}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r8]) sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e1f}, 0x6e, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r0, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESDEC=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x5d, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r9, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r10) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r11, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r12) setregid(0x0, r12) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r10, 0xee01, 0xee00, r12]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r10}}) msgsnd(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="03ed000000000000"], 0x0, 0x0) r13 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r13, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:16 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0xfffffffe}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:16 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000080000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x800000, 0x0) 04:00:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x960000, 0x0) 04:00:16 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1548.624763][T32069] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1548.641455][T32069] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:16 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r11) setregid(0x0, r11) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r9, 0xee01, 0xee00, r11]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r12 = gettid() r13 = gettid() ptrace$setopts(0x4206, r13, 0x0, 0x0) tkill(r13, 0x3c) ptrace$setregs(0xd, r13, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r13, 0x0, 0x0) r14 = gettid() ptrace$setopts(0x4206, r14, 0x0, 0x0) tkill(r14, 0x3c) ptrace$setregs(0xd, r14, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r14, 0x0, 0x0) timer_create(0x0, &(0x7f0000000100)={0x0, 0x12, 0x1, @tid=r14}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r12, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) [ 1548.676502][T32069] EXT4-fs (loop0): group descriptors corrupted! 04:00:16 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000090000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:16 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x2}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1548.885747][T32395] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1548.896749][T32395] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1548.908590][T32395] EXT4-fs (loop0): group descriptors corrupted! 04:00:16 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'\x02\xfb8', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r2]) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYRES16=r0]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r3, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r4) setregid(0x0, r4) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r9 = getpid() r10 = getegid() sendmsg$unix(r7, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r8, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32, @ANYRES32=r10, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r10) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r11, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r12) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r13, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r14) setregid(0x0, r14) getgroups(0xa, &(0x7f0000000080)=[r4, 0xee00, 0xee00, 0xffffffffffffffff, r6, 0x0, r12, 0xee01, 0xee00, r14]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r12}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x8, 0x800) r15 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r15, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:19 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000a0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:19 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() r8 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'\x02\xfb8', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r8]) sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="24000000000100000001000040ae8548cbd476779f2e7d419271a370c04317a524e50b1c1d90b724ce63ec60390366003a0d592aa3738a122b092ccc39e868e1d4ebd2cb7ef64ce0176f4884", @ANYRESDEC=r8, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB=' \x00 '], 0xa9, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r9, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r10) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r11, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r12) setregid(0x0, r12) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r10, 0xee01, 0xee00, r12]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r10}}) msgsnd(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="ecc563c70300000000000000"], 0x0, 0x0) r13 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r13, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xa07100, 0x0) [ 1551.646983][T32713] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1551.683801][T32713] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:19 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x10000, 0x44975cd1eba6a62b) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r11) setregid(0x0, r11) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r9, 0xee01, 0xee00, r11]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r12 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r12, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x1000000, 0x0) [ 1551.718148][T32713] EXT4-fs (loop0): group descriptors corrupted! 04:00:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x4}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:19 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000b0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:19 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="00000000a9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300"/76]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) open_tree(r3, &(0x7f0000000000)='./file0\x00', 0x800) r4 = socket$inet(0x10, 0x2, 0xc) sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) fstat(r4, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r6 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r8 = getpid() r9 = getegid() sendmsg$unix(r6, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r7, @ANYBLOB="000100001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32, @ANYRES32=r9, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r11) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r12, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r13) setregid(0x0, r13) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r5, 0x0, r11, 0xee01, 0xee00, r13]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r11}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r14 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r14, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) [ 1551.952900][ T560] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1551.974216][ T560] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1551.993266][ T560] EXT4-fs (loop0): group descriptors corrupted! 04:00:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x5}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:22 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000c0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:22 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)) r10 = socket$inet(0x10, 0x2, 0xc) sendmsg(r10, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r11 = socket$inet(0x10, 0x2, 0xc) sendmsg(r11, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) fstat(r11, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r12) setregid(0x0, r12) stat(&(0x7f0000000000)='./bus\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r14 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r14, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r15) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, r13, r15, r3, 0x0, r9, 0xee01, 0xee00, r12]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r16 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r16, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x6}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:22 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:22 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1554.660647][ T899] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1554.678309][ T899] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1554.703680][ T899] EXT4-fs (loop0): group descriptors corrupted! 04:00:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x4000000, 0x0) 04:00:22 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f71100000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) fstat(r2, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = getpid() r8 = getegid() sendmsg$unix(r5, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r6, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r7, @ANYRES32, @ANYRES32=r8, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r8) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r9, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r10) pipe(&(0x7f0000000340)) fcntl$dupfd(r3, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) r12 = socket$inet(0x10, 0x2, 0xc) sendmsg(r12, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) fstat(r12, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r13) setregid(0x0, r13) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r4, 0x0, r10, 0xee01, 0xee00, r13]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r10}}) msgsnd(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="79be9096829c87bc5fc45c54dc752e1ad575931e6a128eed7e217d1cab08d3f5b8b5f0e5d75e51344f6272e55a51eed534dc09d12af799403aecd42088d656c7ffb274d7dcf322280d44eb846e016f060000015e9a6cf93a53b864c962e81128274c393d94b3514bc44ee7ec15627d0b46b52846647f3a57c765685a47677931e434dad35fdbe24edc9733"], 0x0, 0x0) r14 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r14, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x7}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:22 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000d0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:22 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000caf805928af3e4fd1100000000000000000000767300"/76]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0xe3, &(0x7f0000000e40)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r11) setregid(0x0, r11) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r9, 0xee01, 0xee00, r11]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r12 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {r13, r14+30000000}}, 0x0) tkill(r12, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) [ 1555.029277][ T1294] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 04:00:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x8}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1555.071589][ T1294] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1555.084530][ T1294] EXT4-fs (loop0): group descriptors corrupted! 