{0x40, 0x10a, 0x80000001, "fb6f53cfe611faea7fb530680515314ba21ddf0720c4f8fe04e9b2aff5ce5445edf99a3e086e06433c5c6ebf4ebd96"}, {0x20, 0x105, 0x7ff, "81c091a3b0c9cf25746e80ed65"}, {0xe0, 0x112, 0x8, "a983b3e4b10d7515aa4d2ff207a513ddb66aab1e1b41aff5cf2593a121d759929811a318c5da6466dba734faf43925c3a8160d6100c0e171c433aa265b2fbee77a8759cc9ae55bf33959ab6b709b653a66c860c16dc36babe4d188993109d160d6fb051e2026af5d83a5d5ab5575946392c82f241252a4aebdd54bc0d8df5162dfcab5a9df00290527bf100095ceaf682dcc69ab1322c53aafa66b1a9a6bbc886ef1df367f48927ffd720694faa62f60518c0b62a1d4c6680f406de991552cdf57f6de165e9494039df623d22a36"}, {0x90, 0x6, 0x88e7, "2e39bc2dcf1ef79fc8bab2234f241e70203c9276ea10ed8149b261b3d90651869b14f3119f5372667f78da40baf1fafbbbf110c3bbc26289649436ba97048e94b2115c158f85a43b415a8e25a47eab8c569f3d0b3d40441a307bb84fad0c207452bb97d945198b46dca1c5b2a09c754215caeef555e5fcaa6782105a769f1077"}, {0x88, 0x119, 0x2, "bdcb27ff6b139b8c307d7eb552c19f42a3c1f9502099110bbbce5075f8bdcf47a75170211bd52bf05d4ac8305e47cf59f89da73a17b6107cd8b554ee14fd7402dfdd0ad209430f490217853500df56713c31bf2f7d1bf04c3897a96f873da5fc746ab4faaa53a625f58291f32059aaeaaf0cb4"}], 0x258}}, {{0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000200)="e6afb430c13561d03f2f7df993e5b2d3b4595c9501ff2b545799d1705deb2a679e9f6af03604", 0x26}, {&(0x7f0000000240)}], 0x2, &(0x7f00000005c0)=[{0x80, 0x7ebe05b55dcbbea1, 0x6, "50ff2d0aa8c0072c475d0ff0cbdc875b88687ee9698dd3e3daa00bf75497f4aa7e7db6fde4f33b4129fdd547a78b3de15fdcf7c6d06e9dc4251b8bbc4eb39a78ab8a856cbefd461cf72b99987908caaeb8dd97bba7a691181d27d556ccebd0c52c94698df0baa08ceaf51ec88e"}, {0x1010, 0x111, 0xff, "37ce63e55ed7f87db0b86c851b477704ead8d8d122fcf82d2a4c32f652a6875276b73f7db4b082c1dfadc3af936c3b4de0aad8128b54200606cfc0d695dad29084afcb60d9939a9049ab323fffbb8232f788d44d479c005ad3f0d7cbc5566df9d52353b3186043e3fa9b80e59a9894ffa13b41a63992144a91ab52caa0656a041b8bb82aabcd910aca94bb70cc8615a1e176db3dbf9cc301e503ca01cb923263ff31abfff7ad506e58a1bfdc940d021c96cdda154c37bd6531a0062102635b7dbb73bf58940c8694c190d1cc22f438d8182d2a0fc0191af185ca405eb9f8020e08ee555bdb922e43ee972fbf363a442a7a3c65dc7027111fbaba0d0b9c46f72b27005b08d33bfe935453568b89a39cd16911147d70a4b39942625909fa5d5d42f3df2dbdcecd647a3e84c3d107c9b97ff2d8f8f1279f94f67eaad5c21aa607c77d5e298e654cf363a9c8c910f72eebdd4b53ff41589662e1389b1b535bd4e77390415005ab8e6b5952709711e37c67ead28b7742c816d446c2d8a652efdea7de01b8c177a619e98686c26b8147bb55b63cb23527b2e8728e7f3549b61a202c3b966407ce5e1947aeb1f1b820d9f7b9ed89e6e06030b8e2b23f98d13dd628f2b4ef4a2737ab4e36e9b9883ad791604f86e559132a48ca11b23ff0ef6e506fa9d05c5f0fb0752e6a191f90720065e5405f1ef8b931e2371b96c1d701bc931914e4357191fcd01aa58fd6b79e0046de70f4016fa7e746b49bdb8b1b24c4284dc8b85c265fc717e9503d1fae215750175589dc8b5836877c854112f92c696220e7e05549a4e4c2edcb295f0b9b9063a791fde646ed4a5b7de8f70c2831f75a0c0123acae385e185013139aa420379bd2d9d14b69137201a4bc95a68467e9b76bcedea112092cf24ad7b4f4868739be2a2c8888dacb4cccc71ff0564699005b194bda6608120fbb4c79bb39b17448719c5323c36bb24e6a5e731a9e88bd7d7747f08e10dd99f9c0749cdc4dbf7d6bd56a2794f031f061cac098c8950b52da3cfc646a129d84bef7dad5dc46fa61bcf565108b46389cce4d382f4f1dea923e9398483f91c9f8b1de33a5743881b495ca9535aab21087de348e80d630dcd9a163a25b2b68c1c73bf4cd485c6b5de847b86126e1e686351fe131dbd6075f0dda4f52265d7831e734c9b6bf73d941b963a4a74a611dba25140bd40d86e36c1738d75ad3b8fd424ec0865a113d4b62b4ba9af6dd6b34c02ba902cbe95676f4ad1b95f915ccb17827e13f661efb1a69566fb370ebc1b69a0431cb8740565fca49a1e0c6f2a9e7b1683098c02ac9b81f57902f47f7972d65496ba51e2eb1565505cf1d5810e36514705dddd6b7c68b359aa1f9de31c21a881f620f94ba5eb4f4116d4a7d49284cb1a9977bb3471f8b008d999592b3a11c47c536a76a6855118fb07bdc22a0a7ef4e07fbe794e7e041d50a6b354c85d22672292869c1e5e40c09be8abdbc4a25f5da48322c6a77395e6ab46b02b22840857beb0f06057f884d5bcc38b662318340f537aa4e4b4bfa677a6073bf90b244563163ca6be44c814adafe4d7cb88c80d2afb7f62fb063e33e826c5d16474fd427a52a957521359c586f27dc0863af39919388439353090905974bfd32ea82f15809aeaf5dc4a730f547d2b98f9a51400a5a7ec61e97b09f61fb5aad4871c3d9efd4fcc4ad80b736f1e916b19c316aa44666c362bbb931c955778ca1a2f62a5b4c788672019a6c5d4bf31f510cc8bcd3d423b511ace748afe53b2dd0987606d10218fd755e9aa49d662401e8b3e16c19aa2f5780832026a10785d822182f466413a19d72595baf8669ff5282b226db96afc06cea9c069d33a38a7594f5e5503b57e63c12f3c5330c45b144f067671d3bde093ae3e9dce2c583ae17c19ec7ed78bbddc385e37d9b68e4f9b8f40b08cf430e4fe342fd11588502ff70c8e2b2633e90598dec84af8794c01724d0ff7273b795efe01e62be7ea1fa40b7e03e2e4495c0c7b369756e29116812719b505948fa233f3e77651d388172aeaa7660d9fc6efb2f6f899b2b1d940b783332081b2ac11b3e95831ebebd0399a6a4b1a87a9c9e65720fc62ea510a7be0392219ab7c3dbd4745ac6d8209586c6a162d3c2f789736dd8548099ec3da8792fdd0e978a20ed836a49963588645cbcbdb43130ab799a7ff49bfc9eb1d17df70d55f67a2813ab7883ff7a4810213bbc03a04b61e4e8f51fce227c7e57655227b5f7bf113e0d9dec007db7c63ae4be0cd24ada831b083983a43fe14e5231f355332af4e33f6fddc7c3d8ab1acb5edc3eef64ee4191daf6b638784d03e3f6658fc0892e852dd75919d88cb957fbe9e6fe7482268328b3f83381fee724e146ccfcc6796d4270b2858bf87201b5c069908bc985312b029d9e2c8709aa5cb19e835c70fb262fec59ce1db3259f3aff0f5b1678d6497957f0526645d40aa4535b1672c182ac1458b42d32edb6a21937ae153f0901c50c1da91be48223b88b80518ace995af16e133894ceeb9f7318498c9fa3d3dd257f5a6310c1802ff716edbe5545d36e51629b4fbf00435656b6d07b27f484aff8eda4846024fff60114b46d6c2edc55ac141db7bd19d4e0ce63c7064a8e54868f36171010b6ea75dc526ad74ae20ebbfebbef34b369da25c20274f439792d5642232aa3827e64353106c951c7db907217141c288ab622221553a1169aef04547f13d6682e3f56eb7f7e8a072e974365ea8da06391016e65e8c406a7c97b138717342fe96e624e7d557f50294e8944bd913afb46acee0fc907bbb537a082cc39ded8922bea28aa9faa4ec193d0733a49d6bcec0f8641476436c823f4555629a1c0db59ed75f4e5572b1143491728b0a5511e5418cd5a23fa88d5c402c339780fbacb6a8133c43d753a9f35de9818d605e541a91b7f4f56034db6d4f058fce98417ccfe3ab432100984fcc677392a86a649b0b08058d47fc5ce21aa3b340d90af17a39d9124966e5579bba170807a6b621d1a5605947bff80aa64b6c69307973feca9348ab4a705d6c474d3f1eb46ce24d06b37d51b067edf7e4228050ecb7bdcd3fbfd124758d99ea16cb8f43d4fe7c466be2174552ebd0db1b963481401e21de80596dae6364150b33af6fafcfda5086b56a40cb0313bfa9821dd2d683dee33ff2215f2fde4675ccdeab11ac6610cfabe0bb0ec45c2b564f6a538a79144f661cdff6fe54308402e89180ef0f11bd097e4308dde786d67e70cec7ad3d5e1aee2d154bcf3445464cd573a73475e34349f3fa724399fe7eadcaf39af91f510ee207f3d31fb81c52361a8a111ea62197e96996f802c6ca2e8b223bcaadcb6432c4cb26759cb64dbf737514f733409cd67811e2bdb325f1036e16dc3474013545790e2787e66c715aaf69798230c0c6776e9a287f9f48bf7fd5b8d94effbe570f5c71175ef97fa1afc80f432b09433ea2028f0f1b3ba2c1c39a8026973038292d676fa7ecf312a3fa499601c91ad2b23bce0d8d83a4944c15b0352272e2f732a53e82b95f9268b15676d016273a508f9af06471b4a9fa91f067cb06f004b0acbb68b0e9574de2c9bae34e381ad673fd4aae1ee6d6301e6b16d28f390c0d86b05a3e7cc1419fc40c7ebbc665c15c85d1a9f401ccd9a68e1541d6b880d7114c92a6d1378d2d20f624987942b71cd7f052f5ac5dd6c4db73cc82a5929cc9667418cba3f71f25df52152f914c36706c20567e87d6b067f262687d67f0c1551366d81dd224c88ac0ff69d867081a3a1df58ea5a3dd28c93feb51d18f8ac6b887b08f6ec8db5a0c2ae279b018258540c28256c163f77c2f6476b79e0cba29e6de5a2c39938cb8e82d7519a72b363a3d9f37dedf5f391508363ac2ac04ffe17e325b4c363a88a0d62eef049971f7826191a76424e2453626b152d0af5e5af2967817084d58202452e92f782bea8e968633d9bf28f1c4a2f09c90de9a960ee46cac26821f192e785484a3727012163e98abdd5100d0e3e7021ca2d7cc284de43897d064c4d9e6331bf974c48b1eb553a283775d5252c1f28be17d217ad7d3a63195ec4fb9127c44c5190c07df7b37238bc878311249e70ffd1d663883905003e3bdba3b34abad127fac47a8a552db9805caf6aa2211cc971c24bf6e17935aa303596f0470bd97b038815c3d87fc099be55ea95878c85fd35cc2f50104e243f0331c36b51b8c8a7d18d5a2262b0311b15d277b20a45b763a7c1e1e8877ce076abe3ec47d57ed76c0fb74b78572057e72124f08c2bac05308302eee5eea525b46721fe8a6b09609a42fa652f298ae91760be9a6b91adc674b5ff5baf312ac0115d6be6d072698a9b19613309b283097c80f3f5e62502ca6a21ce8c0b932b54499218fde729f838a43897acdf94e9c3e651e99276b65395baaed168b753c5615a558632022b6133c29307eab3804c91ffe7ca58336edc8095274d38422ea5ea433210278c26f8f0b28afb119d4f45a062150798f542f367886c8fdc1898f5dd3a2b9426dad8b599ee9c8025957d75a5a777b03ac64b0ce846c8bbc5deed32a88d3025967750c7fd785a2bee814a24128b45c5362b54cf23cf26f7b3e2f9e2bd466c4b40f8902c924010b7b87e6ef8fd83188b3cd7a2135064ff0e6c69914fcdc26f9d2ce678b961a5f2312a89e771fd79c190476ba1ab8022908a65df0ff42d888545605e04ca7855f68d51f521e48e64ea50e8d3c566fada1f7d0e5eca01812060a5a8b949ce8dd8cd10bfd6a3b3a37a62ad8f3f364d4c9b0f4dc4b7d57999ed4dd25a174c3955dae940c9eb75fcaec9be9322249248ac63cb5d14d35ce03bd7c9aa337a2500c305dd718560434f09d3cdefe6389a353761d354298e60d323e3eb930de542e156994703dc25ca844a1863630afbff05d5c1adb4523c43fbaf09c0d674355872d03497597c42d6a0a4e049b8a9a79bee37fd49308f76bb502450c72069ea760fa14bcaea723d37269c3da31cb6e219adf604035cad99f8a4a22eb8af7c83e27b8e54ec15d144e852e98b185a32b472feb6977221823ad80bb000aa84fb9924695251b0ebadc8904110425bfcf86aa4bc2d2017d875d872015b3947d798be529dd20a916af6657e21e8a3445031d3654efe10dbbbf6ae7bc8670a9b6138fb4997e78e95757ded42bf91faabe83debc413ad0ada44effa15360d0b35a463948d1ce3c5c4ff67c757655dbbcabf90587df06be5d46a7c188b97999ceccbd70f31d3da6ff88034bd7723b974cc7d0ac338d79b056ab0ba30ea2bdea09e9566365d33c769c89767d389d4fb97d41909e212d808f782cf9baae7c0e4d7f17145d0a08ca1c1f85bcedebb5bb23a575f15acdedd970ddba6030b331561c7d2c9f68f98b39b928428f12b0f9e4c1adef376c78fcac15710b1f4bf7790df1ab1aed2827b707711c261a3cd5eea97f6c5e1b050684839794963cea6aa4d887c8e9bf5889736fd3dd7cf57e4d0708573c484ae3ad1a301d218fed387b54be458407136aa8cc7f4f1420545dd207942299ae2ccd9a6c9b97819fb558ce26f47163f0b4742b53d69a3972b3a11dfa39bf85c1e7829fa88f70243d25d31c8d886bd607378d9260ac838f594411fcb2e12fc497b0a0e5c7e6ee9bcbc38093711100746269557fc8eb28445339c302d99f59d34c1baf87f099693c6dd6bc4b3c5abc44207942fe3d5dde669072fdffaf194b1c7d7aadf06d7ed751621e92fb2df3f9ece6545588d3577df11b8cbcd8f7e2ec42addc5f6946d744847d76534"}, {0x70, 0x113, 0x1, "fe59b08cf3ca601c7129d25b566d71b26dc04252d75e1d833b5e172fcb265f0a930363bca106cd468b2b99447e0f358d3a009985694f89739e3e22400790b660f8ede7ea42bbd99fd7fcb27325a9a8435e6713c5401de9d179edae967bf043f9"}, {0xb8, 0x105, 0x8, "133776ebfee35d807b0d04ac123adde3d0f5dccbc6cc92896d3938dc53b17ccb0e9246de28251ba4f4ec43bce83339ad5e817653a5440d045f39aa7ac9c90bbbef8412596ba9988cc8352eb1673aa42a419855481563cf5b922ea4c22911807684d260121f4ebbb250e51fbb77938d817d9ee6dcb2e046e5f64bdf61526c530c1cd9287e30283ae190cbe8b5f96e1ecd5a9013232a5cd63de0afaaee0923577b27fa35"}, {0x108, 0x88, 0x400, "629a182bf7f91374651c113093bad0bd92be2ddba904f7176eaa67c7d51b2f0d5df590d416c2d120bf288ab178edd68e7d319908975b78b7099edca9ba4cb9b989ab84f6a1191f5421c8b6939f0881c73fce5ee7e4387c7265ce316d6e33566f3f3f09c00d22fc203550d2f2d51c98ada1677f30ae6ec89eab8740c1ed283809bc3c453dd3a51d175eaa3ac963352a5cd4902a5a1d1d5fbc2600b4c68dea10e04ac737c6c896d44d30b803460d5502330149bac14fd10c65122ef0606d9bb0cfe1e9fcac871ce887b1479105ebea8990d6fc87ad425a21c903a22f55167263739a33b130250ce2ad7f152cfc154eee0b538e15"}, {0x88, 0xe840c192e38cb208, 0x4, "5eb4b4e79983bc2a19108428c188592b30cc1ff6ba3a45f731cee7898b870540e373f96e8cf8048568de7bd72826753457534af4383aba876884371a68978ebfd93795e37fd05a6742f75ad1679591a609d6bde28ce402f2685486e09673a015b02243e0de6e998547eecc80d6216f373ab4be"}, {0xd0, 0x9, 0x7, "d6d0e26e10e60e66b58695cafb9a8cff34bb3062eee51603852a23ea58b234af170a6b0c1b9d1738ca1fecc49995809bb4f3823e22c5abf455c93dbcaf594733e504f62585881c6395d24c66ccb31e177bdd732fdbd5ac388c7c9d8a4eed1e2437ee5873db53876726293d4daa1ee07e1f631e450a9ccea46f76b543de6350f3194debe35e9df5fc1c82ccbf0e9d6f342b6c6ce3ce4967cc3679a6a814a3c459a073592021a91215cc80d66667924fc6068a652082b690195c67f4"}, {0xd8, 0x10c, 0x80000001, "5a74fa17427dc8fc8e100a7905950d844fdbfbb3cc6c314ec9207da410f9ec7cc9ecfca7a434cf81e0d69f0b4943893e063a2b3ee8455369c21c779958d4dbc8bb1d25456c311052d6380769ea066b5fc56f54623e8447544689e040270308056a254de0b6896034fceee56852f0541a899e98505a32cdebf0dbf3fc434b45c1cc29a59b2f91ccf1f5d54c8326d4f350bb0f1c130d54f5eb27d4b723b00380f2c39636b766ee84177bf9c819b291f9b3438d26dd04da942fc0c9e79ae50ea0711bd52779fb"}, {0x40, 0x111, 0x1, "aa5b0f4a722c2ca94d3e151469196aeb31ef7d7e0bab94ff2d54309dfb06637bcbdc196faf2b7ddaf6c361393b9645"}], 0x1530}}, {{&(0x7f0000001b00)=@l2tp6={0xa, 0x0, 0x45, @loopback, 0xdbf}, 0x80, &(0x7f0000002000)=[{&(0x7f0000001b80)="a41ea591ad116454dffd395044845ac29b41c8d305547302e787a7c9ef6dcea391b12204152e61a1723f989d5dfa573120c15812e223b4b3054668a535550862d12cfec5302c05e509485a0536d26de3328f588ee60098eef567aca314db5c7fee99df209b60bf078894e78b6df95fb1153ae7a3be86e45ebeabda87c7c6b7bb930de25a0641a4e60ea8e1f520e3051a1196198477edba210f1922342f8564d43450a8327d627aea77995b30e3b34b25bdaab994c6e412e4295597674b89eb888c344f933f2e", 0xc6}, {&(0x7f0000001c80)="e04bc0c81c894444ee1723be6c1a085998b22364438811d759eae2f10557bc594a5d5815267f7f4532143308b44eb57255766e361db089c2efd7078f37c44e", 0x3f}, {&(0x7f0000001cc0)="65a850947795ed8671c827b70c6982c1", 0x10}, {&(0x7f0000001d00)="dd7be34554dda0852bda6a7ad66ecf79d2ee2547423b617c2371cca1050bb4acc3a50fd186b386dd3bf630cd42f7b640cf0ef7deb14da02ce0d2523a962426b3767ddc1f0b217be3a83c23c5e88d7ab3e6a6c277d8e55bc69ea84ddbfdaaa8e492b885f002a2c0e3cb5190cefeb0c0cf30a2c1ff6ca8ca5aa4e36b56fc277e01232c1e1a9c83a9c5ce71ab704e1f2215eeb7c5896a32d015b3d41c44854b0bd6b08f71036c85be6c804275f5468d3c980c125c80850aa25c", 0xb8}, {&(0x7f0000001dc0)="34cb729580", 0x5}, {&(0x7f0000001e00)}, {&(0x7f0000001e40)="baf52381f6deb02d1c2d5c3ba3d00d2d7017e25b96ee791d21fcc1648de6a330082f2d4a06a6bbfa6399245dbcf1993317daaaf07bfe754f7bbdb9ade2801f76ef463263a068af16c38eb3e4de5f1030f70f355657447099cf09b56834b4e080d4d310149647bed5d05a1015871a443bab1524c697624b271f4a07732d9d705f5e0480bfcf8b8bdba8807512bfa4f31175efe68fc3cb8ed8fa48567857e57cee14bd6711e8e5785ba5ff16b379de02e4c67497d097f9743306c93101cfbfc49dd4d040ae2cc65c33faece456bc76a8828442b4c3d8571462fa7f", 0xda}, {&(0x7f0000001f40)="a5a906938f1d3b6904d0f3446b88c5c958a62a0ca3cb3fee4f7d0d53f453a01f3fda8b4c47435012e629ec559a9b51d1614a59c87416329b1912dfb38101918b4c028a90eb015af5f11e5cd16d227f0f47", 0x51}, {&(0x7f0000001fc0)="1b13569f9e0d07834e22b1920c85d961738be9d0c6", 0x15}], 0x9, &(0x7f00000020c0)=[{0x110, 0x117, 0x80000000, "538b14594ba08b3ec84202354ecb8fa0b59c86c04f88fb9b48e8e8342289826a0cb5f5f381e3d2045e22d4736f6478eea7c7f378b3c29c61b30f38861611e941911e7c9486fb595813829397a0c950099a395e51cd367cbf9a20dd6a382e34b2edf02d0768a52684009188c2016bc89edaf02b74d6d728df810d65c9b5a292e8c3ea82e77069c176c89824662c7ed889c1e58e15e1255753298a05cd32386a1767ae78d8d7230eb6cbfb660ed8f45b0dec003edd839615a08be7a5e5f12baea70e0da7ee79c6b96b6de4f31f97e5c1a3e93835f4a138c71af67fd29f43c01e9e7b3d2a3382fc93827bcc3ad7955d894ce52b4a9f90607f3117162736"}, {0x50, 0x112, 0x9, "49c37dd45ed3058b456aad81a841b587435b4bf6b21918aa627d1ad3bd8381b415e13f78f018626c8f292607188e18dea0c49e9139ae1d60e07763f643b032"}, {0xc8, 0x107, 0x0, "52f1a8e10b486adab869447aa2cdf721947a34096807366b30a01af4b17b4dc57b70c3c188187d2c41c93b3d9ee6c8022ae90110757b4904c64fe06c6a4974721e749f93025c83296569d90d134cbc42a31899e0d66c597d3cd0189fc23543205090c25377ef8a9decb8b0c1dba6a98c55822006070f8565d56428bc75259f577503420894d2d0823014f06936d45bbe19b74c33b4897e8a6cc4fd1261bd7f29226f6e8196bb48c6eb28a6d9dda2d44bd8c9"}, {0x90, 0x1, 0xa5, "f4ef7747898fee5afc10aa0dd79cd3e938265f7d8c35294346128f5dd5869e1b729f549c76a42aa500c35d5caa8d0c2bb80b2d362d8b67b1c971ac4977f3ac3a0730a736a26248b230fd9dc15e0c08ce457706de05022dabd3a8a3fa6b79c86e5c98d63000f458f002d1b318884f173bfeb7d23165b6426ceb"}, {0xc0, 0x102, 0x0, "f2dd7ac43817abb8d58867837c33b6043cf03319feb5dc3de8fc71aedd9cc5dcdc77ebad0de819175dae83d7f169f60e40bdcabb1c160f9d7e4172c3466e476646ad94dcdf3764e7e2caf27117b8881b5f852979fd93464ac8385796b4ace47ffe456114dae0d2b4f7c9ca449a279690d0e74658bacafe91e68fb4b1d2fee238d907d002d509d10ba5b088559a289cfd85ef7708b413677e8f01f634b8aadb1098b281d6620a61090e2f"}, {0x50, 0x102, 0x1f, "823e2996812369b404f15981cd1cc830fa88c371ae9789cb25cde08a610d88fbf47b711f31119314b024878646b8b4ee2ef399ad859172d1da"}, {0xb0, 0x104, 0x1, "b184cb27ddda4af4ce210cb0201c9c4bcc0ce3d61aa1358eac25dc342be2d30720fd2e86a8ac1efc7b83d86e4581629f3ea6fe304011e6dff2e37819b9325260fe24b6e567d10246e3394857d8d9bbe0598b4999316856230f26e4feb4c74f353ce68ad6fcbaf28886fc27f9af24d64ca352f64ffc19de1bce6e581da2cc968cff88ba772653235f35e257b7b742a86a5a5a5e546458e00fdf873bde36346226"}, {0x48, 0x22c, 0x800, "cb8f77c4925ccb670b55ed77250621913249875d8089135c656fed24abe4027424f8b58dcee4d7bfc14d47ef062b26e0288c78426d566f"}, {0x40, 0x11, 0xfe000000, "b1bdb08affc77e8bc9204ba104122576294e182977d06340bbba15cc698ff85e0b65b2a69792b8f9980f4985d3"}], 0x500}}, {{&(0x7f00000025c0)=@vsock, 0x80, &(0x7f0000002d00)=[{&(0x7f0000002640)="dbd665753464adaf4ca74f2b7b68b1fb2b0e9a3ed56041063ecff5b52c324181699bfddc8917cc8744b2cebbd3bb768868e2b942f38b0fe21a5b27d19cd33d2fd2b1709d8e13eded0b873cd865e2ac9584293f18d32c73048c28b787707a504f6e7d697ec8b8e41ddf7c4bf2f535f9b56cb0c9a2c59a12ecbdee17ec22c10126d33d667d0dfd25690681dd1f820cb3c68eec7773f7c3d7bedf42ec27a16feed0652b5ae0172e67cf6b16306d7e0b3a99b44623dbee66d6b5da94ca1f5395b6b47c7b502876c85cce782dce701735034a43abc625ca0be03393129460d08dbb3feaa9db152db73cd3753f63fa0e8d", 0xee}, {&(0x7f0000002740)="7f816e8151dfd8827ad6921b7b6b46a7d251f80b6a971d11063cd19eec15bc006eea1599bcebf46701967d1f1515368d9ddf74f17f4ec57c4bd6d9c7593ce232ed6624b96362c15666be7edbef58c25575c68f5d95c19d8f40385bfd7fa6454fd0dff6453b32e9698f5faa1ee7444bd32a277058e41253f770a1d140a2cdb04e93344ee599ba2a0018c5a3cacff1d90ef7fa63d32df035fce3d215a1e9113662bac83d7ac7efadef03a9d7cfa6e2006ae1e3c67010a1f38c4e9a09c96d067acfede6d2066a51c7054e6ee725c1b4a5f40ea477404647e59562cfa95687f7", 0xde}, {&(0x7f0000002840)="6deec7b655e018516513ec872e3b15d2238ab826d6483ee8ff0c85d6ae4d7234303995b6ca9939e52c88a5f3904c62d6350e3c65299f99d0c2c59847a24b6e334b936562d910d81a9fe2d3f1fb08d74a285d434a799b7e66c81409e93560d791b005ea1acd66eff31b391a831452ae9c7d", 0x71}, {&(0x7f00000028c0)="c91467eef9767873ffa14828b2509c19993fdd6c63b251886d821bb445145af2ea7e91b8bbdb12cfe26f5a6e69fcd09aea5022ec25ce048224364c4b6fbd66b221ffddcfd3985e415759bcc73aeeeee2100b9023b56fe9de19e4e7d257565167b5fb342bdb0eb97b3c6729a9f9b6f2e4152e1c44d50a841abd74f8386cae8beb8831435140631c1e762055beb16912523304d4ad4ff26a57aecb1ac9ee7beced205c62f670e71fa04ebd278c451a4d90e4b68a2a10a17b74a61478cc144867fd8635b069", 0xc4}, {&(0x7f00000029c0)="e08d449286b22375131b043463ef155a4efb1ec7bf5bc15bc230523ea78bb717d73c3eb49d70f368237e0dae13c798a1c4281f0ab3a7ddbc27ee43a652ed2ac7f1c0f2d22f0bfeb1629d4b8e3e8014f2e3baa6749921beba3437aa461a3d019f67446ef105cadfd146e7527f2736daf12805700d39e25b7b1f5f679cf9c5ec2740645724b2702820c87478669b4daf88b603ad", 0x93}, {&(0x7f0000002a80)="9783b0809f4bc87fb3ee902368b5c7c99c9283511f8a94d6faf5fec70f925019529b05370c9ebe1516ad51ca0b072c8751484616894a09f40b320ef784185021849703872fe8a7c3f0db7b8d1185e2076943db9a0f5f0b", 0x57}, {&(0x7f0000002b00)="02a0b89e0a52b62bef8371042534d90f81ee76015e9f1bb3b9c48b841e50786c4785825337fdf26abcf8b066040c459d512b5e8f34ae2277b1a349a3a3ba773e45135110d72829193f6cbcf6ae204c6f50129a533aec3c9486c12729d2da931e573e23c9073e4864db01361b5003185c942f28d9bf2c8620944410c5e5fc11f39a6f1cb819630d2a4ae166b9473c", 0x8e}, {&(0x7f0000002bc0)="89dd02be3fcd7649864f5ab732df6f3b9313f3a112f3ede9dcdb665f12c52288574bd581d2f4", 0x26}, {&(0x7f0000002c00)="5e0caf7bd03b5c123f1dfadc248f7d01e2d74670e8c9d86e217dfc4deaec86565af9c48c1998d188175676e9ed036a45f3581da2524d8a68b34c523e1067a70f18529e16accef56075e4dc3958d1f8d7cf3b3b1a87bbca6ac96297c1459a401da0b5da30b8f3ccf6e6af6e0d2a063bea08ddc5826d97e268db4004a110449dc1cd5db5f6779d4c1d46287eb09a0f980d053f148bda178d023add56f175b9fef6f6e6064f9bc115648a676883543a1bbc71917c7d6e73ab9cd0a97b2bb45b80df359a0b665e6758b2f6e83580884950e782b8509c13e930d823b9290ccc31a8588f7a80e0de04ec469391a99cfbf5648d", 0xf0}], 0x9, &(0x7f0000003a40)=[{0xd8, 0x1, 0x9, "558a356a1ae67404a9dd2fcbe4f63f8d28e8c736784ab11a3880ca0344e7daad6a77cf810a0d206111ce497c5b6057c90a4cedf253bfb0b45afd28accac69f0ab577e2ac8ea5cc2b0950373735a4e9c1c0e8475ae1d151043cf25d153dad79ccdc221762641135108583dafc1a7ce95c4ad24dbb5ecbf0dd0abed8fd1337bf56701cc53411d1d1b47b8e67802b61893813cccca97420a6d2f32a5da22930e7f376aaa86d110d5419ddb845a045300c1d643d6ffa1c1ae05e1db08c66e90683360dffa6"}, {0x1010, 0x10f, 0x1000, "95715430463aa75104b093b6412b9658f83aec998a2673c8db59fc81e9fae152260b9d644e3d9acd4f2e168699cd7de63182b68cb6ff7ddcff511053f76d8147059e57c150bb1effd099d806098b117d5f226cf98c1c745ba4b5a79c831da7f504f84bdd88c8464de4889aac4b3a9a2ece12909b48a9869f20f0ed101c4edcba8df49153490ba16befb3609c0db808989adeb04653095ca28d614e317b1019d10949dd05efa8d5fafee9f3a458f96767d6e3a12c4780eae488ae93d52f74fd24c3c0b60f1d52b4241e3fe342b4d26a71f1e022e41f478acd75c753a0427f6389b8ec4e7ae3a92c9510e44781a8380676a75e82dd25d54cd3d42b13973cd4f7308972f8078306114f8ccc1ed46df3a8b7b33232218efc301eee51cdd9dfbfdb31689048f2d99eb14de0695b365f3fec570c2401934b548d368e6593a1ed0251d2204c3e271d327cec50abede0fd739836a3857e8d5b5c227c66284bcfee3e0b9ac7b009efb1ddb88844d48eca56ac2a7426ac50db5709a92551d0ce2d3df5d7962432a0bd3e918b8071511e53541beea00f1829fc6d307fa514cce22c8004f895c083a5e7be9dba77db0d2b527663eac63b80185e0ffdc9370bcd327000b851317122d0938006309f3f86d73f9ff61407da3ba3629ec31fdf2d6f771a7758bc2b31d9277dc5f1998f09672568ddeff92f65db04b0dff5de3c1a93be449b242263c179ab3e3cf0c529de920411aa73944da1a6372c1955d8c6cb1a339f00cf7de1cb7fffdc96afa2021219ae700210a6cfa71338b504e7f3cb2a98affc7c8f4c09bb4994fcb06535ec533ef2f98af48587df20f37fb7ff2866a249d9dce8a4e22ea7f7b6c4c703ad262df9df8dfb859604d4b44a931524a694e1405677c537ff507fc3119e19f1d6f854675768fbbadc0818dabf56bcbb6d8bd181a516c0d562f33f67d97ab88b2f4f3fedd3ecb7928158b82d7c310332f95f2c82aaae6f1e58eebf875ea127564aaebfa6797eaa9ae71f4302be193d07a5518f2c97f38d7cb0a2fc6c8fec6d3f2e0f928e0b84d380f0570ae21f7b87229426f05799a078f7c1027842e0f359b4f0dd260e38163d038bf84662a6f2be27d54ed871683386a798570e57b6547fce79f606af5ce7716a406ec1ed641e24207c17c966b9f0ef65995fbbf58d1c5f307c04af721a57348306f3683e27bad1fc39091867d52ecd82240ffad7277686c94fb432c11d46d0915b9561da1944c0f7219b77fbd3be4cd6b7fe941ca62332c77286fe3c77b5b7b18e0c7581575cf3a628655ee708446a4c8dfd545702dd8939a7bd36bf61a28a590c0679bdf435d6da0895788abcc12ac32c4809c11c2e0fbcba3d34ba4c005b9a927f9b0f62b6abd07b9b7f8dd3b67482300b52e4bffcaac98717a3ae80eb0e7c1cc0bb2569fc1dede543dc75ba8c88cc16b1daafc9dd18429a6f341ca9100463befd8391a1f0f023ecfcaa597f38cf8e34fc1b17f627f9efc614d4afb008299bae7293b2b954189eada6657dc9d4402d967247e96b2a0fbdb0857feecf97e0e995fe3abfa66d123d6d97986db6b67b57e6c76d137c64ab9726179c1c7980a161d0c6b5310441cc5e901acf66601d164e72261460b6aff463f934b4266bd6cef3a55e11cdd2aa0a26929d1fad38f44503bb4a560a7d07c228937ba450e09338efd46c1d47d7baddb19f4a06109c4a466c88b3fd2f82bb388301368f5717b747c1c700fc53553252b5519b7e8b3212385bea1242acae7ca782c9d003d6f5ce71508a48e6113a7cb81854599848c440c071705c2795a021884c3d2431af62721e0a25cedf57e1cd1011a2c7f1deca192e5c527d84e233c9463bd1aba224d82ad3b7ad78ffd930332e9f4155416ba23e85da3eaadf229f279446ae403471029d543184a0546664f24da3e4a1dd188f488ea1ec0d411bb20022021b93a6d084f4b9074f2d2a14063b8b80e5fe880450002739b9de1d6b86840f455596c92c4ed28856bc3414787fdad0707ac39a6d175b3b685360549fe931db872a410f39046d774bf723897ec44f04fb32abe37a7ead165dfece4445be5d842d66d20c24576ddba201e98e167443b35a1f79316216648efebf5b1da37788f9c53b4fd8f640e9c3c76760939909a222cfe727b70c1a5f1bfe4edfa0e9efc4b55fd58b18faea4f9acd77e91a1bca77fb91e2b5afed718c354b532e8ffb85f089cb4fd6823edf25b3c1dbed8ce798de9ac2d7503875da4cac03c2005cbed5dbfcb6b6e403c156b1baa19af9d0481fbc157a8a8ab6effd8b696be25f501e447d34e71219bd872993ab4c9f6f9ee20ba3230efec6ed25095482ee036a44203bff2a5195b9ae390d7a9cd6ac4c90d7c09e22bdecbb1493008f001ec8031d7fa38e9881f6f9b26905f844d1668d20fb0cfb6f481ec2afc5ef80c45e12643705e26fe62a12cec75dfa200fe624b40048868abc144735396d426dbb4ec9164a45c668a6ad8fd3a09c38e558345dd129ef4e82ae8b625bfc11ea85ec7f11bd6b11a1cbcab54b8c78979f534fef6b6b2677a3cd7555aadc9bb54431bb228075189cd703fafdc7710dc7a5b84efd4c5081e42ed8a5da67ce62b45017809ed31e9a3a6340606492da262e444c9d364ca912973a8df3510f4e2cc80217222afec18e7169a708539fbb3918621b958f39c2b631eb548fd6ae04f787a158f0fdc92352d1ac51def4b9a0eac54fdc0b3067024375536a9f6ba7d72551779254db818b6e2fff55e5d1fd212c173055c084be1d6a8272f0327c22d41241b1939a30dea7a8d2fb2efd8adcc49334baa987148b3c793d406df0cc299bd2175e2159c8c5412086cd96d012ab1161883fcac37783de8fca2096d820702941b8f8744dac95b17112212909d9cd7195007f62d0e3a39a3b2f60a5c6fd602f06f645b5b14dbeafb0e4d527fadb28b700f22220d4bd0c0f8c8cdf8a5e1a77f8d4232c34b70e5969f3f96c279de1293fc5a29e14dee8ff67b8a3dc8610488c49e6418d5f4aeb15ec92015bf0edc8dc284917179de49a1318dd59e86539eb094fa9aaa59867e9bdc8be3c22751fdead3142d7ad5419cbeb560beab04614b545f216c512fbe0ce30c4c119505020554fab997b023234efd452d38deb15d0705bb31029a29ac0a3e40f3caeffa6d74595e05b3cd55cdf39a07d8ab3761e3dfc50c9ea9d883c988b7ed05cb43d6bbf8685d7d4e091faf706155519e025ef54bccdbfa562173fe88c7ba05e3258b817cf1a229346b03c45b339b5ad7d0e9072289c7c37848143c0e348daa01d9f47d0d9cb288d0016559cd502bef8376f913c421161244260dd6f9dd4575452f48638eded17950d08856914df8259427b1bb3003c2551b0288a93f0a56a78596fa73c5bd504e18695dd4fb5573c6436ced14598a578dd8d49d3bf650f2cb5b55de363005d16164f63f395b3393fadec15c84f87ad0fe592ee2ef3edea85916f2a11aba6906b205a11b0322d77425bfca743a130a47c749c93255c32b063c33c35f4686f2c94cc73453729fa659b4128038e7d86498d67fc94c55aa95df24f36055513f69c3b8f3979936dff8ec245b01fddd6675daa294c72e6d57891848519360bc051ddf9d6d6b8d8c4a7aae623d0238b343aa32d6444d94a6d235be288a8ac0c1b4fec30b0f12e08584c1fc118e18b9013f9759e40eb22701d61172245c5ce3fa3e75372ea630d2355f27b642174e9cda7a8162fcf8d815631fec650947a6c84f48072d126d012f86e368be19ad9ff36a49d8bdbfb263c462a0d650721395ec8ad6d4fa66b00ae1d91cc749bb89540bbfddaf9313a43831b01ee1c2d381914b2a978c673b284a6cd16f254a2296ef63a5937f076adaeba5b9b481a0a44b7ed950c7e58ed938c3977bf704b8ebdaca26ee071bed53f710bad21e7c223d7639d236d2bb78b641551ad9145ff68dcff7d1a0b58e9b200a13559629ec34fdc95003f322513f7262b7ea6d5aacb6511712f067c1c05ee237871797ba8b6e6942277fad0ca1aff6939a1b9830da1e596fec6e9086b18d7cd382ec693d71c7c76564c4a1699d14a7ed2e61a7633b631036ab522fc71a7f9d501a3f5b0d093d9967a2c009dc1cba9757fcac7096ab373cea20adead91fdaa56a714d3dbb7102bfe3921cf0f70c518dc117bd81b2ccc5d3f90ca9b0abecf74e8cbdd1ebb6523c9edad1b78a9ebf18e3e43c8ed30e170756fb435c7b2e69e1823da0e3abdbb5dccfc991632962e3bd2fc428b0a11f3847e411288322db1f6367bdc5ff9ddce9d00431a8f056f3d88d525a364a0605a266f10ec2cecaa1a3a9d1e5343459a7bcb90d8071028c09bc4090d11516787dae11f4c83d9a26fd6a28793b950dbd9860e8ea247669776a8b1d26169b09b73e144f80e98b0f5811a5882fcfdfefc62e000f01b9c53d9e0a4a7a81146cc9cc62199622c963322b27444fa96f0b9bc9308b73c4a39767674da6b7dcf8dd9679d5ab6b6aab905613b40ef2fee4fca37ea654d3c1c7baf252d99c1ae9c85b06c20fb78290d8ac934c8850e0604fe829939334f11230dd06e825e31b9d7f6ef321136c9443dd67bc220c01ac11cc099f9ebf63105efdb39294825b8c5e936d27d70489df7a5fbcfbbcf220a36f83889b61877faa5b7a0db36a07d57623629faf0c5526a569583d68ddf686fc218a8be668e7c875f89249fd665718eec21c5205a37ee1ef5fece426a5fb11271b8c76dedb0a1e425d63919e520c8c43513cc31104c2415cb3a44b64609357df0436c16d18236041c5cabbc1e2039a5bd974eab8f416149ddef99b65f31c957a74946a02e3a8a7176f82dd56648c56b6a2615968e675e6dc9ad7940f29279c98ef64007551054404bd921b4d62c5540596990084e458c4ae33ae265b79146718ee7ca4c43433c77ef7f59d5e0ce9acf8cd9ea18f8ccf064527cd82fcddf295706bb7aec9f02a51060be6ad71884ec698f41e787a3649f6a00a8fabae6ba46cf0f6dfd0aae3481749b31c6cadf2b953be6487411a5e3e4d43936823be6f570f1402d1348b556e81b5703b0fb7f78d1f7ae05e095ee47fef2f713bfec52bd048ab1c630ffde1695bb1a8e1401d8999b830fb444d27fe0341f26385f6c479617fe3f1273c50edfe92458e6ca4a2584920ba294a80d762ca9a61408889866395ad7c310db93460b0df222e4ffc177faf6d364b99bae27081ba9befad1cf453dea4cfe2377f1701575ec0f101411b69a434b2af8a7db7a36544c4fe48a1636f084d73c56688c6a2f457c66808ebc455b39ee82d5b3671365dd9fa485b37c87541294667c92a7ab00842caf8cf34fa3a74aa7269495e289f9b95cbb1ac4cb1259741c58de0b1e7208b1db867c5720e8807cf46b951d6a2aa9adab8226fbfb9364399c3fe5ca0e4ad832f6f84707f0bd442629c9361c4659ec202d582e7f731c3f9392146e9eda81e57903e2d34ce8357775c973e899ae6f27b38c61165ecfd1faa3d17c473dfaeaf6dbdad6c613950cc4ee7934690d638b60493fb9dcbd58298ef355234b520e9bf3b4082f39a85efdd8c747f9883136cb352903f0f1266a21280c678b2c27895ec9ed4180f813b6ef0d012060cb54873e942a412754c75a1bec18348f970f795db03b70a8faa0a8376f96416f8a02f7cdcc79236bff36eded0fb3e038c875e2a19dd75497d15b19c44dbf7cba7c13200e096e4dda29cce5e11d70d99e679beaf2de390435dccf9af76799cd85e8e75964fe52951569e10eb22ef10adb35e161ae67219d2a"}, {0x110, 0x116, 0x3, "c3db3b3d8472d076d4d0e79c2de54422bb49fefd81ecc20697f709a922d3fbf6423e205079abdd8e32a37b46853671f248e2f19b4fbe28e03dfb66358a19f159e3ddcecb15115801f98a7db62ea648b1c2ba737ba1436ad83dd1fa86a25a04e141559ae6ab1cef25fb1b0262790e29880f4c60f0449105f2ff03bcac1c1ccffea66992e81479df645a4d060c4033d390636628b88328f19eeddfaef7bac838a486a606565079319306e192465a524b1d4803dbbe9b076bc1ade8e4e2179ad4779debbd47954e68a0a156af99bea0326d833583f67e5def3b838025699bd245421621462a88e8bff3058b7c3fd624ed745288aa7ab915a425276aeb1d73"}, {0xf0, 0x10c, 0x5, "58832fdcc2994207d1a9c45f68ec11651f197b1a8fc3c27a26acb4025ab89cb18e18f16c250201de1a684aeffcd7f602fd76b2206fb11b53db1cf2909c1d75b92374a13402756fe4ffa3bb10c4c35c1849bf3eb0a67f65c28f0baedba1d4cfc2ddf57d648c9b11f9de6327cf9ec87f68d85b7291cbd561a8d8f837ffed515aefd5c3faa68d29635acae89d456dbfda8d74711f3b7f41a940371bc3af67715fe54ac77bd2031b061b4640795a0f8689218f91dfa8d93fe38381e97d2ddeaf8d2ed5e2d6f54b6e43c15dd566d9fec78d621f90af57d0fa89f5b9ac1760c51d"}, {0x70, 0x11, 0xffffffff, "b7d38388672a7421bdaf6026e5421e02cde6b84c9213371dcb563c55713e929de09d977ef71cd0ef587d155628dfb332ac4315dd4b0136ecf42d2a5e65188aee0790956b4c86808b39abebe9387f679d851241d711afa5a42a4ae7fd"}, {0x88, 0xff, 0xfffff17f, "9f6da7dbdef8953794d2ec19a7dade8cc4877ed80aab5c8e97d65ad5fe27876096073c1d83784849a50d9b7bd6b917024653f0bae9d34eab793b2dd02a3030a71abd3da7b7685a7e17dc87feeed66a268a5b02f18f3f51abdc38231bc202755d20e85d9cda60062b75af1dab934121e8696b93cd496d7170"}, {0xd8, 0x10f, 0x81, "684fed77a6f2bd6d96bb9803cd195820d4d0e3ed0f7012290567532230d76765a71eac3005168f49bcbb7b0ffa7e6ee91edc9dd5517af97af71935662ab3f35dfbda332f06371f4ecc6aadf9af83d95d63a9b00a325161cb26a087c6736d74865fb477f04f8870d702c0615d995f3bc129e1569bb666ff7b9bc2170ad984f27b1789d950a551f4c4c9636f3c7f70176b3b47e5a69cb4ec6833369da007ea3433da6563f83f25ee4c412329883eb170860d7f4f3f4ca3834e9b456b32562270e24b86f0c3659daf"}], 0x14b8}}, {{&(0x7f0000002dc0)=@llc={0x1a, 0x33a, 0x1f, 0x3b, 0x20, 0x0, @local}, 0x80, &(0x7f00000031c0)=[{&(0x7f0000002e40)="57fe4b856b782885944d0a903c5e1783904163cacc37bfcc608a43287f2cac75c2072a050dd50ec7041a63dca916fd414304351cd03b4242d359388dfb08835a3e7717e1c0b7a4355294a76ef296fa5e937b68ec16fc8b2a04275cd0704388792788895936f9a1c09126c7cea59c6436ee682ff1be29c7822f7ca8d1648098baa7320e3ce217", 0x86}, {&(0x7f0000002f00)="b7b3e5f8c06fc2847ea259c3f6c70fe7487a36986619545f4bc38419f72770cf9d6ec4b422e18592a750ca9de88afa84e8b523552863c8ff6c03be21e2f5f8638bac6fd77ace14727730d724929190165d5328f2c690532f0badf4f6784eea34fa8b51a4ffa5440d33f63ff14db3c18a837a43a08d211a5767", 0x79}, {&(0x7f0000002f80)="29bfaaf7c88e2bc706af348e931bcffdb4c2ce9330c9e04953615ed781fc4d9d1be339078d5b6e58afd4c732ffafe26e685325a48b1951b2133c879c46f6c55c21e71e7af774fb907066a3429b14f141c6e21ae56f403ab0137f64c9", 0x5c}, {&(0x7f0000003000)="5a876d40aa32fffb5481abc5bb8f50f1a8237047b24e935e8a3d9f3150478903c2a116d7f341a5ad39b7a2c9910e98b55a8f478d11090070a074d06a41f268c13661cc1989e1c37250cecd440752a8be5f4c272ea8eeeb3b2e611b90086c05b4744ef2bc4ce6b3dcc3dceed73573f3637399d24581d463af3039d86774ad3859b97a2d48f716d9eeeb0ad06ad82186c47dcfc9f33c28bf54b5133c24b5249e3186d6f4507576ecae793e2e28048b9accd6", 0xb1}, {&(0x7f00000030c0)="d0e614cf4ff08feee5fe1a284f4cf30e71177f6526b586b780476347d38edf48d6b75c609bfe4f60e293f8685e9b1fea864051c8e708e325a003f7c3f66f4255d7a897f44a2df7bea28d207f6a694c7768efff7d99c7970fa62df115e91953cdcaee5b7e2800f76dcde6955dc6b6eb7562162b3c75877fe3368564593f04e3ea302bcfa1b5bc11e141a8f0586dffc59a22b978f2069bd263e5a9df7ebdc18cd040e6b133b5d847f4cc90acdeb8000db95470bd91d792970af9385ec3dd3bd12238f4b7175c5c96950943afd57afc944cfc35ba5c6fa0fb5ce61707fb50818a1491714c7255045e30b59ba69fbca53f9891aaed73779699cecb06ee3c1911d1", 0xff}], 0x5, &(0x7f0000003240)=[{0x98, 0x100, 0xc754, "8b7c55ec4a1e05016515d63ebbe1dd0a6cc540712cb708b5c22e3b59c0217913436209015f40435c94d8d3e9b6115ca96e0084f15608223b8d927453ecb61a391d66d35ffafa618551bd5c1d342c38dfa832d049d1fa256e91a37a8f31cc535b5b255cb42efdc8296d7dc804c51adc90017b67de50b20f1c292c4bc07b26235ee2a5275f12"}], 0x98}}, {{&(0x7f0000003300)=@llc={0x1a, 0x22f, 0x5, 0x20, 0x5, 0x5, @local}, 0x80, &(0x7f0000003640)=[{&(0x7f0000003380)="022947c008e7ce47cf77c4e751823c2064f412c464dea1f1cfff2628a4a2f90a65c289a655fda55bd0400a3c4f4ed83d5c1d9b14f554e49c40224966825e5905ece3d3e8877ce51bd59227a23bd1ba638a0ccd1d5f", 0x55}, {&(0x7f0000003400)="1ec4b43ba1886bbd5581113a59ee2b862522867aaf9e6f90b9e929d42046b32b7cfd21e1d648f2b9298a15b53c03b6be159b65f88133095ac0aa61d2205aaefe2f853127c7275e4b140db6ea1f3236235089e847846ce6ab6a273baaf627", 0x5e}, {&(0x7f0000003480)="57b1a6b5f5eb4e1d10142a13b786f7b27e5daabd65e6269fe40563d052434ee734d7af1f20f04230bd7cfb067999718d09d901e19dd4059b6bc782990ae08df09d96a7c97c4444535af8cc255ebf0a06accf6ce81a7a490cee9ea9d6332444cf4f5bfa6db6dc7b2548df43f0347f57aee0e067d195fb67092a5cac5fcdf0acf7a3a3efe62ecd96ffe8eddbfaa7889a74871715f72f3d1105f99d2758440ebdae6c9d20da9994979e5b2f0611170465bab45abe7f515ee6b9eace0e70144a9b26207f6d91b699c01243fdba466cb80830db2dd77c7ce8ae5e6922a66029772e55ae6a31ff706f236b91239afdba9b85db35b3c72f11e30d17cd924167751f81", 0xff}, {&(0x7f0000003580)="4e5c5baba28d4732a86f3699c4ae080c74d5f14fab709723588c1cb9e638f5daf283904f9c38fb8e736455439a570a6f64429474dcf84af79961dad9936bef8f2bbf3ebb0831d34a70b46a53b188160c274a430b7610a6b553f28112ed07cfd63ce9b11e3f64e87e9f253e1274f6de6b8427b97657a248a7c1e9179491720d345dbc6cc61ab723d4660f53", 0x8b}], 0x4, &(0x7f0000003680)=[{0x30, 0x0, 0x7, "f01cdcad3dfb12899c327984403b4db9a50f278cdd357354eea316b9f98bb1"}, {0x78, 0x105, 0xfffffffb, "795cc3a84390240b156f1adb305dcebc69f3f6ddad57f30f2b09f82a7942b035d682d4923251a92346454cc07c50a502b9d3fa2f38ae83860518ba49907155509bcf398f2808ec2f92fc44a3c8cf3aecccec648bb61c52ee226215c1cfe9e3bcc7"}, {0xe0, 0x111, 