04:00:22 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000600)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e44d20dd644bc762ebdccb7f5abd623bfd0006001600f71100000000000000000000767300000000000000002935e3ad54f67ca0e5a3aab0740bd6a8ec9e13d3030eac8f3a0479"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x74b107d, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="000000001c000000000000040100000002000000a5539189d1825018bafccc2a95d9a747cd027fb8f939944d976e4a89af3ac6973b88d3b5cecf75ee030a6d13f4b4dabe580db306ab8d1b002d26c55808023e0580bb84f4f71a758aa0163466e932f59db053de3d5c9ed7b6a0ee2df2b45050d94d4f6cab6bc60308d9191cbe2341b82fe0551e06fea87ac636000d", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r7) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r11) setregid(0x0, r11) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r9, r9, 0xee00, r11]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1667f96f3f12aea144df20bd5ca1d5da7a388442251ebf979be868780d5a36440800000000000000cad04e0fdb260f2a266cbd6d8df116783718b7451b0a000000000000006e0db8a5346e030000002b7ae0267fb639f8742f80a5da00"], 0x0, 0x0) r12 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r12, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:22 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000e0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x9}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1555.337087][ T1650] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1555.355443][ T1650] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1555.370912][ T1650] EXT4-fs (loop0): group descriptors corrupted! 04:00:25 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) r0 = socket$inet(0x10, 0x2, 0xc) sendmsg(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r1, 0xc0506617, &(0x7f0000000100)=ANY=[]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) r3 = socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r4) setregid(0x0, r4) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = creat(&(0x7f0000000300)='./bus\x00', 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r8 = getpid() r9 = getegid() r10 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'\x02\xfb8', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r10]) r11 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'\x02\xfb8', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r11]) sendmsg$unix(r7, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYPTR64=&(0x7f0000000000)=ANY=[@ANYPTR64=&(0x7f0000000480)=ANY=[@ANYPTR64, @ANYPTR64, @ANYRESHEX=r10, @ANYRES16, @ANYPTR64, @ANYPTR, @ANYRESOCT=r3, @ANYRESDEC=r11]], @ANYBLOB="000000001c000000000000000100000002000000", @ANYRES32=r8, @ANYRES32, @ANYRESDEC, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x6f, 0x4000}, 0x12) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r12, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r13) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r14, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r15) setregid(0x0, r15) getgroups(0xa, &(0x7f0000000080)=[r4, 0xee00, 0xee00, 0xffffffffffffffff, r6, 0x0, r13, 0xee01, 0xee00, r15]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r13}, 0x0, 0x0, 0x0, 0x0, 0x4}) msgsnd(0x0, &(0x7f0000000340)={0x3}, 0x0, 0x0) r16 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r16, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:25 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000100000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x3f000000, 0x0) 04:00:25 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xa}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1557.833486][ T1850] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1557.851020][ T1850] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1557.861909][ T1850] EXT4-fs (loop0): group descriptors corrupted! 04:00:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x40000000, 0x0) 04:00:25 executing program 2: openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000240)=[@text32={0x20, &(0x7f0000001580)="0f06c4c21dde960000c0feb805000000b9ddb700000f01c166b816018ee00f01bde9bf0000b921030000b8eb7cdfe4bab7cbdd290f30a7c4c14dfbd20fc7bb1c000000b9da0b00000f32", 0x4a}], 0x1, 0x38, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) ioctl$FS_IOC_ADD_ENCRYPTION_KEY(0xffffffffffffffff, 0xc0506617, &(0x7f0000000340)=ANY=[@ANYBLOB="000000000000e5ff177b0dfe8caedda9a7ffadcdf4db960080000015ed8e795742f7c401991e00000000c8f805928af3e4fd007d4f1600f7f300000000000000000000767300000000000000"]) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x200, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1000, 0xfffffffffffffffd, 0x100000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0), 0x9}, 0x28240, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x1}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = open$dir(&(0x7f00000001c0)='./file0\x00', 0x400000, 0x3) socket$unix(0x1, 0x1, 0x0) pipe(&(0x7f0000000340)) fstat(r0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r1) setregid(0x0, r1) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = creat(&(0x7f0000000300)='./bus\x00', 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = getpid() r7 = getegid() sendmsg$unix(r4, &(0x7f0000000c40)={&(0x7f0000000400)=@abs={0x2, 0x0, 0x4e21}, 0x6e, 0x0, 0x0, &(0x7f0000000780)=ANY=[@ANYBLOB="24000000000100000001000040", @ANYRES32, @ANYRES32=r5, @ANYBLOB="441a0dd48bd93b47000000000100000002000000af97c82f351a146fec60d70b7980d9f768e9a9a41c32dc6bff465f3422153607f38d257b57a09cc6b1ca66df7d6ca7a70b314d1b3c1491c366df081817c6cbb1205f1043b84fd932a57a18105a76ad9356a519ba28c5bb274892b560b8181003a53faa093a6e46a4cd0ba02092cc0f799160f6892a99f8620228e69ab1ab86011d02cab22e739be2b457199330767db673235a7fd1b3c17dcf4aa1eccb63b06535b1595e0fe1e50c87acc2eb775e22530abe5746b687f2a3bf6362cb2f6b9011e3be3474b2fefb193bdf3775488841c6975789033e7f0bb3ead7752c4cf816591c46c4718b8c056f7f35084c1628996fbff822e579b59977161df6e89dd42ef0b2137db9eeb2d508e251106a2c3d542b473d42293cc2bf2e9c8339a9801a0407344568e96aec9a6a9bac1a13df982651cabf002c08fcbde278c3042d20e935bf1cce705c6423360b85757ae58979e825f8be4a6a2e2fa8d6ff50bdc44aae33ae", @ANYRES32=r6, @ANYRES32, @ANYRES32=r7, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRES32, @ANYRESHEX, @ANYBLOB='\x00\x00\x00\x00'], 0x5b, 0x4000}, 0x12) setregid(0x0, r3) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r8, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setregid(0x0, r9) pipe(&(0x7f0000000340)={0xffffffffffffffff}) fstat(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, 0x0, r11) setregid(0x0, r11) getgroups(0xa, &(0x7f0000000080)=[r1, 0xee00, 0xee00, 0xffffffffffffffff, r3, 0x0, r9, 0xee01, 0xee00, r11]) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000258f88)={{0x0, 0x0, r9}}) r12 = msgget(0x2, 0x280) msgsnd(r12, &(0x7f0000000100)=ANY=[@ANYBLOB="0300000000000000328cb6495eeff1544614839a512cfafff9e1ca3388342c283ebd6ce465348e42fc372e99fee341c2de0b4fc36768f554b1037e11d9fe28dff6affc8583de53bcac4f87d8a40e805fa625fff6bcbf861a00"/101], 0xf2, 0x0) r13 = gettid() timer_create(0x0, &(0x7f0000ec5000)={0x0, 0x12}, &(0x7f0000044000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x1c9c380}, {0x0, 0x1c9c380}}, 0x0) tkill(r13, 0x1000000000013) msgctl$IPC_SET(0x0, 0x1, &(0x7f0000000700)={{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}) 04:00:25 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000110000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:25 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xf}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1558.156711][ T2080] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1558.180939][ T2080] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1558.191361][ T2080] EXT4-fs (loop0): group descriptors corrupted! 04:00:25 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000120000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:26 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(0xffffffffffffffff, 0xc00c642e, 0x0) ioctl$KVM_SET_BOOT_CPU_ID(r1, 0xae78, 0x0) 04:00:26 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x10}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1558.339588][ T2289] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1558.367628][ T2289] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1558.379135][ T2289] EXT4-fs (loop0): group descriptors corrupted! 04:00:26 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000250000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:26 executing program 2: 04:00:26 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x11}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1558.617860][ T2504] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1558.643177][ T2504] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1558.659556][ T2504] EXT4-fs (loop0): group descriptors corrupted! [ 1558.753335][ T2623] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1558.776291][ T2623] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1558.791483][ T2623] EXT4-fs (loop0): group descriptors corrupted! 04:00:28 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x3, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7f000000, 0x0) 04:00:28 executing program 2: 04:00:28 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x14}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:28 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000002d0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:28 executing program 2: 04:00:28 executing program 2: [ 1561.142574][ T2643] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1561.154002][ T2643] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1561.174881][ T2643] EXT4-fs (loop0): group descriptors corrupted! 04:00:28 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x60}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1561.288322][ T2762] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1561.303048][ T2762] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:29 executing program 2: [ 1561.329345][ T2762] EXT4-fs (loop0): group descriptors corrupted! 04:00:29 executing program 2: close(0xffffffffffffffff) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000c659ca807737f400000302007400170800000000000500200000000000004000bfbbb18016410f67f8ed2fbda6599591076756fcb9ff7daf0bdd7cfa3d4ade61ccb14424af8c63ab6fd1845b0c90c78bf8059655", 0x58}], 0x2) 04:00:29 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000480000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1561.529999][ T2931] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1561.557728][ T2931] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1561.570510][ T2931] EXT4-fs (loop0): group descriptors corrupted! [ 1561.654047][ T2984] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1561.665329][ T2984] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1561.675630][ T2984] EXT4-fs (loop0): group descriptors corrupted! 04:00:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xfeffffff, 0x0) 04:00:31 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x78}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:31 executing program 2: 04:00:31 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000004c0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 2: 04:00:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:31 executing program 2: 04:00:32 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1564.287801][ T3006] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1564.303856][ T3006] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1564.343973][ T3006] EXT4-fs (loop0): group descriptors corrupted! 04:00:34 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xff600000, 0x0) 04:00:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:34 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfc}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:34 executing program 2: 04:00:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:34 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000005c0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:34 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:34 executing program 2: 04:00:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1567.348444][ T3171] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1567.376120][ T3171] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:35 executing program 2: 04:00:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1567.398782][ T3171] EXT4-fs (loop0): group descriptors corrupted! 04:00:37 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xfffffffe, 0x0) 04:00:37 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x300}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:37 executing program 2: 04:00:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:37 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000600000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:37 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:38 executing program 2: [ 1570.253513][ T3354] cgroup: fork rejected by pids controller in /syz3 04:00:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1570.364733][ T3359] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1570.383038][ T3359] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:38 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000000)={0xa, 0x4e22}, 0x1c) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) openat(0xffffffffffffffff, 0x0, 0x0, 0x0) creat(0x0, 0x0) io_setup(0x0, 0x0) io_submit(0x0, 0x0, 0x0) io_getevents(0x0, 0x0, 0x0, 0x0, 0x0) io_destroy(0x0) io_submit(0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$LOOP_SET_CAPACITY(0xffffffffffffffff, 0x4c07) write$binfmt_aout(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) ioctl$EVIOCGNAME(0xffffffffffffffff, 0x80404506, 0x0) shutdown(r1, 0x1) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0xfbdabf04, 0x100, &(0x7f0000001880), 0x715000) r2 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r2, &(0x7f0000000200)="e5b997fddd402f61a17706a1d4444ee1aa909bdd5b98c93789fd48f97cc7015e8483cc86c9818d14b23c3f7b41ba4391", 0xfffffdda, 0x8dffffff, 0x0, 0xfffffee0) [ 1570.423981][ T3359] EXT4-fs (loop0): group descriptors corrupted! 04:00:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:38 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x500}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1570.509763][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 1570.529415][ T3484] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1570.539748][ T3484] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1570.550645][ T3484] EXT4-fs (loop0): group descriptors corrupted! 04:00:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:40 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x200000000000, 0x0) 04:00:40 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000680000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:40 executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x265) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x34, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x14, 0x12, @bridge={{0xc, 0x1, 'bridge\x00'}, {0x4}}}]}, 0x34}}, 0x0) 04:00:40 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x5ac}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1573.407973][ T3712] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1573.422831][ T3712] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:41 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x5c4}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:41 executing program 2: syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x0, 0x0) read(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$mouse(0x0, 0x4, 0x0) r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r0, r1) 04:00:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1573.480945][ T3712] EXT4-fs (loop0): group descriptors corrupted! 04:00:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:41 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x600}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:44 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x400000000000, 0x0) 04:00:44 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000006c0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:44 executing program 2: r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x3000005, 0x31, 0xffffffffffffffff, 0x0) getsockopt$inet6_int(r0, 0x29, 0x3, 0x0, &(0x7f0000000000)=0xfffffffffffffe70) 04:00:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:44 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x700}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:44 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000100)="1c0000001e0081dc68b70f0f2189c6090a0000003f00000000000800", 0x1c}], 0x1}, 0x0) [ 1576.446625][ T4305] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1576.465858][ T4305] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1576.481211][ T4305] EXT4-fs (loop0): group descriptors corrupted! 04:00:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:44 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000740000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:44 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x900}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:44 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7c", 0xe4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1576.733113][ T4497] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1576.751850][ T4497] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1576.766953][ T4497] EXT4-fs (loop0): group descriptors corrupted! 04:00:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x60ffffffffff, 0x0) 04:00:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7c", 0xe4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000007a0000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:47 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xa00}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:47 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7c", 0xe4}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x760000000000, 0x0) [ 1579.577941][ T4623] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 04:00:47 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xf00}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1579.619963][ T4623] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1579.686284][ T4623] EXT4-fs (loop0): group descriptors corrupted! 