0x9, "819dee5c258dea0f479acdaece135373208931378ca1df88eaaf3517cc98fe291d54361398a6ea26306d7d41974d6153093abdc11c3592298625d0c80b7979c56b657993a2d0d7bd24694c4ff1698cf9a8ce8e8ba517fba6151e43ae3a8289219a4c0f16fb917162857fa56e70f0e1e694c89e08ab6386bb2dbace454fdbe6b4e9cb7f72b6acc2902ed9f78fd9336b5c2c906ec2a57f92df416af510c7630ab6b44548ae945ce065ee05eff0f1fcc266bd7f2043fc8900f2dfcb89529b97c57e7f428f39df72e887cd3059aaee31"}, {0xd0, 0x10d, 0x4d2e99bd, "9a8a6bd36ea44ff1a7ae8188235e3778007a2d2265233561f0868dfea8897163bfa62b92f1eea76560a57609e1582cac89d371307decceedcc94b055a06b34cb696a982fa9d351614970aff6567cf09c8cec19407ea8a2936f4349776e6215ed7830110f5b15ae92b36be002c0aa7e5ce5c45fb1ba4657fd23f16c0fb9b2ddb0a53503e4031832d01f1af4f4f00db8a5891416f4102a78cf54b69aa235d0ef5ad8c4a26afca0f0e94cb6d99761e30dc1c662c9ed83c0086823d5ec2679ad791c"}, {0x38, 0x10c, 0x250, "e82bde285cf57dc4e9a3041a5b769788c36cff43e7f2f45efdae3f85645cc2f4ffbba62e49d4c0"}, {0x98, 0x10a, 0x1, "d569d17b0f39660e4c4042f88fdd2376f22373a35ed0b44ba4b06b037229cbb482438e6f940953c3f1f1cbe47c6aac007d808ec89e550c339fdc3be279093b33024ff2ce2031adce92d1a79f8fe08e4feebbd18224e2bf1b29a1fc18a93e1f5e69202f8830bd084ee38f5f5ba7d42e8ab5030fda46d3df45f86b595ee316870d0ada9fc093e1"}], 0x328}}, {{&(0x7f0000004f00)=@qipcrtr={0x2a, 0x3, 0x8000}, 0x80, &(0x7f0000007100)=[{&(0x7f00000039c0)="6e3550bf72ffa3dea32624853d873d3449463d10763fddca0fb31286a73918aba4b962", 0x23}, {&(0x7f0000004f80)="e060bc31ac193a40283453fd53aa39fb921090c5fd6b855ae55030c923bbad77c2ed546b976661b17d90c9d4ff9e968bbdfc172d31ddf025ce87bdfd0659a30b1f8a7cc2440b8115fdbe8c107c956f76f3e1fccc16af9c3dd73bcad4d1f1c0d5d7d1471987ba877d591216fdfa390c4b68602ebba4743f50d652887307ee7bcbd75c353652181853471e989b6d7e4f246a463995ddf080f6c2da8f4af9d167f811e53fcd1088453c5592860e0cd04f7da1cd9d56d7699a5dab96e03eafd315ec5a505e9fee74aa3a6d37c286aa5910d067c56eb3b994ae10f010cd1e966f", 0xde}, {&(0x7f0000005080)="a21fde52ca155b2752f7bf96992f21f6f95a93c2b07156c7bcdcecd9ac53bfb64b2d25a08ab6b94973c0524b1578ffe0a00a3b8e91dd99f2e37baafa779ca50a4cc36d75a2a0893fe969629a43d5a16bb3fa0d10207a77a68eba42a35455302ef3cc06880aa1928fca28aee652107da2816e8a830b6e4a03807e94799f6a5b9d6d8f76e9e39b449f12d3df6a4d0d980bffba73f7af167dfa1efbb902149483e3f0239abbe85c3245354f36b38c53d88dcb5bf1dc8161ec14d828765d20e202473fcd0effae6c8f2f29e8dc8b3bc9f7d5355b32f1832ba40c0ade2bbf77d3c2a66d811f9a65d92f66fe5ad1307bb892570650db207c3d49907a6b6163e63b89d9a3f97003ac62ce429ede5fef3e0fa01cf2f10e99234c393de66d206192b1d85f1557c3b3f139a213d00bbf7b3908fb94e4d6e229b065fd8c28b9b9bda5735c1568ad14162e51717a418c1e2785859e5ab4d32418389a49adad1eb9220c4278800fd91e934da7b8acefd5f8521a9332fa3ea6df8c3044ba3d34848aba0431f0dd5fb31aa3bd4b967f567ed23fb29bfd6c2d328ce16e3d8194cfdbf79b18c5cf855f6a51da5860940dc4f2fa5898a0527ffa1e5577ab0d2ab90232559056987362098da0fd5e975faba0e8a40bcc96d6e4430ce3be9bec43cbf9febace4b11a1c81d4fe3ed790185b62307d864cbc33c23d5282693d9b5af81ef7161c0ab468fee8c3da3f438d084672915d8dfb30aa5d01239d66184a225a8d2e8d830573620855bc00297df60a2ccc4f57af1b00f53a6fd6c2e2d4e4ee539f40ebb939026624bf284c457d3ebd3344fae6413cd76db22841c67a8c43e42814760238d38c0ea40799226ee2d94c29ca46db552512d3871daa39bcf04a46f7489dcaea4a6d94a7d2863476943ea8d2efe86d0a033031291e79b41ab81573d79fa01784adc58a6492f9aa72f81f87d6afd32763a70ba31827f6d7a7155d00622c706964faec8ce454c00a760193d9df5e1b019a8a0d33bf4d09311ab6ba99adf2a3561447628344373b9f5c759e08b559fd96907dbe41ca08290469203f6fca4b2dc09edf94ea72d4770e40eef0bfae4d12524ee1383d45a4a7e19255625e45d909f73f9c2b552e59e213885cd14d24e91af7414fa4e0b56e18eb186c3836dacaaefb4f1c573b6c0281c0694067db5e393c53e364b227d699ccea441941c7c4da0b0114a4e574f7e1bf51f130b9281e060a74f619cd8dddc32882c4a3a66d2a909c5ce47042a8d4ec99e578d09a7b83f7f4958e8ada26e2f540a8cf8cf4076b5e7b84475148f197a3efcb16ffdf2d17f051828fecf7ab25a1d53b2e0c9cba52a89b754827ce93a405b9e00c8190d7cf6f7bf59b0e2e1c30cec2b8dd8a4d37bd1796c6b1dda90b09aa7ea37cff70128f15dfd7413df73946175ff9b6305da755a31967481ccab697c0bd46b9ff39803c196ac35a18d4bcea24c9ce8901b1ac5fd1727b57b8786e5dee8ea7b78bcb5d0854534ab4090989995f181e0d37111dfcc4d4b7dbf259b1729a5c47b2b87483a90b4835480b501968ce84eb0df49b6ffa455f586e97cda110aa640c2dc111984a5637890c455f42762b7f156a3b6313b54c938d7a797bd5e399c341f0baadc33969e83b67f5757d08abaf8cca5dceee0ac4d3adce80e0fee60b318615fe3a275c6634bcb12ebf0b19d96a6a575ae407419df28a661beb9ba2ced4341e0758b674a983e09a5afb55a14e3f76d056d888205d2a664008a2d5feb703495d1c232027958490d9f21ec219835e996b826347a22f2d647506b85bdc3fb1d2e1c5c8245728da7d0e53bfe2ee9e98645c070fabbcbc82dfce46a5c901aa3f4fd02ceb90fa6ad30d0554ec27bb671f996e6215795fbbaa6782169c4db0d4fe64939b3fc677fa6b65259a4413c9ab9ec577f2184edec6dbd714dcf5d2fddfccd5ca0eb439bd1ca7ae3996c51355b88c0661801f6761445d672527aa7d9c584f07624b88980cc033d4cd2f5a31440c74ebae28f1789de8653757bf20d17f8a7c18cd22291d174728c70280b8b798a2e5859f67c60ef1576759619693b6ecd92b6bab0083020d5c02f8a42399c96edb4198d7c474734710f66860dcf3d0324b33a8577ad26c7014e2b8e11a2f85cb3f5fc2c641238e7e9319cbf222e3a676094e65894abf7b4803b1ad417ca1edfda16aefef8e801adcf2ae12a4cce753e8988ea4f5eceecf1b28b21dedec52d697c4530cca2d6498a8913194eaae6ff5d23a1a9c88de74948f3f82eba5794fd25500dea4a4e14285798151a371f040dbe476e258b4b1725468499a35fff989dff7b7ae45d78bab040b2f97ff56a20522f1d46043823ced27cbc49f01702ea143dcb4764c4e8359755cd1781fd726d0dccb905427a422bc9a83d62dad32b7d8999004757a1d58822362769f875ed031d961fcbf0346b100105528e073aeb0e919e26bee95a70e24384ea0d98d6220098d53321d32537597aded3f4c5e6dd65a0c8be1d7fe061658dd2153b2b139c2190590fcb575c100687fe4b34fcafab12e0d8fe06395c07d41f1194a9e17b93d0854acd1d588f7384504b450d3387d902298a2281f5f0bce750f2c459ef22680b2419d9b1db018ed4d8c2e2d320b86f970797920c3861efc2626c3aca3f7f26dc52c1216d3c07a6d15a9be440e500721d32f7a8ceb4e6fb45d2f10eb19587ca5b29b7a27078e62b31ca57eee2c9d5442d9c09a117ddea597a63ce3663c11280c6c5218db1919e77e49c17fb836adaa1b4aaa886a65cc29cc718b515fbd327a388ac6796cda3f88c1923f300a14d92e23e38791edf3109366187164a290059b493e7562217350e12fa620f87275a6accc514d89c82dcb6b54fe25964276a41d9eb7c996f7fa95203f3370244a1ac531f289a1b8768254ed970f69d75c1ca1618e680ae6bb5c0ea6437f4f4d2c33324b52f6772fee7abd4d6bab9c15bac94415617054e3e5d076d9de2af5141efe801c46168d70fd6dd3f14c7bcc1f37f9242e7aaff672c7965cc0de776e2a7559e564944bc2cd8d06b34f0a77e29c6c56a32cee85cbc7f921d13b4e836857c3090734cf7c4a5fdd23c1abd74bc546b083174bb438abfaa4ae06bd2a3c356c7651d19a77eec162e78fbdfb3a03b352c16bb8adfaf72f217ac31a8d9c10d9c4eb85bd2bf408728e27b2b1cb23d5ad6ec7f97b8b2356d56bf221854d709dd435f3b400344c9d1b39e87db1d43aa4f30270825ccd8da92cedddffc1fe17ef820bb3efb95be62857de0c7217fdb25295e6c3d1799563dbebae7789c905fdb76482c7cfbb624aa84a76c550f31cda7bcdf026a9a55244e049a94d20de22e51998db6209271a6f7dfc36bbe3d69d22bb5c48d6c03852355ba78a36733ee469bc608f5f02f3d55c883fd6e66d66da02cf80a8c89d13227cf8e894a305fdfb940f3c437f94d4434f8727e3e7582dafa05dafbdf6c52f87f70119e56d9d4caef95379f278cc0a10cc3db1ccce2accf2d340ffd2006e443f5f93f0e846a80a2b10d3c207512172ea812a61ac0cc922deeacb31b4ee340252ee8f829985a62574e7d9449b9b655dbe54e3e0f6e9d0d71cf3bd814a7204dc1ca0aea5f642f265302e0c14bb391e3c781838219743aa198e6fa340d1c8e669e1d6bca1c4b84bfae99ff192a00b9cffad88fb6dd9a1982d3f2e6f1c1722dd6b04a0c01a7bea263212b2fb743075dd5661b3927a11d7088c23211aafdb420626c5d23904e431510405c0a2dfa663ac022adbe7142e0c8b50c5e3c393bcac0064824d676eeb22e513aa49521cacebfae87628f418c71f505369a73024e71cb3ba45b3a46b1db45e21fbdaa571beac76d175ae74820743418e892ac562b1fb9cea84b0b2a079632afb9b7a417b753bf5d2e87b22517def09f714a2f3702e6e044e51604cf26acdedf471625322f4bde578c1df28ef6fcd5751fcc0ad1ff51ea2a111f6f0ee9594e08df1592929f7ac43af43fb72019d7600fd9f33e16ee626f1bc276f37599c5a6e37b5af39682c6786125dfa493ac9776a172ebf4d506aa9872813046e57600b26d5addd02a50fcb2301a791bbf9f2e99bfa7cc7b5fde4c2c2aae40ae070481198f69402a32653cafb620cfe3a071166595eb65866999377ed416606c7858ba7d5814e7d58566b8c6762af2a87de343c25f1ee2617424356815d3d5672ad55e7ed733873300b96f033de29b3bfeb16f18afb54a726ee588ed4c916c155feb87a7225f8458b44c1b4ef72470cf08996e6d9f50e5afafa34125f285fe163c6f483dcf59b23df46efc332479de89820d9b2fb8da4cf120119b9ed7d7fd2e90e5cfd1a064b403aaf88b128b36d4fb8cdbcc051e35142490b3a65f082fee7fc5a5845803c0e7305e8b00799dc3d41d0e366557d3d1280d0fe466069e8f0ed7ce2c07f9cdefef803d8ebcff7357d06f5554130d243d95b5e4d2714974fb25647b24cf54ecc2878ec6137030f4ab31c3c77b3f23b1766374384ef4a24dd38b99ffecf5d5132eeb7fb06a530679aca6164912713d504bfbd996f7938f76c136f34f3c85a6e38b4d99a47c810bce310cfc094746e6400a443230b4d9d1709a052c8a42c77f590cbf786dd51f4810fa4fde573fb33cb4819cbe947e0c21961bfae6bdbbc7bfa744e5077a7e63efac54143fa3ad644e7369ccb48c653a37d780b4243a5e537d4f7684a40c0ad809b531be454f051ae8b932100b2ec9b25abad742ff03230d7bbed5da2cdce372038e90e21397a39523c94df01e33446c455fb4c8a343bb14459fe9f65a3d5bc3be93bb829dceca017c189afac0808e79e71093c7df58aea21bed39cf27545f96ab3eb4b2467d5284de2ee0009d7c29838bf26a9fa75d8d21229e0c69faf7ffc756c82d781f4696629647ff22c0855b02c588a9f38c8c49c4df972e1b262992aac4aaf0dcf5937ed6454eb006ad78f1a8abb90fdf13018a60d650803576986d6490f23f7da69da0a75c6bbf922912a453f35f7066c83612bc0c519c5621244d44834b88c477c9017d27dd89a55a2bb0e678c381bc3f15012c3c81fb9dcc6dfb69771972bbb2d6aa7702339ae9f38995f7259a22461e30d6ac3d473e8bc5574918a97e2ba64a987190adcba4858ad01e0865898ca71e83e0e0647c7b8be48d2f7790be3d3e4bb1deeacd20ecda166bd8f99a9590ea13839e9ba1e0cd9da4b90ca0041de58e53ba25b4c151025e5fdafabe9fdb2c3477eb01ab879f15115e297ca2204fc788addec3e5f5f3c61979df5e0665e6d605474c4e90308636805f4e415a761c581848e0a057e91c2ce3fff89bdc1ebfcf54581962d3c307d53ecdc1e8219c56ebd2a68e41ad124cb4f56ec58d0fb2637dd97d929375bb8a573e439365abcca00587b0daa84f0d574d75ec19b7dcbb44827c14b44fa861b22b234ad7acbbb5a9cf7ec5865ce86c47c62ece8147cdd9111f9f45f49d2ad00ef31256c8a9dd0820ea009e5ee41361bee3fd1f43646baec579116406603038f2b1ac0008330db5ba9ecb4acce82e54ce492f174ac7674f11726278a9055c3a43a490e72044e2afcb53d639199d8655d4f1d8cc6e6b675bdc60e49177c7a073962b2e3a434dfe4c30bd40cb1a802574d58f3444a295c102d5176bcb68f30884dfea2156d5a21c99216874d3114dcaa8ca80f700eec8286b09e43871f783bb4422ec53375e8f471bd37215d2ab9e4101a40773baf644731407f5922f33b0644b1eb6aeed6d8ce3d7dfdc9d1f14f52abdbaad17c39e952a3376939113fa9f87", 0x1000}, {&(0x7f0000006080)="749f7fc37c86ab21770f938b94f612b9d99b3c7f5874c489e3804fe73239ed7c3cc73be6d7bf198fc63ce69cf9968fa11c25fb1c9c3c7887b237b01af165fd1405216d88e7b63789f0db6684880ec2980cd7b0eeacd13676dde14bf824af506b169d13b33f81c1cc253822210790d42d981a7c186a7dd212720710c5dace945fb62f158615e68683aa7d0208756c171cb5ff584cb287d8d7dcc3abfbe4a2ef6074c2741a26804013621daa53c02970ba008d2fcf3cb12a0c7cf771adefab766825b00d8fcd46509838f296ab440c47804c2e321d2f224707e900d35626e017b5669d369965c3dc8fa371f318a55812372f8e4b73f2c9aee423e96ea426b0f43b0d6605f90c478c8fdc72b35289a4131f726c3a5be23b5600799172664e9bcc50869a835e1caf60973072c1fcf97eede3eb02544a983b3df20d59d05c5784edcde5b08aa6e93d41ff378ddf002849b272011ed949442c38b39ea52a0ee53b39e5e2e3846ba356a0b53c633d34646c757f3998e5e08d50a161121ad64cf11683e78360c35a208a67d2b0d0eb232699b1917ffa938135db5f98e8b1de3340671ec41cbd3366016c25a421a8abd950b2eb1f77be8adc6937f2a28c0c22078d04ce01a121d2117e080500469595f802c49c4e34931c74eba9a63529afba371fdb3876bb8f7b30695fe088d30480f9cafb704cfa0933f89b3adb475b0b64fb9d8442348e0430680d133223b83537384df131ec3bfc2e2e64152bc401d3f56f97ab916756d1fc8176b6ae6bd22430b368f2a3400b7cdff77324a4f2c76322254818349cd0588e38217818db12214ffa19123204918446b5da5fd1d313322d67e764bc271180e255d0ef4db0c33130bf04f7f412811f63dde068df83358b4a6f6d52e9b247747ebda0a6e0689df9b6d0e281b7a00c7e7d609699111a0a61ebdd8923aeb7b3ec837b376c6550734e35664102002a9bccacdf3838e302856da0d089a11e01bd8b72c95e2b0418dbae2d2a976131661b1e393c8e501b7707565b70c69723537e4a1a325a712d51b32cb72fa337f7ee7514dc2db74237bd4c7e00659bba5ce40e6f235a78dc4d3d65065e24240e3e42c1bdd36d19371faf1b2ae227e4c35a569c488bfb74b5ad64b7977f397cde2cdd9589ef2ba4bebd976ca67b57937fa809dd411644bb4fb44764ba7cc77d5b50642a1ccc8002d05d3bc480c576ab0e4d3f6b967d52fd66efad46c785b60cfa832f934cdbc59126f0c74235977e5bd1487aad057e7f8c40000ff6f68844ee5b35d4b49cbe17f8de98edc16d550e54d04e9d509725669dd89849a7ea6113263c96afd68c35c7a7702003f59e5c1ba17be8e30e20375036d8ed1f66c3a1053cfe21579aa26bff1aff8c1732b1fb1e401b49b5c7de785ac7f623cb47f37a82097828a24d12cb4f0db9091503915ff797c2fb14aba87bde9adde65865f758511887dad3a3984c8d926b7ed94a870eec29f20fe06493cf52751f376545b022e5eb80118eeab9bc76a51bebd71371cf9e15b454e76d10b9588b8546909ced9f455204cba213113ab27f96970f53c8b61a4cc08fde695b84da9435f31571fcb91267dcfa893c99c4e267292bf0813b361c629d61da0190ce527b3f91c2ec72e8ff71fe1153f78cfdf1a43132c873181cd15c22f7052c43d4e08f10b9aa0f11686f2187d4df21964cffc56fabac7cd5514877e363a72fb9e206b7f521e334255d6113958e690271fd17b8155c23abb0320f5725b168cc185f0ca5fa672a10e881de9ff8bb5533443f0ff3d8102e2c33d003a6b72fdb8fd08d03bc72097d6338f7a1fa97ec97e05888b3167ee06cc606c8e1f33689985e1561aab897835a8877b1a64d5b592bff9dd05da390973fbca021e87c0fd390d905eb17e8d26d9e03cba173d50ca2c9fc4a3e719ac242930f9c523b00afe9d912366bb28eccd4fc16b2eddb288b03509c3cc89e11b4e50e3f54249dd6c13397d2c7953998158de3870175b3fa8e7bf763f0bc731039d7fe6867c97c7f1908ee950dd0b94158789783f0e09a2cac862221f9c4d7b1ec4c7e2bd487137d6fc73f769fe84a66b51df173018b5e43fa12f7f40b7f742ca7bc6319cca4b8325b103b6f80f18957b925521933f5216a8cf965048b2f58ea3de8299766f7d6aeee950ced58aadce78b22b7188e46f7403c670668c5973474dc75ff1cc054981de27afbb718a8be8c049e462f670c05e0148e233aca157baa45aeb50c8496f1c19710200978f89753c65cdf3237232b60a5b221a2a555f8d1f1e8703063c33935d1204e727728d84f811ba88b67ed6bc2db828c725ec4fd1d0da61f84259e16ce386c67e46b8f3ebd491a2abf6139101ee7501e508f3e3a5584eca15457a08a674e76e9071d4947f857ca73eb08ad1c804abc1b00cfbf4f4fd868cc5f390a2c5abb8aef7ea6d3580da501be7ae4e7eef077f803d93b82507391a59f2daa1dedfca4d51387c25efab4be6aa8d501cb16b743af07c86c7295ba8a81986b36045143629226a8d96cbf69a3e8f73a00d5185d83ceb7a23a57704c93389e8c6ad6bedaa3e497bf4acb4e2a95c0aa257921672eab4b7d6cb53061d3e82749f76277632b917d5a3b9ad6ba76116fbf9e8d6336ea7dec43644887eb7063f48912033bc9e2908141f12fa8116bda6f4ca92704bdd1216801a6fa2a3e572fede1af5349e0a14c73e1a2d4087c94a1672f9635cbec7127636b05b4c932cf5489d7cbe04ab61ff27829233ca6260dc222ef6cf6ca76970a187233458fe30a3bead9103d44adcb6924ce526b824e1c24d57e7e4c1433b85d0c272c4744e50df2b341129e82bdb0230ecbca6e741a6501752da0a35d177c779c380344356e348cbcd30f9f7d4b2fc03244159925b3ee332104894bd031feca84b4206db01dabb62114ccc213528724c245568b84be256985ac9f18c819b9ec9bd8a33ebff7f6e6f9d976ca3254c33ee7bbfe5e3f881af93b417dec83e1f024f781e56bf3c1f85f3b0725956411257f8ada9c0f256e77921b0d1758fa7b064a97e90789641deee0da8b0cfec0219f4c1c20194fb8b642f5751c49bb5829f5306faeacb74fb2c2435673b32d268d8382486ce3fd4c1df92c34bb0eee0bab5cd2131ace79357718f53353522f30ff47b8588ae95b1ede6526e37541fea907884ef6962c1669a05bc34359a31d63e36b24c5f192bb85022f271c73a24cafa0a500425f5a09a9c99e52a2c984412dc566f261a3554c8c2ec6ffffa7dbbcbcfe95ebdb3214d5e9758b5600813e94782bed89ba035af3c5bdc2ad749cf9b3b003ca80289c80d9dbf74fca08b256bc06c4be8e00239b013973b6608fcedb42e0ea977246af2870f4fa129c92a677823ec744834ba05b522a5c65e1577607fbaec294f4372d14f4807202af30a877ee17d51feae15734d2d78eb3ae8aff052e65efcdebca89d54ab08c9f693e6d7ec01f83bb728bab488372c6c43203f5011764110b70c6adb56be8bc81eeb546bf49b7ee3bdd140549778aa0528841dc7a57ed0121afb9ff84139a750d520893c98adf4b53fc2f986a3593fe41c2f3da8e6f09d40ace8fcaa65cee5557b8fee854ec02ce921d2a669b0130b68bc1410ec04eb7c5cf7f6494e9e5309669b1d810e51f6a8767b9b92e9e9623059a61d57fcd53c73089f9b0e74a9fd8d3b076ee863b7b716127d84cf20af4f341f8c5f8a955b4d4823c5ac70367d0706eff72339e6e588d0faacab75c484d23e22e34a11bf248b33c91c8376b0d0c6fd51287f523381b4e36e757398eb898b2a5db875bd0c13f08d0c1bac38496f3cace75ac8800c93882292db5a7c8e815d2cb85dbabbb5902a210a8b2f471173c446a260039298b66288991954a62bcdbda604f9dfbcd9fb9c4be39d3c71b8eae9578802d144dda3b798d4d3ecfd34e3dcadc6b836f514e22b4d47bc3aadb50bae755419836a707b5fc8c57533b73c8f279e7818b740cd660975fa1a637f9dfd07948abbf14943ef04dff7d28094def08c395bd4d261a0e8e27f3d65d50e64407367ec9ddba799c303633544eeb42a3d0a107facde990d2ea1b16616938a6fcb3be92939b8e7cea83793b749dfe1c50f3fe366dff1a0f5b2a5722fb86fccb3131c3af382fb5dfaf6a73a0c54bcc925fd3c932838723eed7e91f18b70ff4b96794900270e439b28dc704c65fc1dd5e85cf67802e047b6343a9231a9c7464cf38dc10e5671781223e97c9e693f4524fc34198a94c7d7641243928bd7dc8c25e573c4ddc107f4572bbb68ee3a81a2afced663c48270b2c1a7c402a477917c7a51dfec96946a9f0ed116ea66f46066ff35ec380ac87458d37be6cc607fd1d00f1deb1affad637d133568e4ed33db5ab81706970ccd1ec9b8fec2cf16eae37278e618a7ed1e8c5e0f0a5edd97aef06f6ba1bd8057841bcb749e8a5054101e419919f9125f8c0f9b53d7dd5b9ae338bd0d3a82c694953d5a94fcaa24849bad931e802808a68e84610002fc5b2bedcb5b49a6255375d100eae8333779bfc9a7532163137a67aa8710d5f69484a46f10302feae5bd689c7698d8f67614a402126c5442ef63e67f262a2e9bcd0b9cde453d0ad1d5cbf3e1a0933746af1d45aafcb5f5f5b3217ab3041a1af5c726f1015b7577af709e229636b5006b2c387509e6c9fc0f0b834b2f4b00cf652ff6a58fc20e0b0bbefc94f44f1654aefb47e4f213b78862fa32da6acc16e199de7f5589c4880bcccb911fe97d10470ec1b4c87a604d1392f06e2f1f9e53a76ca65b93fac7e0a75cc2c66e95557162f1259c2553e99e14775032e47107763bfffe4325c943d57e1841879a78334068b9d15355b556b84afa421751509686ae83f18a1c571c42721f0c51647b50f601f8f56b8891c2d9bf9a298d4013bcb874ab369aaef4b85b8d5e6d33fa1479202e049855eacb029aaffb26ced692456e57812e09cbede204315382d2cab670d71fe1413f3b454e11e02dfe00bf76dcfe9e2dfde9299a67b5dbf3225659a32543079987c8b271f0970be0f870c530d9d1eddceb68ae7127bca2590583863b66f134fa0751906cc61ef188ccbd53167c614a3e2b89a1143738a3bc8c84d7a2423029252c6a473205ea6d7f91a95217edd44c0277bfef5a2d101bf9f6c4e0afc25ffb6b7f5ad3257742428749695ad934645289db8c8095cad8c400af6afb58c9eaf212bc6ec3079942e369233134fdf54675c1aece8721000ecf51915ed4601a4f7561531864ffd985388ab6e97fe0d96ff060c69d1a88f12e8b6d1a81115bdf2156ff0b9abacd3641757670ccb009afccf7fb60334923881fd522b1cb6413fcea5af1a5b2957970f084596c39515f2770da1c3c7d1d069097c8157173e1c051c531c5a7adb2c0fd9918ff6d99f0d0c40b39ac1e3c37c2a22081e19e511d3bc9b2c853e18f6ac0dd8c0f91bcfbf2bc55959cf1f5943fe5a9d0e0c744b09ef3a9a3b7e95b61349dda3d3e66edf737dbbc6d25f05c2d6ba2b77d99de1dc44f98dcee4f684aecc9d614191f177d31e42ba081c52b5224da9523724df183ee5da9ff99034dc1c07ea44d434bbe4389d5b77fab74c08211e8978fa51fbefa331ab21e4c5547766748f77e23a1bfcfc06e62c3c1bc2bcce7133ce070e1fb51258ec5624c6115fcfbe0f4171595db9ffef218d21b21454231540e92b459b70e0b44f34a1886d94ec5e89fdbd30a174a131bfa9a9b7e5c8bb219b1bbf31f90bad0a4b2453969df77c50edfd05021e1a2b1879e78c660786046926b2c7af78", 0x1000}, {&(0x7f0000007080)="e79f0e21fd1f208f73a5d421ba8a074f352aa2133f66dbd6d4cc51eef926487a263837576de2130e98e0799feeec804377bf247c1a5d2750bac43b62050bd37aa6d2ec3f6adc90e9f6c49b36e825ed305296ababb2ac0f95de182c662249af37d4b2ce57bcc8cf281a0a4250b1aaed6f4ca1b39d72ed772e4a5e", 0x7a}], 0x5}}, {{&(0x7f0000007240)=@can={0x1d, r2}, 0x80, &(0x7f00000073c0)=[{&(0x7f00000072c0)="d0765c166078a1d9874a07020c2bf2d3b76901c9a7f23082b54ac0eb329b4d64ca28d81bbdcdb2635369b57cc03c43dddb40538fd51861d8ce843093a49bfea25a7d5e6f8aeab24ab661e83364a100cc174e0b1e336e47dd68a2ab18e22359a306c924df00e5bbd4c62b41d66bfcfc57c031b13c8bc91f16842e3615e36f8dd80053b3c7f4a2274dd741488e04d0522e9a90326ee4d59684bcbc5d6d9e46d81b34b4e378a15cfaf6052b9c49931240d69438545f9356cb59deabe086e78586004d9f0d1318ccba50ce36c1ecedc331eacaa3bba3b7d92581f109dafc2e0b9d77160cce82b7194ec5fcb4dcaa", 0xec}], 0x1, &(0x7f0000007400)=[{0xc0, 0x10b, 0x10000, "6d8750da93cce868c0b7c1bcb2285a7f527e6d5c299b9c13bd58f26a19ada68dc10b297ea8f504135401ccd249c09b2560e4c3d02a80d1121deff189969bf1c42c7778894cfff9c9cb892714517b002f517769f07509ce0cd651c405ae46bc48146f7f63bc9b8882d926418efdf0c08f013ca835b872c5d86551594375d4b64dcef71e11507ad5719b67d16590f7387e6bb66cdd21c45fddb18425449bee0800f138bbb61ae9bb2b4e2d16cea132"}, {0x90, 0x11, 0x12, "a47b14221da484d6fa19c6dbfd5e072742ce2e90599280940983a521dd13b2e83a8745571d6cec8f010397c5a17888f4a5d24cca6c2f13348578808b24a4aefb57073b46402c9bce63f68f5a79bb85465037c050579e805ac7bbb624b6df2c5cedaae2a058ac16fd2a1f0838307b2ce9bf15b4c8e57a3f8f63e546781e"}, {0x1010, 0x8e, 0x1, "ee0dc74eb343a705829bf99439b1ea5a722ad740b1b8b71c55c0ec65e56d4ff39e8df94dbf554062531b269c522acc56c44347b1acc29d890cffe04be0963303bd97de8a330d0b3afbed91cd6547b3c9a9341427cc2207b40f379f23cf679b376ffafdd63c64923888cd69f4d95fbd75f43744dedfeaa419d8ea99bb65a2c73979423f63f31080d251d9f88c3ae9d14659525dc66e76f022e183f9d5a4075510885e869fac71bce12f9e27f8105d5e8b2a8e0927d9ce5a0da0ad356f9d460bf64d0c66e289c0ae0f3a8bc7aed84edb11aa166b31de8506e0c7095531caf8f9163d791962459ad92e14e9acf4d432060f4006bda3e2a94a2ddafc5346a1d636e5177a3113dbcea346b45fbf61b90ba1a17ccb0476bc3b9481984f846254f073a70d9a8556932f261346f15c00233e5fb90c4c33860fca7ebe0a482039f053f69e9f85df6d1191856db38cd1f368cf88bd995988a3b7ab859486fbe65a99ee6ec71b24354479448bf72a1906abf9202ba1e6b6b746ebabe4f6f52356ebce00a04b72e5f7d3e01c93dad24aaf7221b6fc0aaf4ef98c32eb2e9223cbaf6a27a2ba36d7508bdb3224e3ce44a5e3d686292d99ab76678691e42d72fb195a53473e732d2d5c5511a89a023edd3833d7501beb870a70290b6660bac7d6158826b50091a93f3a6ffeb2728e8986e9e668e4b332815b9596864ed49bddc6da8b247dc8d8d95c0a73edb7162ec3ae6520f7f59d2d3d205eba5daeaa329ad60ed97ae7ff5bd961cd22a2f716025037bc05638eb1dd1e8aaef3316c9059451b7e22d82d0dfd746dd531aec69f2d640582673f5787a5731bd6b6c7342413bc2a553aee6354ce77ca61a73ce75eb00830808f1f0c8349e0f2f265e6fd3060e1b7167fec184814c92ee004769b2b0d37111bbfa8159b56658eba96a4957da59fd9b3968f0955babaa28ed82c9a3d252a7fb49914b1db6c636aeb7857fd39d8f206e3c9b23d21609d94a94da3eb241db53f640e34b204b46864713a35fc4db3da2876f4997a175465c94ad31d1be7320ca1cfa2c3108646eafc9c01dd74a395700d7fbe8a7039c3badfe23543f80ab5cb7bedd29b81db53026765324cbb1123cf71e3d4be3e01937b498740431d5cba6c259dbdb1c9c21106efcdff0028fdf6ca598deed05c88c71b97a41038cc46bf6e2fc872f60a331d3e7b2a78135711cc086058c908158d6cbded4ce99195d76bc71beab6f4f905f54b42cfd863777cdf4957b4e3e40f802b577b7748f8162343a6d21417a22a77012115626614411aea187f3155b0fb0c39f6ea6d28a7351bea592caaa6fe5e911354142b328fd720d2ac25660f32031fa387889f2ff19c8930030b0c8ec2d369c247544bef394fcf1a12d99650dc34534f264d5c451a518f278625d7e91650772204b3c2d606084a7a55d85039ca66cbbd1e3b887733025771d915f15645b49ed36e314769c628257db0e4d64019d9f508805ebd77dbe6bd500007a4bb25d92a889eeb7392a6a3d8249082aec472b15b6c50405fccb173b6877cb340f5d2838e0923b02e2a5f0c67238548baecefbfe20d7949ee18302986d47a6e8150bfa543cb8d1ba8a9983cc77141d5f4659ef455de57196572cf7979cc17065d187195ed9eb5056ea9b48970685f25f4ed44b028ec6ff647112db36f7ef09be670ac38a18054cca0345ccc48d715ae67990a522d08ddb5bb6719ed8828022db5861cb64d009679ee862c21fc6ae8198af9a70ae833f12758c28b645c062c2e983e66778ab8dee1e300db97f72f0139bb67f26b0a32c4928bee71432e74f9097265eba6d32f2709b4e0756cdb4a77bcdfa39466153b68187feb54ea45dbbd15f20af31d8d5d6df299f373289a987877fb3d353d2e8f51e8bf91ae8ed6e5c55f2571d4f9f84669ed413d4154092695fb72ca660b4649e905e671226ac2339f731b556ecb12e575de7b3ad3414d56465e433f8fc039be15145becc7f4f63497df93a62e60055bce2518669acd6f4326a5f42d74f95d09365916a675fb49de982798eaf778cd66679a6f5a693e8078df4864ef863aa45e6ea0b532ca34370ff3ff655b920f48794bad8d1fde96cdd280b7109a969ce1a47b0dc2e79c4f65a33dfd312d241f0c0949548e6d04a64f75865d83493a72b181a34c0a8a35f681515cace0b9c6837e5e46f0c41ac69115db9a6019a5690a4a5ab8c738a57cfe9dde56844ba177fd295c90b307b83a230557b45365cf3f466db4abc937b344035021be5061128dad60324213bec59af8082cbe1699f0d89fb61681f265753f99c6e23c8652b77f04dfb57b306eac9948e7731776b4352f63d393433256562191924e5deb196919b948d7aa88a70290a01986b745a306588acd569b2df1cada5154ecf7669bc6b1030380ba648475b3dd1fce27521488a9da8546b055b29f84ef13fbe660992395c9053279164a4d6e92a679e5e864034fe7ee9f92b01f5d985763e5d8ddcf8230833b97aaeab777710cb8c4c931ea76de4c0b7c009065bb2073253f106dce3081dbf3064d448167567ece97ffc345ea0cf48c5c140157de074fb9180950e6355bb60be0d4a64d65c7796886f8e07df2ac5f301b84e976931d972931864d92cb47cafe4b968ec9124b3c33525b7ab8537d98df25c4ce022f09c86c0236307b8496abcede2036d2dae21be33d9f1b29e61e944047cdfa1bc397de23a4880a80a753bcc14086dd26ca7fbc290bc559294fa647499abf691a55916685dee6dcb778ff51d03743dd6a331fe377eae8693101d2f74dec86a0d5a6df7510be4242a88253bcc0fa252b9085e1d24559592aa028e4ce881a47d502114264c73d58798f93645543bdc5aa16ba2a089a898acd0b447c8d8d71f1c1902c72baea50ec611ce2eeabb373176febcefaa0ec0488755c556a263a61a602764b9b8e8ec196651fd7fa546dd70aa2213574d52139cf19ea7dd13d5b86ee968eeab52d1ca583290ea111b868796f13567b396c0cb08f0996cc3ef94ba197a019ff09cd8d8ffe3b347ed7fcf7251589e8c9c11fa407634fd5e58fe00686a659db4fd880fa39c2ebbda0e448f1d0fbd5b256e69c36d7f8eedabfedc0716d0abe916acdd0dee85c266bb7fc06798cad7e2fb44d999344f57fcc8f17b6685229a853aacce5c6b4703a21b006b1adc81cf54c6eeec7e82835f677d7e62750042d7b82b2177320a3447293b9e22ca532a3eed893b25beb7e82fc7fe81d32abdeeab775f00b7ff592f02593bc487f0e47d57537440a918912a300e9c6bd74f263c9c90e70bd0d9bd2642299f11e6f59b478f150e5de420774aafb696fbfe9f4ff8829ffba8cd7baf9179f9c1b010dd40570a50dfff66ef2e5d76e9fecee1d35680ad4ce76ef5eac1c1d5e3918a831ff98e51807707dd8648d534326407264590c276c67f0187a37ad574a84319b9ac1da2df4bea3c84106f21a40de6900146375b97268d0ed10cebc248aba2189ec0b08fbd3d1dda601223962147ae94fdc2b3e5ab0ae397dba9cc9747003633be6958888fc8335c5b02365d099213f4546f97bc238b8e34d126b7132b59eca94a868d7e15345026f407ee6fd6dc139002bc7659cbd4469fa383ad15a39747e39ee69efbc55ea94d48369ddfb212766b4956b94e7ab1c16ba1a50cb544b823d837d6f178f5a4ff0420366f4fc054a7dc0a789a0897b039249a57f60ed398fcdc402a6b9aa9ee32ac3276144c723e318a88e7ec5c701d280b9e1bede47f4508e98a1904cd8f5a2c817db62359279b3a33fe293a69b5c64a3fe0b99fbf2721b2095e03b63ae48a1dcc53ab406c742c7566ef621af70bbde74d1e5e78a1c29e2ef22688ed2880feda13cfac05dc6bb56f81bd58da3a814d3daaa34912074969352e6460240c7437a6f5821c2ff194a569344416d3be2644b5cb5bfe9e5518d3a05873617f450758f9f8084e9635f0d758b8b0615729572be13d24d29db0c6924be407ab774e3cc7192038d7c2f5027c98c35a24092980f00b7799a37da171dd22d18625d888a33190bdea24285c2cc236964d4819d93120d666462a7ab6790be2caa65da2c8e620eb5ee3424025c6c21ac006fe190711f8fefaab8b9516a5ae02c98b7d5543bfe46dc1243f362de30bb0e038a055a16e76560d6b2adc7572b6bd21398960c97eb4142e5068044f75be1db0a8adfc38dae032eb48034cca6635dc86443fc91557ebbd5e2c3cbbff9bc15d00d57d198a65786dc00e916debb00d4ff2a1a6d73bbb08550b20fc1e4649ad706b6405229ad2f3392e98fce1a499e7bf12d051b9b2fa008149dbcb204252ff73a19ebacd166b9457caf4e400dee192fff77970e1046674f6515f4878bef8753749b6bb811259105ef4da056f1a0548b0473ca2bc98e1b45c5679d000873385c187411dd20c14217671d4914753b6196b811cdab62f1d9147ca7e348a41929c9bf5871cb77ead3cc08ed28067f3cd1eb5b9b695e9ee65bb463721495b57392c094c1034cbcff571500f7620e48ad616d3e8b72a294b466d7a7643ca7aacda1a92b799c3820879a7e8be865666d7d8629a6ddb0448a6271d9c65615c5fbef8a7c0656e309c39328fe74b7a1a113b34a4bad729ea4a98d49209db7631ea9576fa313e1bec008d02054835c4c0bb45780bb6ce6f2a401724e0bf9cd9e96965c11f4eae84eb58b560e15d9f98446cf2d071f19a3a8bd35e0545b827670ac06c944124ad4053ab7251942fa99a615fb2282d939bb9dac80559f005d100f9f703cf6e8cf45e0050d2dda77fa8550825196ae3ee44e8c052d9650e297eb06ad7382b1ec22be263f41d5afede6cad0be550d3ee80a390fe6ae435c65cf956a5756a6055d20fddbfcf7ade6122efdaaeeadd246bfd9f71e8cd6f01962f3a33ae8d114d1cad2130c0f36a6c1cc3b090be80f3a8bce539153c9c782954f6dbf0d68c2da9f332a15bf41b5aaf260837e10672f56cfb614bd2c3744c2d90410b7aa0380436e584e3877f8ba90f3aaf650652b76d4c341b7ac77ca57f411633a8add900210395bc6f7c6b631b0757dc079016a3cfabad9592ee4e00b0a11e3f79cc5443f8b43d82c717540648d66305b6b8d4e67069d433d644279f667ab6af40a5b8b7996f9888f7a0ec759b08832eaeddf29e90eb7e715d5607b35ae35ee15b63855a8808de958d0fb5d6ce7dbcd91e62c149b8db2b164b9cd3786a8251502da515caddc61b28375f2210c40494bb26fec5bf7ab3109d0eb28a58b12f2ac79cbfdb262e52f5e34ead43f4d190780803db7af2432ab89db9fbf6f000fba3e741e52af0139044a26c55ccbb39b4e9e3d95c58ca493c5face93745d28115e55d39813c6dbc1176477180ae8369cd7dafc73c6f3b0e1b1ade3c1da0bad20689a0e33f810f8187eefbb53e59852f1739c4c9ff04a0e8839df39763b5018a3893bd4d53ffc59c776c0303c37a8743309869b983dd8f789d7f14acb151fceaead04e8be8a37a6d6aab125fc254b4916bc2ec741150fe2fa52666f811e1039a8bc820088847585fa03a2cf648becd244c30fe899fd0782b09fa78d008d303ec0425e44029232dee0a0fc856af3845da0ea1faea8f04d7e30b69b6e20227376ac41a65bc10f5d97ee93014fb1f135d2658aed32ca4e4e49112414adc1f002d59dfb9f6c86eb2a32d61fcd4801df0044b0fca10945dda7bd3f210e8436ac0b0e0f001e34a7ed1c33aaf1e6f7aa8f6b0b0e248c537d86c0992281f05b96a4e0d84ffecb7d365c980782ac84c0f0d010b26f"}, {0x1010, 0x111, 0x9, "810f1dad1ae741e05c5908b325adbc64f5f9b8f0fb0a040dbae43d6e52297d8b7e5c737b6b4e381a3e469bbe1c66e22529c2c3d0b0c158a4544ee9000b6918615d9dc77c405b7af6b8a4d2181f1b55185d353750c0af257cfc01f3c16f40d45cd0b44496f6e428baabadde3d93c688cc180341f2bea5f19dcad150fa397b24dd60c8e3e9ec080bdf29093369e477b946157ce77b23ffde2c943bebf86b4fd6a9d6af2d26e308539fa46b20f7cfd6fa7ce4a81e5ce9b06b8d86989b86b8e4878386153965a96ac5fe7c5ba18b841ef2a4847657b84b575ab28e2103e5c865b4c2d1204f1a7efebb9d585130e9a6c980b6da30d5f2fae0d07e0834e680cab20b87247f60d1206cae61c3f6c81d4050ce0d97dddad14869867f7622e5ac47eaa78af76a57e0015960d7a5cdaa1930698df4a38844aa184228348d05394c9fce13c5e604cd71f0185c66d84d5ee2188959d3b54235196eb3f8c696a9efe1a159fb8f8f988550f34aebf9513bfe4c88e6000498075db9ca006ac353e986d5c76ab7d3972e220fa06ca9da5c5408f6d1e42c49da85132d00a837d2213f18166336dd29c7338c2124df81deb418b071f36ef2a60d629cff6ba7173b39a172a3a76e7d887c72d95d1d2b0faf8f18cb796758e10dee79999606948974a76ca91fbb3bb960c5a7e9ce648dfeb6749d7e9ad35c660373c255218008eced68a6a07afacadd2e77ca33aa8ff57f3c05f35f1956ea7f54890380a4821c0eb7a7a09e865c625e524443e9e8e04887ba26633f185738d19f3487d662ee25e6b3552c8d443bb25ae98b48681df9160ea66bea9d40ce4b52d3b6b71580e0debd007ff454a965ff5bdae2d3f05000b094541f9e5c148e5dbdf0884788805bf857a5de8faa517605717e610c83c807021aa909eea7a23ba990e0955afed2d0f910fe2846551460ea468ae6a10253887a9eef77f4573832b94f3b5eff844dd1495b7de0a8da20b1c7cbc25a52f893e49361c3e917de0669303b968bbd6597020fc9d981df1304f58b3642d5d163869e1174b37edbd58d977581cfddac230ccd43b993f15f96e9eaa9063db3a0e9392ad3a79058899d6f50f546c2d796271c5bfb8305d5a17a18fede6e0569c2692a0f481b8a13482b23a54e06e3c99cfb35403bfb16db2949087d0bfba2bf84a25461aac33f048615340dbc69341a603a63fdca9517db516b67f3dad37653168935ed8e3f80f7481195fa340df3b8bda438b9872f0a77044ba4ff36e7b45bdf288adabbd0fd7389a8dabb04fa1506a6b69b0b2f37a7ae433b47714e6e76e563ccefeb2d60e94b87286d9ebabdfbcd1cba71078041349967d5f8912e49dfd3e44f7897bc43adb8def46207b1cc63cab80bc2934e57b5ac6feca6712004d2c5adcc0603abe9262d89d6e5e921d410c8e8fe642ed5e395f397f239c4759e48036ace47ec4f216eaca2d18a58dc4f139f4fa055e0420ee031cb2c45dece7dc235b0f345486baa121ea01ae270dfeb5c7f03596fbe98bdc3f6bc68e75e5faecb8ab26a60c23ff270b35ac41c65e40f6e6515a6225d4d972ce5a4000ffeebeae0ff4d0bca597d079b0b3a6ac252722f5c7ad3bb0b52fb46e72196cf6df759865136a1a585814142556eb71da2ddd1d51c3c314217b0c16f262a01cde38d15ed855e6fc3b0b219d6a2924b830a92c322252efae3accda82ddfdda0318e6dfa94a0cfbd6cbb219bd560d3f67c63554e1fd1265c64ab70ef62223c622f6b6778302d6f4e8012c5adf861a35411284f0101992dc3809dff14aa126c829e37cf2facbbb1ca3c87dfcdc55b8a4bcf24f313b0fd4887b79f9147cc021686c38251239eaa6698e284e84206f8f710d29576196509809a48f65512442bf231a50f6da621c02ee389f880324c3b9ecc49ff5ddf2e8c78adbf38a37bd2e3d04a43aec66b21c30f4f4fd0f604def0b58314510545adc177266a67c5dc82dc3c855369a0c078981fe3fdca546e855a2f4cb974bcfe3c4fed32d6e6c07d571e7fb7bf9aaed87395a0df86a4c1740074ad4035daa0f64908e698d2c17a4830b1f3fdb376e5663a753bb730d03b0d292528ee362bc27aed4c5d73f6264250a64d651e9a7c9a3d037ab14ee73f6641edd5abe53deb6f628e36d326ea8b42fc55a6a4df9b8277be78e6fdf9b36bca5ffdf59994f03df18c2b79d76c3b430720025ec25f4360523cf283e198ff4e5cd4f585e00be8ca331d876962715b76d340f7b367e4b643b57aeb2ab74da14ba23f3871b5c9178e3142b7eaa92c48b8cd64c83fd390050e75fc2831f647f5ab87c5e97e86a1d59c8a167fc112b0a4301305e50fbce1c9f2208208e3726b6cb3d26fefa17d5768c3488b1cf89c7952bc6311317b16983418d36bcac70257929926b3ed0b7843d3257fbe46d9ab4602e3f159a1e619ae5034c68ad74855f2632c3e82e43cec5ebf05e914c2b548f6c383cc82f44abbf75c2d8448cb24ee03f8786784a6140483c0774d70593facf4659700d66717d678c9ca005de8eca697d69da5189ee7f128e92e4699e3a6e0e1a68014f83fdb96ca225e37862dfa3744275ddfdd81d5543fc399ae710d19e04643703dbef731e810765043644bf7b8e3842023cba19b07790c0645b61418ed37eba0604c51a5f45301e6bedefd69b4e5b4288693bf528ba2b5f82125f971b8ade686f354c7ff04492326bf29c0e559f5358d7219fddd208e773f0c858b887eba61c1c5179be2d32367d56a6a4c4adc2571d3efaf4cd047609791f702f74375c1903514f897be56bcf29a90a0815628fb17f8e8cf4956692dff5579744c4e6fbf5a2908c05e20c23fc75fc562ace29846c017f151dc2496756c192cc098b956c4eab9f5bfa225ccc41e6f4fc105fa1f3298270c014a14570b5369c04a65ce85795851e6d6ca92e5a59fce94810f1e5e11b2e18e3d1d68caccf6e4d825d28a6e2e6a6aad852ae7f4efbb5dd7b1ecbf68c785aab12a93a21725fbe5b2d19a1e1da26fc71c7872467aa3fc84c4be9d1212a0a3b5005e42eb39e591f272ea58d5d5f029bb4889f182b2cf03083414a9da09b8fc425be8daa80bed13574446932357b46b08cd6acc64c1d7d22cbaf8af42d61f060400fe8850aceab298182154f57724de3e37b8ef20614d6e0c8e2033ed8a6a6d17fafe771d5f2b587cb00f629306cc2b2afdcedf063833201fd88257bebadc732d99f861dc782a0210ebe25a485beb02232823cdf3bccb8d4084f6889a10e95d106ce3ca1b69a0e99d2d969ab14021168a80ade764c3a74019f49793bac1e8a596d3ca12b6f0a4aa88e35736571421947e648287d96027fa7a2da449c08e66a6d1ee549a2e6ab56608cd31f198b3ce5f868018426a1be0f0fc429abe41b5f33f14e0bb60646e64d1421da7657ef3b821b7ae4039d8b65c44c878a0e48f19fc4e0898ca5f46c27568b27a422e89204c283a01521ac2b8813d56bb903d4b06dbd48fd46f06d4ddcedd18e3ce119c7ac1c0665052a37da4add07077168b09da2b4c64d2f70a7ac3164590328791ec9b70f1606cc2fe7c66835217a671f5bb893b599e44faab0095af722da4640bd5791c9d394434da35ffdfff6d7a372c366ecdbff2d375f31553535d85427c39fd5ba11f720903a121d75b3a7a3eaeecc3ac5819ff5aca035191c2fdba8d40e6027a1b12ae5632ead4f6b80470eb8f3acf9ed53885cf40a61e4fcd40263bc55da08578209b91917a66f38824b5c9d32b10ca4bf56b87cb2d9a766e49b146a76943ba0d4425eaaa4d45090d3365c42cc6c38fa59aaff4cca804a4ac411ced4b2a52bd8366fb8ec2b153357dd2406466029651a6f7d96595f431e8b466ef2856ae5bed75a2f10846b58077d953a1d681e0233d1d77c0c5933ddd6335a0435acfeb60fa04e795edc47abd49c61f7aa5db629aa497b34c48466a096979db975e39944c70f5442709105f6dd767dc2c2554a7e1f57f209e37cd84861fb178178fce2ca45b4c0cf7aac2955462c260eba5766ac368c8b91a708020014c2fd8ea8aa042f390d88317cd39d03c84b2e2d53ce5ffa1dfed49aba6b80e62fef9c8ef5245d896baa1f861a89d3362e9dd0dc51cc35f6e89e3888c7f5bace307dd25524c63856c31e1d575186f2ff142b6883d48d9622a2c5fa318f0fd613eeab49616bdfb84dbe42323fe327ca5092b9e276ec1370cb9b96355555029f11b089c85a07156feb564b02d77f2a7ff1011d9b0a98ae697644e2d8a82ac68aa23e5481c70493bffd4dc5fd52501ff6bf43aa7fe19e33f5e055c480c7f5f4c0a3d32b27999bdd36583e7ccd1b49e6309238aa6d097279c849b27458519970fe43d3cb480c0fb36f021a2b5e671f0db4a2933ef21ef2d1ad807d0a8b1deeeb53d586ba853937337620534592925dc6efd87859e477e5b7f5ccc2fea76c712793a65ecf6df873947ba78bd7c268ddf80ed0d42fe6643267f7c47637a93ccd69cb287b64662504156c1bb0fa8559290217d843f41576300392731c44be02f401cc0c1b33f70167e2fdcdc463f0dfa4adad157f7ee2481a6f7ca23b01da9f33ed89af5d66bc562331ed79231d9ffe6e7ca90e5a32d524f749c66c9015a1cb4432041757f5b8af751f42a52729353752dfaaeb43118aee19d0fff8e79760ecaf1aa0310a07bc4ec640d921c89c3449b4211a040ba05f2dd00bf6ab629dea637499394f2d8f196f9edd6f77210ca378d5f4c8f5b178f565641dc5a2e3e1976ab042eb9ae5ed3327cbe197ad20bb73d9ea26972871e8a23f86ed5d2069de7a5726c467866016035a6b8f0cbcdc174117fd771e711cdc92305dbe028aff8de1b5e5a64070dbeba15f5125324d8946f713d8e6bf0154a173208c6ab1a2984c8c3c613b122c9b4182ce103432cb70a4862ae69105944739614acfb7dd0bbca8feab3b3583dd050bfdd77c77f8d85c4a97e5190723b84d2e331e126938d6175ba667e4294ae97c2c9809eb3f90998aad6d034247211832c0798d3d0b31e57b216ab43728e389868c72f6bdc22eae4b29c74414697b32eafc7e9852371c64c80de1994c4342da9dd40a66433ff74cf67565698de48a3a5cb899b21df853a46a09b4ce3f60a7075a43300a09241b0368e143e77aa6f22f3565ded15bc1d1ed71a18379debada6a5399724e0cbd458b9d36f9c44d5756a020dd1f75d423d8bf312468da88ebcae24c64d891f3bcc01cb65de4f0b3aa58d3afce0a94310ea5af480454d60f2ccc45cbd9daaa53f28b14e83adee9f351039a868fb968860600f5ca1800f7428a376453a531d4ef3b6f68e38f11dca34a1667fceb60204f744c6f0ff577555ed43faf1cb34337338e84e9c0acb4cf7a0bf18eed8192c80d7da2bcee38b061051e433c5c39c1d1702ad906596bf11f61e44e52f868c49d562a6469b015b90b319e18c899a742a1da4fb03f8257fc5005f5419d1d62f8f1a019ac87629830b99b920be22005580ec150ad7addaf31079dea4bea18d52159eaf91d02aac9dde3021ae80c36e1a4951234e39a79b5eb37aaf8bed61aa2c7524a0358b829879a6e5d8696842f4a4cae5333aaf9cbd49d4edf51e18c5b31da4cbfc95fb40e4db8a533af354ec0e2f5d685c8bbc66abbee4efc96453e3e6e096197b122f4e3628205be6ad773a089ea14f782c2dd1d1b200e7e50fb5430e5e58f92e1c66ee6c5350772f3bae253ae3ac14571b1c5a5f709504c1de584408fd3dfa1f5211d265cd915fa9c389cc0605fb30c404913516463a7021aa28a75bd8491995d3685a"}, {0x78, 