04:00:47 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:47 executing program 2 (fault-call:0 fault-nth:0): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:00:47 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x1100}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:47 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000040200000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1579.783575][ T4802] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1579.796371][ T4802] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1579.809759][ T4802] EXT4-fs (loop0): group descriptors corrupted! [ 1579.901371][ T4865] FAULT_INJECTION: forcing a failure. [ 1579.901371][ T4865] name failslab, interval 1, probability 0, space 0, times 0 [ 1579.921042][ T4865] CPU: 1 PID: 4865 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1579.929320][ T4865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1579.939454][ T4865] Call Trace: [ 1579.939480][ T4865] dump_stack+0x1fb/0x318 [ 1579.939498][ T4865] should_fail+0x555/0x770 [ 1579.939519][ T4865] __should_failslab+0x11a/0x160 [ 1579.939606][ T4865] ? __se_sys_memfd_create+0x10a/0x4b0 [ 1579.939622][ T4865] should_failslab+0x9/0x20 [ 1579.966531][ T4865] __kmalloc+0x7a/0x340 [ 1579.970691][ T4865] __se_sys_memfd_create+0x10a/0x4b0 [ 1579.970706][ T4865] ? do_syscall_64+0x1d/0x1c0 [ 1579.970719][ T4865] __x64_sys_memfd_create+0x5b/0x70 [ 1579.980889][ T4865] do_syscall_64+0xf7/0x1c0 [ 1579.980909][ T4865] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1579.980919][ T4865] RIP: 0033:0x45a649 [ 1579.980930][ T4865] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1579.980935][ T4865] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1579.980949][ T4865] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1580.036408][ T4865] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1580.044430][ T4865] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 04:00:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1580.052387][ T4865] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1580.060360][ T4865] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:00:47 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x1400}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1580.124539][ T4867] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1580.163805][ T4867] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:47 executing program 2 (fault-call:0 fault-nth:1): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1580.216531][ T4867] EXT4-fs (loop0): group descriptors corrupted! 04:00:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1580.273883][ T4983] FAULT_INJECTION: forcing a failure. [ 1580.273883][ T4983] name failslab, interval 1, probability 0, space 0, times 0 04:00:48 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000300000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1580.328885][ T4983] CPU: 1 PID: 4983 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1580.337190][ T4983] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1580.347254][ T4983] Call Trace: [ 1580.350557][ T4983] dump_stack+0x1fb/0x318 [ 1580.355003][ T4983] should_fail+0x555/0x770 [ 1580.359423][ T4983] __should_failslab+0x11a/0x160 [ 1580.364433][ T4983] ? shmem_alloc_inode+0x1b/0x40 [ 1580.369378][ T4983] should_failslab+0x9/0x20 [ 1580.373890][ T4983] kmem_cache_alloc+0x56/0x2e0 [ 1580.378661][ T4983] ? shmem_match+0x180/0x180 [ 1580.383254][ T4983] shmem_alloc_inode+0x1b/0x40 [ 1580.388022][ T4983] ? shmem_match+0x180/0x180 [ 1580.392693][ T4983] new_inode_pseudo+0x68/0x240 [ 1580.397471][ T4983] new_inode+0x28/0x1c0 [ 1580.401648][ T4983] shmem_get_inode+0x108/0x6e0 [ 1580.406421][ T4983] __shmem_file_setup+0x129/0x280 [ 1580.411451][ T4983] shmem_file_setup+0x2f/0x40 [ 1580.416135][ T4983] __se_sys_memfd_create+0x28e/0x4b0 [ 1580.421426][ T4983] ? do_syscall_64+0x1d/0x1c0 [ 1580.426117][ T4983] __x64_sys_memfd_create+0x5b/0x70 [ 1580.431328][ T4983] do_syscall_64+0xf7/0x1c0 [ 1580.435845][ T4983] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1580.441740][ T4983] RIP: 0033:0x45a649 [ 1580.445631][ T4983] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1580.445639][ T4983] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1580.445650][ T4983] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1580.445656][ T4983] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1580.445662][ T4983] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1580.445668][ T4983] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1580.445674][ T4983] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1580.521197][ T5060] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1580.531065][ T5060] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1580.541208][ T5060] EXT4-fs (loop0): group descriptors corrupted! 04:00:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7fffffffefff, 0x0) 04:00:50 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x3f00}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:50 executing program 2 (fault-call:0 fault-nth:2): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:00:50 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000dd0300000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7ffffffff000, 0x0) 04:00:50 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x4000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1583.025174][ T5317] FAULT_INJECTION: forcing a failure. [ 1583.025174][ T5317] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.065017][ T5317] CPU: 0 PID: 5317 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 04:00:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x960000000000, 0x0) [ 1583.073319][ T5317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.083387][ T5317] Call Trace: [ 1583.086690][ T5317] dump_stack+0x1fb/0x318 [ 1583.091038][ T5317] should_fail+0x555/0x770 [ 1583.095473][ T5317] __should_failslab+0x11a/0x160 [ 1583.100484][ T5317] ? security_inode_alloc+0x36/0x1e0 [ 1583.105773][ T5317] should_failslab+0x9/0x20 [ 1583.110279][ T5317] kmem_cache_alloc+0x56/0x2e0 [ 1583.115123][ T5317] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1583.115141][ T5317] security_inode_alloc+0x36/0x1e0 [ 1583.115157][ T5317] inode_init_always+0x3b5/0x920 [ 1583.115168][ T5317] ? shmem_match+0x180/0x180 [ 1583.115182][ T5317] new_inode_pseudo+0x7f/0x240 [ 1583.125988][ T5317] new_inode+0x28/0x1c0 [ 1583.144386][ T5317] shmem_get_inode+0x108/0x6e0 [ 1583.149158][ T5317] __shmem_file_setup+0x129/0x280 [ 1583.154182][ T5317] shmem_file_setup+0x2f/0x40 [ 1583.158876][ T5317] __se_sys_memfd_create+0x28e/0x4b0 [ 1583.164148][ T5317] ? do_syscall_64+0x1d/0x1c0 [ 1583.168805][ T5317] __x64_sys_memfd_create+0x5b/0x70 [ 1583.174073][ T5317] do_syscall_64+0xf7/0x1c0 [ 1583.178574][ T5317] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1583.184464][ T5317] RIP: 0033:0x45a649 [ 1583.188346][ T5317] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1583.207937][ T5317] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1583.216330][ T5317] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1583.224281][ T5317] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1583.232235][ T5317] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1583.240184][ T5317] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1583.248138][ T5317] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:00:50 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1583.273582][ T5321] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 04:00:51 executing program 2 (fault-call:0 fault-nth:3): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:00:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1583.353829][ T5321] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1583.389458][ T5321] EXT4-fs (loop0): group descriptors corrupted! 04:00:51 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x6000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1583.470866][ T5452] FAULT_INJECTION: forcing a failure. [ 1583.470866][ T5452] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.504194][ T5452] CPU: 0 PID: 5452 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1583.512478][ T5452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.512485][ T5452] Call Trace: [ 1583.512507][ T5452] dump_stack+0x1fb/0x318 [ 1583.512523][ T5452] should_fail+0x555/0x770 [ 1583.512544][ T5452] __should_failslab+0x11a/0x160 [ 1583.512557][ T5452] ? security_inode_alloc+0x36/0x1e0 [ 1583.512572][ T5452] should_failslab+0x9/0x20 [ 1583.549374][ T5452] kmem_cache_alloc+0x56/0x2e0 [ 1583.554153][ T5452] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1583.559879][ T5452] security_inode_alloc+0x36/0x1e0 [ 1583.565003][ T5452] inode_init_always+0x3b5/0x920 [ 1583.569980][ T5452] ? shmem_match+0x180/0x180 [ 1583.574579][ T5452] new_inode_pseudo+0x7f/0x240 [ 1583.579346][ T5452] new_inode+0x28/0x1c0 [ 1583.579365][ T5452] shmem_get_inode+0x108/0x6e0 [ 1583.579383][ T5452] __shmem_file_setup+0x129/0x280 [ 1583.579397][ T5452] shmem_file_setup+0x2f/0x40 [ 1583.579416][ T5452] __se_sys_memfd_create+0x28e/0x4b0 [ 1583.579433][ T5452] ? do_syscall_64+0x1d/0x1c0 [ 1583.608011][ T5452] __x64_sys_memfd_create+0x5b/0x70 [ 1583.613224][ T5452] do_syscall_64+0xf7/0x1c0 [ 1583.618091][ T5452] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1583.623986][ T5452] RIP: 0033:0x45a649 [ 1583.627882][ T5452] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1583.647495][ T5452] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1583.655923][ T5452] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1583.663911][ T5452] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 04:00:51 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000020400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1583.671906][ T5452] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1583.679887][ T5452] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1583.687868][ T5452] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:00:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:51 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x7800}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:51 executing program 2 (fault-call:0 fault-nth:4): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1583.826343][ T5571] FAULT_INJECTION: forcing a failure. [ 1583.826343][ T5571] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.840249][ T5571] CPU: 1 PID: 5571 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1583.848520][ T5571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.858597][ T5571] Call Trace: [ 1583.861906][ T5571] dump_stack+0x1fb/0x318 [ 1583.866251][ T5571] should_fail+0x555/0x770 [ 1583.870691][ T5571] __should_failslab+0x11a/0x160 04:00:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1583.875632][ T5571] ? __alloc_file+0x2c/0x390 [ 1583.875646][ T5571] should_failslab+0x9/0x20 [ 1583.875661][ T5571] kmem_cache_alloc+0x56/0x2e0 [ 1583.889488][ T5571] __alloc_file+0x2c/0x390 [ 1583.889504][ T5571] alloc_empty_file+0xac/0x1b0 [ 1583.889515][ T5571] alloc_file+0x60/0x4c0 [ 1583.889529][ T5571] alloc_file_pseudo+0x1d4/0x260 [ 1583.907849][ T5571] __shmem_file_setup+0x1a2/0x280 [ 1583.914199][ T5571] shmem_file_setup+0x2f/0x40 [ 1583.914215][ T5571] __se_sys_memfd_create+0x28e/0x4b0 [ 1583.914228][ T5571] ? do_syscall_64+0x1d/0x1c0 [ 1583.914240][ T5571] __x64_sys_memfd_create+0x5b/0x70 [ 1583.914248][ T5571] do_syscall_64+0xf7/0x1c0 [ 1583.914264][ T5571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1583.924192][ T5571] RIP: 0033:0x45a649 [ 1583.924205][ T5571] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1583.924210][ T5571] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f 04:00:51 executing program 2 (fault-call:0 fault-nth:5): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1583.924220][ T5571] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1583.924227][ T5571] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1583.924233][ T5571] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1583.924240][ T5571] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1583.924246][ T5571] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1584.053702][ T5573] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1584.063504][ T5573] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1584.078024][ T5676] FAULT_INJECTION: forcing a failure. [ 1584.078024][ T5676] name failslab, interval 1, probability 0, space 0, times 0 [ 1584.096703][ T5676] CPU: 0 PID: 5676 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1584.104982][ T5676] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1584.115043][ T5676] Call Trace: [ 1584.118346][ T5676] dump_stack+0x1fb/0x318 [ 1584.118547][ T5573] EXT4-fs (loop0): group descriptors corrupted! [ 1584.122701][ T5676] should_fail+0x555/0x770 [ 1584.122724][ T5676] __should_failslab+0x11a/0x160 [ 1584.122739][ T5676] ? security_file_alloc+0x36/0x200 [ 1584.122750][ T5676] should_failslab+0x9/0x20 [ 1584.122763][ T5676] kmem_cache_alloc+0x56/0x2e0 [ 1584.152813][ T5676] security_file_alloc+0x36/0x200 [ 1584.157884][ T5676] __alloc_file+0xde/0x390 [ 1584.162318][ T5676] alloc_empty_file+0xac/0x1b0 [ 1584.167093][ T5676] alloc_file+0x60/0x4c0 [ 1584.171349][ T5676] alloc_file_pseudo+0x1d4/0x260 [ 1584.176303][ T5676] __shmem_file_setup+0x1a2/0x280 [ 1584.181354][ T5676] shmem_file_setup+0x2f/0x40 [ 1584.186054][ T5676] __se_sys_memfd_create+0x28e/0x4b0 [ 1584.191352][ T5676] ? do_syscall_64+0x1d/0x1c0 [ 1584.196045][ T5676] __x64_sys_memfd_create+0x5b/0x70 [ 1584.201253][ T5676] do_syscall_64+0xf7/0x1c0 [ 1584.205771][ T5676] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1584.211676][ T5676] RIP: 0033:0x45a649 [ 1584.215582][ T5676] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1584.235200][ T5676] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1584.243622][ T5676] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1584.251628][ T5676] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1584.259610][ T5676] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1584.267586][ T5676] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1584.275554][ T5676] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:00:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x10710000000000, 0x0) [ 1586.213772][ T5687] cgroup: fork rejected by pids controller in /syz5 04:00:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:00:54 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000060400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:54 executing program 2 (fault-call:0 fault-nth:6): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:00:54 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x80fe}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1586.352687][ T5800] FAULT_INJECTION: forcing a failure. [ 1586.352687][ T5800] name failslab, interval 1, probability 0, space 0, times 0 [ 1586.383163][ T5800] CPU: 0 PID: 5800 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1586.391485][ T5800] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 04:00:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) [ 1586.401969][ T5800] Call Trace: [ 1586.405402][ T5800] dump_stack+0x1fb/0x318 [ 1586.409885][ T5800] should_fail+0x555/0x770 [ 1586.414327][ T5800] __should_failslab+0x11a/0x160 [ 1586.419292][ T5800] ? security_file_alloc+0x36/0x200 [ 1586.424515][ T5800] should_failslab+0x9/0x20 [ 1586.429224][ T5800] kmem_cache_alloc+0x56/0x2e0 [ 1586.429248][ T5800] security_file_alloc+0x36/0x200 [ 1586.429265][ T5800] __alloc_file+0xde/0x390 [ 1586.429280][ T5800] alloc_empty_file+0xac/0x1b0 [ 1586.448603][ T5800] alloc_file+0x60/0x4c0 [ 1586.452931][ T5800] alloc_file_pseudo+0x1d4/0x260 [ 1586.457866][ T5800] __shmem_file_setup+0x1a2/0x280 [ 1586.462879][ T5800] shmem_file_setup+0x2f/0x40 [ 1586.467648][ T5800] __se_sys_memfd_create+0x28e/0x4b0 [ 1586.472921][ T5800] ? do_syscall_64+0x1d/0x1c0 [ 1586.477785][ T5800] __x64_sys_memfd_create+0x5b/0x70 [ 1586.482968][ T5800] do_syscall_64+0xf7/0x1c0 [ 1586.487458][ T5800] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1586.493342][ T5800] RIP: 0033:0x45a649 [ 1586.497224][ T5800] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1586.516987][ T5800] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 000000000000013f [ 1586.525382][ T5800] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a649 [ 1586.533338][ T5800] RDX: 0000000020000068 RSI: 0000000000000000 RDI: 00000000004bf6f2 [ 1586.541311][ T5800] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1586.549268][ T5800] R10: 0000000000010000 R11: 0000000000000246 R12: 00007f7c15d856d4 [ 1586.557227][ T5800] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1586.583074][ T5799] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 04:00:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:00:54 executing program 2 (fault-call:0 fault-nth:7): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1586.614906][ T5799] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1586.651887][ T5799] EXT4-fs (loop0): group descriptors corrupted! 04:00:54 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xac05}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 1586.789504][ T5923] FAULT_INJECTION: forcing a failure. [ 1586.789504][ T5923] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1586.802778][ T5923] CPU: 0 PID: 5923 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1586.811117][ T5923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1586.821312][ T5923] Call Trace: [ 1586.824622][ T5923] dump_stack+0x1fb/0x318 [ 1586.824641][ T5923] should_fail+0x555/0x770 [ 1586.824741][ T5923] should_fail_alloc_page+0x55/0x60 04:00:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 1586.824758][ T5923] prepare_alloc_pages+0x283/0x460 [ 1586.833684][ T5923] __alloc_pages_nodemask+0xb2/0x5d0 [ 1586.833710][ T5923] kmem_getpages+0x4d/0xa00 [ 1586.833723][ T5923] cache_grow_begin+0x7e/0x2c0 [ 1586.833732][ T5923] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1586.833750][ T5923] cache_alloc_refill+0x311/0x3f0 [ 1586.833762][ T5923] ? check_preemption_disabled+0xb7/0x2a0 [ 1586.833777][ T5923] __kmalloc+0x318/0x340 [ 1586.879497][ T5923] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1586.885438][ T5923] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1586.891004][ T5923] tomoyo_path_perm+0x192/0x850 [ 1586.895908][ T5923] tomoyo_path_truncate+0x1c/0x20 [ 1586.900944][ T5923] security_path_truncate+0xd5/0x150 [ 1586.900962][ T5923] do_sys_ftruncate+0x493/0x710 [ 1586.901080][ T5923] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 1586.911222][ T5923] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1586.911234][ T5923] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 1586.911244][ T5923] ? do_syscall_64+0x1d/0x1c0 [ 1586.911263][ T5923] __x64_sys_ftruncate+0x60/0x70 [ 1586.937762][ T5923] do_syscall_64+0xf7/0x1c0 [ 1586.942291][ T5923] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1586.948194][ T5923] RIP: 0033:0x45a617 [ 1586.952120][ T5923] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1586.971742][ T5923] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 1586.980156][ T5923] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a617 [ 1586.988296][ T5923] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000004 [ 1586.996282][ T5923] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1587.004243][ T5923] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 1587.012202][ T5923] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1587.026866][ T5923] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (5923) 04:00:56 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x20510000000000, 0x0) 04:00:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:00:57 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000100400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 04:00:57 executing program 2 (fault-call:0 fault-nth:8): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:00:57 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xc405}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:00:57 executing program 3 (fault-call:9 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1589.383430][ T6147] FAULT_INJECTION: forcing a failure. [ 1589.383430][ T6147] name failslab, interval 1, probability 0, space 0, times 0 [ 1589.430790][ T6147] CPU: 1 PID: 6147 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1589.439102][ T6147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1589.449261][ T6147] Call Trace: [ 1589.452579][ T6147] dump_stack+0x1fb/0x318 [ 1589.456932][ T6147] should_fail+0x555/0x770 [ 1589.461375][ T6147] __should_failslab+0x11a/0x160 [ 1589.466426][ T6147] ? tomoyo_encode2+0x273/0x5a0 [ 1589.471291][ T6147] should_failslab+0x9/0x20 [ 1589.475806][ T6147] __kmalloc+0x7a/0x340 [ 1589.475826][ T6147] tomoyo_encode2+0x273/0x5a0 [ 1589.475914][ T6147] ? dynamic_dname+0xf0/0xf0 [ 1589.475929][ T6147] tomoyo_realpath_from_path+0x769/0x7c0 [ 1589.484771][ T6147] tomoyo_path_perm+0x192/0x850 [ 1589.484812][ T6147] tomoyo_path_truncate+0x1c/0x20 [ 1589.484823][ T6147] security_path_truncate+0xd5/0x150 [ 1589.484838][ T6147] do_sys_ftruncate+0x493/0x710 [ 1589.484853][ T6147] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 1589.484868][ T6147] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1589.526498][ T6147] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 1589.532209][ T6147] ? do_syscall_64+0x1d/0x1c0 [ 1589.536998][ T6147] __x64_sys_ftruncate+0x60/0x70 [ 1589.541924][ T6147] do_syscall_64+0xf7/0x1c0 [ 1589.546417][ T6147] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1589.552292][ T6147] RIP: 0033:0x45a617 [ 1589.556180][ T6147] Code: 24 29 d7 48 69 ff e8 03 00 00 48 89 7c 24 08 48 89 e7 e8 dc e4 ff ff 48 83 c4 18 c3 0f 1f 80 00 00 00 00 b8 4d 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1589.575923][ T6147] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000217 ORIG_RAX: 000000000000004d [ 1589.584327][ T6147] RAX: ffffffffffffffda RBX: 0000000020000040 RCX: 000000000045a617 [ 1589.592291][ T6147] RDX: 0000000020000068 RSI: 0000000000020000 RDI: 0000000000000004 [ 1589.600468][ T6147] RBP: 000000000075bf20 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1589.608810][ T6147] R10: 0000000000010000 R11: 0000000000000217 R12: 0000000000000004 [ 1589.616940][ T6147] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:00:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1589.628467][ T6150] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1589.650772][ T6150] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! 