0x107, 0x3, "041054ef2b0a4480ad212554665e6dcb5650b1315c78b38cfe07940eebdc9a56ce42140a32734cf9b72f0ccaa4ea2a992951a0346289c386378308173d2669bcbef1c19a7582c620de24c7d5dc2f8b58a06cc3ea9ab986b4f377aedc34caa15191a82315"}, {0x90, 0x0, 0x1, "0f33cb8fc6aa6a6d804f370a2dcaf86594bcf9b4bd370daccb8954235235c35de6aa49fc451a857b62d77ee25ccf9c700a8d7a0bc162edd3cb02bdd26df5d151b0850b00fbe48c041f3f185e5b8fa394347c91987d94c530e7cbccbb5f8a1dbd76ab06e327bcffb20f9da0add087d0853a16e2b3a37d22d0a1958054"}], 0x2278}}], 0x8, 0x4000) [ 743.132420] input: syz0 as /devices/virtual/input/input329 01:56:06 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1600, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:06 executing program 2 (fault-call:0 fault-nth:54): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:06 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600f6ffffff00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 743.237058] device wlan1 entered promiscuous mode [ 743.267043] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 743.267043] [ 743.289260] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready [ 743.331147] input: syz0 as /devices/virtual/input/input330 [ 743.337860] FAULT_INJECTION: forcing a failure. [ 743.337860] name failslab, interval 1, probability 0, space 0, times 0 [ 743.351471] CPU: 0 PID: 23660 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 743.359561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 743.369509] Call Trace: [ 743.372151] dump_stack+0x1fc/0x2fe [ 743.375875] should_fail.cold+0xa/0x14 [ 743.380179] ? setup_fault_attr+0x200/0x200 [ 743.384569] ? __lock_acquire+0x6de/0x3ff0 [ 743.388927] __should_failslab+0x115/0x180 [ 743.393250] should_failslab+0x5/0xf [ 743.397073] kmem_cache_alloc+0x3f/0x370 [ 743.401216] radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 743.407962] __radix_tree_create+0x314/0x540 [ 743.417065] page_cache_tree_insert+0xac/0x3f0 [ 743.423358] ? file_check_and_advance_wb_err+0x3a0/0x3a0 [ 743.428977] ? lock_acquire+0x170/0x3c0 [ 743.433001] ? __add_to_page_cache_locked+0x45e/0xb60 [ 743.444685] __add_to_page_cache_locked+0x46e/0xb60 [ 743.449779] ? page_cache_tree_insert+0x3f0/0x3f0 [ 743.454717] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 743.459897] ? find_first_bit+0x8b/0xb0 [ 743.463993] add_to_page_cache_lru+0x16a/0x680 [ 743.468646] ? add_to_page_cache_locked+0x40/0x40 [ 743.473986] ? __page_cache_alloc.part.0+0xb5/0x3f0 [ 743.479072] pagecache_get_page+0x478/0xd50 [ 743.483705] __getblk_slow+0x216/0x9e0 [ 743.487659] ? resource_string.isra.0+0x9c0/0x9c0 [ 743.492715] __bread_gfp+0x218/0x300 [ 743.496736] readSuper+0xa6/0x250 [ 743.500254] ? map_id_range_down+0x1c4/0x340 [ 743.504836] chkSuper+0x93/0xa90 [ 743.508295] ? readSuper+0x250/0x250 [ 743.512080] ? lock_downgrade+0x720/0x720 [ 743.516339] ? do_raw_spin_lock+0xcb/0x220 [ 743.520694] jfs_mount+0x47/0x3d0 [ 743.524302] jfs_fill_super+0x55c/0xb50 [ 743.528339] ? parse_options+0xe70/0xe70 [ 743.532478] ? set_blocksize+0x163/0x3f0 [ 743.536652] mount_bdev+0x2fc/0x3b0 [ 743.540387] ? parse_options+0xe70/0xe70 [ 743.544521] mount_fs+0xa3/0x30c [ 743.547961] vfs_kern_mount.part.0+0x68/0x470 [ 743.552634] do_mount+0x113c/0x2f10 [ 743.556357] ? do_raw_spin_unlock+0x171/0x230 [ 743.560992] ? check_preemption_disabled+0x41/0x280 [ 743.566051] ? copy_mount_string+0x40/0x40 [ 743.570358] ? copy_mount_options+0x59/0x380 [ 743.575480] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 743.580798] ? kmem_cache_alloc_trace+0x323/0x380 [ 743.585711] ? copy_mount_options+0x26f/0x380 [ 743.590363] ksys_mount+0xcf/0x130 [ 743.593963] __x64_sys_mount+0xba/0x150 [ 743.598111] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 743.603229] do_syscall_64+0xf9/0x620 [ 743.607187] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 743.612507] RIP: 0033:0x460c6a [ 743.615742] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 743.636838] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 743.644781] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 743.652155] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 743.660671] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 743.668743] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 01:56:06 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600feffffff00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:06 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3ffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 743.677806] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 743.714817] input: syz0 as /devices/virtual/input/input331 [ 743.748080] attempt to access beyond end of device [ 743.753762] loop2: rw=0, want=184, limit=178 01:56:06 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4643e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:06 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$AUDIT_LIST_RULES(r0, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x10, 0x3f5, 0x400, 0x70bd2a, 0x25dfdbff, "", ["", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000}, 0x6000080) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788}, 0x80, 0x0, 0x0, 0x0, 0x33}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) write$apparmor_current(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="6300000100656861742030783030300063741d0473a7390590870e191f0000009dca18842c77e84b20943d74215cabfb6c269ef7ab496da382db35eda72983cb"], 0x20) 01:56:06 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000002000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:06 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1f00, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 743.806832] metapage_read_end_io: I/O error 01:56:06 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) setsockopt$inet_sctp_SCTP_RECVNXTINFO(0xffffffffffffffff, 0x84, 0x21, &(0x7f0000000000)=0x92dd, 0x4) 01:56:06 executing program 2 (fault-call:0 fault-nth:55): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 743.925749] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 743.925749] [ 743.962935] input: syz0 as /devices/virtual/input/input332 01:56:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$DRM_IOCTL_MAP_BUFS(0xffffffffffffffff, 0xc0186419, &(0x7f0000000300)={0x2, &(0x7f00000000c0)=""/128, &(0x7f00000002c0)=[{0x101, 0xaa, 0x6, &(0x7f0000000140)=""/170}, {0x0, 0xbe, 0xfffffff8, &(0x7f0000000200)=""/190}]}) sendmsg(r0, &(0x7f0000000080)={&(0x7f0000000000)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x20008854) 01:56:07 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000003000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:07 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:07 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46441010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 744.039972] input: syz0 as /devices/virtual/input/input333 [ 744.060436] FAULT_INJECTION: forcing a failure. [ 744.060436] name failslab, interval 1, probability 0, space 0, times 0 01:56:07 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000004000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 744.131839] CPU: 1 PID: 23718 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 744.140514] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.150339] Call Trace: [ 744.152995] dump_stack+0x1fc/0x2fe [ 744.156802] should_fail.cold+0xa/0x14 [ 744.160763] ? setup_fault_attr+0x200/0x200 [ 744.165255] __should_failslab+0x115/0x180 [ 744.169629] should_failslab+0x5/0xf [ 744.173606] kmem_cache_alloc+0x3f/0x370 [ 744.177738] ? mempool_alloc+0x350/0x350 01:56:07 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x2f00, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 744.181879] mempool_alloc+0x146/0x350 [ 744.185818] ? mempool_resize+0x790/0x790 [ 744.189995] ? lock_downgrade+0x720/0x720 [ 744.194252] ? mark_held_locks+0xa6/0xf0 [ 744.198480] bio_alloc_bioset+0x389/0x5e0 [ 744.202742] ? __find_get_block+0x314/0xde0 [ 744.207139] ? bvec_alloc+0x2f0/0x2f0 [ 744.210973] ? __getblk_slow+0x6a3/0x9e0 [ 744.215091] submit_bh_wbc+0x141/0x760 [ 744.220108] __bread_gfp+0x14e/0x300 [ 744.224597] readSuper+0xa6/0x250 [ 744.228625] ? map_id_range_down+0x1c4/0x340 [ 744.233087] chkSuper+0x93/0xa90 [ 744.237730] ? readSuper+0x250/0x250 [ 744.241604] ? lock_downgrade+0x720/0x720 [ 744.245871] ? do_raw_spin_lock+0xcb/0x220 [ 744.250320] jfs_mount+0x47/0x3d0 [ 744.253968] jfs_fill_super+0x55c/0xb50 [ 744.258033] ? parse_options+0xe70/0xe70 [ 744.262152] ? set_blocksize+0x163/0x3f0 [ 744.266421] mount_bdev+0x2fc/0x3b0 [ 744.270199] ? parse_options+0xe70/0xe70 [ 744.274324] mount_fs+0xa3/0x30c [ 744.277797] vfs_kern_mount.part.0+0x68/0x470 [ 744.282360] do_mount+0x113c/0x2f10 [ 744.286023] ? lock_acquire+0x170/0x3c0 [ 744.290362] ? check_preemption_disabled+0x41/0x280 [ 744.295427] ? copy_mount_string+0x40/0x40 [ 744.299857] ? copy_mount_options+0x59/0x380 [ 744.304446] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 744.309524] ? kmem_cache_alloc_trace+0x323/0x380 [ 744.314529] ? copy_mount_options+0x26f/0x380 [ 744.319309] ksys_mount+0xcf/0x130 [ 744.323042] __x64_sys_mount+0xba/0x150 [ 744.327088] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 744.331906] do_syscall_64+0xf9/0x620 [ 744.335797] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 744.341062] RIP: 0033:0x460c6a [ 744.344335] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 744.363627] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 744.371414] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 744.378820] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 744.386155] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 744.393487] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 744.400819] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 744.421226] attempt to access beyond end of device [ 744.433735] loop2: rw=0, want=184, limit=178 [ 744.451684] metapage_read_end_io: I/O error [ 744.458853] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 744.458853] 01:56:07 executing program 0: socket$packet(0x11, 0x2, 0x300) r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000040)='wlan1\x00\x1b\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9=\x9b\xa0\xf5\xee\x16\x1f\xb9\xf2-\xda\fC\xfdj\xe3\x8d\xe3\xd6\xe0|cL\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5\\f\xcb\xe8%OArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2') sendmsg(r0, &(0x7f0000000000)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x6}, 0x80, 0x0}, 0x40000) ioctl$SIOCAX25DELUID(0xffffffffffffffff, 0x89e2, &(0x7f00000000c0)={0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0xffffffffffffffff}) 01:56:07 executing program 2 (fault-call:0 fault-nth:56): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 744.500198] input: syz0 as /devices/virtual/input/input334 [ 744.552829] input: syz0 as /devices/virtual/input/input335 01:56:07 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x100000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:07 executing program 0: socket$inet_sctp(0x2, 0x5, 0x84) r0 = socket$packet(0x11, 0x2, 0x300) ioctl$KVM_SET_VAPIC_ADDR(0xffffffffffffffff, 0x4008ae93, &(0x7f0000000140)) r1 = add_key$user(&(0x7f0000000100)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f0000000340)="585ccbe4ed83b836c1a6474914dc55e72206297b6895b66147b3c7218a9169a85ea2bdc9c1587a050000000000000042e33089754c8107c3cd4623dd4a71c2ff06007b6b4816122d2550829eaa9435c99926022b8753a188748c569f435fb3bae96efb7bb50ec93c152fa483198a29e5c0d0c60000ce0637ce0000b4ec24c53d3d661ff5ff70e48884ca000018cea71fcfacf40d32e4b58a8d2725561f6110fd7b0674cc5c1e298a16324fe27da2a908ba9ff3c009d36d691cc7911219a2fd5d", 0xc0, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000180)="a8", 0x1, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r1, r1}, &(0x7f0000000240)=""/239, 0xef, &(0x7f0000000580)={&(0x7f0000000080)={'sha1-ssse3\x00'}}) keyctl$read(0xb, r1, &(0x7f0000000000)=""/207, 0xcf) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x40000) [ 744.615841] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 744.615841] 01:56:07 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x3f00, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:07 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000006000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:07 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46442010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 744.707911] FAULT_INJECTION: forcing a failure. [ 744.707911] name failslab, interval 1, probability 0, space 0, times 0 01:56:07 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = dup(r0) ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000040)={0x9, 0x0, 0x4, 0x70000, 0x9dc, {0x0, 0xea60}, {0x4, 0x8, 0x2, 0x1f, 0x3, 0x3f, "2618d2c1"}, 0x31f2, 0x4, @planes=&(0x7f0000000000)={0x4, 0x2, @mem_offset=0x8, 0x5}, 0x7}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffe32}, 0x8804) [ 744.785948] CPU: 1 PID: 23775 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 744.794273] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 744.803805] Call Trace: [ 744.806529] dump_stack+0x1fc/0x2fe [ 744.811946] should_fail.cold+0xa/0x14 [ 744.815887] ? setup_fault_attr+0x200/0x200 [ 744.821242] __should_failslab+0x115/0x180 [ 744.825763] should_failslab+0x5/0xf [ 744.829557] kmem_cache_alloc+0x3f/0x370 [ 744.833656] ? mempool_alloc+0x350/0x350 [ 744.837791] mempool_alloc+0x146/0x350 [ 744.841723] ? mempool_resize+0x790/0x790 [ 744.845940] ? lock_downgrade+0x720/0x720 [ 744.850133] ? mark_held_locks+0xa6/0xf0 [ 744.854248] bio_alloc_bioset+0x389/0x5e0 [ 744.858479] ? __find_get_block+0x314/0xde0 [ 744.862893] ? bvec_alloc+0x2f0/0x2f0 [ 744.866783] ? __getblk_slow+0x6a3/0x9e0 [ 744.867753] input: syz0 as /devices/virtual/input/input336 [ 744.870929] submit_bh_wbc+0x141/0x760 [ 744.870952] __bread_gfp+0x14e/0x300 [ 744.870972] readSuper+0xa6/0x250 [ 744.870990] ? map_id_range_down+0x1c4/0x340 [ 744.871005] chkSuper+0x93/0xa90 [ 744.871028] ? readSuper+0x250/0x250 [ 744.899627] ? lock_downgrade+0x720/0x720 [ 744.903909] ? do_raw_spin_lock+0xcb/0x220 [ 744.908242] jfs_mount+0x47/0x3d0 [ 744.911805] jfs_fill_super+0x55c/0xb50 [ 744.915886] ? parse_options+0xe70/0xe70 [ 744.920098] ? set_blocksize+0x163/0x3f0 [ 744.924645] mount_bdev+0x2fc/0x3b0 [ 744.928324] ? parse_options+0xe70/0xe70 [ 744.932468] mount_fs+0xa3/0x30c [ 744.935896] vfs_kern_mount.part.0+0x68/0x470 [ 744.940574] do_mount+0x113c/0x2f10 [ 744.944635] ? lock_acquire+0x170/0x3c0 [ 744.948778] ? check_preemption_disabled+0x41/0x280 [ 744.954245] ? copy_mount_string+0x40/0x40 [ 744.959089] ? copy_mount_options+0x59/0x380 [ 744.963885] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 744.969316] ? kmem_cache_alloc_trace+0x323/0x380 [ 744.974562] ? copy_mount_options+0x26f/0x380 [ 744.979248] ksys_mount+0xcf/0x130 [ 744.983262] __x64_sys_mount+0xba/0x150 [ 744.987318] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 744.991956] do_syscall_64+0xf9/0x620 [ 744.995985] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 745.001496] RIP: 0033:0x460c6a [ 745.004782] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 745.024343] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 745.032185] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 745.039545] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 745.046955] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 745.054297] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 745.061964] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 745.072942] attempt to access beyond end of device [ 745.078541] loop2: rw=0, want=184, limit=178 [ 745.083550] metapage_read_end_io: I/O error 01:56:08 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000007000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 745.097249] input: syz0 as /devices/virtual/input/input337 01:56:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = socket$l2tp(0x2, 0x2, 0x73) ioctl$sock_SIOCSIFVLAN_GET_VLAN_REALDEV_NAME_CMD(r1, 0x8983, &(0x7f0000000180)={0x8, 'veth0_to_team\x00', {'gretap0\x00'}, 0x5}) [ 745.166017] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 745.166017] 01:56:08 executing program 2 (fault-call:0 fault-nth:57): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:08 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:08 executing program 0: r0 = msgget$private(0x0, 0xfa) msgrcv(r0, 0x0, 0xffffff1c, 0x0, 0x0) msgsnd(r0, &(0x7f00000001c0)=ANY=[], 0x2000, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f00000003c0)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffb}) msgctl$IPC_RMID(r0, 0x0) ioctl$PPPIOCSMRU(0xffffffffffffffff, 0x40047452, &(0x7f0000000280)=0x20) msgsnd(r0, &(0x7f0000000340)=ANY=[@ANYBLOB="020000000000000020ca72cfec28a1ac824026ff754bacae2a36d307766596bd4b2b121d3a82dde91547ed3888a648a28d54667d15fc098af1b24d95b5df72c334c7b22c1402ca265374c7ed5174e0a26c8898451a5e7abc70963c407376b3a645e7e5a5c2576ac57d3621ba3148b1cdc915530863a7259c177dfdc61f2055adaf79"], 0x8c, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) r2 = syz_open_dev$sg(&(0x7f0000000040)='/dev/sg#\x00', 0x0, 0x8002) write(r2, &(0x7f00000000c0)="b63db85e1e8d020000000000003ef0011dcc606a010000807018cebc9b97ae21b14d02dcd7cce22c9b160096aa1fae1a", 0x30) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) readv(r2, &(0x7f00000012c0)=[{&(0x7f000001a340)=""/102398, 0x18ffe}], 0x1) r5 = accept$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @mcast2}, &(0x7f0000000080)=0x1c) accept4$rose(0xffffffffffffffff, 0x0, &(0x7f00000000c0), 0x40000) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x4c, 0x0, 0x100, 0x70bd28, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r6}, @val={0xc, 0x99, {0x200, 0x11}}}}, [@NL80211_ATTR_DURATION={0x8, 0x57, 0xe73}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_CSA_C_OFFSETS_TX={0x16, 0xcd, [0x0, 0x8, 0x8001, 0x0, 0x1f, 0x0, 0x8001, 0xd3, 0xffff]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@generic={0x5, "8d3291b449f41399aa0e01bf5e4a3546475f1cec4376ce1707eb8e4167c15591b0262e37b0d6e4d240588b98e820da998088920c0f126569dcdb94ebc8f9aebf4ec4ce093e9cc431b8c72206614b1df1b7242338fe9251deb1d1c56d4469ab4bc1adfcb6bec7e101d9a91708ef2b53664926e91150b17e90d8593ac516b4"}, 0x80, 0x0}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x4000, 0x0) 01:56:08 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000008000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 745.307828] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 745.307828] 01:56:08 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1fffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 745.350419] input: syz0 as /devices/virtual/input/input338 [ 745.381862] FAULT_INJECTION: forcing a failure. [ 745.381862] name failslab, interval 1, probability 0, space 0, times 0 [ 745.399203] CPU: 1 PID: 23836 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 745.408561] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 745.418009] Call Trace: [ 745.420688] dump_stack+0x1fc/0x2fe [ 745.424426] should_fail.cold+0xa/0x14 01:56:08 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46443010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 745.428433] ? setup_fault_attr+0x200/0x200 [ 745.432836] ? __lock_acquire+0x6de/0x3ff0 [ 745.437192] __should_failslab+0x115/0x180 [ 745.441528] should_failslab+0x5/0xf [ 745.445315] kmem_cache_alloc+0x3f/0x370 [ 745.449556] radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 745.455482] __radix_tree_create+0x314/0x540 [ 745.460021] page_cache_tree_insert+0xac/0x3f0 [ 745.464734] ? file_check_and_advance_wb_err+0x3a0/0x3a0 [ 745.470360] ? lock_acquire+0x170/0x3c0 [ 745.474413] ? __add_to_page_cache_locked+0x45e/0xb60 [ 745.479683] __add_to_page_cache_locked+0x46e/0xb60 [ 745.484810] ? page_cache_tree_insert+0x3f0/0x3f0 [ 745.489712] ? _raw_spin_unlock_irqrestore+0x79/0xe0 [ 745.495011] ? find_first_bit+0x8b/0xb0 [ 745.499081] add_to_page_cache_lru+0x16a/0x680 [ 745.503769] ? add_to_page_cache_locked+0x40/0x40 [ 745.508701] ? __page_cache_alloc.part.0+0xb5/0x3f0 [ 745.513871] pagecache_get_page+0x478/0xd50 [ 745.518297] __getblk_slow+0x216/0x9e0 [ 745.522408] ? resource_string.isra.0+0x9c0/0x9c0 [ 745.527452] __bread_gfp+0x218/0x300 01:56:08 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000030000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 745.531228] readSuper+0xa6/0x250 [ 745.534887] ? map_id_range_down+0x1c4/0x340 [ 745.539406] chkSuper+0x93/0xa90 [ 745.542949] ? readSuper+0x250/0x250 [ 745.546803] ? lock_downgrade+0x720/0x720 [ 745.551014] ? do_raw_spin_lock+0xcb/0x220 [ 745.555411] jfs_mount+0x47/0x3d0 [ 745.559035] jfs_fill_super+0x55c/0xb50 [ 745.563264] ? parse_options+0xe70/0xe70 [ 745.567400] ? set_blocksize+0x163/0x3f0 [ 745.571521] mount_bdev+0x2fc/0x3b0 [ 745.575200] ? parse_options+0xe70/0xe70 [ 745.579303] mount_fs+0xa3/0x30c [ 745.582726] vfs_kern_mount.part.0+0x68/0x470 [ 745.587283] do_mount+0x113c/0x2f10 [ 745.590991] ? do_raw_spin_unlock+0x171/0x230 [ 745.595583] ? check_preemption_disabled+0x41/0x280 [ 745.600693] ? copy_mount_string+0x40/0x40 [ 745.604986] ? copy_mount_options+0x59/0x380 [ 745.609479] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 745.614645] ? kmem_cache_alloc_trace+0x323/0x380 [ 745.619553] ? copy_mount_options+0x26f/0x380 [ 745.624280] ksys_mount+0xcf/0x130 [ 745.627839] __x64_sys_mount+0xba/0x150 [ 745.631880] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 745.636585] do_syscall_64+0xf9/0x620 [ 745.640450] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 745.645736] RIP: 0033:0x460c6a [ 745.648990] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 745.667956] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 745.675801] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 745.683336] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 745.691100] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 745.699129] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 745.706539] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 745.731331] attempt to access beyond end of device [ 745.737443] loop2: rw=0, want=184, limit=178 [ 745.746605] input: syz0 as /devices/virtual/input/input339 [ 745.757994] metapage_read_end_io: I/O error [ 745.779669] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 745.779669] 01:56:08 executing program 2 (fault-call:0 fault-nth:58): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:08 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x2000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:08 executing program 0: socket$packet(0x11, 0x2, 0x300) 01:56:08 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x200000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 745.935890] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 745.935890] [ 745.956027] FAULT_INJECTION: forcing a failure. [ 745.956027] name fail_page_alloc, interval 1, probability 0, space 0, times 0 01:56:08 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = memfd_create(&(0x7f0000000140)='\x00\xc2\xea\x99\xbb\x1c\xf8jw\x97\x05\xa3\xa2\'\xdd\xe4q\xbf\t\x8c\xe0Y\xe5\xbcJ6\xfc\xa8\xcdj\xc1F\x02\x93\xca`\x8e\x00\x00\x00\x00\x00\x00\x00\x00\x00\b \xff\x13\x96\xe3?\xdfH\x8c\xe4V\xe2\xfe\v8\x04\xa5\xb9\xc4:\xf3\xf6y_w\xd8\xcf\x90k\x05\x00\xf9\x1e\xe8m\xec\x12\xa015\xc2\xb3u|K\x111\xd4\f8\xeb\x18\xfa\xbf\xf3x\x86\xc2\xa3\t\x008\xb6XA]\xdc\xad\xbb!1\x85\x96P\x1b\x92\x01\xe6\xae\xb1\xecB)\xe5\xaa7\xfe\xdd,R\x96X\x1ae', 0x0) write(r1, &(0x7f00000000c0)='i', 0x1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1, 0x11, r1, 0x0) clone(0x200000000204a100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ioctl$USBDEVFS_SETCONFIGURATION(0xffffffffffffffff, 0x80045505, &(0x7f0000000040)=0x91) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'h(ac(mcryptd(sha384-arm64)),7\x00'}, 0x58) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600) write$P9_RATTACH(r5, &(0x7f0000000080)={0x14, 0x69, 0x2, {0x10, 0x1, 0x7}}, 0x14) ioctl$SIOCAX25GETINFOOLD(0xffffffffffffffff, 0x89e9, &(0x7f0000000000)) 01:56:09 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000060000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 745.988943] input: syz0 as /devices/virtual/input/input340 [ 746.021410] CPU: 1 PID: 23878 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 746.029577] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.039091] Call Trace: [ 746.041837] dump_stack+0x1fc/0x2fe [ 746.045568] should_fail.cold+0xa/0x14 [ 746.049639] ? deref_stack_reg+0x134/0x1d0 [ 746.053986] ? setup_fault_attr+0x200/0x200 [ 746.058377] ? is_bpf_text_address+0xd5/0x1b0 [ 746.063019] __alloc_pages_nodemask+0x239/0x2890 [ 746.068037] ? __bpf_address_lookup+0x330/0x330 [ 746.072802] ? check_preemption_disabled+0x41/0x280 [ 746.077917] ? __radix_tree_lookup+0x216/0x370 [ 746.082605] ? lock_downgrade+0x720/0x720 01:56:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000040)='wlan1\x00\x1b\x1a\xec\xb5\x12\x03F\xd9U\x1c\xc9=\x9b\xa0\xf5\xee\x16\x1f\xb9\xf2-\xda\fC\xfdj\xe3\x8d\xe3\xd6\xe0|cL\xe9\xd9;\x13\xdf\xf7\xber\'\x8a\xd5\xd5\xe1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5\\f\xcb\xe8%OArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\xf5\xfb\xaad\x1a\xa0\xb1\x9c\xac\xe8\xff^9P\xee\x8aG\xdd2') write$binfmt_misc(r2, &(0x7f0000000100)={'syz0', "1d67537396ff9c8f8f54d3c0d1544b8bec13062812eb9fbf54138d10e6a0cf0750c7a5c0f88b1c6a6114f785ed1d2a8747cec04713ee11af864ee1a592b21ddaa6066189c152871109e495c1934de118e5e6ad22343d395d59b32c267f6eb88899c65ded29"}, 0x69) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) r3 = fcntl$dupfd(r2, 0x80278470ae880a9a, r0) ioctl$IOCTL_VMCI_CTX_ADD_NOTIFICATION(r3, 0x7af, &(0x7f0000000180)={@any, 0x9}) ioctl$VT_GETMODE(r1, 0x5601, &(0x7f0000000000)) fsetxattr$security_ima(r0, &(0x7f0000000040)='security.ima\x00', &(0x7f00000000c0)=@v1={0x2, "31c5d30b07612cce3e71"}, 0xb, 0x3) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 746.086878] ? __radix_tree_lookup+0x370/0x370 [ 746.092012] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.096981] ? find_get_pages_range_tag+0xc50/0xc50 [ 746.102095] ? __lock_acquire+0x6de/0x3ff0 [ 746.106418] ? find_next_bit+0x105/0x130 [ 746.110602] ? __next_node_in+0x42/0x80 [ 746.114761] __page_cache_alloc.part.0+0x99/0x3f0 [ 746.119702] do_read_cache_page+0x4e2/0x1170 [ 746.124304] ? metapage_get_blocks+0x2d0/0x2d0 [ 746.129093] __get_metapage+0x240/0x13d0 [ 746.133263] ? init_wait_var_entry+0x1a0/0x1a0 [ 746.137937] ? map_id_range_down+0x1c4/0x340 [ 746.142541] ? release_metapage+0x9b0/0x9b0 [ 746.146921] ? new_inode+0xc7/0xf0 [ 746.150608] ? lock_downgrade+0x720/0x720 [ 746.154754] ? do_raw_spin_lock+0xcb/0x220 [ 746.159145] ? do_raw_spin_unlock+0x171/0x230 [ 746.163685] diReadSpecial+0x14e/0x600 [ 746.167864] jfs_mount+0x83/0x3d0 [ 746.171317] jfs_fill_super+0x55c/0xb50 [ 746.175332] ? parse_options+0xe70/0xe70 [ 746.179415] ? set_blocksize+0x163/0x3f0 [ 746.183528] mount_bdev+0x2fc/0x3b0 [ 746.187206] ? parse_options+0xe70/0xe70 [ 746.191563] mount_fs+0xa3/0x30c [ 746.195059] vfs_kern_mount.part.0+0x68/0x470 [ 746.199661] do_mount+0x113c/0x2f10 [ 746.203441] ? do_raw_spin_unlock+0x171/0x230 [ 746.207977] ? check_preemption_disabled+0x41/0x280 [ 746.213028] ? copy_mount_string+0x40/0x40 [ 746.217341] ? copy_mount_options+0x59/0x380 [ 746.221835] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 746.226952] ? kmem_cache_alloc_trace+0x323/0x380 [ 746.231939] ? copy_mount_options+0x26f/0x380 [ 746.236963] ksys_mount+0xcf/0x130 [ 746.240940] __x64_sys_mount+0xba/0x150 [ 746.245223] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 746.250109] do_syscall_64+0xf9/0x620 [ 746.253977] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.259229] RIP: 0033:0x460c6a [ 746.262442] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 746.281394] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 746.289199] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 746.296511] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 746.303822] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 746.311174] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 746.318596] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 746.337927] input: syz0 as /devices/virtual/input/input341 01:56:09 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46444010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:09 executing program 2 (fault-call:0 fault-nth:59): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:09 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x3000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x20008001) getsockopt$inet_sctp_SCTP_STATUS(0xffffffffffffffff, 0x84, 0xe, &(0x7f0000000040)={0x0, 0xfffffffa, 0xe2, 0xaf, 0x2e, 0x6, 0x66, 0x1f, {0x0, @in6={{0xa, 0x4e23, 0x4, @dev={0xfe, 0x80, [], 0x3a}}}, 0x70f, 0x1, 0xffffff71, 0x7}}, &(0x7f0000000100)=0xb0) getsockopt$inet_sctp_SCTP_RECONFIG_SUPPORTED(0xffffffffffffffff, 0x84, 0x75, &(0x7f0000000140)={r1, 0xcef}, &(0x7f0000000180)=0x8) ioctl$DRM_IOCTL_MODESET_CTL(0xffffffffffffffff, 0x40086408, &(0x7f0000000000)={0xff, 0x409}) 01:56:09 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x600000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:09 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000070000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 746.541041] attempt to access beyond end of device [ 746.546945] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 746.546945] [ 746.568655] loop2: rw=0, want=184, limit=178 01:56:09 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm_plock\x00', 0x242000, 0x0) write$snapshot(r1, &(0x7f0000000040)="936713df03e8cbd72c99f08f64be9620de6a3edbd9e26b8c3bf7b53d9464cc8d72906a40641f237978a7ae103e7c08d528e250f94f456ac30b3a2bc1aac213dd5c2c1b2bc8e6f89c57cbf939e90cc759b709987c6304a15dc2139f2ae28e40502ed20d21136535b941ad0c71b6a51b06e22b7d72038df8dabf80a417eb8930ef265ed186980f56f6344f51fbec1d4ca2b9785dca34", 0x95) [ 746.591334] metapage_read_end_io: I/O error [ 746.604029] input: syz0 as /devices/virtual/input/input342 [ 746.649865] input: syz0 as /devices/virtual/input/input343 [ 746.667436] FAULT_INJECTION: forcing a failure. [ 746.667436] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 746.679486] CPU: 0 PID: 23931 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 746.687634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 746.698812] Call Trace: [ 746.701449] dump_stack+0x1fc/0x2fe [ 746.705178] should_fail.cold+0xa/0x14 [ 746.709164] ? setup_fault_attr+0x200/0x200 [ 746.713670] ? __lock_acquire+0x6de/0x3ff0 [ 746.717992] __alloc_pages_nodemask+0x239/0x2890 [ 746.722827] ? __lock_acquire+0x6de/0x3ff0 [ 746.727115] ? gfp_pfmemalloc_allowed+0x150/0x150 [ 746.732048] ? lock_downgrade+0x720/0x720 [ 746.736292] ? lock_acquire+0x170/0x3c0 [ 746.740354] ? mark_held_locks+0xf0/0xf0 [ 746.744479] cache_grow_begin+0xa4/0x8a0 [ 746.748581] ? setup_fault_attr+0x200/0x200 [ 746.753108] ? cache_alloc_pfmemalloc+0x1e/0x140 [ 746.758020] cache_alloc_refill+0x273/0x340 [ 746.763124] kmem_cache_alloc_trace+0x354/0x380 [ 746.768203] ? dev_uevent_filter+0xd0/0xd0 [ 746.772605] kobject_uevent_env+0x236/0x14a0 [ 746.777088] __loop_clr_fd+0x5dd/0xe50 [ 746.781049] lo_ioctl+0x363/0x20e0 [ 746.784646] ? __lock_acquire+0x6de/0x3ff0 [ 746.789102] ? loop_set_status64+0x110/0x110 [ 746.795920] blkdev_ioctl+0x5cb/0x1a7e [ 746.800028] ? blkpg_ioctl+0x9d0/0x9d0 [ 746.804085] ? trace_hardirqs_off+0x64/0x200 [ 746.808590] ? mark_held_locks+0xf0/0xf0 [ 746.812703] ? __kasan_slab_free+0x186/0x1f0 [ 746.817192] ? kfree+0xcc/0x210 [ 746.820552] ? ksys_mount+0xf4/0x130 [ 746.824448] ? __x64_sys_mount+0xba/0x150 [ 746.828693] ? do_syscall_64+0xf9/0x620 [ 746.832774] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.838254] block_ioctl+0xe9/0x130 [ 746.842100] ? blkdev_fallocate+0x3f0/0x3f0 [ 746.846560] do_vfs_ioctl+0xcdb/0x12e0 [ 746.850882] ? lock_downgrade+0x720/0x720 [ 746.855103] ? check_preemption_disabled+0x41/0x280 [ 746.860230] ? ioctl_preallocate+0x200/0x200 [ 746.865112] ? __fget+0x356/0x510 [ 746.868839] ? do_dup2+0x450/0x450 [ 746.872547] ? kfree+0x110/0x210 [ 746.875975] ? ksys_mount+0xf4/0x130 [ 746.879782] ksys_ioctl+0x9b/0xc0 [ 746.883591] __x64_sys_ioctl+0x6f/0xb0 [ 746.887566] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 746.893132] do_syscall_64+0xf9/0x620 [ 