04:00:57 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfc00}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1589.682248][ T6147] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1589.689810][ T6150] EXT4-fs (loop0): group descriptors corrupted! [ 1589.700470][ T6147] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (6147) 04:00:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) vmsplice(r1, &(0x7f0000000180)=[{&(0x7f0000000300)="9af4d0c240a7fbec82995fd34f859e270a299c780af847579d00504f8f1b6f07782211d80127a292bf0047b1e604f5a673147fdda8611ac2356f387c26135c43c01f115c67eb228f929beffb1d23163efe37c82572edf8b00a7eb7ea04c100770f86bd4ebff2e945622397f03349cc4e35d860471439729f6e1d01c76f80ec1049f07c3a180b3ba7d1102b2f1a0fd576045faad6a27cdab0fbc87a28ab3078baac5086dd801745be7ea20fb4ea8b008ad302e39c5cd8a05f2d71b764714538ec286f42f6b0c1193e06e8d15cc39524d64fe5ad0346c5d68392b2a7920249afd1d41534dbadda9cabcf3a55de1d0801442946a40667a35cb7ca954681fc5dfd2af70ef190f415434192f2180e1739cfe28a87aa2e232553f2fb2c5be30986a97a7a1761d048c279a0a3571340090496872e22fc3eae1d21e22c0bc12d1b31f71c0cc7fcc3884316300b4de583d3f00bd1442ccc209d0fb25a84607ec0a95a0be8ed47bcc57361aaf859e92d74203f1c76ed63bc505098dfdb0074dc03ed63d795543ffa37aa4db51efba825b1964362680a3cd85bd4712822887c963ffa35a3a15311dab1a849d26009cedbe6f4a15905f0c972f8bea8fbab4004c5f4d1036046953580b5e4cbaa826cf0227772e2575de2ac553f523ada5f7f46af90a8b3400177eeeb7f94fd06265bc939a6fd1ad315e18816d246e10588dd19948824aeeac22355db9af676b757a6569ee2d84e719b6a690299fe7bbb29abfeaf9cb01101d26f812202d9299c75d49b9c2fe464f7fed8e614b85c8527482019d9e704f0e7c76c246c65f486147e00d67fa1adc328ba56e92417ae2681a0208d63d505cee2a5c514ef0cc798fc34f3e434cd454881161189c0c6bdbbb847f9a938bc8f90469498fe3cbd77f22a9fdb4826c208e20a4aa9d31ca298c410eb8e33254bc4f28623871b983f47f601babd7777b3621173a2d81c364d9fa0fadcdfc0b9dfa8f418688bad1831eba7ee5dced7f4f83e9d52951ff67d95ef576a18a06db891f75ff3a04e5ee76d4a8de2ab6fab76c9a07e29456021c48dfc6eae01efd6f1e4d775d58066686696ea8c9f842aecce7e142539bec506f2377396d6e4c95eba0f27103b9a0aac5fb35a18bac2117d5b7232d4e751b81d8568c8afac2f287c2e9e789335cc130cc1c292f830f68376f8f7ef0535100e102ad408503dde1447577bfeaaed20c8477a182df2681393389c7b0fd4b16c2d704313321b8bf8604fc83e54efc2fc2d73590889375b5c9e0cea42c1251775b6953deada98d557ab9d7541f4fffe1612a696a5e6aff41b3874b6f83ccfc3ca50543c354ff951861a3b37200d6ef960e994e1aaae499953c60c34d91ec46a05cb48fe68c9ca83eed2aadbe15b1532a6d4192d27e3a47665c1c51f4fd45ac8fedd26babcde72b06a2706ea70ff441f7d563bd36cd7cecfb7d0cabce585307bc549d860243fe538df88f0e19f82756ccef345bbd7031d1943d5ebd52df27f6e1d475fecb2ee34773a08c00e042573d65f3fa39c1966ced608f861232bb94ba817542adf08a398810d1017fe1da5dac85866e9ab204bc0a7e435b2292fca70465789cbe07994e81b141242d54c8c11a721ee4f721c3ccf906093fc7eaca34bed9ae3422bb68db1807b7678f3ee33a8ed849923fb3170ef17d62d2a3f23041cb9550037bd45cb685015a99c49bcc71e7589df406003ce4c2e456a4f097d698f840ae9aa5b9f65679092fcffc9c36a655903040706755bf4695f37f86de4c36660dc79f1bcc6ebf3900499e611e3415b7e5019756601b3df2d6de19fb94c8272e6f8998d89720dd1abae7789aa64da9e990673610a4bcc2d4307b77ce81f3dd40a8bc571dbaa2e6d36b9b18e7ccd8de520bc7c2ecd373fd0e0e7e57e8aae824fb837810331998714d0c6deea46faa18ecc0f7fbac1c994431cacfadf961343df998d5e59201eb722a57043f0c1513f050b5004e97e3b924eaa2c916eb4082174625f3e73b83bcce8ffb9ddc19bf73fd91701a7a404beaebea803f16f70e3f468b9fb94c4f70481adcd2c1d84a63ecef13c829c7b4fea37347be34d45175891788ba2f92253931e5a448f95328d5d6c2b8cb27d43b2e4d6c1c42f9fe6418ae982db0f9941f1e10e304b14fdad3a61e3c27c72821096a375df0ec97850df4db20526cea455aab5fb056648a919c0c7ba7bd3d08d7b3837bba72472baac63c92944a4644e71cad4164f1c16b2935e44346f7bdfa4f398be4fa4d3f87fd0dd512856e3fde237eaacaaf03a08edcfef89f2a1cc0f735470086856cba0919bd0cb2b1c5315e7e0de00afcc22a49cdc7e1988afae8dd21a30243bd0657b5c191eb3d0ae2352b0f09b6c6f0988b3eda072da7bf8d3a202db8d1e0aa3f0f81a00ed5542e8f06c2b86aca85630cbb81bf08d16bebcc01fe43fe543c4289203de46b470ae1449c64d7cf5e4d353488e252391a36a389a79f26c3f9062afbad88c14de31a95ac66ff4a9f94095573c3aa893d57432d7067433947262d02607783f3cd03e7e9d177da94056620bc5f5b765c10ca66c278e060f05597902294ad097b29729573e86bd7ae81b9e9f4c3a21718470cd2f8248a86c55e725c880af530e1f7722aa944cf4d161ba83b2e0a86dde90b31faca6a6fd7248399e8cd75d1ca7a71b71fcd99a669cfcc77ed91404432a3bffaa6ac422c677f22cab2ef2d3da2184fbbbee933a73feaec55f9172891609d9e7ab99f06a9f817d27db3d50f16d31784ef429342f55a634741433da6acfe360fb8ee30ff77027ec5041eb72dcc698b104d0f557491f79055e9c656a99d5f39f98f476ba654dafccb787337d80dafcd92cb317cc98d8edaaa70c786268979a270b1e0ac05b6e14f967a8fe3e5a2eaa1876c9dcecd29a392b99f4109d5224fde57b9e30bb1fb4f8f92b8d9787a842fd7d1a9e1ff7ca8728629878d347b9e002250f0454e3f103012dcdf25f637bd908b20e5a4f0a92e1ea5e36f6561395ac0048805be42707cf0567043063c1aa21bdbedd6625d3754b531dfe34a3f21f0736676ed6edd0a927e2d4338225fe86bff08e0529ef0e29713841c743fa4a08856d7fc9302b6973df67966d1403656a08e7e72a0f017ced4dd66c29d1cb7858df3d21014196f543a2a9163cdc6bff7bfb6ab32c27aa3724df5106edff0d0e1778a216ca8c7fa3e41c39a9299a6dcae5f5ee115368a29a0d153e4b392791bb306d7a6fb4a7abeb6f9bb37ac9b2b0695a8398887d4e06fb2d87f5c1a2bed8caf7751f372e35869d0bb6da1e6e5e1ca2a1316bb1562ab379816d31edddfee1df16ce668f2084d7b971bcf468f2fb278d1f45f5e156b85e1b53e5adfa6e63499c9e246cde274131567fc5765dc0061d5d8cd4e9d187fef8fca4b0105bca10f6587910e3ca64498eb3d98450ac96005eeec2b7b9cd91c515738d240ffd72d2cf5f20f743615c34ab38b695c7206790c4a99e17a5e5a174c5785d4440211a1ff5acd249999b07d7b6a87a60960f0ab5a8299400865993fe1a305ce09f709516f07043a5376a5e96ebcdfe9cd17eb11bf2e1e938fd9ed2b820b917e2caff09ba0cf6e1efcfd5bdec590d398f9365267678822962e5c963dddcda4015cf288ffc8d1a393de39416615dfd6b547345028d31b4918f272308238dcfbd85bb38bbd3c8b67794d103a6cde418c73139e974107c61ba13a8924238516f925f669c756b5e9025ba6d00ff6079b98968df15a36da1a4ca483ce3a8042d03f0b8f01051d0a46f8189ba646fb7b918b19daa3be961989f9b768dfd688441583b02e7e9246a4817cec4dcc9d2e5a906778e51ddefd2364a3929aa52bbab3e3d19a1f3fd16bda359569e602540869bcc4862ac45527ee19fce8f0777022cab2cf3cd7d9444aea8c830cb68f52f80cec4573eb5d2f3ba14772f33343c934ea4153f37de99c1ac66fb6756b8c6cefe2193997e7938130d2076ffc9d6f9e5be69465a10fbbd37f2eed1616784e70afad3207dea2c0b05fafc0816a4f110bbc19882ddbd5b6145109c492d34a5f1b087c771ebf72ee5d3289eaeac66a6246c4867f22e057c731106ccaccf34825c3aed24c10a46d9304e25d5b813be42ea4f055ba7407e2981d47b389819ea806b182ea139bacbd75f6e6e7345a1ed3b118e23313b86e28a8739ca41ae6d0105ae823f3db215306bdae54cf7675cc3a633823001fdec2589bf40386ed46fa507d194ec02bd0390feb404331a302e3f6fe72439833f7d58bd775648d75aafb15a6bc191e084b1447a1495a29c6a7fe999f9ba45f45ce8673b28a5c21a356e739490713f865baa06574529855604130c3c593b94777fd8d9a0935808baf2c09864ddd19b66e3a7f0200673e01b83d2e8c017e6252a2f011c5ac121f56a3fae4d0f4fa6a78e971eaf3b0c7d38f185822ad278aad041de54b6f637a0e01f809d7b3c6310c556a181c26ba3e98988f60fb5fde63916c865d7da6e692ddb3f0ff6f752594bad03c7fbb4c42b0f0530c927400d888fa5fd5fbe750492333724ebda72f0e1de733bf86cc0ccff98b52bfbc1159448e7d4afd0117ccce04643dc1d22c9c4a594fbea8a65cb3a2c2de2dc381cac89afd6c1f0f276f4a05085a9a39bb9e8a4df9fde5234dd2793a6d8eee773d03caec3ef02ea1c87982e9f7eddba6b2f5cb36bdf644b6ceb3a442bfadc0d535e19c64f3baf7ca0fc9e046d02cddfaca373327ddfd660bfe2851ff21239a88882c70f66097cc85ab1248565b41ba84c4e3addf098b5e9816eb7ef4e7c366c9a72e28aa29e4bbccecefc48fcb8e33359dc3af1a176cc64da5cceee0945c0561e49747521227a0cb0b17c7fa395d85aea5d939d08e00d37464f04e5736329e455b3e8070e1ae42fe08456150a3bab4f5dfdcd32bd0f5617e956ed5bd7bad1e5d15180965d2a45656afee933dd056462fb2f4371ce350b95ba16ebac1a051bfcf0dc64b414aaf0a22b098f4c0ea8657bf6229d17a1de78fbaabe4d530fbef8ee4488f4f93203d01ad81768afcd711a9c5574d6eb31022db4ff4cf27314eb7645162fd590359be062379175fa856468b07cf965ea5a3c3e6d8030fb5308a11cfd0dec135b57b66216de17a0fc763ae9935739dc33d0f7ea00799f2c391b0750862836e83498358c11d2e9aadf9510976bdb0e0772fbe224a667d4254271820ee8466618932c35ed4c3db4fd614612ffb217b7ad5146bd885eb3a1d283f383b15c2cd21eab832d0a3d3862aac60769ce6893a3c237adb5a97b4e8fbf6392422d30d188d046dd8e50346ca04c25fbb7d951834c8ee4a72280e6e62c6a8d1d668e5b72b02d29abe5fe706c948454daf6452af3e72fbdffc1aeb79edfcebb5c14d82ea3373025a747dcd7b920c2df8646e3e3c9b779d6d8a53fc98698e36748839d155d6a091ed205b2fdc67b18d2b957c89468e0f47a2431866bc803cba2276741a1cd288315c11b2d30e374d14bd8b144b8b6f690f3fa360897f305ab47d464225c6494e89f23d3e1068712cdcbb7f9c2bcb585e95314fc81f8fd0c2dd5da711eebcaf4d457aeab5fc4a306d993443e61bb8cba9995730396ad2ec2d3ef747fba8734dec7145bc285e30fd82737370e2cfeab67af0e4338178cabef52f8423ed569db762d65d6f87277494bd8bc1c7675870c0b7971bda9f32b913a8e566abb0ef89af7c2af06222f319863ac0e23f5c178b8064d3609b91c44bf717af8b803da9adedbee3dd8e3f18f3cf5f5d8f60763352c716aee35fd5fc52da77b"}, {&(0x7f0000000100)="2cb4354a4dd6001d0ba9c870ccc06dade69845a1dcd754dd9b6c14b22832d8d454b870cd95082514d3b1755750d94a8ce337c46a4024f33917d7ef30c7e109d0a08941abf0c3f6ca50e0ae5bb578b8ee0177d13a7f19a250"}, {&(0x7f0000001300)="7a85e1b72d3fd8eb8a151eeff55fb8897307b33943229ae52fdf2f94ec18dff59e59e134613b6ea7a015f14cd51974c4cfbe492a5d1312c01111980c45c2ff823b11423f88955534939c4744d04ae97555cf"}], 0x1000000000000044, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0x2, r0, 0x0, &(0x7f0000000100)) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) getsockopt$CAN_RAW_FD_FRAMES(r3, 0x65, 0x5, &(0x7f0000000000), &(0x7f0000000040)=0x4) 04:00:57 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000370400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:00:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000000), 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_DBG_G_REGISTER(r2, 0xc0385650, &(0x7f0000000000)={{0x1, @name="f8889370f5cd991c8306a798228ad9f1df39d8aac05953d24279b0d5a56353ef"}, 0x8, 0x6, 0x80}) ptrace$cont(0x20, r0, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) mount$9p_virtio(&(0x7f0000000040)='^cpusetcpusetsystem\x01*ppp1\x00', &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='9p\x00', 0x884c82, &(0x7f0000000180)={'trans=virtio,', {[{@privport='privport'}, {@uname={'uname', 0x3d, 'trusted)user.'