746.896968] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 746.902207] RIP: 0033:0x45e087 [ 746.905426] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 6d b5 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 746.924802] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 746.932662] RAX: ffffffffffffffda RBX: ffffffffffffffff RCX: 000000000045e087 [ 746.940098] RDX: 0000000000000000 RSI: 0000000000004c01 RDI: 0000000000000005 [ 746.947444] RBP: 00007f5fada0d6d4 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 746.954775] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000016 [ 746.962122] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 01:56:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x4000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x0, 0x1, 0x2, 0x2, {0xa, 0x4e65, 0xe3, @loopback, 0x3ff}}}, 0x80, 0x0}, 0x20008840) ioctl$sock_rose_SIOCDELRT(0xffffffffffffffff, 0x890c, &(0x7f0000000000)={@remote={0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x838e, @null, @netrom={'nr', 0x0}, 0x2, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}]}) 01:56:10 executing program 2 (fault-call:0 fault-nth:60): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:10 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000003f0000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 747.090492] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 747.090492] [ 747.130308] input: syz0 as /devices/virtual/input/input344 01:56:10 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46445010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:10 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xb00000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000024000705000000000000000000001f00", @ANYRES32=r6, @ANYBLOB="00000400f1ffffff0000000008000100687462001c0002001800020003"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)=@delchain={0x68, 0x28, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {0xfff1}, {0x0, 0xffff}}, [@filter_kind_options=@f_cgroup={{0xb, 0x1, 'cgroup\x00'}, {0x38, 0x2, [@TCA_CGROUP_ACT={0x34, 0x1, [@m_pedit={0x30, 0x0, 0x0, 0x0, {{0xa, 0x1, 'pedit\x00'}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x68}}, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r7, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$IPSET_CMD_ADD(r7, &(0x7f0000000440)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000400)={&(0x7f0000000380)={0x44, 0x9, 0x6, 0x600, 0x0, 0x0, {0x0, 0x0, 0x2}, [@IPSET_ATTR_DATA={0x28, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_COMMENT={0xa, 0x1a, 'pedit\x00'}]}, @IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x87ef}]}, 0x44}, 0x1, 0x0, 0x0, 0x4008800}, 0x4000) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000540)=@newtfilter={0x24, 0x2a, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r6}}, 0x24}}, 0x0) sendmsg(r0, &(0x7f00000000c0)={&(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, r2, {0x2, 0xe22, @remote}, 0x2, 0x4, 0x1, 0x3}}, 0x80, 0x0}, 0x0) [ 747.230123] input: syz0 as /devices/virtual/input/input345 01:56:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x5000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 747.286329] FAULT_INJECTION: forcing a failure. [ 747.286329] name failslab, interval 1, probability 0, space 0, times 0 [ 747.301590] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 747.311262] CPU: 0 PID: 23989 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 747.319243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.328878] Call Trace: [ 747.331519] dump_stack+0x1fc/0x2fe [ 747.335239] should_fail.cold+0xa/0x14 [ 747.339287] ? mount_fs+0xa3/0x30c [ 747.340862] HTB: quantum of class FFFFFFF1 is big. Consider r2q change. [ 747.342897] ? setup_fault_attr+0x200/0x200 [ 747.342916] ? blk_queue_enter+0x40b/0xb70 [ 747.342967] __should_failslab+0x115/0x180 [ 747.362852] should_failslab+0x5/0xf [ 747.366916] kmem_cache_alloc_node+0x54/0x3b0 [ 747.371746] create_task_io_context+0x2c/0x430 [ 747.376667] generic_make_request_checks+0x1c4f/0x22e0 [ 747.381985] ? should_fail_bio.isra.0+0xa0/0xa0 [ 747.386682] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 747.391725] ? kmem_cache_alloc+0x315/0x370 [ 747.396201] generic_make_request+0x23f/0xdf0 [ 747.401424] ? blk_put_request+0x110/0x110 [ 747.405726] ? lock_downgrade+0x720/0x720 [ 747.409967] submit_bio+0xb1/0x430 [ 747.413562] ? generic_make_request+0xdf0/0xdf0 [ 747.418353] ? check_preemption_disabled+0x41/0x280 [ 747.423449] ? guard_bio_eod+0x2a0/0x640 [ 747.427591] submit_bh_wbc+0x5a7/0x760 [ 747.431648] __bread_gfp+0x14e/0x300 [ 747.435559] readSuper+0xa6/0x250 [ 747.439054] ? map_id_range_down+0x1c4/0x340 [ 747.443681] chkSuper+0x93/0xa90 [ 747.447126] ? readSuper+0x250/0x250 [ 747.450904] ? lock_downgrade+0x720/0x720 [ 747.455116] ? do_raw_spin_lock+0xcb/0x220 [ 747.459405] jfs_mount+0x47/0x3d0 [ 747.462933] jfs_fill_super+0x55c/0xb50 [ 747.466983] ? parse_options+0xe70/0xe70 [ 747.471149] ? set_blocksize+0x163/0x3f0 [ 747.475259] mount_bdev+0x2fc/0x3b0 [ 747.478924] ? parse_options+0xe70/0xe70 [ 747.483142] mount_fs+0xa3/0x30c [ 747.486626] vfs_kern_mount.part.0+0x68/0x470 [ 747.491190] do_mount+0x113c/0x2f10 [ 747.494843] ? do_raw_spin_unlock+0x171/0x230 [ 747.499358] ? check_preemption_disabled+0x41/0x280 [ 747.504384] ? copy_mount_string+0x40/0x40 [ 747.508676] ? copy_mount_options+0x59/0x380 [ 747.513150] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 747.518398] ? kmem_cache_alloc_trace+0x323/0x380 [ 747.523295] ? copy_mount_options+0x26f/0x380 [ 747.527888] ksys_mount+0xcf/0x130 [ 747.531619] __x64_sys_mount+0xba/0x150 [ 747.535662] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 747.540286] do_syscall_64+0xf9/0x620 [ 747.544168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 747.549548] RIP: 0033:0x460c6a [ 747.552760] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 747.571852] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 747.579965] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 747.587501] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 747.596460] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 747.603767] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 747.611182] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 747.622585] attempt to access beyond end of device [ 747.629379] loop2: rw=0, want=184, limit=178 01:56:10 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000c0650100001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 747.660016] HTB: quantum of class FFFFFFF1 is big. Consider r2q change. [ 747.671695] metapage_read_end_io: I/O error 01:56:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@nl=@unspec, 0x80, 0x0}, 0x0) r1 = accept(r0, 0x0, &(0x7f0000000000)) setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r1, 0x111, 0x5, 0x8, 0x4) 01:56:10 executing program 2 (fault-call:0 fault-nth:61): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 747.757435] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 747.757435] [ 747.777577] input: syz0 as /devices/virtual/input/input346 [ 747.817616] input: syz0 as /devices/virtual/input/input347 01:56:10 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) io_setup(0xf6d6, &(0x7f0000000000)=0x0) io_pgetevents(r1, 0xfffffffffffffffe, 0x4, &(0x7f0000000040)=[{}, {}, {}, {}], &(0x7f00000000c0), &(0x7f0000000140)={&(0x7f0000000100)={[0x9d9ec87]}, 0x8}) 01:56:10 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x6000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 747.869031] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 747.869031] [ 747.881836] FAULT_INJECTION: forcing a failure. [ 747.881836] name failslab, interval 1, probability 0, space 0, times 0 [ 747.932961] CPU: 0 PID: 24028 Comm: syz-executor.2 Not tainted 4.19.164-syzkaller #0 [ 747.940992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 747.950464] Call Trace: [ 747.953366] dump_stack+0x1fc/0x2fe [ 747.957111] should_fail.cold+0xa/0x14 [ 747.961074] ? setup_fault_attr+0x200/0x200 [ 747.965575] ? radix_tree_node_alloc.constprop.0+0x1e4/0x320 [ 747.971435] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 747.976652] __should_failslab+0x115/0x180 01:56:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000001001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 747.981084] should_failslab+0x5/0xf [ 747.984958] kmem_cache_alloc+0x3f/0x370 [ 747.989074] ? mempool_alloc+0x350/0x350 [ 747.993210] mempool_alloc+0x146/0x350 [ 747.997172] ? mempool_resize+0x790/0x790 [ 748.001448] ? mark_held_locks+0xa6/0xf0 [ 748.005581] ? check_preemption_disabled+0x41/0x280 [ 748.010711] bio_alloc_bioset+0x389/0x5e0 [ 748.015825] ? metapage_get_blocks+0x1ab/0x2d0 [ 748.020477] ? metapage_write_end_io+0x150/0x150 [ 748.025280] ? bvec_alloc+0x2f0/0x2f0 [ 748.029157] ? page_cache_tree_insert+0x3f0/0x3f0 [ 748.034090] ? check_preemption_disabled+0x41/0x280 [ 748.039181] metapage_readpage+0x2d2/0x7f0 [ 748.043514] ? metapage_get_blocks+0x2d0/0x2d0 [ 748.048180] ? __page_cache_alloc.part.0+0xb5/0x3f0 [ 748.053264] do_read_cache_page+0x533/0x1170 [ 748.057734] ? metapage_get_blocks+0x2d0/0x2d0 [ 748.062389] __get_metapage+0x240/0x13d0 [ 748.066519] ? init_wait_var_entry+0x1a0/0x1a0 [ 748.071185] ? map_id_range_down+0x1c4/0x340 [ 748.075659] ? release_metapage+0x9b0/0x9b0 [ 748.080178] ? new_inode+0xc7/0xf0 [ 748.083815] ? lock_downgrade+0x720/0x720 [ 748.088476] ? do_raw_spin_lock+0xcb/0x220 [ 748.092759] ? do_raw_spin_unlock+0x171/0x230 [ 748.097323] diReadSpecial+0x14e/0x600 [ 748.101308] jfs_mount+0x83/0x3d0 [ 748.104880] jfs_fill_super+0x55c/0xb50 [ 748.108960] ? parse_options+0xe70/0xe70 [ 748.113090] ? set_blocksize+0x163/0x3f0 [ 748.117261] mount_bdev+0x2fc/0x3b0 [ 748.121001] ? parse_options+0xe70/0xe70 [ 748.125155] mount_fs+0xa3/0x30c [ 748.128589] vfs_kern_mount.part.0+0x68/0x470 [ 748.133157] do_mount+0x113c/0x2f10 [ 748.136884] ? check_preemption_disabled+0x41/0x280 [ 748.141975] ? copy_mount_string+0x40/0x40 [ 748.146260] ? copy_mount_options+0x59/0x380 [ 748.150752] ? rcu_read_lock_sched_held+0x16c/0x1d0 [ 748.155823] ? kmem_cache_alloc_trace+0x323/0x380 [ 748.160728] ? copy_mount_options+0x26f/0x380 [ 748.165251] ksys_mount+0xcf/0x130 [ 748.168945] __x64_sys_mount+0xba/0x150 [ 748.173072] ? lockdep_hardirqs_on+0x3a8/0x5c0 [ 748.177839] do_syscall_64+0xf9/0x620 [ 748.181704] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 748.186963] RIP: 0033:0x460c6a [ 748.190207] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 ad 89 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 8a 89 fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 748.209756] RSP: 002b:00007f5fada0ca78 EFLAGS: 00000202 ORIG_RAX: 00000000000000a5 [ 748.217510] RAX: ffffffffffffffda RBX: 00007f5fada0cb10 RCX: 0000000000460c6a [ 748.224842] RDX: 0000000020000000 RSI: 0000000020000100 RDI: 00007f5fada0cad0 [ 748.232311] RBP: 00007f5fada0cad0 R08: 00007f5fada0cb10 R09: 0000000020000000 [ 748.239626] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000020000000 [ 748.247142] R13: 0000000020000100 R14: 0000000020000200 R15: 0000000020064f00 [ 748.274710] attempt to access beyond end of device [ 748.282977] loop2: rw=0, want=184, limit=178 [ 748.294227] metapage_read_end_io: I/O error 01:56:11 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 2 (fault-call:0 fault-nth:62): syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46446010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 748.408189] input: syz0 as /devices/virtual/input/input348 01:56:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000002001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 748.490381] input: syz0 as /devices/virtual/input/input349 01:56:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x7000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 748.591753] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 748.591753] [ 748.601180] attempt to access beyond end of device [ 748.619079] loop2: rw=0, want=184, limit=178 01:56:11 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) perf_event_open(&(0x7f0000000380)={0x2, 0x70, 0x2, 0x4, 0x46, 0x1, 0x0, 0x2, 0x4003, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0xbd9a, 0x0, @perf_bp={&(0x7f0000000280)}, 0x3100, 0x24a, 0x7, 0x5, 0x3, 0x80000001, 0x20}, 0x0, 0xa, r1, 0x9) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000240)={0x81, 0x5, 0x2}) r2 = socket$packet(0x11, 0x2, 0x300) sendmsg(r2, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f0000000340)='/dev/bsg\x00', 0x66e180, 0x0) r4 = semget(0x2, 0x2, 0x0) semctl$IPC_STAT(r4, 0x0, 0x2, &(0x7f0000000000)=""/51) semctl$SEM_STAT(r4, 0x1, 0x12, &(0x7f0000000140)=""/213) getsockopt$inet_sctp6_SCTP_LOCAL_AUTH_CHUNKS(r3, 0x84, 0x1b, &(0x7f0000000040)={0x0, 0x89, "0f964f81d121efbebd662c11968ee2d5d798ec8cf4c87d30d02df756018890563239c6ab344e6cf3a38dec2ead467f39e1dd1703234cf7e63b9a88206c742709b6d466784d58ec8a7fd7dd23054a4fbf8bf35c145c7481bc0547d856f53ffa74ead21b86404a312aaeb0c8734fa17aa6dbd4f456a088415feb02ae4f6aab8c998df32f9b021958a8b1"}, &(0x7f0000000100)=0x91) [ 748.647041] metapage_read_end_io: I/O error 01:56:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000003001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 748.673967] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 748.673967] [ 748.730082] input: syz0 as /devices/virtual/input/input350 01:56:11 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46447010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 0: socket$packet(0x11, 0x2, 0x300) pipe(&(0x7f0000000000)={0xffffffffffffffff}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f0000000040)=@in6={0xa, 0x4e22, 0x5, @empty, 0xffff0001}, 0x80, 0x0}, 0x80) [ 748.804362] input: syz0 as /devices/virtual/input/input351 01:56:11 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000004001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@pppol2tpv3={0x18, 0x1, {0x0, r0, {0x2, 0x4e24, @local}, 0x0, 0x4, 0x4, 0x2}}, 0x80, 0x0}, 0x0) 01:56:11 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:11 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x11000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 748.905143] attempt to access beyond end of device [ 748.905717] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 748.905717] [ 748.921977] loop2: rw=0, want=184, limit=178 [ 748.942392] metapage_read_end_io: I/O error 01:56:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000006001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000000080)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet_sctp_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000340)=ANY=[@ANYRES32=0x0, @ANYBLOB="347e35e8e669e7781c111367520200a9009acc6b91f5d0d4c15ed5455d27481dc4f8df23a89d547ac0b40b142e2e87c12764b58c09205ef1f513d500000000c16b9f99e8fef9e3fcfc9009c233e4f17e82837742317c9a9c4a5594c74588fa022f2e6f9f76e7ba9a4be7f96d8f313fbe56ba66ffa7808655ff3cea60767559dcf2d173052bbd74ff2b042f937c1d2d581c63a0972a16b037d71c36aff34e5091fe39a2e9a2b261548a43da15dba15c5fa58b83d0a70f0503df6f6bed8a3478973b2067f6c6000000000000a4f116f9195bc7d19578041b1a3220784b569629209123247ede42d1ac0c50a611903cc8881d411d8bc3ff4801d26a0b753b51b788e5dde217a0be251b3f3b295cd81883af1971c4111194bf6e3d5a76"], 0xb1) ioctl$CHAR_RAW_RESETZONE(r1, 0x40101283, &(0x7f0000000000)={0xb, 0x8007ffd}) ioctl$BLKZEROOUT(r1, 0x127f, &(0x7f0000000180)={0x7, 0x6}) [ 749.015179] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 749.015179] 01:56:12 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 749.078925] input: syz0 as /devices/virtual/input/input352 01:56:12 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46448010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 749.131957] input: syz0 as /devices/virtual/input/input353 01:56:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x12000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:12 executing program 0: ioctl$SNDRV_PCM_IOCTL_XRUN(0xffffffffffffffff, 0x4148, 0x0) r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000080)={0x0, @hci={0x1f, 0xffffffffffffffff, 0x2}, @can, @rc={0x1f, @none, 0xf7}, 0x0, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000040)='batadv_slave_1\x00', 0x9, 0x0, 0xfbff}) openat$vcs(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vcs\x00', 0x40, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000001c0)='/dev/input/mouse#\x00', 0x5, 0x10080) write$FUSE_STATFS(r1, &(0x7f0000000140)={0x60, 0xfffffffffffffffe, 0x0, {{0x40000003, 0x3, 0xffffffffffff0000, 0x0, 0x0, 0xf2, 0x5, 0x800001}}}, 0x60) r2 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x10000, 0x0) ioctl$BTRFS_IOC_INO_LOOKUP(r2, 0xd0009412, &(0x7f0000000340)={0x0, 0x1}) 01:56:12 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 749.243703] attempt to access beyond end of device 01:56:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000007001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 749.276521] loop2: rw=0, want=184, limit=178 [ 749.292525] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 749.292525] [ 749.302049] metapage_read_end_io: I/O error 01:56:12 executing program 0: r0 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') ioctl$BTRFS_IOC_LOGICAL_INO(r0, 0xc0389424, &(0x7f0000000080)={0x8, 0x8, [], 0x0, &(0x7f0000000040)=[0x0]}) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4785, 0x2}, 0xdf, 0x0}, 0x4004d) r2 = gettid() perf_event_open(&(0x7f0000000240)={0x0, 0x70, 0x0, 0x2, 0x4, 0x0, 0x0, 0x0, 0x2405, 0xf, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={&(0x7f0000000200), 0xa}, 0x42808, 0x0, 0x3, 0x3, 0x2, 0x100}, r2, 0x2, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$RTC_WKALM_RD(r3, 0x80287010, &(0x7f00000000c0)) syz_open_procfs(r2, &(0x7f0000000000)='net\x00') sendmsg$NFNL_MSG_ACCT_NEW(r3, &(0x7f0000000340)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x68, 0x0, 0x7, 0x201, 0x0, 0x0, {0xa, 0x0, 0x2}, [@NFACCT_NAME={0x9, 0x1, 'syz1\x00'}, @NFACCT_NAME={0x9, 0x1, 'syz0\x00'}, @NFACCT_BYTES={0xc, 0x3, 0x1, 0x0, 0x5}, @NFACCT_FILTER={0x14, 0x7, 0x0, 0x1, [@NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x7fff}, @NFACCT_FILTER_MASK={0x8, 0x1, 0x1, 0x0, 0x20}]}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}, @NFACCT_BYTES={0xc}, @NFACCT_FLAGS={0x8, 0x5, 0x1, 0x0, 0x2}]}, 0x68}, 0x1, 0x0, 0x0, 0x20000090}, 0x24000880) [ 749.339177] input: syz0 as /devices/virtual/input/input354 [ 749.371417] input: syz0 as /devices/virtual/input/input355 01:56:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x14000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 749.430675] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 749.430675] [ 749.462765] device wlan1 left promiscuous mode [ 749.525253] attempt to access beyond end of device [ 749.548397] loop2: rw=0, want=184, limit=178 01:56:12 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x5000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000008001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:12 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46449010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 749.573016] metapage_read_end_io: I/O error 01:56:12 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 749.688494] input: syz0 as /devices/virtual/input/input356 [ 749.769722] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 749.769722] 01:56:12 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = signalfd(r0, &(0x7f0000000000)={[0x10000]}, 0x8) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000040)=@req3={0x80000001, 0x8, 0x9, 0x80000000, 0x1, 0xee, 0x6}, 0x1c) 01:56:12 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000000003f001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 749.835653] attempt to access beyond end of device [ 749.851999] loop2: rw=0, want=184, limit=178 [ 749.873411] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 749.873411] 01:56:12 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x15000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 749.890959] metapage_read_end_io: I/O error 01:56:12 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r1, 0x10e, 0x2, &(0x7f0000000080)=0x10, 0x4) sendmsg(r0, &(0x7f0000003a00)={&(0x7f0000000000)=@hci={0x1f, 0x4, 0x1}, 0xffffffffffffffb4, 0x0}, 0x0) 01:56:13 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:13 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 750.019228] input: syz0 as /devices/virtual/input/input358 01:56:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000165c0001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 750.073235] input: syz0 as /devices/virtual/input/input359 01:56:13 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = syz_mount_image$reiserfs(&(0x7f0000000040)='reiserfs\x00', &(0x7f0000000080)='./file0\x00', 0x1, 0x3, &(0x7f0000000340)=[{&(0x7f00000000c0)="875ead60f47a15a530bba2c3b3a80bf8c44530d97300049fc0b0a2eb1c0a0dd119f133a78db4fd0a35ffc63ac15ca051f29b501544025d1a4e637b26bc20da9733862674c11ad36309e18eec5c67dd3f7b564dfedf6db2b869e30564e66f860953", 0x61, 0x81}, {&(0x7f0000000140)="54131b3e469044d228bd416161e504546f12", 0x12, 0x9}, {&(0x7f0000000180)="c424ec40fa3cd7b03a5dc9251a80cc29d699929371cb20dc1c4c8aabf80fe1cff0c04abfb7c3468857ec576c558c93d5b8dddf0f452ab3a054ff9eb327d8ea55de6d447522a47d529b2903f4708d47db79a2d628486f2105b8368a2d56c03a4226dc44fa6e63b991544e901cf3e5d38dfc09f28c019eb1570230a039b030fdb4549afa47cf111595fb0d075e37881103e3560ad743608e15137e5c7bd63e8cb1d05320c1f5fca51854aa89e393236ea524ce328c123bd326ab4fa6df9c89136850c40ec17eaec5576944396c856a22bd086244f8", 0xd4, 0x2}], 0x2000, &(0x7f00000003c0)={[{@barrier_none='barrier=none'}, {@noattrs='noattrs'}, {@tails_on='tails=on'}, {@noattrs='noattrs'}, {@balloc_test4='block-allocator=test4'}, {@errors_continue='errors=continue'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}, {@data_journal='data=journal'}, {@barrier_flush='barrier=flush'}], [{@subj_role={'subj_role', 0x3d, '(!/'}}, {@seclabel='seclabel'}, {@audit='audit'}, {@appraise='appraise'}, {@euid_gt={'euid>'}}, {@subj_user={'subj_user', 0x3d, '*\\(+$'}}, {@dont_hash='dont_hash'}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@fscontext={'fscontext', 0x3d, 'staff_u'}}, {@fowner_lt={'fowner<', 0xee01}}]}) ioctl$BTRFS_IOC_SNAP_DESTROY(r1, 0x5000940f, &(0x7f0000000500)={{r0}, "2be47ea3d886f70a7012efbfa5d531061209fcee7698ff7a8791b0833cf8691f70af4cb637d384050ac8f92da1d56acb8aa39bfa24da6529c57c3f690ed1dba5195ff51db385be9950bf28323ff89300c0faf024f6aa91af7fdab1c15abd342bd33b54be7dbc475f0bffa2c19207cbf32b0adf40549836d9945ff57ee33c82e50861be49ba95e93d1790fd11df8613c55cbb231a824a93005bcdc94ed283d5783198c4e33d6986319af3e41782b28277ea29aa32826ce2133462a2e29bf29e2c6e7f103c34f0d262237f850a464615926c642c6f36817e9762f42606ed63ff19c0a0088f37cb2cdf84605cac4755891851d2f6ae761388c54b4e74cdf4ffc7dc69f05e2ae7ec9e360d8fa3f24134c84c451af6d2b7f4c43d9ab5e5187ce73792eb165e6b004470c5091781854761e5a919ac86fdf1959daa1f8a9522043b68fe3c55c3771671641021d55e0f59cf1c9b5cdca67d74a0dc2aefdc52feea1dd7a246ebae9179f54845d758c406a0c802a94d77b8a659a6bf3ccf98477e3b34def43b9a2ce4f98b22642f559a37a4bf817d546b1b4f9d09250530fd648b0ee978a0c7fb6c7a1cb3ebcdb18bca7da26d7e1c4742ad59de4b70e5692304e7fbd9bc5abb4ab7bf4500c85dea73ee54b2ef1360216a252891df79b5f547ed2a2f1479a2a5a837521a85275e33ec078e57b171c0986f655ff97b049864ee8319b4a99a8208e191aee87f4f2722fd11f26a1cce853c033932f23c3f04c9e52e5c54d696f679ee16b6f5ae05c6c9508d0415398d8837ff276d7705319e9b8fea15f48c4fadbd39363d1ed8a170c89f80b57c2decef7962d8caa6c675a16ee71d9e1cc96d477fdb807e046baa4d3dde9bf8d41c23eaac42d9252a7870d0d688db00ff0ae772599a2ef07adeacc904c9c6e953a6006997d79451bf5fb4e8e16ebea9097f659adc4988ced45ca275c45930a383a1ea399ab81f6324ad636aa7624d253bd69851589c002b1526aa7be40be497efc7cce7659a8b0c577cd95dbddff1d19035d51bc1e0b4dfbd7b1c9145f358cdb143dad55ec8c2ba9cae86832bfd3ada122c29a3595c52a2c87fad9f8c480605cb372084abb213131acb938489c5dfade509493d054d3f6e23c49f62834fef74a36a68025aa55d4c37744568baf0577a6814534d293f8f5e38a3e4b5fff73b316b7da5a080b3e8ad51a79dedbf3c6d74b5430a55e0d88dbfb644fc823112da5ed3e415b26175ae3773c9a9450323f718df0baf0f000aaed9699a3d79e8580d2261e5b3001ee0971f851888cc549aecca24bca53dbe5b4fabc2236fd6bd407e1778251bc27783c7fc6eb187915217581ac15a433024484998596df23ac36c69eeed3d80e5c9104259d1d5627a142c8920cccdbb0882917f84987ae009b25717959112b32987dc2f52e8e3814d8eaa7e67b629e3a2d1ca42de6d877b370ff57bdd47904971e606b630ed396417c2913002de8891dccf63725814e3297df77819929df8696ba72a76d14d9d7995a971791f891c0c0daa92f778d25fd27954c17fae2cdad4ebbc8e9f88da3c3c49a48211efdb0500ad811162d02ca0cec0ebd12fd79183c947581a0b7ffcf548c6675f6e2e3569db8ea0782ca3e6788f739591280c526c94e60f287825de9a38d908d36d02afb193713a551db6f82788506cd44f68f810ab1e9f9725f57137c5debddade9ae0e66c9a9df801cb6819ffc470ee102c36e444f073fd6d7311c93ec9c39f6c69f8d4b0da7ff700bd377e9e6743da15ddc7cc3652df17e33ee34c62c27870002015f6ad90720fab03ae8a5946a7be4d0108a0637d5af12d678bd0f2229a5d1ab6b4dfe1a10de631cc5698b44922a7281fc9ab70f6765a70c9d5ee40e65de84aaac872142a4b5b09344d6a2ebf88023f2b6264f26bd56c4c942658e2fd768f9b91db557d2d480e31680888dcc892ab87dd27fc8aab5f95257c9cbf245885cb7e14e0dbc0cf9498882f439b58cc1557d412989d6c3633fec563172be14964ed0b9020a5babd269e87b0c9c35037d14405d97f5451132522026f5d9614488cd94905ac03668bf72d57dc3a6dbaf7f09739b27ff598ce104b307494125e03e76706ef37e5f345fa21d7d60e4e432621d0c2ce4eacd5cfba171786d5bf4af2012fa5399a6c09f5ae2fc3a66253232002f687794530b82413390c19b5351bab5effd90e5c4cd187c6a48a86d57e0bb68e034b08f435c5aab2504003a1b912c875acc7f4ec84b3f388f6df0844b6f8f23e747edbbc7b9b9b077badf217ceb7bc690669f6544606c335184ab91ca290f2f3f16de22125c76434fe3f1fa16c9f9f59c2ad6666b8d85a0fd1ee395fc53d1cd19e5e1b0d4a4768f90a6ad5ccbd31023e8f775d2fa5ab16c82b7797c3e9a4350ae39c376bf590764cc62762ed060cf4b9e234e0df7f01d32487f32f0f2c560019bbb0da89754abfa503ac54d1833421565fc66e1b5a8439463cee16ed2386f4941074585ccbcc026e7247b67147284cf98fd2717fe21d0f24d8cd0fad5e10b6c751989d4a458aa98cd32534dd2832e1fbe1916760b2cb561d15057533b4fa8c9a6e2c10f3a13c448533189b501348ce55fb6d44dda50f44a2b30e7882402056a38b8a8ec023d7930a6c35c355a67870623f9593d26a0b0eabb37f5c7c71145f7bb6087297b8c361b56380d6890fc52a4f0ea821c203c7d54a66cb95b755b6c24682e17611d7af4fb5809bc328a0ac9a051b49268e217593c4033eb73ffa7cb9057dbadac12110818314bf9eefa6e71bc5a675778de823d9857d2e2febc9ce9e9f41c05bdc692b61684a048fee3485dbcb98d091b54a44df582e32f0f02a5049792b715e0c8890b7370ca00641cf6ceae1a0a095fe1689f3a1f6231079c17ef990fe6852c5d1f5423227472aa5c2a69d8f105644a1b0d182d6e4af5fa2981f22793493105df881dca24d8a998891b8e2f3a05e64f6e7e737665c0a26ea9339699e18cabcf0b274c95cb93ae338cc33218548c524fbca1886c3cd12981679c77b67e9b9dbc48b8e1e47b8cc3491981d725e54c565bf683f89053fea555595c5532e9b169d5787ae79268b6a6c4eca1e2c6f0e76cefbc5ca38459488df792092eb0f83f606a229bd7c0e72f55686f7b7e5c06f740f20c8e5469acecedb408098da0d3289979c554c58d7c49dcf9c8b6828604ca72714b4c33b32578464542b51567a29b4dddbfdb23eeac204ffae212c8ed8f089a004b79e59e3aea363efe60577cd7dd80b8b8e8cd5b9c958111685b538dbc5de47d2c7a51aca25565757fcc2c05940eadfbaeb707786833881e2d6ba76823fa3af6ae132c819916377bc0e854cf268f9ba2fc2e956aaad127b6d12df33f871894a9e0ec298a229c9e7414882fa731ee60f6a8674a559e802f0c0495ac25df851198d90e1ab334c2d00e98b24b7e18b65b907fbadc4bd1eda3a699d631b4f9ce0f34266cc512d3403ecad6f20c2b7fa9d37f1d359d5a47b57dd86f291f42aa417c870ad38692f8dce72c79b57329cc9e10bc7e4299aa91aa458eb05abe8e9b6544b9a632b97bea35a5425534dafaa42c3b8fec30478bbce1aac0400c65671c45042ff50907742287a44f92ada310c92cb4ac21539226ea24d9309d601ca1e42f566f4ae681252e7f944dae52455799c20bbb0fd280e65ceb4448bdcd88d5929d2a02affcbc8a5b97328ac322033a1f39eaf37fb996ad4b997a44629f867ed93fdf7d0b9b68b4ccdbd8c3cec0b703261c44f1c9451f4c0e9546fa9e8e5120ac96387c03b084a890947a488df6cd4f6f008ae120e6c83f8bee6b591a16e18583fef5ba0ee331421c744c5cda30702331a58d0a6b630280b67173cb9e091a60b7c1e980209591ca2b7136e574d6df8dee480dc53ffcc7f21fcc2600be40db587622ea074076e2fda9370f9edb159d983ff53abd349dd5123290fa91f447fbdbd2110be7ec8fc490d43ae93cd96ecd6d967caf26cbdcd9ee9387f013cb1109ba080a2eb13a75bd3f03c7e8d13a2b10ffda7da91bc410640d6efb795cf430e85a221c3347074395a65e9330870dc3253b70d07ad9edc3eb58baab82149d8c1f8242a94a367d6547c19771d868a4ba1c5e5c59f88865d8e6f54a5ded412f225e73511a89616c1af1b191640ab6b6ba93e52f5a91d7330b28fcdc18b2a7b4256ee139aa0728f44d685145c35a3c317ee608151f91f1e8a44ddc13343b2d7add60073bd64f6df684fd351d44f59853bdb04c4f28c891e76aeb304a4a7d4b8b10fcaf02ffd0d6c35aa00cc4efcabec309cef41ec1b369c22cb2b4db5cdd99750cca87563f395129f9a0b852715bd183f0637b75a580292d79da1c5652134855e8b167bf0303a9fa426fd2cb8ab479c93e3ad64828c69cf3c4205ee95946992be8a9ac551f375f5e7d9c5e33044dce81df3b9c765dac2f874ecf4297f9637093732a417075007fe2e5480de06eeb24c240ace8bef7556b8a1f9c21f660a275d8c16c008da2b9337ee6fe1574de9b9ba36479f8355cc59943ed014eacd5bcc8843f903682496d31d3ef8584841e9375d9b76f7e2b24ad86e29aeaa3fac007ccdbc7edbf37f49cad8d41590ab7fbf7f9fe31d0861370c818b305d0fbca544f8426a4ee6ce28794cc427c138bc4c4930b4248506bbf9dd101cd9b9a3beb3048e4d5a49f42e3048bb25d036ecf3927a9b7c9e5200c2ce349a4c43c8a5739d63cf9ea9e611b4d6f35b0bebf34058d8d47882f3576afafbcd84396c2447faee19b72caa496b0f932300703d6c1d985e8e811aeb980e9a19fdc6bed338fceef3d9632068dab1dad824588af4befa38d71363cef50d0c0ce1f9bcc4cccd3db95d072a635cbfab4f2dda88fe1474e9ff9ef31dca0f9c1367e36ce7d53d2e46d10ee3b8fdc8bce9c0478a3dcdcd9935fd1dd6cca8bb96b01070d234b05bf48302016333101f949a227655b2afc2a5c8215d328bc86f8264a09208d02766446a368a54d272c4ca521a09ce23423a4c7626fc51af64eba9a0dc7745ed7c77b68ef94876c5730a1299a15c6b6d55f25fcefff456c8a53bbbca46274f664569adf72036455248539ec6bd27c413039b161a7ac2f6e80b79adaa03405f11d1ba9ef7e500ad8c2a92bd4799f80839bae46df196f79a05e7c8998a582bcac0223c69b9d2663726d2e7940e728eae106658debe2304b0f2a3279f920b33dab62f2895835f5a0c99c25a0c88fd3c1c9960eac9f9f664a4a3bd470a242edb97aac54119627e930786dc55a962655b5862cfae03117615ebccd5f181844f9b0982b2bac2c3b59355e003db5faeb86177d16304dbd28af0b3b0571bed1f8997cd0d53a885c42e2c849018df2f8b3ecc263fbf97489bb81f440e08b9644ea8e6626262134e364481c8d9f35dee12c5724b622c75cffed0e37fd460e901f44beb34da96039d9f7a007123842417ae4a90f2273b5bfa5977e0b6e435665cfffecaa84f4460abd2c0bebb385359607bd37d8c243892f25b432f3061b0b09879417609251273882ba49b85e76031bcc7baa0e7ef9059295c4b4d02b4c425e757dca728fb532ffe525c87d34e9b89395369ff8ee6a22369ed5c33d38e8d19c40783cac156068531c4e80f1bd04e06b219b851dc08e7315eb2c10d1522727463447b6322163508abf10550790b34b0a25b5c74f3947770b4fa9ac9f724d610e86b8fb21d3b9d30429430911b170d17c63c4d6420cc22c8928463214a4f9fb4f3976eabb4fb7deedd19a99bd742d6c5a325"}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0, 0x0, 0x0, 0x8}, 0x0) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f0000000000)) [ 750.143112] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 750.143112] 01:56:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x16000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 750.197066] attempt to access beyond end of device [ 750.202678] loop2: rw=0, want=184, limit=178 [ 750.210359] metapage_read_end_io: I/O error 01:56:13 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$inet_MCAST_LEAVE_GROUP(r0, 0x0, 0x2d, &(0x7f0000000000)={0x3, {{0x2, 0x4e21, @private=0xa010102}}}, 0x88) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(r0, 0xc0505405, &(0x7f00000000c0)={{0x0, 0x2, 0x9, 0x1, 0x1ff}, 0x5f9a8b2f, 0x0, 0x100}) accept4$packet(r0, 0x0, &(0x7f0000000140), 0x80000) ioctl$TUNGETFILTER(r0, 0x801054db, &(0x7f0000000340)=""/134) r1 = socket$packet(0x11, 0x2, 0x300) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) getsockopt$IP_VS_SO_GET_SERVICE(r2, 0x0, 0x483, &(0x7f0000000180), &(0x7f0000000200)=0x68) 01:56:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fffffff6001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 750.278314] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 750.278314] [ 750.337321] input: syz0 as /devices/virtual/input/input360 [ 750.365413] attempt to access beyond end of device [ 750.365436] loop2: rw=0, want=184, limit=178 01:56:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000080)={r0}) getsockopt$bt_sco_SCO_CONNINFO(r1, 0x11, 0x2, &(0x7f00000000c0)=""/50, &(0x7f0000000100)=0x32) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/igmp6\x00') ioctl$sock_inet_SIOCSIFPFLAGS(r2, 0x8934, &(0x7f0000000040)) sendmsg(r2, &(0x7f0000003a00)={&(0x7f00000002c0)=@tipc=@nameseq={0x1e, 0x1, 0x2, {0x41, 0x1, 0x2}}, 0x80, 0x0}, 0x0) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/sys/net/ipv4/vs/nat_icmp_send\x00', 0x2, 0x0) ioctl$KVM_ARM_SET_DEVICE_ADDR(r3, 0x4010aeab, &(0x7f0000000180)={0x9, 0x1000}) [ 750.390145] metapage_read_end_io: I/O error 01:56:13 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x1f000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 750.411187] input: syz0 as /devices/virtual/input/input361 01:56:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nvme-fabrics\x00', 0x20882, 0x0) r2 = bpf$ITER_CREATE(0x21, &(0x7f0000000100)={r1}, 0x8) getsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000040)={@private1, 0x0}, &(0x7f0000000140)=0x14) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f00000000c0)={'bridge_slave_0\x00'}) sendmsg(r0, &(0x7f0000000000)={&(0x7f00000002c0)=@xdp={0x2c, 0x7, r3, 0x232}, 0x80, 0x0}, 0x0) 01:56:13 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:13 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x5, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) getsockopt$inet_sctp6_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000040)=0x4) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000140)={&(0x7f00000000c0)={0x48, 0x0, 0x4, 0x70bd2b, 0x25dfdbfe, {}, [@FOU_ATTR_TYPE={0x5, 0x4, 0x3}, @FOU_ATTR_PEER_V6={0x14, 0x9, @local}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast1}]}, 0x48}, 0x1, 0x0, 0x0, 0x48810}, 0x4000) 01:56:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fffffdfc001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 750.630334] input: syz0 as /devices/virtual/input/input362 01:56:13 executing program 0: ioctl$KVM_CHECK_EXTENSION_VM(0xffffffffffffffff, 0xae03, 0x7) r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 750.679853] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 750.679853] 01:56:13 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x2f000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:13 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@in={0x2, 0x4e24, @remote}, 0x80, 0x0}, 0x48001) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(0xffffffffffffffff, 0x84, 0x8, &(0x7f0000000000), 0x4) 01:56:13 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x9000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 750.778357] attempt to access beyond end of device [ 750.788237] loop2: rw=0, want=184, limit=178 [ 750.803223] metapage_read_end_io: I/O error [ 750.813690] input: syz0 as /devices/virtual/input/input364 [ 750.875901] input: syz0 as /devices/virtual/input/input365 [ 750.903647] attempt to access beyond end of device [ 750.909146] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 750.909146] 01:56:13 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fffffdfd001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 750.953653] loop2: rw=0, want=184, limit=178 [ 750.969564] metapage_read_end_io: I/O error 01:56:14 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 0: r0 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x1f, 0x41a883) ioctl$sock_bt_hidp_HIDPCONNDEL(r0, 0x400448c9, &(0x7f0000000040)={@none, 0x4f}) r1 = socket$packet(0x11, 0x3, 0x300) sendmsg(r1, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x0, 0x2}, 0x80, 0x0}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$VIDIOC_G_EDID(r2, 0xc0285628, &(0x7f00000000c0)={0x0, 0x6, 0x957, [], &(0x7f0000000080)=0x7}) 01:56:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x3f000000, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:14 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) sendmsg$AUDIT_TTY_GET(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x10, 0x3f8, 0x400, 0x70bd2d, 0x25dfdbff, "", ["", "", "", "", ""]}, 0x10}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) [ 751.088790] input: syz0 as /devices/virtual/input/input366 [ 751.124639] input: syz0 as /devices/virtual/input/input367 01:56:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0xfeffffff, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e21, @multicast1}, 0x4, 0x4, 0x2, 0x4}}, 0x80, 0x0}, 0x4000054) write$usbip_server(0xffffffffffffffff, &(0x7f0000003a40)=ANY=[@ANYBLOB="00000003000014c70000000000000001718bdb6100000008000000860000000300000375000004010000000000000000876da279041589e3cddfe51a3e51289faa63b84d15269ef948845633ec07ce9cebb9bbb9fae3bbae05e089748bd91ba63182ece798ebf64e320a83787d0a0c5dcff81a007823e00e2fce215ef5088c1433ce6291f130aca692135f2ddee64c1a6f8a43113651ede330998e59e484cdd530da13062c8f0dc5668317ab904d6fac6b42da8e488d0000000700007fff00000007000000ee0000008000000080000003ff0000000100000001000000050000000500000007fffffffe0000ffff00000008000000090000000200000004000000060000000600000000000007ff00000a8b00000007000000010000007f00000001000000af000006ee000000be000000000000000600000e5d000003b400000006000000020000506d0000000700000fff0000007f00000004fffeffff0001000000000004003dd80080000000000000048000000151020aea800000000000000800010001000006be000080000000000300000003000001ff0000000900000400ffff7fff000000020000000000000002000000df8000000000000007000000d40000001f000003ff0000000400000000000000c00000000400000e6d00000001000000000000000200000007000000030000000000000800fffff03600000007000000200000e6b701000000000001ff00008d6e2b85821200000800000000070000000300000ffffffffffd000003ff000000080000000500008001000008000000001f000001ff0000000200000001000000040000000600000000000000010000000900000006000001e10000000300000007ffffffff0000000300001000000000070000000300000008000001ff000003ff000001ff00002b6200000000000008000000000100000004000000790000000700007fff00000bc55344ef6c000080000000007f000000057fffffff00000009000000080000930c000000090000002d0000000400000080000000080000000500008000800000010000000800000001000000010000000200000002000000080000002000000007ffffff69ffffffff000000090000009e000000000000010100000065ffffffff0000008000000005ffffffaa000000010000ffff0000700800007fff00000001000000400000000400000003000006c50000000800000006000000080000000400000007000000070000004a00000008000000020000001f000000030000bbbd000000090000000100fff000000000060000000300000400000000078000000100000004000000070000800100000007000000080000000800000004000000070000000000000008000000dd000000060000000400000002ffffff53000000040000000200000004000007ff00000930000000070000000300000007000000090000000100000009000000020000000800000004ffffffff0000000400000000000000060000000300000b3400000020000000800000001f0000000300000080000000000000000000008000000008000000010000000fa3000000000000000700000008000100000000010100000000000000ab000000080000000000010000000100000000a20dffffffff000001ff0000000800000e8a000000010000003f7fffffff0000000300000042000025dd80000000000000070000008000000ffffffffffc00000004000000000000000380000001000000000000080000010001fffffff80000000100000100000000070000000500000002000000010000007e0000007a0000010100000042000000070000000800000072000001ff00000008000000010000000000000003000008d500000008000000070000aa970000ffffffffffff00007fff000000013c299dc400008000000000070000027a0000000000000140000007ff000064290000000900000002800000017fffffff000003ff000046dc0000000600000000000000050000040000007fff000000007fffffff00000008000000070000000500000088000000040000000100000004000000b0000080010000006a800000010000000600004f68000000020000000000000e460000ffff00000002000000000000000400000006000000040000800000000005000000080000000500000008000000200000e8ee00000000000000078000000000000000fffffffc000000000000483a0000000300000006000000f10000008e00000007000000050000010000000008000007ff000080010000000000000009000000060000000700000007000000020000000200000000000000050000000100000d6500000100000000070000000800007fff0000000700000040000080017dc9604c00006e250000000280000000000010000000ffff000000048000000000000000000000070000ffff5cdf4746000080000000001f00000007000000ed00000005000007ff0000007f00000001000002000000000200000fff0000000500000002000000020000010100000078ffffffff000000070000000700000004000000080000000000000003000000f30000a58c000000040000000500007fff00000004fffffffd00000200000007ff0000000400000003000000030000000300000002000000060000080c00000007000000090000004000000000000000400000000200000002000000000000800100000002000000f70000000800000002000001858000000000000007000000d3000000080000002000000f7e000000020000000900000006000000090000010000000003000006060000cc9e00000005000000070000000300000fff000010000000000500000001000000bd00000000000000060000001f00000008000000800000007f00000004000000ff0000001f00000007000000020000000800000008000000050000000500000000000003ff000100010000000100000001000007fffffffdbd0000000100000bde000004010000fbba00000007000000010000000100000004000000070000000100000003000000b0fffffffdffffffff0000006400000005000000000000000100007fff0000495600000006ffffffff000001ff000000020000ffff0000000900000002000000018e00000000000009000001d2000000020000000400000000000008000000080000000005000000400000000500000400000000090000002000000115000000400000003f0000e00000000008fffffffc000000400000800000000009000000f40000002000000000000000020000d239000000070000000000008001000000050000f9550000005900000008000000010000000700000009000002000000000400008f660000000300010000000000030000004b000001ff000034c600000005000000000000f29f0000000100010001000000070000000500000fff000002000000000000000004000004000000552200000db9000001ff0000000800000003000000000000002500000001000000050000000700000004000000080000000800000002033880000000000100000002000000080000000600000002000100010000001f00010000000000020000000800000006fffff800000001ff00000005000008500000000900000004000000090000004e00000005000008001bcb63d30000040000002d720000005e0000000000000002000000000000001f0000000000000b660000000900000004000000080000000600000009000001010000800100000004000000790001000000000007000080010001000000000008000000010000000000000005000000010000003f0000000700000009000000000000000400000006800000010000000200000008000002000000005700000001000003ff000000200100000000000002000009cc00000001fffffffd0000000000000003ffffffff000100000000000000000001000002000000000800000003000000040000000200000003000000070000000100007fff00000001000080007fffffff0000000043cf829300000008000000080000000800000101000010000000340000004273000000003f6385e00000000000000af40000000400000001000000090000000400000007000000000000000100000000ffff89d500000002000007da000000200000000200000000000000000000ffff000000090000c32900000400000000000000000200010001000000070000000100000000fffffff90000000200000007000000fcfffff000000000050f04599c00000101000000040000010000000009000000000000003400000008000000010000000840000000000000070002400000007fff000000930000000100000000800000010000000200000800000000022a17e1ff0000000600000000000080000000c425000000230000024c0000000100001000ffffff8100000008000002000000000400000200000007ff000200000001000100000000000000070000000400000001100000000000007f00000003fffffffb0000010000000000fffffff70000000700000007000080010000fcfd000000020001000100000fffffff8001000000070000000500000001000000070000000600000004000000aa00000006ffffffff00000000000000040000000300000005000000070000000500000101000000810000a8880000ffff00000007ffffffff6ed7cfbd000000050000000200000004ffffffff00000fb800000081000000fa000000010000000100000006000000010000000500000002000000090000000000000200000000630000000700000007000001000001000100000003000001ff0000000100000005fffff4260000001f0001000000000009000007ff0000000200000001000032f7fffff34d0000e41e80000001000000000000000300000001000000030000000700000002000000030000dd06000000ff000000a800000000000000020000000400000003fffffffb0000000700000006400000000000002800000000000003ff00000001800000000000000800008001000000080000aef40000000900000fff80000000000000000000004b00000200075c0feb000000010000614afffffff700008000000000030000352a00000005000000027fffffff000000030000000000000001000000000000003f00000fdc000000050000000500000003000010000000003f000000050000003f0000000900000002ffffffff0000192a0000000100000001000001010000000600000b9400000003000000000000000900000ff300000ae9000000090000000000008e00000000020000003f0000000600008000fffffffb80000001000100000000040100000401000000040000040000000200000000030000000600009ab1000000060000000700000008000000050000001f00000008000000050000004700000000ffffffffc7ce000000000000000000060000000100000009000058e600000001000000040000112f00000002000000070000000600000007000000060000000000000000000041c200000003fffffbff000000b4000000090000000400000800000000020000000500000005000000340000040080000000000000ff0001000100000d9b000000000000040100000000000000020000000658e3d9a3000000067fffffff0001000000000001000000060000000800010001fffffffc00000cb10000000900000006000000070000000400000001000000ff00004c1c00000007000000070000000300010001000000070000040000000004000001410000000480000000fffffa68000000010000000900000001ffffff0000000200000080010000b9f900000009ffffffff000001000000000200000100000000850000000700000003000000a300000005800000010000003f00000001000000000000000200000000000000090000003f000000030000000400000005000001ff000000040000007d00000007ffffffff000000070000c0ba000000400000040000000a4500000400000000000000ba56000053fe00000005530c40440000003f0000007f000051ff0000000100000004000000c7000000070000001c00000003000000000000004000000002000091bf0000007f0000001f00000000000000020000020000000000000000080000000600000101000000098000000000000001000004010000000500000004000000050000000700000009000000080000000600000002000000070000e5d70000000900001f60000000080000000000000004000057ea000007ff0000000500000002000000070000800100000001003700000000bb3d00000007000000ff00000fff000000020000000400000005000000070000100000000008000001010000000000000004000000070000000400000f1d00000001000000047fffffff000000030040000000000002000002dc0000020000000003000000060000006b000010000000000600010000000000030000020000000009000000770000353100000005000000000000800000000007000000030000000800000009000000a70000000500000006000000070000000100007fff0000009f800000000000000900000800fffffffa0000800000000008ffffff23000000d80000000300000009000002000000000600008000000000010000000800000081000000080000bf86000000fafffff077000000010000000300007fff00002db9000010000000001500000fff000000070000008100000f05000000000000ffff000008000001000000000008000009180000000600000036000000090001000000005f4e00000002000007ff8000000000000007000000040000000100000002ffffff6b0000000500008001000000020000003f00000008000001ff00000001000000020000000900000008000000060000000800000003000000060000e7bb000000800000000200000000000000010000000000000000000000070000040100000800ffffffe100000003000000c600000006000000087fffffff00000081000000050000000200000001000003fffffffff90000002000000003000000060000000200000009000003ff00000009000000080000000600008001000000060000073b0000000800010000000000090000000300000000000000d30000000900000040000000060000000900000001000000000000000500000080000001ff0000080000000007000000000000000600000003000001ff00000004000008000000000800000100fffffde600000006000006010000001e0000000800000003000000040000000000000040000000060000000800000c4900000001000005e60000800100000600000000050000020000000006000000040000003f0000007f0000000800000007fffffffd00000008000000000000000200000003ffffffff000000070000000000010001000000080000033900000003ffffffe00000000400000003000000ff00000cee000000050000000500000800000000090000000400000800fffffffe4c928709000000000000020000000005000000a300000005000000020000000100000ffffffffff9000000060000000800000006000000800000010000000003000000ff000000080000000000000101000000ff000000010000000800000204000000010000000100000a81000000200000000600000008000000f700000007000000080000000600000004fffffffe0000040100000b96000000030000000000000000000000070000000900000020ffffffff0000000900000000000000030000000300000001000003ff8000000000000100fffffffc00001000800000010000007d00000004000007ff0000006d000000800000002000000007000000ef000000050000000100000006000000dd00000004ffffe3d9000008000000087b0000000700000cea0000040000000001000000e30000000100000002000000090000000800000e7a000000000000ffffffffffff000001000000a69e0000000800000007000000000000000500000003000000070000000700000001000000070000494d00007fff0000000600000003000080010000000600000005000000060000007f00000007000000810000000500000009000000010000000380000000ffffff810000000300000004000003ff000080000000010100000400ffffff2800000006000000020000010000000005000000090000048400000605000000080000003f0000003f0000000900000a9b0000017d00000a59000080010000006300000001000000020000000100007fff00000002000000030000009700000080000000030000010000000006000001000000000900000008000000030000ffce00000004000000090000086a00000006000000050000000700000fff0000000700000007000002edffffffff00000002ffffffff000000060000000200000020000000e60000000800000040000000ff000000060000001f0000001f0000eda200000003000000090000000800000004000080010000083c0000000400000b2b00000003000000050000000000000081000000400000040100000002000000040001000000000003000001000000000400000000800000010000000000000009000000070000b57800000100fffffffc0000092a00000401000000020000000500000020000000030000ffff000000070000000000000002000002000000000600000000000100000000cffb00000008000007ff000008000000000000007fff00000001fffff63f000000810000000600000009ff000000000001ff00000001000001ff000003ff00000003000010000000000600000001000000080000000500000003000000070000000800000008000000030000000100004f5a000000020000000600000fff0000000200000200000000070000728e000055e8000000080000000900000000fffffff80000000900000000000000080000000600000000000000010000007f00000000000000030000000100000002000000080000000200000004000000ccfffffffe00000001000000070000007f00000003000008b50000000300000ce2000000020000000100000000000000090000000c0000006e00000080fffffffd000000060000000900000005ffffffff0000000300010001000000020000000600000008000000a4000000080000000100000007000000ff00000000000000030000000300003ec100000003000080017fffffff000000070000008000000000000000080000000200000002000000060000000100000001000008d7000000080000010100003dccfffffffa0000000900000008ffffff3400010000000000510000000100000000ffff80007fffffff0000004000600000000000030000000900000005ffffff8100000002000041b00000000200000001000000040000000000000007000000060000000400000002000000000000000400000001000000010000007a00000004fffffffa0000ffff000000d200000101000000010000051c0000008c0000000200000002000000040000000500000000000007ff000080000000000800007ffffffffff90000001f000000080000000400000fffffffffe200000006000000050000000500000006000000bb000000080000000100000003000001ff00007fff0000000100000004000000070000000600000001000000080000000000000623000000840000000000000280000000020000000900000007000000600000000700000080000001d40000001f00000003000000070000000400000002000000060000000000000001000001017fffffff00000ba80000000200002ad000000003000000180000000300000005000000090000000500001d460000000900000001000001010000000200000005000004010000039c7bd52c5c00010001000000047fffffff0000040100000009000004bc000000000000000000000006000000070000000000000100000000ff000000400000000100000800000000080001000100000001000000ff0000000400000000000004010000000600000005000001ff00000008000089f20000ffff0000003e00000005fffffffc0000000a0000000600000fff0000000700000003000000040000000500000003000000040000000300000101ffffffff00000006000000000000000800000003000100010000087300007fff00000101000000060000000100000008000000807dcf9860000001ff00000008000081fc00008001000000020000000500002a4c00000003000000030000001f0000003f0000040000000005000000050000000800000006ffffff7f0000ffff000000bb00000005000000077fffffff000000bc00000000000000400000ffff00000005000007ff0000000600000003000000050000910b000007912db8c95e00000001000025b5000000010000000700000000fffffbff000000e600000007000080010000004000000005000000000000800100000020000007ff0000000100010001fffff0010000020000000938000009120000000200000003000100007ad2bb2a7fffffff0000000700000002090000000000000000000005000000080000000400007444fffffff8000000090000404900000000000000040000006b000000090000010000000009000000090000000100001000fffffffb000000b70000001f0000000500000007fffff001000000090000000400000002000000030000000500000007ffffffe1000001ff000008000000800100000007000000050000000000000515000000080000000000000009000007ff000007fffffffffb000000020000000500000007000000010000080000000005000000f8000000050000000600000003fffffffbfffff8000000003f0000007f0000010000000002000000ff000001006b1d68fc00000000fffff0000000000200000001000069ed000000010000000200000006000000090000000800000000000000054010000000000fff0000000500001000fffffffb0000002c0000000100000001000000040000000700000100ffff7fff00000007ffffb2a100000aca5a0f444100000006001c00000000000400fc00000000000000000a7d0000008100000826000000010000000000000007000000027fffffff00000001000000060000000000007a720000000700000007000000070000000900000006800000000000000000000007000000010000080000000c8500000d02fffffffe000001010000000900000006000000c7000000010000000500000005000000070b47fc2dffff800000000002000000050000010000000008fffffffd000000090000000100000009000069b0000000fffffffb197fffffff00000020000006c600000003000007ff0000001fffffffc100000009000000000000001f00000002000000020000010000000015000003cffffffffc000007ff00008001000000080000000100000006000000038000000100000009000004010000000500000003fffffff90000000900000006000000010000000200000005000000080000800100000020fffffb0600000fff0000ffff00000009000000210000000400008000000000040000000000000007000007be00000008000000060000000600000089000000390000000500000000000000040000032980000001000000090000040c0000005e000000010000000800000032000007ad000000048000000100000ff3000000030000000200000000000000090000cba60000000000000008000000040000fb7d0000007f00000008fffffff9b26000000000001f00000001000000800000000500000009000002001d8ef22c00500000000000017fffffff000000040000001f0000be9c000000020000008400009513000000010000001b00000400800000000000000200000004000000070000800000000101000000030000002000000003000000070000000400000001fffffe000001000100000003800000010000000500000001000000cf0000080000000001000000050000000000000fff3655002800000007005000000000003f0000000400010001000000040000010100000006000000070000001f0000f9fd000000020000000200000008000000a0000000020000000000000008000000010000000500000009000000030000000100000000000000000000fcaf00000200000000030000000900000002ffffffff00000002fffffe01000000a480000000000000080000000700000003000080010000054700000005000000040000ffff0000000700000009ffffff3b0000000200000003000000030000001980000000033a9fac0000040000000ca4ffffff010000000800000ec10000004a0000000600000020000000030001000100000001000000030000000200000003000000050000040100000005000008cb000000000000000200000081000000090000088500000002000000080000000400003d7c0000000100000009000000cf00000000ffffffff00000100000000ff0000008100000fff0000000100000006ffffffc100000fff000000077fffffff000004000000000600000002000000050000000500000040000000030000000900000001000010000000071800000007000003e3000004010000000000000001000000010000000000000009000000080000000600000000000000030000aeab000000000000000700000008000000020000000400000009000100010000000000000a7c000000070000ffff0000000900000020000100010000001f00000101000007ff00000009ffffffff000001ff0000003f0000100000000005000000070000000400000000fffffff8000000090000000400000fff00000005000000040000000400000004000008000000020000000001000000008000000000000008000000080000000800000401ffffffff0000000300000b130000007f00001b8900000fff0000100000000008000000010000000800000002000000f700028080000007ff00000006ffffffff000009540000000900008000000000070004000000000007000000020000020000000000ffffffff0000008138800000000000f7000000010000000200000800000000000000000900000d99000009c7000059ac00000007000000080000e63f7d5de5be00000000000000b200000001000000040000000600000005000000030000decc00000401000006db00000000000000030000000100000003000000070000000100000008000000090000000700000008fffffffa0000000100000000000000030000340000000005000000050000020000000004000000550000000100000009800000000000096e800000000000006e0000010000000001000000034f61d0dd0000cfbf00007fff00000008000001b500007fff00000c0c0000000100000000000000000000000100000fff0000000400000003000008c00000000500000002000000020000020000000008800000010000ffff000000000000000100000005000000030000000200010001000000060000000500000007000100010000000100006b800000000200000005000004000000000600000200fffffffe00002f8100000003000010000000007900000003000000000000001f0000000300000081fffffff8000000400000000600000002000000b3000000030000000700000001000003ff0000000800000020003e000000000008050000000000003f00000d240000000600000200000000080000000900000001800000000000800000000ffe0000000500000003fffffff8000000070000d656000000080000000700000004000000060000000200000020000000ff000000a8fffeffff00000400000000080000ffff000000050000000800003c9b00008001000000400000e55b8000000000000081000000ff000000010000acba6c443fd400007fff00000005000007ff0000004a00000bbf000000050000002000000101000000808000000000000007000000060000000700000002800000000000f4f800000007fffffeff0000000100000007fffffffffffffffb000000060000000700000099000000060000003f000000040000010100010000000000ff00000071000000040000000900000000000080000000047d0000000400006e8a00000001000000020000040000000008000008570000001f0000000100000008000000080000000100008f110000de3e000000020000ffff00000fff00000003000000018000000000000000000000010000000100000002000000070000000200000100000000040000000380000001000000010711299a0000078b0000007f00000000000000570000008000000004000000bd000001ff00008000000000090000000000000007000001ff00000001fffffff8000000480000007f0000039d0000003f000007ff80000000000000020000004a0000000000000a650000100000000d60000080007cbd5aa800000007000000090000007f000000fb000000200000000500000002000000ff00000bf9000000020000000100000007000000030000000300000006000000060000000500000400000000000000000600000001400000000000004000000001fffffff70000040100000004371196e00000c2a200000005000000f5000000080000040d000000400000000200000020000003ff000000070000000100000009000004010000000600001d7300001000000000000000000700000005000000000000003f000009ca0000000200006fb900000008000002000000000200000002000000010000000000000007000100010000000300000006000007ff0000100000000006000000020000000900000003000000010000000000000b0c00000001000000070000100000000007000000040000126cfffffff8ffff80000000ffff0000000300002398000000020000040100000007000000004fdf55fb0000000600000004800000018000000100002f7f00010001000006980000800000000004000000000000000000000007000000350000007f00000001000000060000000500008000fffffff9000000050000000800007fff000000000000000700000001000000170000000200000400000000cc00000101000000030000ffff00000004000048a2000004010000020000000fff0000004000000007000001000000000200000009000010000000000900000004000000050000010000000006000000070000000400000bac00000081000000030000000900000003000060220000ffff000000010000010000000004000000ed7fffffff00000002000010000000000000000000000000060000008000000009000000040000000200000002000000200000be340000003f000080018000000000000003000000ff00000009000000030000000000000004000000080000000300000008000000020000000100000001000001000000007f0000000100000100000026ef02400000000000097fffffff00000004000080010000000100000008000000000000000100000006000000060000800000000001d952ca710000100000000006000000090000000300009527000000ea0001000100000007000000fe000000070000000600000008000004900000003f00000001000000040000505c00000002000000810000000500000040fffffc0100000000000000030000e7c300000002000007ff0000000000000040fffffff8000007ff00000001000000010000000800000400000003fffffffffc0000003f0000000700000002000005670000067500000003000001ff00003f9300000000000000070000000400000006fffffc9a000000ff0000007ffffffff900000003000000000000000200000004000008000000000600000000000000010000ea59000000010000000900000004347a45d7000000080000000000000002000007ff0000003e000000070000004000000073000000060000800000000008000000080000000800000009000000400000000100000d62000000090000000400000007ffffff010000000200010000000000000000000800000800000000800000008100000007c0000000000000010000000003e00000000000090000001f0000000700fffe0000000006000000ff00000007fffffffd00000005000000090000003f000000090000040100010000fffffff900000004000000071f69f13e00000101000007ff000000080000323a000000048000000100000800fffff759000000080001000000000b1300000003000074bb000002d90000000800000002000000ff000000020000008000000008000000060000000300000003000000c400000009000000810000000900000000000000030000000400000009fffff692000000030000010100000001000000010000000932c6d1dffffffffa0000000600000081000052920000000000000005000003f60000000300000a410000000700000007000000070000004000980000000000080000000000000007000000000000010180000001000003ff00000004000000060000000700000008000000070000000700000007000000000000007f00000005000080010000000800000006000000010000025c000000090c000000000000010000000200000006000000ac000000080000007f0000c0f60000000600000004000000a90000010100010001fffffff70000006d0000eecd00000006000000010000000900000003000000000000016a00000003000000010000000220000000000000090000001f0000000200000001ffffffff000052d500000004000008750000000700002854000000090000003f0000800000001000fffffff900000100000000030000000400000008000000020000000400000006000000040000000200000e6b00000001000000070041a52e0000007f0000000800000060000000090000000500000005000000060000000200000800000000810000000900000080000001010000001f000000200000004600007fff0000007a0000000200007fff00000004000003ffffff8bbf000001ff00000c0b000000080000000300000006fffffffffffffffa000000010000b8a3000000060000000400006d0c000000060000000100003bc000000002fffffff700000008000000000000000800000002000000020000000400000007000000040000007b0000080000000007000000040000002a0000019800000fff00000001000000050000000200000003fffffffb000001000000000000000004000007d2000000037fffffff2ed043d5000000080000ffff0000000400000001000000010000000700000007000000070000007f00000003000100000000000000000020000000050001000000000001000000086b26522d00000006000004a60000000500000000000000420000010000000001000000080000003f0000000700000002000000800000010000000003000000040000000400000003000100010001000100000000000000060000800000000009fffff80100000007f80000000000000900000004000000000000000000000001fffffff800007fff00000003000000090000000000007fff0000000100000001000000060000ca42000000020001000000010001000000ff000080010000002800000003fffff9ee00000003000000e4000000097fffffff0000048f000000bc000042fc0000000000000005000000050000000080000001000000090000ad26000000a9fffffffd00006eba000000022b6b76a2000000000000f5e30000800100001000000000090000000000007bef00000007fffffbff000007ff000080000000000900000005000000080000000700000080000000040000000700000003000000000000000400007fff0000000900010000000000067fffffff000000030000000500001000000000010000000000008001000000eb0000000600000000000003ff000000010000000000000fff00000003000000060000000400000004000000010000007f000000000000000300000009000000020000000300000f730000000200000000000000ff000000050000000100000006000000068000000000000a6cffffd4d40000006700000fff000000020000037d0000937a0001000000000a14fffffffe000000000000fd2000000006000008008000000100000002000000000000000900000006000000060000008000000004000000040000000700000800000000910000000500000004000000030000800100000009000000a00000000100000001000000030000aeea000001000000000380000001000000070000006800007fff000000080000001f800000010000000100001000fffffffa0000034c00000001000000020001000000000826000003ff00000008000000020000001f000000590000000400002b7400000008000000080000000300000007000100000000000600000001000000070000001fffff80000000000800000005ffff00000000005f80000000000000050000000400000004fffffffa0000007f00000006ffffffff000000de080000000000156d0000010000000100000000097fffffff00000001000001010000007f000008000000000400000081000054210000001a0000000100000008ffffffff00404000000000000000000800006aa900000004fffffff800000002000000ff000000040000000100000004000000090000007a00000003000007ff0000000000010001000000040000000400007fff0000007f000100010000000900008000000000000000533c3cef4f54000001010000100000000031000011d800000008000003ff00000000000000010000ffff00000008000000080001000100000040ffffff42000000020000003f0000d5b500000008000000030000000680000000000000018000000000000008000000d60000000200000cb500000003000000007fffffff00000006000004010000000500000004000000030000000600000008000000030000000700000007000000090000002000000020fffffff9000000050000db7b0000008000000002000000040008000000007339ffffffff0000000200000007000000a5000000080000000800000fff80000001000020d6000004000000000700000094000000030000000800010000000000040000000600000009000000060000000100000002000000800000000300000004000000050000000700000001000000093bbb9b050000001f00000008000000030000000000000005000000020000000500000800000000000000800000001a6100000003000007ff000000060000906400001000000000060000010100000081000000010000007f000000e80000000100000e4d00000003ffffffff00000008fffffffffffffff90000008c000000040000000500000df700000002fffffffc00000005000008c20000001f000000010000000200000008fffffffe2773e49f00000004000000050000003f000000d880000000000000080000ef6f000000880000004000000009000000060000018b0000001f00000c8100000008000000efffffffc00000e9cc00000ce7000000090000000500000003000000080000000000000002000000070000001dfffffe0100000001000000030000c7b400000008ffffff120000000900000003000010000000080800001000000000070000000500000004000000010000000600000005000000010000007f80000001000000fe000000090000000400000003000000050000000300000006000000010000ff17000001ff000002000000800000000004"], 0x3806) 01:56:14 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fffffffe001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) inotify_rm_watch(r1, 0x0) 01:56:14 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 751.330054] attempt to access beyond end of device [ 751.340301] input: syz0 as /devices/virtual/input/input368 [ 751.360613] loop2: rw=0, want=184, limit=178 01:56:14 executing program 0: socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg(r0, &(0x7f0000003a00)={&(0x7f0000000000)=@un=@abs={0x1, 0x0, 0x4e22}, 0x80, 0x0}, 0x44c84) [ 751.376493] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 751.376493] [ 751.385041] metapage_read_end_io: I/O error [ 751.418220] input: syz0 as /devices/virtual/input/input369 01:56:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0xfffffffe, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 751.490189] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 751.490189] 01:56:14 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fcfdffff001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@pppol2tp={0x18, 0x1, {0x0, r0, {0x2, 0x4e21, @remote}, 0x0, 0x3, 0x3, 0x4}}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$SNDCTL_SEQ_RESETSAMPLES(r1, 0x40045109, &(0x7f0000000000)=0x2f3) [ 751.563420] input: syz0 as /devices/virtual/input/input370 [ 751.588103] input: syz0 as /devices/virtual/input/input371 01:56:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:14 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x12000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 751.699973] attempt to access beyond end of device [ 751.722526] loop2: rw=0, want=184, limit=178 [ 751.737803] metapage_read_end_io: I/O error 01:56:14 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_inet_SIOCSARP(r1, 0x8955, &(0x7f0000000000)={{0x2, 0x4e20, @remote}, {0x306}, 0x4, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x1c}}, 'ip6gretap0\x00'}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/btrfs-control\x00', 0x0, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f00000000c0)=0x5) [ 751.763756] input: syz0 as /devices/virtual/input/input372 01:56:14 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000fdfdffff001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 751.808366] attempt to access beyond end of device [ 751.822763] loop2: rw=0, want=184, limit=178 [ 751.830849] metapage_read_end_io: I/O error [ 751.837251] input: syz0 as /devices/virtual/input/input373 01:56:14 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:14 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 752.053194] input: syz0 as /devices/virtual/input/input374 01:56:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) prctl$PR_GET_UNALIGN(0x5, &(0x7f0000000000)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:56:15 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000f6ffffff001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 752.121847] input: syz0 as /devices/virtual/input/input375 [ 752.142579] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 752.142579] [ 752.159705] attempt to access beyond end of device [ 752.165107] loop2: rw=0, want=184, limit=178 [ 752.183848] metapage_read_end_io: I/O error [ 752.313074] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 752.313074] [ 752.333525] attempt to access beyond end of device [ 752.339748] loop2: rw=0, want=184, limit=178 [ 752.345445] metapage_read_end_io: I/O error 01:56:15 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1f000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:15 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000feffffff001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x9, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000020000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 752.499469] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 752.499469] [ 752.526426] input: syz0 as /devices/virtual/input/input376 01:56:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 752.553374] input: syz0 as /devices/virtual/input/input377 [ 752.589724] attempt to access beyond end of device [ 752.598030] loop2: rw=0, want=184, limit=178 [ 752.612889] metapage_read_end_io: I/O error 01:56:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) r3 = openat(r1, &(0x7f0000000200)='./file0\x00', 0x6a8181, 0x1) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@map=r2, r3, 0x2f}, 0x10) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000040)=0x14) ioctl$BTRFS_IOC_WAIT_SYNC(r1, 0x40089416, &(0x7f00000000c0)) ioctl$BTRFS_IOC_WAIT_SYNC(0xffffffffffffffff, 0x40089416, &(0x7f0000000200)) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, &(0x7f0000000340)={{}, 0x0, 0x1a, @inherit={0x60, &(0x7f0000000100)=ANY=[@ANYBLOB="0100000000000000030000000000000009000000000000000180000000000000020000000000000001000081000000008e00000000000000720000000000ec6907bd00000000000017771636000000003f000000000000000101000000000000"]}, @name="d1300034b4c0f6ed2b0cebe71b5cd8c00fcd0e8b1d13899f3fdc380c8352792a0eff4089d6c9b7dfc717e045b012f65b0c2f2942ac1a173900bfc9d52fc9d8d25f703a4c14239350f1598b523e40680054e30f796d2e6a9e0887b288b21ec5d42b2ed57706c38f3faef91667bcd498de0c24a82c95c25c7d23779fdd95bac0ea30d418cb05c0031f4d12b37240c8ba5476ae6c75ce9a3306cb0ccd4ff64bf8ec4658c88e83f9d29b83a3d813aee3e6ed82055c2a54924e9fc6217dd727c5c15d3e0b122eb5f02262f17b0132487726c017647abc358009621e710cbe10a3d5a31ea7af797729910ae612caeb87a29af04fd35d7e25b953e038391055e808c89513ef858b71482b416074ffe5c41c25add85a8f1e00cf5da53e782998e213c7af56554fb02f379fbfb3193db8fdf5349e6b97021638db2843639ee881c81ed36c0e1d2e36521a5b97127cb006ddf0b98c2ca20c4b75797f6300a6bfe8a1fc6a513bda541e612ac0b10a77c82f0f82198c042946aa156880bd0807aee477cd16c3ccb1c22042558c50462e4cfdb17bb3cf3610cb6c3afb0a4d2bcb3609b88e7c96d8b9f781b43a2443b3f833a3189a6a42d9804ff80cc803655a86c9d049ad4304616aff4470813e688d04abb8d23daaf4c2694108d4d3f187beb9d1c9eec51600bcb73ae6b123632cbee8339c00069fd3213e72e523761cda2cacdcc79af7f26f480c4466d2df5498aa19233849ff397cda4e8d83824d10317714a3570e456c2b752724fe3ce4906051e3fb46da74094a1f059dd29c30671992948196755f488c3fcd4a3fa0f2a991b8bb4edf7eceb8f3b353d2f10aa5f02ad84cb616e064428abc2dd7c10c6b67aa6fec8edb4479bc791e4a657232eac9ff8d42834b8288ac288c45b21c73cd4748d4e94d5ef66e2822f2f5f36e3a5a8e8d100f047bc68a4e1340715cdf8fce4bfca6b61e7549218ed079e73265b01ed92dca6581e6c2dd6e9571aef755bb9c08b25e71ed86a5e28c4f2809979407cdff61df2de141739328dbc8db3447c8d8f23e9a712c1191a9198daf282c0980e5292f398b372ae7f9f2e52ceaccf6dff6119f7e04bf8aaa81e57574a53698f9217f1ab928f04afd0a5d7887ec7c4374a4b001ad7947ebcf34068490efe3597f4546aed25da10be9b01728f2ce7f14fc2d3a4e2c5c7f0939104f985f9d4b70f9f3d2e1cac81036e84664cbe239df443a36e7519ed7327b3206111ae54c4cd7906911a523988470ef0c2813cf6efa94aad2aa7c18cbfb8140b72717c08e5bebf89c10abe7bd6b167dcadb3740202c468896f1a109c016e16c7f167ab54dbcd1590e314ca3669fbf72b372caaace06938f71d0e4a592959069dc6a73bfb7590dbd3c5910ba0c556553bba55901ea2ad9ea941e45902c2a93bc26625feb93476f42d3251e0ad07ae59f0d3ff247a6aae044a528dd276d2f50c4523bcc657be2d9bfe35b6c2647d50838ee8546e073e9a71a37890d1e65e0c388a8fe20e1c9f55116652c6ebb7f4236b1e535c23ccbd6947de272059606f9a2128984396665b4a38a180767fa082319002c7f98a4a4041e504d8b7dfbed00593621c23e196fbd62914a685e66412f40c19f3287410a4b88bc20ca62891ede5fe4f95748196c4096c412ec3c109a6270e0894366e50bcefbdea12dc966369ce9e535bd8e8b121236ec78c0c9edc0d6f646ae0ad3a88d0ec83dc0b9a0383141e4382f2d90141040397e58705d2629de18191505f6b972d3cdda05842efa086b4cd37cde984ef559653378212e5594a7f11e0a39a2d04872d73d8ecfccd42846c3062eddb8d9790b5bff1dd3f242a953f22d33e7ac7b5dd19e75c795badd14ce7aebc43ead4f7708f1741999693a00a65356b083c7fb1610bd2908a3c6dfe790d3e0cb73e4ea69d5577aa711ab91ce30e09b056eb123325b94999bb8856bb992ce9ae5a2f33dda3dfd3fd06845a5eb38fe6493994a2b96b33107424b15d8ad2dfe75c724c3762563cace03cf9cbf2b29c810fc21491798803dc4ff6018988fa39c803022a304317cc7efb083f892776c843049009fc86a574c6cd3c95fa1203c09fd58c8ef20f4649f324e66dc38bda230f16142fdfe0ea4ea0c28d5892922aa1fd0402dc685145dcb69ebb06ceb661ee816aeb31eb97b3ce2fb25192bee6b7614713485efef8d1acbe56eda723274e7b87779f88887e00d9bcccf017885d839bdcf98a7a664d56a8fdaced84fc633792136901d40987a51f285925f2a956594627ab8106f5a428653904f26ad9759cd30e11fbdba8b954a19fca2843918c01ef532d7d1d42d050c1b77f507dfcd40c2cabc202c826727825735c8dd87aa86afc0a663b47b1320e7c99633b106941ae4dee4aa89608f4cb9e1ad410866a3b8cd3b51953587aecb3c0b56cb665a20bca9a4c800c8c648084fcc157a2e7ee593d1a3a6f3881a0f85cce996d4322fa1d061fea92fdf0af96b7d21c0fcb0effb171c862948a95b693fa569fcf864e5248c928aa913a712d153103b6d97b417a2884f031dd33d3f31cbb1285abcee07ebc562bdc27b082e7cfe55578c9f0e12a473581fe7a50a0c98c7198bf43d2d28a164f153d2d48e601937a244945ffcd257327f4c9e15286c36f1df856aa6c0b5bf3d57b26db35be1b7cd19c3e1601bfbd6dd1dd35ebfd8973497f04a37d095c7e26cb24c291a844d31fea381e20dafe5f39bbbad8ffacd7cf96f18f671cf32188750da05712a2aaf9224de11d23afa90ee25eec4a9578f74c964a43488bfec9935d3996940bf4658ba0a5fd5a70f51d214b38a44896bf406a185068e9d7ec0d36a1e9135373f3db4b0c2b6d32be2ea0addceced6c5cef3552f5d354c248f996f1a24df2d834a91c0f4ea7d69695d10fd75c72813bacbb7ab434d1bffecf18f468e0f0d804d1e7305aa88181efb241b8f2828cf5f158b6b2823e19d88a5f27c47d046a349812aa2081b3db226b4c9c6574a4b83c193009a147576030c2f45cbe839761b96fb5233e1e872d3dbaa84d1af213551c8e7f2a24b6ed299ff31bbd34d6fbd95944c56475f774132bc1a38481b9f1c2981e4d0c1e8229c8e7e50ba5c76186cbdf13ead3b66f64b619d89d1f9c77e1cb354be829985f218776e60f8e891eabb56d0e467121a0a137ea0d60cf8055a54c8cc411294735ec625d7cbafee1f12d67e4764b6ed5b2e23dd3c577a056a5a1adf3899ebbb51d4988c4d07dce97f25c2acb3804f2e82a2e93ee38d2df53c28e86030c2b8d2408c30f6d435d0b731ba1f6bf113839100b4931a317a1a7075da5fb2b373d538828a7771aff32d54bd608926798ff5966493a1025e8456e1775eedcdcd912a860b48c0a6af1e19afeae4ddd52cd53b126c6786b171a3e45c6e708879396a389165ad999a2e98988cbd7583f31443ef201f49c42a259f40ce77c0c7dd7d3a5663e02791cd26f94760e97f916ffc567331da20c4e023de4d8db4a898b95b06661a7157d5d0cb444a86b905d5ce20081a6351520cdb58cf7bf4be6e088fb48fbdfe47b2fa5db5706bd3db720da0f1e7c55fc572024808e47a94e1bbcd830e423132e7cb471a4f0b89938cbb341f5162c39b4d75b2a95e88016dd8a51387560b10c4f8e6461dc7a27ac72b0fc252a1f009118d4beb069de387a2cbe44463f55c08893386ba21b7af3aeedb936b95e9f3b189e945414b9d91dd38328b2f5feb47824ac6c2c9ed26ed1ec6fc9c3e1a501823eb7af6c629100c2e1624b20df090f78de756b983859e63332bea7d7d08c757dd3e3ceec5b89653b428b4e545e308a0ae184300e74cd0181c889ebd64115ea7dc5f7e1dd9b781f0c09fab35025203fdf087a75024d01068aa35c62bc32eb4ad3a4802e32bb17a5016f9a7ee579db512ab65d124ec0c0d14a2c9637c049ddc0bd71d7688e5b777eeb98773f89c8f85c2a8ae8261018199c240f0ad4e79bfc1bc7d9828322ce4a320055011a86e89ded3fc488d66ed210a5670925893fbe46cbe1e2ace0c65e7f4d49b80217fd88e93b3847d6f5471c3d14cd2a6b4a2638cc7ab4a63b85663f77832b4a448f572a42fd5ae025e81d18f52797b5d5df538e2e03b7604edb001ac7b54e35aeee5fc6edd09ea6477abec9a5ee0c460d0441eff0413898d9be9d4b4ffb8d3a8054a30307c9c9060c9b36074abc4a871893d0cbe73fd3613abe50245d126fa93e78c8a32a2892de8a83ec489d69a9fab84880b2f273f0f5def2d029674f5c518a64fa4fc99ed3fa0f69c7e5a4913dcd36f2be26be0a533caaf964e12ab4ee219892b5982d7336eb74408550cb1bf4fa206046899e5f8f483cf4742245fe74ff5994507d4c528d6eef0fe02f829eda7be56e6778e92f8364e9b9a4245f0864a2f016022af7329bc65ddc96a1a5860a776f32f1fca7559134af0729c79a74ce1b362822572cef9dd322eff70b30201c5415f7d15c306f270fc78112b2f1753e75302717c8feef0006eeb34cdc94ff61b0e6ab0379e5fe61a77b063b1897de6828f4515a7145c0c9dbc13560b8b6339a6af3c71e01a242d2679a60bfefd0689fcdbfcb89df806f548fdd675d22933efecf63025a6db4ac674a8de6e68d49504b0c45e91799b27b426661672b3a0f9a820b09523586b54772b7b8ebb5414aefd3c90b9b40fea0b8fbd77ca96e21e2ac7d681d7ee3db82ab393edd51ebfd6fc715ffad709576b96d6809cd4f318538d091c16205d74bc820071d8d21bb07d483fe74fadad842da13d5e087287a64f5a934faeab06fdffbb4a4732edc281e20911e71b6e90bea48d1e0896acf1f3363ce83c8e02db41e72e4b9106645be413d30852d7e9cd07f497033bfe636532358688e63fe6fd55e84d0c1bce7b511cc29dea773d8d433fca51e3638acb212683d6508c3731a8a26fbfa6705513774d83be17deefa4af150fefd33085fb779a507781e759d0349b7d337cfa36add7214e7d1749dbdb2c9484e4352aec54cb08c7b5596481087c907eafb042c150eb26b359cd5125fac654d408e4d7f52eee3000d8576fc5cec67283e842a3695ccddcb344245bbe0d6220df42579c3b2b9aa795709b1de383e2387eaba6336fcad7898c495222c365c5590daac2a067755076f9902513567b8f1865d3d4080d9ec099519e3dacd9da0588d4322a028c3b42ce32a258b4ed20d729a49d82a1d7ddef15521d8bddd6d40ab00710043a810567530d017bc7a8bd615c99edce51d698a5ab23bbd1b7e89f09adc8120971f998e56c742344616b6dad0db524652e54fc689bcdcfb804eeba571a70699dd89e54842a508583583e6db9731c0260cfa99626a7b2a45ed5e9ca4cc3896e34ebe66b7ba070459925b38c13caf36affadda4f065486ad37e9aa97af90ec8a4c6d56185b768aec007c8d96dbe078022f5d7e002dec378ad5326b7e6bbe7979313f79de2ff60fa2311b8be3b43d6ba6b6007aaa936f3d9a21607b75fd7e6033d10d4ae27d7782356902b8e6bd31ae84d63d2e23c96524f7ccb5cd0a8b7a24f4904bd3a481dec31975be84c817beb288c517d8aafa19caa401528cf77742c07a1e1e76caf543a35c3aa2fe3348c6330781dd0c9db5e59c4de8ca7555428efdd74bd6c35d3ef505b60b8063ee9c086913593c5ebb19c875860a60cffb2b529bd32cfbda45f09fd7b50c4606cafb3f48bcfaa43df93898fe59d75a420c"}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f0000000f00)={{}, 0x0, 0x12, @unused=[0x101, 0x0, 0x10000], @name="3970bf445a3268be81885eef8a43cf2c6e80a25aee59e5acb083ada879aec05eb037195a193720ffb2348d8808df774b137272fd7ac48d5c5945ad71171af44c6869447627641b9fc82a095ba34b60e7e4e054d0265f1c2690c7dca27aec83271ea2272f12f5e37d3588e56858a89658d27bf27f6b30f114b06e4482c77a579ecf8c0823c880bb5f6186b9f4ba636843940ae8ab9d2ebf05803e54ad2f834c177ae81287516f9acbc2877cd71b3e07ac97999f226e3b7b824e380397a8773833c41748504390020c7468d810cd1a9390bfa2d689c34abb3f6e9e4b6b1f6e0806e748c1c2577e9d0dbc4ec2e5fc254016f04b1878f39cc10f4664e773127ee330120b76b54ad2bac890a6fc70374a2ad82c1a775c21066a30227dbbc88aa68e380cbffed706e84c14a8a0241e302c7ef607fc80dc86fb719cc085aeab7580af18e4748df0cceee0957800e78410eb50e9f502d61a3372cbff9ee0ead87ecdd451ec907081aa67cb35cea21ed5c094ce17b5b539856363fed4ba017bd3518086060995a567e2875635098e802b9b3cebc6ad6d9b41f462b12c36e16eb9cccf0d48992f4ab739d9dda01b7d839fbfddda79dcd20b102dd5d9eea39684823602eefd26f838dd012ea791c83b18d147b7ea10fb510e427cc3f86eac94204820412e0d9fb47398343e7cc1b944ec862798010ac5dad4ffabe8cccff8bf0cd88db120889238000d00aa19720aeb192fd284d341e16c14ef406edc2cff72abb70ee1c34b7acb8aab50bbe648d7761d5b6e854f2a9d9e53b7d3adfe3da96f05f894f178276ebfdd7b50f6d33d76d1dd54500219e1260edeb6b40fe98ac355560c15d2b88a59b446304c9b304d88fcd0741c4df943d28feb5eda8f137cb87b4b978481f37f4ecf1053bd8463b008488983b3c8cc99797c921f2b70e4af7ab70098469088532ff2e3c3a610017a57403d12042cb6f128ee00711656006d67f820fe8c4205f91b04021d0610520e7688ffdd2acc5ac1791977a30ef34257000cbee04c9f55b99d0374d7c238225af46588dbac8884c218876010c6f344fcff0df21b0a74b07bf2d861266e46b48f5774972716955db822325b6e487c2c67aa0d83c1a70bb7985929bc5780427b5194d78378d1a27183ee51544df50bfa54e623e13cca778b36725f60ab3571bbbb8c6c54021ed50769738638d01811061aa25e44efd334322cec9cc328886fd77a31bfc58d5740abe4a4d1106837b6cb53ca44c55a1baa860602d066f14627a4bc1ddc9a7bc40277fa7bceab964f2e212335b7f3ff0362e1b00d076c5f0e0b065cb0623c108497797d56050c163571109f5a4118bbdfd97da381996faad8e18bce1085cee0935a59bbaf5589658004e50d10f25c505eb1d264571e805a2a64284ce681385a1c37650327384569397464593b631f54aab9d01ef2623f9aeaa4945f7a83adb2f9e5ed8c4dfde88ffb47355725dcf7cd29059384b05a105c9cef0ef5a3c3dfca79911bb2ea676b391b78b027e5b520a3b9ffb0113761ea888c71cdb399d3a909d5cb815010475e0c930141b37a9845e2b43e5e9aa27394387b31841006bb8e1774a6751398018c0397659bd7eddc76d46e1b8c26af2f7c61231dffa3c9e89f33df6ad524a456873a9f44644e2b23d52f6d3d2ae5b9584afc8d236c97f4130c44011d4308bfecbd216ef896c9b2066e51e33c21d3329d3659b166bf989c2ab63409d91c50326df74a3aec5e444a5b1d526286d9a88abfa846eae3b4ee559a760f182b4b4ce0ea3eaccb0f13a303e6197eeaa58b94f60afbeb7a3aeebc997975248161aaf90cf2d455f0ea12fb579b813af5fede0891501bee9f4d56acdf24ba229a84c60c9e28fe1e4fdf470e0262a32c69ce4bb8b65f3e2e713dd2a58d6d90cc2b3ec2c8999872b17cd06dccc18cefb47d85467429726dcc534790982812c05b7712f680ccfde1ddb4a8992e1d897d35222b3fce3d55580c4513b630af70554876e09e7a77047c716d1e71e6c6ab2569ab6ba047830501bdab5afff0bb8025f30474a69d6cf229620e933d0ef53903df78344930a5821545914672c7897893c6928f20c6a443056d107db98adc6185d1df8fdf1f20995e3e71dfa87b20e4d7e255d98155763555f8750b07eaa549997a71fadb58534d494db7d16cc40540f79e156423e2990321305d8ada48feb13455fdff042c927c9dac377cb82281257c14954fb98d5d1ab59cf3855b669f3b7418d36de81d2b1e822982782b2d8f3bbcc064ced272f1fbc977a2d6960e09adc23b85fb5db42bd8325c55102fe8506f3ee8996b12947211016814889eb67520e0ea600a96a7dbdc5a7dcdc29e3cf1fd53f6c63edd2935a98e7485f63b9be5cf130f4726f1d6dc628d09e23ad20bb970b4fb352cbbb18fe21195beec0e7a890062da32620f4810002aa49492a343c983507786ed48e1313186acab2c1e5fa4004c02e11eb5d0f521a4298b0f2083727c95643cb5b48475a8d3fe83d62dd39ef513441f7fbe3badc031e21be2a3fcfeb28d9b97b5029a45106fb7454d9b1eca7492dbda3738567fd05cd3961c237773b4e63e2e194f379a89c6d89895c0027e9f78de9b6ef7444c06619f80a773b101154a8d431eb9c9086acb4d38961b2f14a9b9a765ef62c87dece643b291922f877fd1449c30f56aa7ff2d2347670c8783d1a933e77773a4e48d00a1b66a357edb2f427a6e271734cfd9fbaa5c14d1a09e9529bdc512f6938974d700b1589cc809769c3e4e0aef8a6e4e1309d950079497a82431817ba1e523fcae65dc4f85378c495cdaec29e2dc46f1dedf4d2dc0c1cc47b973a3c6bb85378a3dcbbf615dcdcff948c2e280992dd572921248fcf6e62e98e640cfdcfd378977657f5883c7e953c4e918b9c51c2b2dd622407559f09935029106cfe1e6a81d5a5600feb71525965e3a246bfbfddd99853d6c5150a600d9f886c6ce0e3970d0f9c838b74110e1e75581ceb71cc46d79a2ffd7aa879218fa9a8fbc881f770c1751b7821fa45a206f0c47cf0b89d2fccb9f1d43ce8dda91e1bcd4cf43a15d87e645ac64a0ff8a8eadffe63e82a004d1bf9a29f32611d1d4ba4f4716e75745425352037e22884261db5b558d8b9784e78e52ec7ad64766a576ccb1223aabbe1b62a1ab681909395703d590bd9c941013f72464c3ee7b06fa576c34bde582d0beb9a06eaba2eb6ab2be203d80b180eff12fc5fec2c2fbfd429de2098fe9d456758f627b754c1a07af56e2931b6d8b8e8c199b0c246b67fd50eab69e1b7bc90e2c2b577bb7d2199cba1c867918f318c218d9a307012c1c16b925e3611c4320ccf2fe3eafc87c71d3197c6e5dc27b8293af18a4f74b0ee515afd7fb9aa14e7657712dab851ab94d8391cb883527728ababc1d8609fcd0bbc3259402e7220643df51cc2872b45ff2044d46c8fa03e993d9f711ad1d45fa6002082d26dd81ad79e551d8203aaa9b99c3d2ea05dd8b34a0204dac1ea03c143db7570a9502bb7dee6002d475969e0c6977ee2447114e522f15661a90c4f2d02591bc28ad0977351038f5a1f7c51b2d23f9e1299ae7a2e4fcb7a098b44acbc0738b0947e7de0292a814796507c6b01a5fc307b93921579ad85ec5c4a36b55c653ae9f587b1314960e71b188c801e974f19e8a9a46918a455ea5541e0a37c8e492da6901d6f91ddeaf9ef9a3176fc76389eae6b36da6449cdd4ea1649050f7c5725801b162af2d9f78b91d267d234fced5cf6973c01354676ba1844850ecfa74aae6b8935d8f05085933d717738607b4e6e05a83cf26531d032079d70a95c30406f2dd46cc8ec8122203a9f1d9e5d5860a42ea5eaff4959e71e75ff3d7f8e5312eb2bd6c79c265abacad389e64a1c0e06f5e276352640e444feb2ca1f1b8642ce6fa59abf91754f0b0b6fcacc7f564f15ab33ebc0fec8c183ae2f78fcbebeb2cfff7b43171b0cef9293f0bf29b326c5302d567649c75699a1790a3cb51829cf8810539d46a5b5b0258f3c1666f0b855effaab274e839b0a8a72268d6ed8bef647aecf5f7ce03760d151c5ef48db5d9b34e44988a3f56ab9ecea0cdbfa2da31c261cc87c8bcfd8f18f353de04df069d11cd22afe3457d1db92d04d3b933a18fb6cc26b91f11dc8e1d7598cddcc307be141065033f0d75821dcb720c7a1f75b323ca9f063de5eb6a73e9f51fb786d31235d7206e4ca48f094aa5d11b4de824f3bb9cba19e5f950420cf5e3150b78f2b132b5bf7d46a2a134f06569cabea760727ba494f2294b746a5224a1b85414a6185630344021a5fd00e8c9a8c7a9ca0cefc5f462e16499919905fd8cba18c9758785efd1e1b90ffde46f1a77eb2a93d747aa0b59e0fc6758f358fa19641961f08e066f702a81e5b9ae8a18bf0e522a61dbabf0bbd35f7d606ec1e09cc35f9c08b9125e5c158fde71e873c5b6b4123f58754d3f588c806842e953b24705d48552f590866885c1e914976777b817816f35ccf0c06c7a2af759142c2adf8d9cba1c15805557c000b09c21ecc2cab6d8148cec51ee7a66da382a5431bcc51524e9e7d83d0eb15373e3298847c28b5aaf087d99858ed9d2d1fcd12e8204c2f7987138f3c98a052ddaf94db7adae7a2b66f773665c196d52dad6a8aa8e233c813e44af14585cfe18c2509e926e739d78c2ead8aa1f480e7a0daf6e0f22eb7399a18e9f93fa07dfc090592f2f0bed5d809210aea6b537ad3e5b7b74a8911d521650cb53b8b60932bd3260769c424326bb56d1c61c7401c91b23983aa95f41146cd5478f53355f2e77e24b0979a9a3d82c8f4b8835b90a138d8740ad6a12b2d0a94f45acab7822a6bd29f6d2dc00e456135756224a7695c03df01c4517f05b391f878cf593cb9b72e16364a802bc4e92b67a28a981906c4a4f8f0327a9370920bf438ded403b958705a631e4c823d28985b8fe1baa3a099579107173427c9aa08f3ab5a68f67a73dbc174e198b5c86d87c2b3a00eec0ef43253fb6886b2d457c57ef6db58877c11dad605058c6750030b7a0b3f8d3dff7623cfdadba127c639255fe96fc0e8240b75a1e9cb9b9b5f307c082c6825a2fb420c4bae19b3b25ee0268f984c2e15b75b4f4e1fdb0650dfae710bdb03dcf5c4bfb5b08a7cbc8c1e4fc7bd0fcea1c4da842eac1209822720809bd36e23654489840931174e50f77355ef1f604d20d258aebcc9d85251d85899efa3c278c57b6d202a22481e92ad71a496f7448e529bae7c04222a9cbd02fb0698b49e968a084876fd25fc4d269e35812f25282e2bce0ec82da2e01ec9a6eedbd33fe9b023b7f9322086de81a387b6bd75e0b0af3ac30a28f57632409dbb934b121ff6f82974fd42268b4716346b63b137436484f814317b043d5dbd8752df7fc546b7b5a0676f228f8e68aa48a823a1654a1878c35e1904bd620263601d407be425e7c2f819c5b128856f0ca3bbe77eba032baba4be535e1fbbe079849eaa01a695f6ceb1efbc9c88fca89a73f894a7b26556dc5952c5b63beaca739393b5e5dbe65a8a70a655b234f9a2f30bb0ee5a1aa4cd676305c2759d1ec41a3f1fdd4b5f001a5ab8845d2c94748122db63ad89feec690e04360e98f35039a1e2c6efed69f413b64592a8302e3da5c532b11431c3fd2d93d9e00b2ff521d693d7b0cbb85a13edab89bc6f37a0a1bdb6cff4c3e960d79ab477b5e26504b"}) ioctl$BTRFS_IOC_RM_DEV_V2(0xffffffffffffffff, 0x5000943a, &(0x7f00000000c0)={{}, 0x0, 0x10, @unused=[0x2, 0x2, 0x1, 0xffffffffffff36d4], @name="a35f12c13eed38782beda90fe85d88ecbc105c995a7ae0c958f16a8f88713827ca5fc527bbfc6bc1bab8607b72730b604a8f8c80ea20031bb68e81d9ebdba81972ba132aad4ebf26adfcb52237c31149e96e28ae6503a45a5373e5b4d9e4ec3303d46dbdce5accb7803f2c8e02caa4a8f2f62a1449cf6f4e5d8e3252fa6d3d6acafb2fcb64ddec9c148d705a2a6da717f67d8d93d8f02a7ab9fd509171c908933f7c5141a29d56de14638f9f25a6ad4d1929e319e4188014e40ad5a47fe89e42c5dd8459135f7e78d5cd0aaa51e8b02b44f8bfc85772e2a1d2d61619a5528d17937ec83240f67812dcf1232b6a379174e699a80388895ff4d4c1d997903bdafa09951e6231b04afcdc6520f8928957e0dc5966a760362af1823f4a090ce9425da8d2384fbe1b2ee5304202648665527e484dcd16f4ac98df4c6582dd50e004a364edbe45581c90b6da15c5b675dff28d2340050f73edbeae8ebe8293d0a29f856fcd8d50f4f42b0a563e8b2e8af3b7ac26febb29614d91fdb9ad383f74abae4f8ff70dbd475c013472b22c7c332eb2e39f8b6722b19966ee9865ca26902a519adaea6820c5fbab25902c801ff364926183e4fc5cede98635d37c48eb178e043697fef4c5ebaf87a8e58e554a5a158b8711ea296b8c37c05d303de9d05e29676f6c648906ef95c8090fdc905a932a48124db3a4221fe5e49f2d21e823937acc7eaab370aec705f4b17933bf4d97b39bb1ddb5001a1921abca0c8614c407229e1bab94dc151759131acb234c4e465a42078947aaf494bd5d53224f7777c57aed7de61f045248192662439bf9ebc7b44993f19e81ff934be890449528ef056c4396ec350244fcab66e99c37cd6bf1588e5c95cc66e7cad4be84fbc1ce139fc31b820bec257625cc0f4cb51a29abb2800bf9df1c78f7dd4a77b7c2f48c1757db47249db3b5157170bf13ea4e8701e9a1743a080399ce236a55ff9976e05a03df989535f1a2cbb7b9a00674ff0b4ab5bb37f72cc1123e955bfde53718e14fb7987f568241b68e4879d4d5eba098133e05415eecfaf761f7190f81065f6e02239bbd888e9ef547bf75c3f803bdc00ec940c8e6a78ecc55c64719d9bb4fd83f3535f6608f610f147a97998098173065adb84de3146b5d3388f9fbe6f1e23cf1a0d472d6865279ebeb0ccf3a45467ae2af57efd3168e238cdca70dfb231c328926a2af53290f00b2afde48c4f6658eba795c4c20f053dd627a269de828e740da5433b6372ecd1b2403f9baeec6fd265579f14163d0d8021a23beac5bb138f8798bb62370e79d62d1136e0052cd88aa02f64a696a65a3c228032f1f4dd16de158a48927e40796538dc24f74ac3e25a46b4ebb8cbe94f01b031848b75ab4ad3f80f5640bc7ef3a7f5a9a968f6f986395147e697b1ee1ea646728af686d3ab5c7283e8f9f1c49551bbd5da33fa0ae877e6267b6fc416d8afbe33046aa96754ba8d89dce765fe49b54b8044eefff6710993354c1bc084bb8cd9c4c3bf4c9be81e88f8f1527ba479d724cc950030bc2823dd01be9e6bf8a2a7498d0d0acfd5b2e690d5d7cd59a87873dea91d158872fe36aca3dc1548c082a2a19d35aa9554b0a2996dc1778f8b4cc68f4bc8e41690c74358634973a407ed9c2b0e2614cdd3e3e75ebcf666e2883d42b4b334920eff6ab23bf2ed54a140e699cf61dfcff45e7f578b06e3ae155a067e8bed46918bb859fd8d2b133e5bcb06e7d1e6281d36f6d0c38432e693e97aab96741d027956c74dd58f100015deae367325da5114e5164257aedf0c58e18d197ffd5d8e8c253bbc2b7b1cab3caa81fe2233f27b3a2d8178ee18242ff4c31320f56b39dd04c1f9680955e93d4c5a320f7d9e91301342717496050cbd4173f49014716162110e06a56952694d07314b53fff6965d9d20a6a3184616bd971755e7f72340e93c8afba1c3c334e25637d2853dd0331abaa14d60823a0ff3422e3ee183ea4b16ddb416c7c70d64e2afb8d631100f0eeb874324c4965d65aa66dc092f7c4aebcb19b9224b8202543bf3a85b7a66108f34145440c29354a62dd2873230f1b4cd565c0f5aa76b0f10cbb5ad1a87dca63e4725241a2c5792d05686b1489cc9381171d709a6d9462b23570cd0e6fadd48aff7c8246a56c56e4a723714587463846cba6631cda0e2771385930f3bc93c00305f73694c09d1b5c3af198d23e726fe68e9c5fe0febbf9303ecebde0224d136efc542b00ccd5018ac29e9bb4de9f517380a271cd8aac5edeba46f2f929ae6870c57e8e4b96317fd3b534ecbc69d1fc5c0ca47a8092e993eb17681ade005a62a37ab92a3efa63f4da02c58547197c0be15221aa1224703b7861bb3c6d9cbbb48ae0a63699c3540cffeb76e5422bd55ec941f1c337b4891981bf4166f8eb0690957e68aff6c08dc67ea11859c10cf491f2d94cc9752876f3720cb669319d4d29efa77eba0c00d40c8c0985b40f9e117187f125db5eb5d84caec440a8e9ed4c7c75e264faaed8e27f3218a39850e29bf907d4206b79f2c82c85b9f1377fae233c5542caeb4b1252be96ab19afd05ba552946c1eb2bb34996fcc8f20ae4840bc90d267620ccded36ff279a7c6567998a8ee39591c19fdd24c6018b20897f1c10fdf685cff4d5f2059a4ea4495fc4902984415887d24a0d4ee3498780dd0c9f8d102410af7d910e746cd5eb639a4dee560dff74c6d8c0bf90c188afc868a63ff2661fe38748c25b84c1064c79fb866fe3d2caabf086a1f0597ba1d05f8a9b822a3fc3a313fc2d6839eb855a30b6c5775d3a9e2846186a13fcc114a404968215e9f8c39e8460a07d4b16f3a72e995849dcf2da5c83c0278970ab5bb7041218219e01603f665827a81baea65532003be1b2fa39277df61e66f907c3f153284ff743a3ec491a6478a327138f62e2655b8eca7011ba03bf96c2c244cb5205eb574e26083607be5f5581aec77435fa343715d33da8efd7fc79614fe93498678ad5156e158e6018d8660c34096e25fd6510c55456c89ce9ebcee41a76d2a8d53d1c58502c89388e1c92e729aa1d3b1f521b7e0f739fc06f8f7b4d08a4aaa3a844bc9a01c409549fc7a495c01b84274a7c46459066e6c15554d36fb9637c4c3f722435d85397493a3c1dd36f2d31d5bd1cf46c7e874c671d938e16fc2503ed750eb61fda01b557538413ce08d7c3d9294caffe21cb4ae448978510b9c478afe49c3513fe67d280931d847c957097d19d473eee7f684252029e0cb1c19d6de8bc2aec42724778a2d674b6ac2d77a9dc4a15354388367d39128f8cef969a1f45cc1403a9b8b91790750fbf6bce4f4d5106158969c0adf95ce21d152dcd5c8bb5dee4228492491f0cea85d45ce18101d830b76d700e76eaaecc92ca2e39b9c3605d7c143402aa98928834fd21a3b021ec57a599c1aae598a7eb4a502c56f6393ee96893d70fe1da01cc3d7cb24c303e260910de4629e55a9b153ea4c95cc2a6a5b0ca99574287ecb5b62a47d8090807c5ac04024eb919ac1f1b844a6bb6b9b4b1b2c9bb817da297fbe4aea10283d1106787c2fd0d2dda757b301343a38f90868b42cf8ba26440afd22d0af20ad1bf10f1aa6b0b19e5c812c307350dddf73640f75c38c9682d420b564e2f06469c46f89d9e81a24a7d1170beba4188b36e411bad72cc2a1f3b4bd40199b20dd8058a424ddf245edf9c92169a519c9830162a0752641e37286b20ec60b409c530db74b2beb519c6d47ecb709d0308eccd63a47255007faeb014fabf04124435f241c81ca5c5b80bdea414659c521ef6c0656f0227d7aff4bfc9e1ec570740cbfef3cb2b3472217e6715b8d0b2fd469ecb9b81c8a5b1de254c5cb74573737b4bd9d2cae7a40bc090eeae0b24d5a0850f624edbb0dc02c85c537a43513a3bae6b7315d4f4d303ce48caf41c63078a5ffbaaa72d75b9ab445dfed2362e1442d5a904be14b7d10889151c094b0204260179ac6d4d0c5064cfa0e46d7d124dff24087c0a280cfd1350a448f079aa28e9dd46026b9f346dac55a17d4b3269c343cd0f908a321b45f921cb4bea86301d981ec3c69c7e3926ea14385c466e13aab7d5182ea0aefca49aa20cb690ae72eefec1bb86ce485c6ee8a15b381cf66d4712bab519450d81bc6a36c337e79133d2949f33cc8d610ee8bac862c398bca4daab118ac50fb3c0093c6118b46cc23dce741c6d995b7f80091895a510b034c4ba38d1a2804d9d59f85d1e4f33c2466612053eaa8593962a44201ff59398479dac099ea6b21270c708829b89073813eb3c858bdbc1694f12de3c96a657abcf1d3044071248dae5547eca898b86e42cd24353e79e05c665b9689ca2e058a3f500b82f6ed983b47513b854671d5afd199c2dd14990be35bed9bfc7ced221eb87758fd78bdfc9d47b06bc2fa963ce57c0ae99d787719f2011be5d1485c4308b99585d278b289486ad70e391f62e1e2559321adfc5b20f64e1a558dc640b3af99b04c11e050757cdc6e6fbf08becd8498cb528889a6d245b61baf3899455ff82bb93cd84a2783956cfafed0d18a8fe56ae57f5774442a0ef16052428748983d55923f2d8394d490d0d3d3622de6a24db20d2c8c3249f0625bff25a780ccf632e814b78563b30ec4eb03bf0fd2cfd9aa7fee3f0cb005e0c2115979fb7775b52e8256af27d508ace8d94848500bafdbb0f7c821a76e3d3adcaa38b055defd5e73e29a045bf9ec171d0ad09c4292c908e63c7cba13d3ed0285e65521581b1ba979d4f54d7db3cbca6922a92dd8d0f99c63e4f8effefd33586f74935b1008ca8350586d4f06e808b2fb3d8e2c7e729a1cd7b8d9e7f5fa13896e293fdd4b232da9b9b37a6323fe741bd3870dfb8a981acfbb4a4c4ed9e640773f7023392519108370ab250f8f6972af85676a6b41554e04085b2d82ceb476814b890f599024575ef6d69580ecb8f73e24eebbaa0c7342b1931474721b493c01b916a7b26d87e17861a4967e482793ee513a67c5c903c43b6f56253df188a07bd4d5d98f6b95ff095564cd88f0255c56ebfe11ed400d02cc81526f3df0eebe9e54e0d9e9c1aa6caadf0d437baec1963204a239ce923ac23972da43ca58369245407faf22ae31ec029d50174d53fe4f0e398266ed5b10ab8f3aa888cd963b6fe26f5a509cf73346745965b7fd307011c106c4bc7ff3a8b138c62d7ca27d80d8551946d407e69c88245c37b45cdee3824ed0bf54c523bcf8cd7b43764787bcfa6777c122fa6877ba2988229339b787e2edceffebe633cb45f60f7b84c278067364a0a14d4bb39d9846bdade1000b814dcefc22873878f30639a499f8438d37e9fd7c4f4449704d26f25b535086626bceb8ee177656bb1c4576013cf72ef7ef09d9946ce9905f1e53bc672892fd88190c35e8dfc4ba50e615d4744ad414fd344f5b584c50646488a5301213819cc195b34f7f38c43c07b84caa6cec29dfbdf8c2088df3c7e15f5f2105219791d92e0b455720543ebef57e1b86727b9f13fd59ef012f830c6254c0d5da018157b0929ee858bba7a2a0a8971ef77c21876f6b6daaee6b3f85025ef107351b6021c89c6997e55ff9e3169abf957e50d8e1d830bbe6183525e0bcd03f6672a27080f40b4387539a20fefbdb62142e0e71129226fad05252524b0bef0e4e964e6cba9baa70b96e923eddbbbe4dba7fff9785e70a2f0aa"}) ioctl$BTRFS_IOC_WAIT_SYNC(r3, 0x40089416, &(0x7f0000000280)) ioctl$BTRFS_IOC_SCRUB(r0, 0xc400941b, &(0x7f0000000340)={0x0, 0xca, 0x7, 0x1}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r5, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$ETHTOOL_MSG_COALESCE_SET(r5, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000180)={&(0x7f0000001f00)=ANY=[@ANYBLOB="3c0000001867a3bfa42cea0efffb872e72445eda9178939b1b87aa6eae0a8cf2b7ef5b0c416ec98d0d9c10a5dba2a0626cd4935864c2876012c511c233972e05af6ef016b02d083b0fe82e9b16103569adf182d01adcbf6ba669e0e0d762660c4e52d4530c7cede6", @ANYRES16=0x0, @ANYBLOB="20002bbd7000ffdbdf251400000008000a000000120008000e00ff000000080002000800000008000200090000000800060000080000"], 0x3c}, 0x1, 0x0, 0x0, 0x40050}, 0x40) ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000740)={0x1, 0x4, {0x8, @struct={0x2, 0xfffffff8}, r4, 0x404, 0xfffffffffffffffe, 0x3f, 0x1, 0x1, 0x40d, @struct={0x7b, 0x6}, 0x0, 0x5, [0x1, 0x0, 0xfffffffffffffff8, 0xffffffff, 0x1, 0x1ff]}, {0x6e, @struct={0x7, 0x1a0}, 0x0, 0x81, 0xff, 0x6850, 0xffffffffffffffff, 0x7, 0x70, @struct={0xfffffff9, 0x800}, 0x2, 0x5, [0x2, 0x202, 0x10001, 0x3, 0x1cef, 0x1]}, {0x6, @usage=0x2, 0x0, 0x3, 0x40, 0x2, 0x80000001, 0x71, 0x20, @usage=0x8001, 0x5, 0x1, [0x2, 0x9f, 0x101, 0x1, 0x5, 0x4]}, {0x3, 0xab5e, 0xffffffff00000000}}) [ 752.685644] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 752.685644] 01:56:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r1, 0x84, 0x65, &(0x7f0000000000)=[@in={0x2, 0x4e23, @multicast1}], 0x10) [ 752.746331] input: syz0 as /devices/virtual/input/input378 [ 752.760834] attempt to access beyond end of device [ 752.766683] loop2: rw=0, want=184, limit=178 [ 752.771553] metapage_read_end_io: I/O error 01:56:15 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4644f010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 752.808735] input: syz0 as /devices/virtual/input/input379 01:56:15 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xa, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x20000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000030000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:15 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:15 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='pids.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$inet6_mtu(r1, 0x29, 0x17, &(0x7f0000000000)=0x2, 0x4) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$PERF_EVENT_IOC_SET_FILTER(r2, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000040)) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) readv(r0, &(0x7f0000000540)=[{&(0x7f0000000340)=""/198, 0xc6}, {&(0x7f0000000440)=""/46, 0x2e}, {&(0x7f0000000480)=""/186, 0xba}], 0x3) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000180)={0x0, 0xffff}, &(0x7f00000001c0)=0x8) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040)='batadv\x00') sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000140)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x50, r3, 0x200, 0x70bd29, 0x25dfdbfd, {}, [@BATADV_ATTR_VLANID={0x6, 0x28, 0x1}, @BATADV_ATTR_GW_BANDWIDTH_DOWN={0x8, 0x31, 0xa12e}, @BATADV_ATTR_ISOLATION_MARK={0x8, 0x2b, 0x6}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x3}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1}, @BATADV_ATTR_ORIG_ADDRESS={0xa, 0x9, @random="eab3b780af8d"}, @BATADV_ATTR_FRAGMENTATION_ENABLED={0x5}]}, 0x50}, 0x1, 0x0, 0x0, 0x2004c0d4}, 0x20004001) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r4 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000000)='/dev/nvram\x00', 0x82102, 0x0) ioctl$VHOST_SET_LOG_BASE(r4, 0x4008af04, &(0x7f0000000280)=&(0x7f0000000240)) 01:56:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000040000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 753.045878] input: syz0 as /devices/virtual/input/input380 [ 753.084575] attempt to access beyond end of device [ 753.095230] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 753.095230] [ 753.108723] loop2: rw=0, want=184, limit=178 [ 753.113445] metapage_read_end_io: I/O error 01:56:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) set_thread_area(&(0x7f0000000000)={0x80000000, 0x0, 0xffffffffffffabff, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1}) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) prctl$PR_MCE_KILL(0x21, 0x0, 0x0) syz_mount_image$hfs(&(0x7f0000000040)='hfs\x00', &(0x7f0000000180)='./file0\x00', 0x10000, 0x1, &(0x7f0000000140)=[{&(0x7f00000000c0)="51f6a906b090943b2153e53d101071d0622be6e979fe1e3a5324e5cca26ca4df2e13781ec317788c658cfb7f833563559fce685ea9bdf29a40181df1f5b770bf79abb2636afc4faa6d5b629ce053dc3991861d5bbc8ca0236d64bb767fce57cf0f81c9eade", 0x65, 0x401}], 0x890040, &(0x7f0000000200)={[{@file_umask={'file_umask', 0x3d, 0x7ffd}}, {@session={'session', 0x3d, 0x3579}}, {@session={'session'}}], [{@rootcontext={'rootcontext', 0x3d, 'sysadm_u'}}, {@mask={'mask', 0x3d, 'MAY_APPEND'}}]}) 01:56:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000060000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x23000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 753.268236] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 753.268236] [ 753.285631] attempt to access beyond end of device [ 753.293638] loop2: rw=0, want=184, limit=178 [ 753.312588] metapage_read_end_io: I/O error [ 753.331795] input: syz0 as /devices/virtual/input/input382 01:56:16 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46450010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x10, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$kcm(0x29, 0x2, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$netlink_NETLINK_RX_RING(r2, 0x10e, 0x6, &(0x7f00000000c0)={0x1, 0xcb4, 0x8001, 0x8}, 0x10) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x8914, &(0x7f0000000900)='wlan1\x00\x1b\x1a\xec\xd8n\xff\xc3\x87\xe2\xa3\x80\x8a\xb2\xd9\xa8L\x06\xb5\x12\x03F\xd9\x1f\x8a\xcc\xba\\\xceYF2C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84]\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8o\aArYZ\xe1\xc9\x86\xfe\x8f(\xa1\vhb\x18\xf3\xe3\xa1\xd2\x93*h\xd7\xa2F\x88\xd57\xb2\xc8\x8cS\xe8:H}\x91\x91\xcc\xa7Y\xcbkK\xf0\xfe\x9e\xd5\xa1\x1e\x99~\x9d3\xd2?\b\xbfU\xe8\x8b\x93\xea`\x00\x80\x00\x00V\xbf!\xb7\xe9\x11\r\xbd\xa3\xc6-t\x9c;\x9as\x86\xe7\xbd\xb0\xd5\";\xecuP\"\xebrV\x88\xca\x18\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x98\xe8\xc6\xc3\nE\x91\xff\xd8E$\xc4As\x80\xdbt\x0e\xe21_v1\xd8,\xa4\x7fD\x94\xe8?\xf8\xcd[1\xb2U,\xc8w0|E\x00\x88IoQpH\xa0\xe8\xf0\x7f\xbd\xbcs;\xc9\xd2\x19oS\xac\xc6\x9b`:6\xc9DS\x13\xfb\xddw\nK\x19\xfa\x99\xc6~\x044\xa3+)\xef@Lr\xed\x85\xf3\xe8#\xa4\x84\xe9W8\xd6\x80\x95\xba.?+O\xbe[&\x87\xe1\xc5\xd7C\xa1\xde\xa4\b*w\xdc]\x92\xce\xe6BNFj;\xd7 \xfb\f\xeb\xb1\xb8\x86x\x19\xa0\xc4\xd3^W\xb7\x10\x18\xba\xcc\xabJ\xdfYB\"\x96\rny3\xe9\xec\xdf\xc4\xae\xfaM\xa2k\xd8X\xe6hQ\t\x93\xc1\xfd\xb7\xa4\x04W\xa0n\xff') ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000000)={0x8, 0x101, 0x8, 0x20, 0xa81c}) write$vhost_msg_v2(r2, &(0x7f0000000200)={0x2, 0x0, {&(0x7f0000000100)=""/85, 0x55, &(0x7f0000000180)=""/94, 0x3, 0x4}}, 0x48) getsockopt$PNPIPE_INITSTATE(0xffffffffffffffff, 0x113, 0x4, &(0x7f0000000040), &(0x7f0000000080)=0x4) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) [ 753.432452] input: syz0 as /devices/virtual/input/input383 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@pppoe={0x18, 0x0, {0x4, @multicast, 'netpci0\x00'}}, 0x80, 0x0}, 0x0) ioctl$F2FS_IOC_GARBAGE_COLLECT(r0, 0x4004f506, &(0x7f0000000000)=0x1) 01:56:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:16 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 753.573588] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 753.573588] [ 753.584696] attempt to access beyond end of device [ 753.590048] loop2: rw=0, want=184, limit=178 [ 753.604537] metapage_read_end_io: I/O error 01:56:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000070000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$EVIOCGEFFECTS(0xffffffffffffffff, 0x80044584, &(0x7f0000000000)=""/102) [ 753.637701] input: syz0 as /devices/virtual/input/input384 [ 753.689537] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 753.689537] [ 753.709592] attempt to access beyond end of device 01:56:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 753.730616] loop2: rw=0, want=184, limit=178 [ 753.731179] input: syz0 as /devices/virtual/input/input385 [ 753.747447] metapage_read_end_io: I/O error 01:56:16 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) 01:56:16 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46451010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 0: sendmsg$NFT_MSG_GETRULE(0xffffffffffffffff, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x20, 0x7, 0xa, 0x101, 0x0, 0x0, {0xb, 0x0, 0xa}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x4}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x40000) r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x60ec0, 0x0) sendmsg$IPSET_CMD_RENAME(r1, &(0x7f0000000280)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20001004}, 0xc, &(0x7f0000000240)={&(0x7f00000001c0)={0x44, 0x5, 0x6, 0x801, 0x0, 0x0, {0x5, 0x0, 0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz2\x00'}, @IPSET_ATTR_SETNAME2={0x9, 0x3, 'syz1\x00'}]}, 0x44}}, 0xaa62692751164dba) setsockopt$bt_BT_FLUSHABLE(0xffffffffffffffff, 0x112, 0x8, &(0x7f0000000100)=0x3, 0x4) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000340)='/dev/nvme-fabrics\x00', 0x100, 0x0) ioctl$TIOCL_BLANKSCREEN(r2, 0x541c, &(0x7f0000000380)) [ 753.864816] input: syz0 as /devices/virtual/input/input386 [ 753.881884] input: syz0 as /devices/virtual/input/input387 01:56:16 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x16, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000080000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:16 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:16 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x40000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 753.997424] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 753.997424] [ 754.069842] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 754.069842] [ 754.090220] input: syz0 as /devices/virtual/input/input388 01:56:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000300001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46452010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r2 = signalfd4(r1, &(0x7f00000000c0), 0x8, 0x80000) perf_event_open$cgroup(&(0x7f0000000000)={0x5, 0x70, 0x99, 0xfe, 0xfc, 0x4, 0x0, 0xc51e, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x7, 0x1, @perf_config_ext={0xf48, 0x735}, 0x100, 0x800, 0x9, 0x1, 0x9, 0x3f, 0x200}, r2, 0xb, 0xffffffffffffffff, 0x1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$inet_udp_int(r3, 0x11, 0x65, &(0x7f0000000280)=0x5, 0x4) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$LOOP_CHANGE_FD(0xffffffffffffffff, 0x4c06, r1) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r4, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$EXT4_IOC_GROUP_ADD(r2, 0x40286608, &(0x7f0000000340)={0xf99, 0x8, 0x8, 0x3, 0x1ff, 0xb7bb}) r5 = shmget$private(0x0, 0x3000, 0x20, &(0x7f0000ffd000/0x3000)=nil) shmctl$SHM_STAT(r5, 0xd, &(0x7f00000001c0)=""/161) shmat(r5, &(0x7f0000ffd000/0x1000)=nil, 0x2000) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r4, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x50, 0x0, 0x20, 0x70bd2b, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_COOKIE={0xc, 0x58, 0x1b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x7a}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6b}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x5}, @NL80211_ATTR_COOKIE={0xc, 0x58, 0x6e}]}, 0x50}, 0x1, 0x0, 0x0, 0x4080}, 0xc5) [ 754.148046] attempt to access beyond end of device [ 754.164794] input: syz0 as /devices/virtual/input/input389 [ 754.181876] loop2: rw=0, want=184, limit=178 [ 754.225636] metapage_read_end_io: I/O error 01:56:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:17 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46451010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 754.329018] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 754.329018] [ 754.356116] attempt to access beyond end of device [ 754.361237] loop2: rw=0, want=184, limit=178 01:56:17 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x48000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 754.392971] metapage_read_end_io: I/O error 01:56:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000600001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x23, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 754.418905] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 754.418905] 01:56:17 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46443010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46453010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 754.495845] input: syz0 as /devices/virtual/input/input390 01:56:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:17 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4c000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000700001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 754.667888] attempt to access beyond end of device [ 754.698504] loop2: rw=0, want=184, limit=178 [ 754.708430] metapage_read_end_io: I/O error 01:56:17 executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) sendmsg(r0, &(0x7f0000003a00)={&(0x7f00000002c0)=@hci={0x1f, 0x4788, 0x2}, 0x80, 0x0}, 0xe00000000000000) [ 754.717201] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 754.717201] 01:56:17 executing program 0: remap_file_pages(&(0x7f0000009000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x40) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x6, 0x2172, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000005000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000003000/0x1000)=nil) socket$nl_route(0x10, 0x3, 0x0) setrlimit(0x3, &(0x7f0000000080)) setsockopt$inet6_mtu(0xffffffffffffffff, 0x29, 0x17, 0x0, 0x0) r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r1 = socket$inet_icmp(0x2, 0x2, 0x1) getsockopt$inet_mreq(r1, 0x0, 0x23, &(0x7f0000000140)={@local, @initdev}, &(0x7f0000000180)=0x8) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) sendto$inet(r2, &(0x7f0000000000)="4a8954", 0x3, 0x800, &(0x7f0000000100)={0x2, 0x4e21, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) fcntl$setstatus(r0, 0x4, 0x4002) io_setup(0xb, &(0x7f0000000040)=0x0) setsockopt$sock_void(r0, 0x1, 0x1b, 0x0, 0x0) io_submit(r3, 0xf10, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x200a00}]) inotify_init() [ 754.769806] input: syz0 as /devices/virtual/input/input392 [ 754.793421] input: syz0 as /devices/virtual/input/input393 [ 754.854745] attempt to access beyond end of device [ 754.859756] loop2: rw=0, want=184, limit=178 [ 754.879512] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 754.879512] 01:56:17 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:17 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000003f00001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 754.921974] metapage_read_end_io: I/O error 01:56:18 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x48, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 755.001276] input: syz0 as /devices/virtual/input/input394 01:56:18 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46454010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 755.051993] input: syz0 as /devices/virtual/input/input395 01:56:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x2f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:18 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x63b4c0f0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:18 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000c06501001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 755.230475] attempt to access beyond end of device [ 755.264767] loop2: rw=0, want=184, limit=178 [ 755.287288] metapage_read_end_io: I/O error [ 755.316526] input: syz0 as /devices/virtual/input/input396 [ 755.400053] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 755.400053] [ 755.411741] attempt to access beyond end of device 01:56:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x300, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 755.441674] loop2: rw=0, want=184, limit=178 01:56:18 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000011000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 755.481339] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 755.481339] [ 755.487995] metapage_read_end_io: I/O error 01:56:18 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46455010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 755.586129] input: syz0 as /devices/virtual/input/input398 01:56:18 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4c, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 755.691049] input: syz0 as /devices/virtual/input/input399 [ 755.818667] attempt to access beyond end of device [ 755.820723] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 755.820723] [ 755.824303] loop2: rw=0, want=184, limit=178 [ 755.837843] metapage_read_end_io: I/O error 01:56:18 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46453010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:18 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x68000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:18 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000021000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:18 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 755.937299] attempt to access beyond end of device [ 755.938369] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 755.938369] [ 755.945923] loop2: rw=0, want=184, limit=178 [ 755.982096] metapage_read_end_io: I/O error [ 755.995128] input: syz0 as /devices/virtual/input/input400 01:56:19 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46456010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000031000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 756.027081] input: syz0 as /devices/virtual/input/input401 01:56:19 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c29, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r0, 0x0, r1) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$TCSETSF(r3, 0x5404, &(0x7f0000000180)={0x9, 0xffffffff, 0x5, 0xffff, 0x2, "209a86dbcce4cca1de99ab20230d72fd92fe92"}) setsockopt$IPT_SO_SET_REPLACE(r2, 0x0, 0x40, &(0x7f0000000380)=ANY=[@ANYBLOB="726177000000000000000000000000000000000000000000000000008000000008f80000030000003003000098020000000000000000000000000000000000009802000098020000a10200009802000098020000030080000000000000000000ffffffffe00000010000000000000000e4000000010000000000bd00000000007465616d5f736c6176655f310000000000000000000000000000000000c100000000000000000000000000000000000000000000f3000000c001080200000000000000000000000000000000000000005001686173686c696d6974000000000000000000000000000000000000000002726f736530000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000021000000000000000000000000000000000000000000000000000000000000d5ee0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000030000000700000000000000000000000000000048004354000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000004000000000000000000000000000000700090000000004b0700000800000000000000000000000020004e4f545241434b0000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000007000980000000000000000000000000000000000000000002800000000000000000000000000000000000000000000000000000000000000feffffff"], 0x1) perf_event_open(&(0x7f0000000040)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x5, 0xffffffffffffff81}, 0x800, 0x36db}, 0x0, 0x2, 0xffffffffffffffff, 0x0) connect$vsock_stream(0xffffffffffffffff, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x5f) connect$vsock_stream(0xffffffffffffffff, 0x0, 0x0) r4 = socket$inet6(0xa, 0x802, 0x88) connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0x1c) r5 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000200)='/dev/autofs\x00', 0x100, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r5, 0x89f0, &(0x7f0000000300)={'gretap0\x00', &(0x7f00000000c0)={'erspan0\x00', 0x0, 0x8000, 0x8, 0x3, 0x0, {{0x10, 0x4, 0x2, 0x3, 0x40, 0x65, 0x0, 0x3, 0x29, 0x0, @loopback, @remote, {[@rr={0x7, 0xb, 0x1a, [@dev={0xac, 0x14, 0x14, 0x2c}, @multicast1]}, @end, @cipso={0x86, 0x1f, 0x2, [{0x2, 0x3, "fb"}, {0x5, 0x9, "bc95f2c3b06777"}, {0x6, 0x2}, {0x5, 0xb, "0e4ef0d748f317c446"}]}]}}}}}) connect$inet6(r4, &(0x7f0000000140)={0xa, 0x3, 0x0, @ipv4={[], [], @local}}, 0x1c) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x34, &(0x7f00000001c0)=0x7d, 0x4) sendmmsg(r4, &(0x7f0000002cc0), 0x1a3, 0x0) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x4, &(0x7f00000002c0), 0x4) 01:56:19 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x60, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 756.148962] xt_CT: netfilter: NOTRACK target is deprecated, use CT instead or upgrade iptables [ 756.281056] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 756.281056] 01:56:19 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6c000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000041000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 756.357036] attempt to access beyond end of device [ 756.373094] loop2: rw=0, want=184, limit=178 [ 756.380980] metapage_read_end_io: I/O error [ 756.400422] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 756.400422] [ 756.459875] input: syz0 as /devices/virtual/input/input402 [ 756.513420] input: syz0 as /devices/virtual/input/input403 [ 756.594806] attempt to access beyond end of device 01:56:19 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46457010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 756.615032] loop2: rw=0, want=184, limit=178 01:56:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000061000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 756.652675] metapage_read_end_io: I/O error 01:56:19 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x700, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 756.745641] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 756.745641] 01:56:19 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x68, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:19 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x74000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 756.877425] input: syz0 as /devices/virtual/input/input404 [ 756.919093] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 756.919093] 01:56:19 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000071000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:20 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46458010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 757.013757] input: syz0 as /devices/virtual/input/input405 [ 757.046435] attempt to access beyond end of device [ 757.076844] loop2: rw=0, want=184, limit=178 [ 757.118331] metapage_read_end_io: I/O error [ 757.269302] attempt to access beyond end of device [ 757.283518] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 757.283518] [ 757.291895] loop2: rw=0, want=184, limit=178 [ 757.322088] metapage_read_end_io: I/O error [ 757.433642] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 757.433642] 01:56:21 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7a000000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:21 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000081000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:21 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x6c, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:21 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c46459010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 758.626566] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 758.626566] 01:56:21 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$KDSKBMETA(r0, 0x4b63, &(0x7f0000001640)=0x3) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3, &(0x7f0000000040)=0x4, 0x4, 0x4) getsockopt$bt_BT_POWER(0xffffffffffffffff, 0x112, 0x9, &(0x7f0000001440)=0x2, &(0x7f0000001480)=0x1) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$DRM_IOCTL_AGP_BIND(r1, 0x40106436, &(0x7f00000014c0)={0x0, 0xfae}) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="200000004000000003000000300000000f000000000000000200000002000000008000000080000020000000dcf4655fdcf4655f0100030053ef010001000000dbf4655f000000000000000001000000000000000b0000000002", 0x5a, 0x400}, {&(0x7f0000010400)="020000000300000004", 0x9, 0x1000}, {&(0x7f0000012600)="ed41000000100000dbf4655fdcf4655fdcf4655f000000000000040008", 0x1d, 0x4200}], 0x0, &(0x7f0000001500)=ANY=[@ANYBLOB='wZ\x00\x00\x00\x00\x00\x00\x00']) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r3, &(0x7f0000000000)=ANY=[], 0x32600) sendmsg$BATADV_CMD_GET_HARDIF(r3, &(0x7f0000001600)={&(0x7f0000001540)={0x10, 0x0, 0x0, 0x14108008}, 0xc, &(0x7f00000015c0)={&(0x7f0000001580)={0x34, 0x0, 0x108, 0x70bd2b, 0x25dfdbfb, {}, [@BATADV_ATTR_AP_ISOLATION_ENABLED={0x5}, @BATADV_ATTR_GW_BANDWIDTH_UP={0x8, 0x32, 0x6}, @BATADV_ATTR_VLANID={0x6, 0x28, 0x4}, @BATADV_ATTR_GW_SEL_CLASS={0x8, 0x34, 0x1ff}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x4000010) write$cgroup_subtree(r2, &(0x7f0000000000)=ANY=[], 0x32600) r4 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000001900)='/dev/dlm-monitor\x00', 0x440001, 0x0) sendmmsg$sock(r2, &(0x7f0000001f40)=[{{&(0x7f0000000080)=@pptp={0x18, 0x2, {0x2, @loopback}}, 0x80, &(0x7f0000000140)=[{&(0x7f0000000280)="9b0895bff925d42d8e4b6ec42dc527661dcde1e52d26d507d34e2ca7a5e4fc4fec987bd3399db800f67fbac461c1fc32ddbdcdb3ec7959fc44c3ad7207f6ddcb7f8ff7ad56c10563f61b0f3c6e543b5f579046fb666269f60dfeb3df399311d45503edfa9c77ce61c4c3d13d1b415b1a020b895a651ce4e11040547f5c7b6c22688f0c317c5ea601ee87d5c395efb7525212b2c5c68415c73969b854d63c695288f27b22d13fbbadb7db4d64ce83f41a95f400ba22dc98dde2b0248903c41fce01bc7f644fb3976e3043c777f89b144f90d773396c2b7b95bb21f2c409632267ded57d5fec1616ba6e89e00e5ae4", 0xee}, {&(0x7f0000002000)="fa8ae325fd9b1fad6b365f60c2036e6ce5aa381f2cd1c5f43d69911735775159799841687dce5d56f371e45e837efe33eea8f3d8f2f9643ffac2e370f1d367eab2ea141b4ed55343c4167869fcd6c7c5096a7f39b2257b057632e671c1e2ddd2d9db829d88da79c82a4f3c5ab7bb0f67ffed48ee171ff48b09c6f6a14265da83a6340a9664801a7f56a7a30652675de1a0ff7d1c307eb2e1521d9da3e259956dc33c417ee6ff84941fc2ebd3db632c0abec189f4c65238d6edb968a17ce6cad19419bbad7c9174c25ae4562e1ae3294755a17c53c869cc823786b9acb66bae561cc2d91969ed190f0867ea97527ee8a2bc1e9ef2bd9d9fce202710eceac863d651e86604f8371de32649a4c1780c5679b5fbdc91eabdb2dc66c57f3656bec7a3af794f6d8f8ec4197a005eaae3f8e7adab809be3b6a6271e0778008858b8eff184fe865ed30551db17007ca224f9c829d3609e2392c308e336412eb3b7054eeaa4307c35d7eb1dc87b9975c6f1b07ee56798d4a771b669c536ef7c02821dd9dc49e41b6fc41ef343b8b06bda9d925273ff796ea74f65769a3a1b08640385441baf53ecf7752cc3768ec4259481aed825647092028349f6a0a45c31400f3bbabc50ba27ec5ebc5f3789cdf2fcb3513bcdbf8eb5337cdd5538949800978935e635d0b0079838a9790cd6b6e23519d9d33e634e3f37bf6adca0e5ccfcd94ea4d1fa5481e5220784d7088774fe4d563d50555274b9a5bfa5eff8308a1827b593a24b796f1db929c8a06301efc9445524bf832213c90205febf07e1f1f8fabf3288be21e4ecc75e4b614811cc8163aac097c46ee3eb9d748d73dabc255a61d773b5c2b3b7869cbeb270731996a2f0b726713495dd50a8079ddf5a310db1ab3e4309f87ea9015276ce0c5d371a4d00808051c7843dbd0e69285ded059b215cad057c045d1395bc7da2a83ab0b284053aca4a4d852e8c9e1cf13239a97535e6775f81b200e60d1bdcfd1221efe0b7e8fc1ea2baaa99a83e0c534869fd806f35618ed4e202c9251ab3965dacdf379e52fee71787344ecc3717eb8acb2a735ac58eaf47977aa4cc263643fffb63d19fd83c7aaf8fbcde76ab74405ac5c1f0167a33200ee56e0d21363634684add87b9330bdfdaf8ecf6c3e522f54ad7e9ba9c80af047bdc46fb2c32f01e0dc76fcb894b78a7d445ddbfd7a965fd1a826f22b86c2b0d97e8add5e8e4d59271992461e7d26e2eec6bbd9049705a708ed73999ccf8ae7ec921ade54ae037cbb65a5a90b794a325f1b478198cb8f99ded14d537a3a6b87072d5c50b9b9113ba0474ed813e4656762e5065fc37287f8586df7cdf663c0a89b4ef7e0164648a3abaadd31e3b2797f545e94bd58e7fd146c249106be23a06d5faec9fc5086d5dff960019695a0cc8b401d35c7071747f293097c8e89ba1d74202c6da20454263da62198f5008dc7467d4ab080da64f702ce4a4589411ae13f737ff49e4cad568d477e492b3eccacb6feece7424419e148c6cfce2de1f4368f214aba9f48ffc8f9b02218eccefb55a8342de2a8532ec9dccbff2936ba5d7f049a229c7c2e1df2d3c05a2f66e6f0ea97c63e95c667aa88ac48ba2243d889c66117966dbda4a7339fad390c603dd211d6e01ec3476e850def6d3984b538a77c72ce4129964e1ea045be5ffe1569b4d674f35e1b9b1a9101e8694c19a47e315b90b38e208eb98f5daf0f99f761fd01d627cbd4acccfaa6b026a94ebba84ca796aa0eec3924c28044edda3f9635e6c63bb579c7f295cd47195baec9c9b3ac6081244b85fe7f12cee172864e14a4dedd66b229087f567bf623396140b8ec5367f3bf51ad5921628834d824ed384107d0ecdb6b1e199f223d629b03d756401e94d58a051f098993ff43471394b3381311e2a807949f9752ba6e81a672d95e8917e64a11abd83f7ac69309cc822c33344e1529fd95f073d6d561f8802c6920de8a32fb861d2f77e9db1dcf20e6929dd70947c4009665d9fc06d6983d1bd4a62848d25994b48e761a9d86eebbe4263d59f031e9c71c1d1700e46e81edd55219ac3c65bfe38e2b6a1957ea28f20b822811a5143a676f673515cf36669c7333942187f9c2c9d6b3017afe137b8c4ef7c72186e9f5b5567dd1f0421a13bf27831060424d32d2d628bc4eee72b9a2fda1ed9811c7e40951d5c1f1aac749d08e0c0b089f85f20110f895acc4a9ced43e72ac9ecce7580df65aa2195f9c90fcb5e3f674a84e3c8a251a7a16080d5c0b057debf0eb1015a74ae61090ebf1e65090133cf2208612d46546a3eb78f804a33f67d9dc506e6394d22ca2a471c96144121b7d5e257d9899f2343d213d62a976c947a7ed7b4121e86d6f6381cb13d49eff0474920d98691ebb25aec9b4f096ba55f893a18de11687776ce1a4d46a52ede52ae08ad8f4dc1c53884b34f3b83edc0d4c390a86d43bee8944930491f422d3245f5aa1e8062bd0d51d1bec495ed3af98e37176435ed9d18d2e218678dd80b51104307e9df9a846defcbbe0a087c873bd3cfcc546c74080ee61334d50c6ec05bc92201ef3b27b7239e09f514f49d6e3d7e0090ceec741c6bdede33c5ceb431d9fe6bf443566e634471b1d325e3d76d092fbdabcb05dc8047ccae7b13f53bc25c4c92a5c820f6bab95c9f8ef825e78247534e21a58e2bf2b53cbc2aa1eb259455c1bcb41c00fb000edf38f3ae949ee4e7c63135e3af0e8b6b381667a93d86680dd09664cc3054640e1f6f362d51237795227178674b59ffdae5288592836a70993b481bb87d802b26fb6d7a847ee36d51a185f3eaff2e2720cd76f2096fc385b452e1ac33d825a591df13e6e1261151965b23663f9ac16c236af1912b2d19bef743f0bba58ace38e600338bf1d679974eb4e5e20b087c0c463f60da05f2275add5c6d9293b06aacebc488a8b3779c8e797d4b3d5332e29eae97f065e87b5d64a176c1180f6a1812879bf68e15fd87782155708362e3b2c4ca2190b6f5c71fc9e53a36c1d09f3209e3d3919c623f906b9c7b2513c147618cd8157bb93a6cc3f0630804d81904af3d013e9688743dd8687b808ba8829181da65b900ceec78a36a43262d7bbac777b1dc12da76e77ffd37bfec90a515cd8ac81270287ef54cb72c78c9f29481c878a0544524e01412ce9d6717d80d219eb6cd4ef125b5961a92248e0977684ac389cd4a64a08ac83407301a2fd1b96046f6ac7b871830981f6f0042dea54340c52bad1e7d578ce13499be1e807d099ab6f346aeb41a81d2960458e9fdbd927258ca4145caf3b01588e0e82ea1ed16ffd66f534134f5d1c8f5a4ced36e2869beb5f0eff07f55b5fbd5b557f2d98d254efd0831e469b45d1cee09d889645d5a63fd6720b496e09bbf724f5a9cb4078b2d44a841eff70766a9d0ffeb35bf7c144ee8fe852ae10a8faed7db006e6398d3c48e211b1be0715c56286fb267e674cffef1f5c64c178c26b1c3e5ad9900d2f9819648bf7d8a8eee6c23415a83519158c60c884424b2fe20a4ddcffe80c7ea9723acbb2ddd106fc5cb39a7245f23cbf50e1c9ec5ad86e4d34935ff7aeabf3f5b17594ff40660cb49c74f9c1401b1949de9b4ab05cbebbe4681bb960523b3560c8f99c506934702e9104ca433f9669b36861be119411c2e9effb50356fa6ff0a792a07fea0fbcbcfd1fd90e943a104d21ee257c0033551ad6f8d9473b2af6d567037f21135ae11180e21494ac9ae39433b01d36ee3118f4a5339585578d6e476863df09ae5f1470e58de7cc2cb609479a3b98f1930577a0badd455f786880fccf473087ad1d1a47f20a0c3c7c772f7ca83ddda1a8b6116e875adda19008d76ad6b2b1b6bfe7ddce81eed08ccae7cfc2a299b49f2c920e26f02dfc8eded5a964529f2898605a9f6c398d67cd320685a0049cd2e9bc6b7398e303a4a222a4eacb4e8790f7047eae54d14bed9f42a1183bf9228f0a2b07e0d7b3c8c5875c009156aa6b747dbe75f469b39239e70fce1548d7d5073a194bb72817fcdfe90b4ad274bcd43de82f0b67d1c4b992da926071d73b6b1b6eca4faf478531260a28c40cc9ad67e5d2f7884b85b2f668da8919cf3a152c2f2d4090b16ef3b47cd3b22d18ed2fe9a363e5a24c9ac73b38ee6e544a00b9c02d214f7853c4866e6dcffbcda31f4771abeb33c8fa4968b0821433e791eaba853720772d72cf42c8c0632f560555caa6450e85126a6f8a7563b62af56532ced31ad16b56c8788df43d2a287fee5af0e741f58e239a74d0c12de7c39e51beb23b9eadc242642f1a1168673b969f586492bded059dddd0ef0b7256090918b9ca407c56441b0bd40694319a38437312bc8f6b4e88b695ce43d60a1f0bad91ea1db6f3b8a27073140e90613768d7b9ad6b849035172aba7cf350a303482f16c883d9730296b6ef3b1bf9b80dc5529fccee94ba10752b1bf90ed5ce3b0bd958a9b36213ea9ee34692076e8c6dfe3d70dccaaff235c088939b7f3f59afcd19c94f734acabda501d0eb9a7c3f8fe8dd45f2935a4018300c3550e4607c020a0b1ac40d6dedac1e89e3d14242f7bd3f29bdf8ee3aa64b7a593ef3b2565c6dfe12ea3806e7dc333f9e0710a320fabb43983dcd95aeddc8317fc7ae0574c069e131c7899688d9d5fb06c355521521a650449a2106e3c24bcbdd89573a264de5df6b134895413366a4170b642acdad035fe174ef6c7bf73c3e21e98dc2d621fc82080516ab702e97e196dd86fc3f64e9f4b412e38a454f541242dcada2755e943eed77bd493e6e4da18bc39d7f98f3c6a833fb644f13d17881440bc1870898fbaedd8e98ef7d9fe6175502cec2d45c2b3b9d30021427e0d160924dfa2540559c3c138548b1d1ea0c8077b0aa975e2965fa9f8e8624b033fac90dd395a42c57d2ef59b4805eaec90a67e053ba820b6aa5c616d5c82cf33fe5346a0e96c7aa1c81d70f64d3251d68e7db2cc732a82f290f9a16001a21a94bc1d68b38ce4cdc0f69108e99f78ec3cf2d4184444d1c7344bb3784510ffa42740c9df6502c06d42a548ee12e55a73e0339783eaccb1ffa897c3be4c0ddeedb4fb9780f8696da8e83d7f9c41442c3864d6293069a77810001497b7162f5fdec66bdba7c0bad48292628884673c51e28f312967771f7be0add9a2bde45dc4f072c73ea7e5bb2a9f2effcd0c0ecc5a5cc6a15938d191155b8a2d13e22ef4b285bcc279cad2445a4ccf367d8cc874db907e08241d4a75b8a8677bd73f5c1f1cc420702363bf4a4fb3b6172941067116097b3c9b1b848ee8e5d391c248e26a31419bf3e3583d962905046767e1fbf892b3fdddec87bfc150454181bbe48eb2e831753296f6fc8467202dff62864667364ec67f1c3a676d24b8c6bf74755802c51cfdb003976d429ad99754ec752495e7ce8ee939580c7936efe926a7e4bd91c904d897d92b7315f227c67878f261cc7c5cb0f8f577f2029b7d44ac7703792a9f0a04e7ee15ab5a0ec4269e27b43faf97ed6c261c47ed25dc369d0766c226879a8e174beef20cfab1e0bf0bc053e26db1e836dd08af5e3867f56f64ede44b058419c09a8377d1bdbe877b425d943389bbb56f2aebd7a33208409b6e71cebb01193085cf3c41e8149d1e91bb6abebb20a2f3b8fa88df9d9743cee0109a58f75b725310f350dbc7acff62758e8fab3271621b4ffd69437519b36ec7b8213af21d3b10b103e701575225559f0552e43909d006d23d4a11f195fa49b67d996b6eb8a2497e630fe973c1bffa25e5b51fbd6dfdb1bd943e08c31", 0x1000}], 0x2}}, {{&(0x7f0000000180)=@l2tp={0x2, 0x0, @empty, 0x1}, 0x80, &(0x7f00000013c0)=[{&(0x7f0000001380)="8b7f6979e21fff3af83564aa5aeada8e4c8b029e8f403e70118de51a904e6c05c63e5a55092e206cc0ce8f0226a7d21330fea167cc52f53bf2e3605715", 0x3d}], 0xc, &(0x7f0000001400)=[@mark={{0x14, 0x1, 0x24, 0x80000001}}], 0x18}}, {{&(0x7f0000001940)=@pppol2tp={0x18, 0x1, {0x0, r4, {0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x13}}, 0x2, 0x3, 0x2, 0x3}}, 0x80, &(0x7f0000001e80)=[{&(0x7f00000019c0)="cf8799f9960ae9fe4f71eddb9c84b87df6682954544e9afddbdb918d5112187100a9cd17644aef345de0076f5a0f95c4159b060dfce9fec84c21d86097e94685cb7838bf83e9779febf89a590fc6b9eec1a77b8ebd5b242646b52f9a969efab91ae356a63db26411a2168d22a5d472a05cdc6d42b4670403a52ad802518c916399f871bd85b0d53680ef48c00706d750556b887fc5f3b12bcedd2a8678e01fa819d7c3573baa31b7085d4029ada42efb0e6b0d2f1852bd8de1e1c5fd9465003a43925fca9e26a49c78142e0de0f6", 0xce}, {&(0x7f0000001ac0)="df46cc3c739136b70b4a84d92cfc25eae51b219e61960958b0ae450a1339e1334b446b8885bbcce5857f2c39700a702bd95d7ac9167beb97b78d387e20de02b7463cbfd2da4285baa6639b9817b8d901ff1f11713fffac90e337855270936242e9c483c34ffdfa64986fb0fd53e90900039c10b38c5fb5ed7e310d6e5463157cf2d021b936118dc09ff871ee47175524ae23fda16d7df8d751c56d0bac141c0f74d4abd5814202120f3a61c3c4edd244f74446d96b538e283d100900e8c8ac623b56cc0e8186b4119bc98ba093372d856eaac5e4620e267d8baa4d841df7aee6", 0xe0}, {&(0x7f0000001bc0)="d01ec930f10192a5d3078f08895af710cea893fbfef26fab1825b46c400ad0ba1fa755c50838e2be0f079e3685", 0x2d}, {&(0x7f0000001c00)="3409c68671aaefaadceed6d557d8a2797939daa5c103cb9c42a6ff2888dbd3700c4fa2d18253c2650d4afcc8852e074c8dbc9defca26b629e750157bdea1076c550f13780ddcbb11c6613e3424ac315e3f01f0cee717fe2af08886d2b7f16c0b18b416000cc047ead7e7ff6c702cef6ddb45e279397dc5d5cf9423339d16ec672ba33460ffae7a95f5a7c40dbe4e03784c3c6a58d468df177f231d14c5dd8c38f6c4b6a0e21a7f94715888026d4b054130d7339fb0009ea8f2476e93259bfadab6862071adacf5d9515a81f9d501fc6820088854dbad2540ec7ed712923d4b94df35306b477e23", 0xe7}, {&(0x7f0000001d00)="a8ebe5f79dab77d3ac3826d7f5c037a9884d65b2c7566af5ded5b550f9e9c4e657f4a20e90a3dbe53594639c30688bfb97f0ac1a30de24abf0e302022d784070a10d94960bec", 0x46}, {&(0x7f0000001d80)="84b2485056cb0e85405ae4f9a57332581604f83396204bc2f65b246e44dfe645cb845760943dc38729193fcdcfc0d50a487e955d083e296ab91efc5cf591d380fc868ced805ae2582b45cda7b98456307931c6b544f6ad97db7ad9d5bf416e28ee07624913acad80c60ddd5f74b74be9fa3b0bee3187138660fe8a604f87f4bf1a3852ca7ce85a628906095bb8cd8f8d211de20d0cfd565ceb86f5bcb410c714e110a51de32068b0a6a7f8fe9ed59d015fa6a11b30ed009be68766e920152237427a82e0e6fc6718ede32a3d7616cb62d47637e0f5a90056eb89bc7e", 0xdc}], 0x6, &(0x7f0000001f00)=[@timestamping={{0x14, 0x1, 0x25, 0x7}}, @mark={{0x14, 0x1, 0x24, 0x41}}], 0x30}}], 0x3, 0x20000000) [ 758.676351] input: syz0 as /devices/virtual/input/input406 01:56:21 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x8cffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:21 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000003f1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 758.742894] attempt to access beyond end of device [ 758.811293] loop2: rw=0, want=184, limit=178 01:56:21 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645a010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 758.859259] metapage_read_end_io: I/O error 01:56:21 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:21 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x74, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:22 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600) ioctl$SNDRV_PCM_IOCTL_HW_PARAMS(r0, 0xc2604111, &(0x7f0000000100)={0x7, [[0x5, 0x800, 0x8, 0xffffcf9c, 0x4, 0x100, 0xffffffff, 0x101], [0x0, 0x3, 0xfffffffa, 0x9, 0x800, 0x5, 0x3, 0x8001], [0x4, 0x3, 0x3, 0x2, 0x9, 0x1, 0x40000000, 0x401]], [], [{0x9, 0x7ff, 0x0, 0x0, 0x1}, {0x1000, 0x1, 0x0, 0x0, 0x1}, {0xfff, 0x3, 0x1, 0x1}, {0x0, 0x6cf5e45, 0x0, 0x1, 0x1, 0x1}, {0x8001, 0x9, 0x0, 0x1}, {0x7, 0x329, 0x0, 0x1}, {0x0, 0x7, 0x1, 0x0, 0x1, 0x1}, {0x9, 0xfffffffa, 0x1, 0x1, 0x1, 0x1}, {0x6, 0x7fff, 0x1, 0x0, 0x1}, {0x1ff, 0x2, 0x0, 0x1}, {0x7, 0x80000001, 0x1, 0x1, 0x0, 0x1}, {0x2, 0x7, 0x1, 0x0, 0x1}], [], 0x2}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$TCSETAF(r1, 0x5408, &(0x7f00000025c0)={0x0, 0xff, 0xffde, 0x21, 0x19, "c8a40aaa29534e8d"}) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000000)=""/242) 01:56:22 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x97ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 759.080398] input: syz0 as /devices/virtual/input/input408 01:56:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000165c01000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 759.121229] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 759.121229] 01:56:22 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645b010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:22 executing program 0: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair(0x9, 0x5, 0x2, &(0x7f0000000140)={0x0, 0x0}) recvmsg$kcm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000380), 0x10000023, &(0x7f00000002c0)=""/77, 0x42e}, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) recvmsg$kcm(r0, &(0x7f0000000200)={&(0x7f0000000040)=@ax25, 0xfe76, &(0x7f0000000000)=[{&(0x7f0000000080)=""/151, 0x4d8b90}], 0x1, &(0x7f00000001c0)=""/4, 0x10036, 0x7301}, 0x3f9c) perf_event_open(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='cgroup.stat\x00', 0x26e1, 0x0) r2 = socket$kcm(0x2, 0x200000000000001, 0x0) socket$kcm(0x29, 0x7, 0x0) r3 = perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0xa) sendmsg$inet(r2, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x200408c4) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002100)={0x0, 0x7, &(0x7f0000001400)=ANY=[@ANYBLOB="1833000002000000000000000000000018000000fbffffc965088cec0000000095b02092ede7ffff000000d48b81268fc057813a9cf9bf46fc232379f57aa4e572b000"], &(0x7f0000000280)='GPL\x00', 0xffffffc0, 0x1000, &(0x7f0000000380)=""/4096, 0x40f00, 0x8, [], 0x0, 0x0, r4, 0x8, &(0x7f00000013c0)={0x5, 0x4}, 0x8, 0x10, &(0x7f0000001fc0)={0x3, 0xa, 0x6, 0x7fffffff}, 0x10}, 0x78) perf_event_open(&(0x7f0000000300)={0x3, 0x70, 0x6, 0x0, 0x0, 0x9, 0x0, 0x2, 0x210, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x401, 0x2, @perf_bp={&(0x7f0000000040), 0x9}, 0x0, 0x0, 0x9, 0x0, 0x2, 0xfff, 0x7}, 0x0, 0x0, r3, 0x0) setsockopt$sock_attach_bpf(r2, 0x1, 0x3e, &(0x7f00000002c0)=r1, 0x4) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)}, 0x24048081) sendmsg$kcm(r2, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001380), 0x0, 0x0, 0x0, 0x40020000}, 0x6d70) [ 759.296546] attempt to access beyond end of device [ 759.302004] loop2: rw=0, want=184, limit=178 [ 759.331143] metapage_read_end_io: I/O error 01:56:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fffffff61000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 759.403249] input: syz0 as /devices/virtual/input/input410 [ 759.456450] attempt to access beyond end of device [ 759.468400] loop2: rw=0, want=184, limit=178 [ 759.491431] metapage_read_end_io: I/O error 01:56:22 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xc0ed0000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 759.570178] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 759.570178] 01:56:22 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x7a, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:22 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x97ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:22 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1500, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fffffdfc1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 759.815964] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 759.815964] 01:56:22 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xe0ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:22 executing program 0: io_setup(0x3, &(0x7f0000000040)=0x0) r1 = syz_open_dev$usbmon(&(0x7f0000000080)='/dev/usbmon#\x00', 0x0, 0x0) io_submit(r0, 0x0, &(0x7f0000000540)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}]) [ 759.871107] input: syz0 as /devices/virtual/input/input412 01:56:22 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fffffdfd1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 759.948248] input: syz0 as /devices/virtual/input/input413 01:56:23 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645c010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 760.030880] attempt to access beyond end of device [ 760.043376] loop2: rw=0, want=184, limit=178 [ 760.062381] metapage_read_end_io: I/O error 01:56:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1600, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:23 executing program 0: perf_event_open(&(0x7f0000000100)={0x1, 0x4c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c4b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29cc, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c831, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vcsu(&(0x7f00000000c0)='/dev/vcsu#\x00', 0x5, 0x8002) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000200)={r0, 0x9, 0x1, 0x7, &(0x7f0000000180)=[0x0, 0x0], 0x2}, 0x20) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, 0x0, 0x20004825) vmsplice(r1, &(0x7f00000001c0)=[{&(0x7f00000002c0)='m', 0x1}], 0x1, 0x0) mbind(&(0x7f0000470000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x1) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFQNL_MSG_VERDICT(r2, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000140)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) shmctl$SHM_INFO(0x0, 0xe, &(0x7f0000000080)=""/26) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000240)={&(0x7f0000a7a000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000939000/0x2000)=nil, &(0x7f0000121000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x2000)=nil, &(0x7f0000061000/0x1000)=nil, &(0x7f000079a000/0x4000)=nil, &(0x7f0000c40000/0x2000)=nil, &(0x7f0000c1b000/0x2000)=nil, &(0x7f0000569000/0x2000)=nil, &(0x7f0000000040)="20e936a9d49c9ffa114eaa8c76e4", 0xe}, 0x64) 01:56:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fffffffe1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 760.207915] attempt to access beyond end of device [ 760.221197] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 760.221197] [ 760.233787] loop2: rw=0, want=184, limit=178 01:56:23 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xf0c0b463, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 760.254980] metapage_read_end_io: I/O error 01:56:23 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x300, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 760.331161] input: syz0 as /devices/virtual/input/input414 [ 760.399698] input: syz0 as /devices/virtual/input/input415 [ 760.443614] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 760.443614] 01:56:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fcfdffff1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:23 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645d010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:23 executing program 0: perf_event_open(&(0x7f0000000180)={0x4, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) recvmsg(0xffffffffffffffff, &(0x7f0000024f80)={0x0, 0x0, 0x0}, 0x12002) bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg(r0, &(0x7f00000001c0)={&(0x7f0000000140)=@l2tp6={0xa, 0x0, 0xfffffffc, @dev={0xfe, 0x80, [0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf]}, 0x1}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000200)="82", 0x1}], 0x1}, 0x4000040) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000feaa"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x78) r2 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000011000)={0x1, 0x0, 0x6d, 0x0, 0x0, 0x1, 0x0, [], 0x0, 0xffffffffffffffff, 0x0, 0xffff8000}, 0x40) r3 = openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$ITER_CREATE(0x21, 0x0, 0x0) ioctl$TUNSETFILTEREBPF(r2, 0x800454e1, &(0x7f0000000040)) ioctl$TUNSETVNETHDRSZ(0xffffffffffffffff, 0x400454d8, 0x0) bpf$LINK_DETACH(0x22, &(0x7f0000000300), 0x4) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r3, &(0x7f0000000280)={0x11, 0x10, 0xfa00, {&(0x7f0000000100)}}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) [ 760.648927] attempt to access beyond end of device 01:56:23 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xf5ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 760.693131] loop2: rw=0, want=184, limit=178 [ 760.712454] input: syz0 as /devices/virtual/input/input416 [ 760.739334] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 760.739334] [ 760.749491] metapage_read_end_io: I/O error [ 760.788747] input: syz0 as /devices/virtual/input/input417 01:56:23 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000fdfdffff1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:23 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xf6ffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:23 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:23 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x500, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 760.901490] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 760.901490] 01:56:23 executing program 0: r0 = open(0x0, 0x80, 0x0) name_to_handle_at(0xffffffffffffffff, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="fb000000e9ffffffda48fbb9cbbafdee284a2ab6c8bd37a642b98c7b0f442c0898d9c5e5bb6243ff58c0c91a7d0a57419641558e4bff94672e657ff48e4be9f4ebd0a476f6b41e33eb4fdd2fb8541ca14140f8972417948116"], 0x0, 0x0) sendmsg$unix(r0, &(0x7f0000000080)={&(0x7f0000000140)=@file={0x1, './bus\x00'}, 0x6e, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x801}, 0x4011) bpf$BPF_PROG_GET_NEXT_ID(0xb, 0x0, 0x0) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x1031fe, 0x0) write$FUSE_NOTIFY_DELETE(r1, &(0x7f0000000200)=ANY=[@ANYRES32, @ANYRESHEX], 0x1f) r2 = getpgid(0x0) perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, r2, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open(&(0x7f0000002000)='./bus\x00', 0x141042, 0x0) ftruncate(r3, 0x2007fff) sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) r4 = socket(0x2, 0x803, 0xff) connect$inet(r4, &(0x7f0000000040)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) r5 = dup(r4) r6 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) write$P9_RUNLINKAT(r5, 0x0, 0x0) sendfile(r4, r6, 0x0, 0x8000fffffffe) creat(&(0x7f0000000100)='./bus\x00', 0x0) 01:56:24 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645e010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 761.051199] input: syz0 as /devices/virtual/input/input418 01:56:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000f6ffffff1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 761.093374] attempt to access beyond end of device 01:56:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x3f00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 761.139503] loop2: rw=0, want=184, limit=178 [ 761.162221] metapage_read_end_io: I/O error 01:56:24 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfbffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000feffffff1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 761.302063] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 761.302063] [ 761.314064] attempt to access beyond end of device [ 761.321949] loop2: rw=0, want=184, limit=178 [ 761.357070] audit: type=1804 audit(1609638984.335:54): pid=25472 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir303882013/syzkaller.cRQQe9/1492/bus" dev="sda1" ino=16808 res=1 [ 761.376193] metapage_read_end_io: I/O error [ 761.398154] input: syz0 as /devices/virtual/input/input420 [ 761.407767] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 761.407767] [ 761.436546] audit: type=1804 audit(1609638984.415:55): pid=25484 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir303882013/syzkaller.cRQQe9/1492/bus" dev="sda1" ino=16808 res=1 [ 761.476644] input: syz0 as /devices/virtual/input/input421 01:56:24 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:24 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x600, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000200001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:24 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c464d0010000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:24 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfcfdffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 761.762542] input: syz0 as /devices/virtual/input/input422 [ 761.865550] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 761.865550] [ 761.879863] input: syz0 as /devices/virtual/input/input423 [ 761.887593] attempt to access beyond end of device 01:56:24 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000300001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 761.931941] loop2: rw=0, want=184, limit=178 [ 761.976153] metapage_read_end_io: I/O error [ 761.991880] audit: type=1804 audit(1609638984.975:56): pid=25449 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir303882013/syzkaller.cRQQe9/1492/bus" dev="sda1" ino=16808 res=1 [ 762.040781] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 762.040781] [ 762.063787] audit: type=1804 audit(1609638985.015:57): pid=25449 uid=0 auid=0 ses=4 subj==unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir303882013/syzkaller.cRQQe9/1492/bus" dev="sda1" ino=16808 res=1 01:56:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:25 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfdfdffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:25 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000600)=ANY=[], 0x32600) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x3f, 0x8000) r3 = socket$alg(0x26, 0x5, 0x0) r4 = getpid() wait4(0x0, 0x0, 0x20000000, 0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000000)=r4) sendmsg$DEVLINK_CMD_SB_GET(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400", @ANYRES16=0x0, @ANYBLOB="00042dbd7000ffdbdf250b0000000e0001006e657464657673696d0000000f0002046e657464657673696d30000008000b00040000000e0001006e657464657673696d0400000f0002006e657464657673696d30000008000b0003000000080001007063690400000000000000303a30303a31302e300000090000000b00ff0300000e00a2006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b0000000100"], 0xd4}, 0x1, 0x0, 0x0, 0x80c0}, 0x20000884) r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ocfs2_control\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000400)={0x0, 0x600, &(0x7f0000000380)=[{&(0x7f0000001c00)={0x14, 0x23, 0xd92800488cb91bd, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x40, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x1e}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) [ 762.151652] attempt to access beyond end of device 01:56:25 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f020000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000400001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 762.194655] loop2: rw=0, want=184, limit=178 [ 762.233108] metapage_read_end_io: I/O error [ 762.260338] input: syz0 as /devices/virtual/input/input424 [ 762.329868] input: syz0 as /devices/virtual/input/input425 01:56:25 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x700, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 762.448487] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 762.448487] 01:56:25 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x3000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:25 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfdffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000600001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 762.624489] attempt to access beyond end of device [ 762.632989] loop2: rw=0, want=184, limit=178 [ 762.666039] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 762.666039] [ 762.705344] metapage_read_end_io: I/O error 01:56:25 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f030000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 762.775851] input: syz0 as /devices/virtual/input/input426 [ 762.857250] attempt to access beyond end of device [ 762.865299] loop2: rw=0, want=184, limit=178 01:56:25 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000700001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:25 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfeffffff, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 762.931763] metapage_read_end_io: I/O error [ 763.028165] input: syz0 as /devices/virtual/input/input427 01:56:26 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x900, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 763.200100] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 763.200100] 01:56:26 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000600)=ANY=[], 0x32600) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x3f, 0x8000) r3 = socket$alg(0x26, 0x5, 0x0) r4 = getpid() wait4(0x0, 0x0, 0x20000000, 0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000000)=r4) sendmsg$DEVLINK_CMD_SB_GET(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400", @ANYRES16=0x0, @ANYBLOB="00042dbd7000ffdbdf250b0000000e0001006e657464657673696d0000000f0002046e657464657673696d30000008000b00040000000e0001006e657464657673696d0400000f0002006e657464657673696d30000008000b0003000000080001007063690400000000000000303a30303a31302e300000090000000b00ff0300000e00a2006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b0000000100"], 0xd4}, 0x1, 0x0, 0x0, 0x80c0}, 0x20000884) r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ocfs2_control\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000400)={0x0, 0x600, &(0x7f0000000380)=[{&(0x7f0000001c00)={0x14, 0x23, 0xd92800488cb91bd, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x40, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x1e}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) 01:56:26 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xff0f0000, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:26 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000800001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 763.351467] input: syz0 as /devices/virtual/input/input428 [ 763.413200] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 763.413200] [ 763.420258] input: syz0 as /devices/virtual/input/input429 [ 763.466244] attempt to access beyond end of device [ 763.493412] loop2: rw=0, want=184, limit=178 [ 763.504342] metapage_read_end_io: I/O error 01:56:26 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f040000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:26 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x5000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:26 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000003001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:26 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffff0300, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 763.734865] attempt to access beyond end of device [ 763.740615] loop2: rw=0, want=184, limit=178 [ 763.774530] metapage_read_end_io: I/O error 01:56:26 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xa00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 763.951268] input: syz0 as /devices/virtual/input/input430 [ 763.969218] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 763.969218] 01:56:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000006001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 764.101099] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 764.101099] 01:56:27 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f050000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:27 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffff1f00, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 764.257008] input: syz0 as /devices/virtual/input/input431 01:56:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000007001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 764.316307] attempt to access beyond end of device [ 764.365138] loop2: rw=0, want=184, limit=178 [ 764.379278] metapage_read_end_io: I/O error 01:56:27 executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x7a05, 0x1700) write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0x43400) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0) write$cgroup_subtree(r1, &(0x7f0000000600)=ANY=[], 0x32600) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x3f, 0x8000) r3 = socket$alg(0x26, 0x5, 0x0) r4 = getpid() wait4(0x0, 0x0, 0x20000000, 0x0) ioctl$sock_FIOSETOWN(r3, 0x8901, &(0x7f0000000000)=r4) sendmsg$DEVLINK_CMD_SB_GET(r2, &(0x7f00000003c0)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x40000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000440)=ANY=[@ANYBLOB="d400", @ANYRES16=0x0, @ANYBLOB="00042dbd7000ffdbdf250b0000000e0001006e657464657673696d0000000f0002046e657464657673696d30000008000b00040000000e0001006e657464657673696d0400000f0002006e657464657673696d30000008000b0003000000080001007063690400000000000000303a30303a31302e300000090000000b00ff0300000e00a2006e657464657673696d0000000f0002006e657464657673696d30000008000b0000000000080001007063690011000200303030303a30303a31302e300000000008000b0000000100"], 0xd4}, 0x1, 0x0, 0x0, 0x80c0}, 0x20000884) r5 = openat$ocfs2_control(0xffffffffffffff9c, &(0x7f0000000540)='/dev/ocfs2_control\x00', 0x0, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r5, 0xc008ae67, 0x0) ioctl$LOOP_CTL_GET_FREE(r0, 0x4c82) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r6, &(0x7f0000000400)={0x0, 0x600, &(0x7f0000000380)=[{&(0x7f0000001c00)={0x14, 0x23, 0xd92800488cb91bd, 0x0, 0x0, "", [@nested={0x4}]}, 0x14}], 0x1}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x40, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x200000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)={0x58, 0x0, 0x0, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8}, @val={0xc, 0x99, {0x6, 0x1e}}}}, [@NL80211_ATTR_MPATH_NEXT_HOP={0xa}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @broadcast}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}, @NL80211_ATTR_MPATH_NEXT_HOP={0xa, 0x1a, @device_b}]}, 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) 01:56:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x6000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 764.476448] attempt to access beyond end of device [ 764.484513] loop2: rw=0, want=184, limit=178 [ 764.500344] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 764.500344] [ 764.519636] input: syz0 as /devices/virtual/input/input432 [ 764.526459] metapage_read_end_io: I/O error 01:56:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a46533101000000607600000000003f001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 764.626756] input: syz0 as /devices/virtual/input/input433 01:56:27 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfc, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:27 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1600, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 764.740377] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 764.740377] 01:56:27 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x7000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:27 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000022300000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:27 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f060000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 764.990307] input: syz0 as /devices/virtual/input/input434 [ 765.031078] input: syz0 as /devices/virtual/input/input435 [ 765.042303] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 765.042303] [ 765.055048] attempt to access beyond end of device [ 765.133150] loop2: rw=0, want=184, limit=178 01:56:28 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000002001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x11000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:28 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffdfd, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 765.155216] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 765.155216] [ 765.193094] metapage_read_end_io: I/O error 01:56:28 executing program 0: perf_event_open(&(0x7f0000000380)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x10}}, 0x0, 0xffffffbfffffffff, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) clone(0xec02a100, 0x0, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000000)='nl80211\x00') ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f00000000c0)={0x5, 0xff, 0x800, 0x9, 0x3}) r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x11d) fdatasync(r0) r1 = openat$bsg(0xffffff9c, 0x0, 0x2000c0, 0x0) syz_open_dev$vcsa(&(0x7f0000000140)='/dev/vcsa#\x00', 0x4, 0x102) ioctl$KVM_GET_IRQCHIP(r1, 0xc208ae62, 0x0) r2 = memfd_create(&(0x7f0000000340), 0x0) ftruncate(r2, 0x0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xa601, 0x2012, 0xffffffffffffffff, 0x9ba8e000) ioctl$FS_IOC_GETVERSION(r2, 0x80047601, 0x0) rt_sigsuspend(&(0x7f0000000040), 0x8) r3 = openat$cgroup_type(0xffffffffffffffff, 0x0, 0x2, 0x0) r4 = fcntl$dupfd(r2, 0x0, r3) ioctl$HDIO_GETGEO(r4, 0x301, &(0x7f0000000100)) openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCGSERIAL(0xffffffffffffffff, 0x541e, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 01:56:28 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f070000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:28 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1f00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) [ 765.330644] input: syz0 as /devices/virtual/input/input436 01:56:28 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000003001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 765.403573] input: syz0 as /devices/virtual/input/input437 [ 765.459035] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 765.459035] [ 765.464276] IPVS: ftp: loaded support on port[0] = 21 01:56:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x12000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 765.515811] attempt to access beyond end of device [ 765.522530] loop2: rw=0, want=184, limit=178 [ 765.550717] metapage_read_end_io: I/O error [ 765.640881] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 765.640881] 01:56:28 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000004001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:28 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffff7f, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 765.699024] attempt to access beyond end of device [ 765.719091] input: syz0 as /devices/virtual/input/input438 [ 765.742354] loop2: rw=0, want=184, limit=178 [ 765.747600] metapage_read_end_io: I/O error 01:56:28 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f080000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 765.787676] IPVS: ftp: loaded support on port[0] = 21 [ 765.805747] input: syz0 as /devices/virtual/input/input439 01:56:28 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:28 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x14000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:28 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x1f00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:28 executing program 0: r0 = socket$netlink(0x10, 0x3, 0xbedf1af851a370be) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) r3 = getpgid(0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f00000000c0)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)=@setlink={0x40, 0x13, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_NET_NS_PID={0x8, 0x13, r3}, @IFLA_LINK={0x8}, @IFLA_MASTER={0x8, 0xa, r4}, @IFLA_PROMISCUITY={0x8, 0x1e, 0x10001}]}, 0x40}}, 0x0) openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000080)='/proc/asound/card2/oss_mixer\x00', 0x43, 0x0) [ 765.962670] input: syz0 as /devices/virtual/input/input440 01:56:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000006001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 766.016857] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 766.016857] [ 766.036087] input: syz0 as /devices/virtual/input/input441 01:56:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x15000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 766.111348] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 766.111348] 01:56:29 executing program 0: r0 = gettid() r1 = creat(&(0x7f0000000280)='./file0\x00', 0x3) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000480)=ANY=[@ANYBLOB="7f40124c505fbdbc7fded2ab9d129244a7ec7024946ca002bbc862147ba603244c3d74f0d6dce2ea27888e01675a95938ac0d40685351025be1bc9ec9ea9698b31bc37ffe1a63f584a8c3d6647cd9bdeb23f5e5e7b8e654ea908da36773b74e1604bd935da5c46eadde1a392981d38fb6af7b8ef4f3e9e2e681835d7348ad8e9baf0a6d7a14ce8d667f423b33b009ad0bdb213edfc8d7337bd8f73f1fe8bb675f16ac3c7d0d7a8ce156d295e2734717de35b7572822173f48b12a2d4fac7a2f5968ea67dd9aa3f8a86f374153467bb4b00bf632cfe763cf186da595734d6e779eaaf050d0382e0b61c"], 0x191) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x5}, 0x0, 0x6, 0x9, 0x0, 0x8000000, 0xfffffffc}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$trusted_overlay_nlink(0x0, &(0x7f00000001c0)='trusted.overlay.nlink\x00', 0x0, 0x0, 0x0) close(r1) setxattr$security_capability(&(0x7f0000000140)='./file0\x00', &(0x7f00000000c0)='security.capability\x00', &(0x7f00000002c0)=@v2={0x2000000, [{0x0, 0x100}, {0xfffffffc, 0xfffffffe}]}, 0x14, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) msgget(0x2, 0x0) syz_open_dev$vcsa(&(0x7f0000000100)='/dev/vcsa#\x00', 0xea, 0x10000) socket$nl_route(0x10, 0x3, 0x40000000) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[], 0x32600) setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000000)=0x20002, 0x4) ioctl$DRM_IOCTL_AGP_INFO(0xffffffffffffffff, 0x80386433, &(0x7f00000003c0)=""/134) ioctl$TCSETS(0xffffffffffffffff, 0x5402, &(0x7f0000000240)={0x7ac, 0x1f, 0x1c000000, 0xeb7, 0x13, "c8532ff5c51bc4a17c1c92754f799f8bcbe4ba"}) read$FUSE(0xffffffffffffffff, &(0x7f00000021c0)={0x2020}, 0x2020) openat$dir(0xffffffffffffff9c, 0x0, 0x4200, 0x166) 01:56:29 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffff8c, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 766.217837] attempt to access beyond end of device 01:56:29 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f090000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 766.241671] loop2: rw=0, want=184, limit=178 [ 766.260766] metapage_read_end_io: I/O error [ 766.276894] input: syz0 as /devices/virtual/input/input442 01:56:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000007001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 766.315017] input: syz0 as /devices/virtual/input/input443 [ 766.378679] attempt to access beyond end of device [ 766.396748] loop2: rw=0, want=184, limit=178 [ 766.430365] metapage_read_end_io: I/O error 01:56:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x16000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 766.464566] ptrace attach of "/root/syz-executor.0"[26005] was attempted by "/root/syz-executor.0"[26014] 01:56:29 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffff97, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 766.512243] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 766.512243] 01:56:29 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x2300, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:29 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000008001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:29 executing program 0: unshare(0x40000000) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x4001fc) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000080)=0xe) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x2, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xa) sendmsg$nl_route(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r5, @ANYBLOB="0000000000000000280012000c000100766574682c4157d920c48c488fca8e459cd24ea811d09a624d8015ade22e4e2e0127d81ffad1b9c5c5ae4e65a2040c4ea716cb8caf685d6ece0de998cd7f7f3b1e1e38564039be8a8b10017a7c5638440741272a49dff6402c34179ade209c82699344ece13a1d5cfab8e4d651c7859fdd0219037604100291a820b94829733bb0b9226f02672ae10480110fd9e4bd047a735d9c88554703e81257fe890607ac685e2a238d1b7b7f5ed7e1b8bae7bcfff3effff9db68b67b90066de3ed062fa4d2048ee0c7"], 0x48}}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x20000000000001bb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, [], r5, 0x13, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff}, 0x78) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ppp\x00', 0x0, 0x0) ioctl$EVIOCGPROP(r6, 0x40047438, &(0x7f0000000180)=""/246) bind$phonet(r1, &(0x7f0000000000)={0x23, 0x5, 0x7, 0x5}, 0x10) ioctl$PPPIOCSFLAGS1(r6, 0x80047453, 0x0) [ 766.637815] input: syz0 as /devices/virtual/input/input444 [ 766.670710] input: syz0 as /devices/virtual/input/input445 [ 766.689439] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 766.689439] 01:56:29 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x1f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 766.782701] IPVS: ftp: loaded support on port[0] = 21 01:56:29 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f0c0000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 766.857812] attempt to access beyond end of device [ 766.863412] loop2: rw=0, want=184, limit=178 01:56:29 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xffffffe0, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 766.925777] metapage_read_end_io: I/O error 01:56:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000031000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 766.998123] input: syz0 as /devices/virtual/input/input446 [ 767.025168] attempt to access beyond end of device [ 767.058014] loop2: rw=0, want=184, limit=178 [ 767.088184] metapage_read_end_io: I/O error [ 767.112779] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 767.112779] [ 767.130465] input: syz0 as /devices/virtual/input/input447 01:56:30 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x3f00, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x2f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000061000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 767.357073] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 767.357073] [ 767.372680] input: syz0 as /devices/virtual/input/input448 [ 767.382149] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 01:56:30 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff5, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) [ 767.433940] input: syz0 as /devices/virtual/input/input449 [ 767.466371] attempt to access beyond end of device [ 767.471577] loop2: rw=0, want=184, limit=178 01:56:30 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f0f0000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 767.488344] IPVS: ftp: loaded support on port[0] = 21 [ 767.503480] metapage_read_end_io: I/O error 01:56:30 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0x3f000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) [ 767.621756] attempt to access beyond end of device [ 767.636903] loop2: rw=0, want=184, limit=178 01:56:30 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000071000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 767.682552] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 767.682552] [ 767.691370] metapage_read_end_io: I/O error [ 767.806849] input: syz0 as /devices/virtual/input/input450 [ 767.836962] input: syz0 as /devices/virtual/input/input451 [ 767.925906] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 767.925906] [ 768.060947] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. 01:56:31 executing program 3: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0xfffffff6, 0x1, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000000010", 0x12, 0x8000}], 0x0, &(0x7f0000064f00)) 01:56:31 executing program 2: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x4000, 0x2, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000b", 0x15, 0x8000}, {0x0, 0x0, 0xb200}], 0x0, &(0x7f0000064f00)) 01:56:31 executing program 1: r0 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000180)='/dev/uinput\x00', 0x400000000000002, 0x0) ioctl$UI_SET_ABSBIT(r0, 0x40045567, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_SET_EVBIT(r0, 0x40045564, 0x3) r3 = dup(r0) write$uinput_user_dev(r3, &(0x7f0000000980)={'syz0\x00', {}, 0x0, [], [], [0x4]}, 0x45c) ioctl$UI_DEV_CREATE(r3, 0x5501) write$uinput_user_dev(r3, &(0x7f0000000440)={'syz0\x00', {}, 0x0, [0xfeffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4], [0x0, 0x3]}, 0x45c) 01:56:31 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a4653310100000060760000000000003f1000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:31 executing program 4: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f100000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) 01:56:31 executing program 0: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000001000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f0c0000000100000001000000040000000b00000000200029", 0x1c, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba872432c44f1", 0x16, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 768.508263] attempt to access beyond end of device [ 768.523216] input: syz0 as /devices/virtual/input/input452 [ 768.531876] loop2: rw=0, want=184, limit=178 [ 768.562455] metapage_read_end_io: I/O error [ 768.599953] ERROR: (device loop4): xtSearch: XT_GETPAGE: xtree page corrupt [ 768.599953] 01:56:31 executing program 5: syz_mount_image$jfs(&(0x7f0000000000)='jfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x3, &(0x7f0000000200)=[{&(0x7f0000010000)="4a465331010000006076000000000000021000000c", 0x15, 0x8000}, {&(0x7f0000000040)="10c4645f010000000100000001000000040000000b00000000200029f78401", 0x1f, 0xb200}, {&(0x7f0000000080)="0000a09046cfaea6629a9f6c7e7079bba87243", 0x13, 0xb2e0}], 0x0, &(0x7f0000064f00)) [ 768.648046] input: syz0 as /devices/virtual/input/input453