}}, {@access_user='access=user'}], [{@dont_measure='dont_measure'}, {@fsname={'fsname'}}, {@dont_appraise='dont_appraise'}, {@uid_gt={'uid>', r3}}, {@subj_type={'subj_type'}}]}}) [ 1590.001115][ T6378] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 1590.028263][ T6378] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)! [ 1590.042949][ T6378] EXT4-fs (loop0): group descriptors corrupted! 04:00:59 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x80000000000000, 0x0) 04:01:00 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup3(r2, r1, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:00 executing program 2 (fault-call:0 fault-nth:9): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:00 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfe80}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r1 = socket$can_raw(0x1d, 0x3, 0x1) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r1, &(0x7f0000000140)={0x1d, r3}, 0x10) getresuid(&(0x7f0000000040)=0x0, &(0x7f0000000080), &(0x7f0000000100)) setsockopt$inet_IP_IPSEC_POLICY(r0, 0x0, 0x10, &(0x7f0000000300)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x4e20, 0x0, 0x4e21, 0x0, 0x2, 0x40, 0xb0, 0x1, r3, r4}, {0x7fff, 0x3, 0x800, 0x9fdb, 0xfffffffffffffbff, 0x1, 0x5, 0xffffffffffffffcb}, {0x401, 0x6dc7, 0x100000001, 0x306}, 0x800, 0x6e6bbb, 0x0, 0x0, 0x3, 0x1}, {{@in=@multicast2, 0x4d3, 0x2b}, 0x2, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x40}}, 0xe8) r5 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ptrace$cont(0x18, r5, 0x0, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000000)) ptrace$cont(0x20, r5, 0x0, 0x0) 04:01:00 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000380400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1592.437635][ T6502] FAULT_INJECTION: forcing a failure. [ 1592.437635][ T6502] name failslab, interval 1, probability 0, space 0, times 0 [ 1592.450805][ T6502] CPU: 1 PID: 6502 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1592.459057][ T6502] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1592.469126][ T6502] Call Trace: [ 1592.472435][ T6502] dump_stack+0x1fb/0x318 [ 1592.476783][ T6502] should_fail+0x555/0x770 [ 1592.481215][ T6502] __should_failslab+0x11a/0x160 [ 1592.486233][ T6502] ? xas_create+0x1197/0x1910 [ 1592.490910][ T6502] should_failslab+0x9/0x20 [ 1592.490924][ T6502] kmem_cache_alloc+0x56/0x2e0 [ 1592.490938][ T6502] xas_create+0x1197/0x1910 [ 1592.490962][ T6502] xas_create_range+0x142/0x700 [ 1592.490981][ T6502] shmem_add_to_page_cache+0x91e/0x1290 [ 1592.515085][ T6502] shmem_getpage_gfp+0x121e/0x2a90 [ 1592.520207][ T6502] shmem_write_begin+0xcb/0x1b0 [ 1592.525118][ T6502] generic_perform_write+0x25d/0x4e0 [ 1592.530403][ T6502] __generic_file_write_iter+0x235/0x500 [ 1592.536053][ T6502] generic_file_write_iter+0x48e/0x630 [ 1592.541510][ T6502] __vfs_write+0x5a1/0x740 [ 1592.545918][ T6502] vfs_write+0x275/0x590 [ 1592.550143][ T6502] __x64_sys_pwrite64+0x162/0x1d0 [ 1592.555151][ T6502] do_syscall_64+0xf7/0x1c0 [ 1592.559633][ T6502] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1592.565500][ T6502] RIP: 0033:0x414447 [ 1592.569375][ T6502] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1592.588978][ T6502] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 1592.597380][ T6502] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414447 [ 1592.605330][ T6502] RDX: 00000000000000be RSI: 00000000200002c0 RDI: 0000000000000004 [ 1592.613280][ T6502] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1592.621228][ T6502] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 1592.629176][ T6502] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1592.670312][ T6505] EXT4-fs (loop0): bad geometry: first data block 1080 is beyond end of filesystem (1080) [ 1592.683267][ T6502] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (6502) 04:01:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f00000004c0)='/dev/cuse\x00', 0x2, 0x0) fcntl$setlease(r1, 0x400, 0x3167cd76aec0f6fa) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r2 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x3, 0x101120) ioctl$VHOST_SET_FEATURES(r2, 0x4008af00, &(0x7f0000000100)) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) clone(0x11800800, &(0x7f0000000300)="cc1ea2c3ce09cf4f2dadb2e3a68b9aaf2b651557ccfbac3b4d722cbdde55fd1c182d1a6cd7f6052e6331feceb85bc64a03b772e44cbc3ebb0331f5f08a698379807e274cb0e399fd3271196109482541922e3a1f6b543b2fc04e2514ea9d67081f001e1f8a9066bdd38e2cf57b452ad33f673953ccfa719ecd5772c329b54a722f691f284a43509e4a641ffa2ba86e9e82df2cbb341cf538f66d2523d317214e0d1ea4d75f85add6c10725bfeb14a1c15ebae58aa309b80dfef76294fe8bf3a44bbac5f26d010945f9db0d35dee66d9aa0090259f3437ed9fed378339161724ff22c0a90a95f879eb246d9832bec", &(0x7f0000000140), &(0x7f0000000180), &(0x7f0000000400)="e545f48d474aa89ac06b378e427f3ebb32e2bdfe6e820c955c619f1a2d82d38743a3be0492291ccc21b6a59aa8d4ae39c39f1b2780432222de2df64e2685b816a307d52b235a4662a5e129fbaf201ef3203f376d279233dadaa87aa0f1ec056fdf28e0121b18ba1d17ff2c5352c0f007bb9df1c261d23f7f1ea794b061e146a16881e9f658838b98509422cf7a59c23631859a30f15fc5f9ea") r4 = dup2(0xffffffffffffffff, r3) setsockopt$SO_VM_SOCKETS_BUFFER_SIZE(r4, 0x28, 0x0, &(0x7f0000000000)=0x1, 0x8) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:00 executing program 2 (fault-call:0 fault-nth:10): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:00 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000500000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:00 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xff00}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1592.908143][ T6631] FAULT_INJECTION: forcing a failure. [ 1592.908143][ T6631] name fail_page_alloc, interval 1, probability 0, space 0, times 0 04:01:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x10000, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) write$P9_RGETLOCK(r1, &(0x7f0000000040)={0x23, 0x37, 0x1, {0x2, 0x3, 0x5, r2, 0x5, 'nodev'}}, 0x23) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) tkill(r2, 0x2c) [ 1592.965538][ T6631] CPU: 1 PID: 6631 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1592.973842][ T6631] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1592.983917][ T6631] Call Trace: [ 1592.983960][ T6631] dump_stack+0x1fb/0x318 [ 1592.983976][ T6631] should_fail+0x555/0x770 [ 1592.983994][ T6631] should_fail_alloc_page+0x55/0x60 [ 1592.984004][ T6631] prepare_alloc_pages+0x283/0x460 [ 1592.984019][ T6631] __alloc_pages_nodemask+0xb2/0x5d0 [ 1592.984039][ T6631] alloc_pages_vma+0x4f7/0xd50 [ 1592.984056][ T6631] shmem_alloc_and_acct_page+0x425/0xbb0 [ 1592.991686][ T6631] shmem_getpage_gfp+0x2313/0x2a90 [ 1593.027090][ T6631] shmem_write_begin+0xcb/0x1b0 [ 1593.031952][ T6631] generic_perform_write+0x25d/0x4e0 [ 1593.037235][ T6631] __generic_file_write_iter+0x235/0x500 [ 1593.037249][ T6631] generic_file_write_iter+0x48e/0x630 [ 1593.037267][ T6631] __vfs_write+0x5a1/0x740 [ 1593.037287][ T6631] vfs_write+0x275/0x590 [ 1593.037301][ T6631] __x64_sys_pwrite64+0x162/0x1d0 [ 1593.037318][ T6631] do_syscall_64+0xf7/0x1c0 [ 1593.037338][ T6631] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1593.072389][ T6631] RIP: 0033:0x414447 [ 1593.076272][ T6631] Code: 12 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 a1 18 00 00 c3 48 83 ec 08 e8 a7 f9 ff ff 48 89 04 24 49 89 ca b8 12 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 ed f9 ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1593.097267][ T6631] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000012 [ 1593.105661][ T6631] RAX: ffffffffffffffda RBX: 0000000020000050 RCX: 0000000000414447 [ 1593.113614][ T6631] RDX: 00000000000000be RSI: 00000000200002c0 RDI: 0000000000000004 [ 1593.121574][ T6631] RBP: 0000000000000000 R08: fe03f80fe03f80ff R09: 00000000fbad8001 [ 1593.129534][ T6631] R10: 0000000000010000 R11: 0000000000000293 R12: 0000000000000004 [ 1593.137593][ T6631] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1593.149674][ T6630] EXT4-fs (loop0): bad geometry: first data block 1280 is beyond end of filesystem (1080) 04:01:02 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xa0710000000000, 0x0) 04:01:03 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:03 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x34000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) tkill(r1, 0x33) ptrace$cont(0x18, r0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$VIDIOC_S_CTRL(r2, 0xc008561c, &(0x7f0000000040)={0x7, 0xffff}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xfffffffffffffffc) 04:01:03 executing program 2 (fault-call:0 fault-nth:11): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:03 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000600000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1595.481687][ T6855] FAULT_INJECTION: forcing a failure. [ 1595.481687][ T6855] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1595.494942][ T6855] CPU: 0 PID: 6855 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1595.494953][ T6855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1595.494957][ T6855] Call Trace: [ 1595.494977][ T6855] dump_stack+0x1fb/0x318 [ 1595.494993][ T6855] should_fail+0x555/0x770 [ 1595.521035][ T6855] should_fail_alloc_page+0x55/0x60 [ 1595.521048][ T6855] prepare_alloc_pages+0x283/0x460 [ 1595.521063][ T6855] __alloc_pages_nodemask+0xb2/0x5d0 [ 1595.541029][ T6855] ? __kasan_check_write+0x14/0x20 [ 1595.546150][ T6855] kmem_getpages+0x4d/0xa00 [ 1595.550661][ T6855] cache_grow_begin+0x7e/0x2c0 [ 1595.555425][ T6855] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1595.560908][ T6855] cache_alloc_refill+0x311/0x3f0 [ 1595.565935][ T6855] ? check_preemption_disabled+0xb7/0x2a0 [ 1595.571663][ T6855] kmem_cache_alloc+0x2b9/0x2e0 [ 1595.576525][ T6855] ? getname_flags+0xba/0x640 [ 1595.581211][ T6855] getname_flags+0xba/0x640 [ 1595.585721][ T6855] getname+0x19/0x20 [ 1595.589617][ T6855] do_sys_open+0x261/0x560 [ 1595.594160][ T6855] __x64_sys_open+0x87/0x90 [ 1595.598675][ T6855] do_syscall_64+0xf7/0x1c0 [ 1595.603182][ T6855] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1595.609058][ T6855] RIP: 0033:0x4143e1 04:01:03 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x100000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$cont(0x1f, r1, 0x8001, 0x1) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet(0x10, 0x2, 0xc) sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$CAPI_GET_ERRCODE(r3, 0x80024321, &(0x7f0000000080)) tkill(r0, 0x3c) recvfrom$netrom(0xffffffffffffffff, &(0x7f0000000000)=""/98, 0x62, 0x40000002, &(0x7f0000000100)={{0x3, @null, 0x2}, [@null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ptrace$cont(0x18, r0, 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r4) r5 = socket(0x40000000015, 0x5, 0x0) close(r5) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r6, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r6, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r5, 0x84, 0x66, &(0x7f0000000000)={r7}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r4, 0x84, 0x18, &(0x7f0000000140)={r7}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000180)={r7, 0x3f, 0x6}, 0x8) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1595.609068][ T6855] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1595.609073][ T6855] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1595.609082][ T6855] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 [ 1595.609087][ T6855] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1595.609092][ T6855] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1595.609097][ T6855] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1595.609102][ T6855] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1595.702669][ T6963] EXT4-fs (loop0): bad geometry: first data block 1536 is beyond end of filesystem (1080) [ 1595.751234][ T6855] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (6855) 04:01:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x4, 0x325359c79ecbac34) ioctl$NBD_DO_IT(r0, 0xab03) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='overlay\x00', 0x20, &(0x7f0000000100)={[{@metacopy_on='metacopy=on'}, {@xino_on='xino=on'}], [{@dont_hash='dont_hash'}]}) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:01:03 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x400300}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:03 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000040600000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000040)=0x0) r2 = socket$inet(0x10, 0x2, 0xc) sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f0000000300)={{{@in=@local, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@empty}, 0x0, @in=@initdev}}, &(0x7f0000000080)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000100)={0x7, 0x200, r1, 0x0, r3, 0x0, 0x5f, 0x1}) r4 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r4, 0x0, 0x0) [ 1596.056193][ T7089] EXT4-fs (loop0): bad geometry: first data block 1540 is beyond end of filesystem (1080) 04:01:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xf0ffffff7f0000, 0x0) 04:01:06 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:06 executing program 2 (fault-call:0 fault-nth:12): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) mq_unlink(&(0x7f0000000000)='bdev\x00') ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:06 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x1000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:06 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000700000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1598.547948][ T7313] FAULT_INJECTION: forcing a failure. [ 1598.547948][ T7313] name failslab, interval 1, probability 0, space 0, times 0 [ 1598.584831][ T7313] CPU: 0 PID: 7313 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1598.593131][ T7313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1598.603205][ T7313] Call Trace: [ 1598.606511][ T7313] dump_stack+0x1fb/0x318 [ 1598.610850][ T7313] should_fail+0x555/0x770 [ 1598.615277][ T7313] __should_failslab+0x11a/0x160 [ 1598.615291][ T7313] ? getname_flags+0xba/0x640 [ 1598.615305][ T7313] should_failslab+0x9/0x20 [ 1598.629376][ T7313] kmem_cache_alloc+0x56/0x2e0 [ 1598.634142][ T7313] ? check_preemption_disabled+0xb7/0x2a0 [ 1598.639851][ T7313] getname_flags+0xba/0x640 [ 1598.644353][ T7313] getname+0x19/0x20 [ 1598.648242][ T7313] do_sys_open+0x261/0x560 [ 1598.652662][ T7313] __x64_sys_open+0x87/0x90 [ 1598.657168][ T7313] do_syscall_64+0xf7/0x1c0 [ 1598.661679][ T7313] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.667572][ T7313] RIP: 0033:0x4143e1 [ 1598.671465][ T7313] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 04:01:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) prctl$PR_GET_THP_DISABLE(0x2a) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$setopts(0x4200, r1, 0xc18e, 0x60) 04:01:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) wait4(r1, 0x0, 0x1000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x2) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$pokeuser(0x6, r0, 0x2, 0x8001) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2, 0x0) ioctl$NBD_SET_SIZE(r2, 0xab02, 0x5e3) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$ASHMEM_GET_NAME(0xffffffffffffffff, 0x81007702, &(0x7f0000000040)=""/188) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:06 executing program 2 (fault-call:0 fault-nth:13): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1598.691071][ T7313] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1598.699485][ T7313] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 [ 1598.707475][ T7313] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1598.707482][ T7313] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1598.707488][ T7313] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1598.707493][ T7313] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0x7, 0x20000) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) ptrace$cont(0x9, r3, 0x1, 0x8) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x4) write$FUSE_LK(r1, &(0x7f0000000080)={0x28, 0x0, 0x8, {{0x200, 0xffffffff, 0x3, r2}}}, 0x28) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) socket$isdn(0x22, 0x3, 0x22) ptrace$setopts(0x4206, r0, 0x0, 0x0) r4 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20ncci\x00', 0x1c400, 0x0) ioctl$TCSBRK(r4, 0x5409, 0xffff) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) setpgid(0xffffffffffffffff, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) r5 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm_plock\x00', 0x20000, 0x0) ioctl$DRM_IOCTL_VERSION(r5, 0xc0406400, &(0x7f0000001400)={0x8, 0x1, 0xa1f99e1, 0xb, &(0x7f0000000300)=""/11, 0x90, &(0x7f0000000340)=""/144, 0x1000, &(0x7f0000000400)=""/4096}) [ 1598.751211][ T7316] EXT4-fs (loop0): bad geometry: first data block 1792 is beyond end of filesystem (1080) [ 1598.831392][ T7431] FAULT_INJECTION: forcing a failure. [ 1598.831392][ T7431] name failslab, interval 1, probability 0, space 0, times 0 [ 1598.866563][ T7431] CPU: 1 PID: 7431 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1598.874852][ T7431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1598.884900][ T7431] Call Trace: [ 1598.888188][ T7431] dump_stack+0x1fb/0x318 [ 1598.892527][ T7431] should_fail+0x555/0x770 [ 1598.896933][ T7431] __should_failslab+0x11a/0x160 [ 1598.901853][ T7431] ? __alloc_file+0x2c/0x390 [ 1598.906443][ T7431] should_failslab+0x9/0x20 [ 1598.910936][ T7431] kmem_cache_alloc+0x56/0x2e0 [ 1598.915682][ T7431] __alloc_file+0x2c/0x390 [ 1598.920080][ T7431] alloc_empty_file+0xac/0x1b0 [ 1598.924836][ T7431] path_openat+0x9e/0x4420 [ 1598.929229][ T7431] ? __kasan_kmalloc+0x178/0x1b0 [ 1598.934208][ T7431] ? __lock_acquire+0xc75/0x1be0 [ 1598.939125][ T7431] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1598.944838][ T7431] do_filp_open+0x192/0x3d0 [ 1598.949324][ T7431] ? _raw_spin_unlock+0x2c/0x50 [ 1598.954160][ T7431] do_sys_open+0x29f/0x560 [ 1598.958558][ T7431] __x64_sys_open+0x87/0x90 [ 1598.963042][ T7431] do_syscall_64+0xf7/0x1c0 [ 1598.967539][ T7431] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1598.973423][ T7431] RIP: 0033:0x4143e1 [ 1598.977307][ T7431] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1598.996891][ T7431] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1599.005279][ T7431] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 [ 1599.013235][ T7431] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1599.021198][ T7431] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:06 executing program 2 (fault-call:0 fault-nth:14): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1599.029147][ T7431] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1599.037096][ T7431] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:06 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x2000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1599.115545][ T7517] FAULT_INJECTION: forcing a failure. [ 1599.115545][ T7517] name failslab, interval 1, probability 0, space 0, times 0 [ 1599.156681][ T7517] CPU: 0 PID: 7517 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1599.164972][ T7517] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1599.175038][ T7517] Call Trace: [ 1599.178348][ T7517] dump_stack+0x1fb/0x318 [ 1599.182695][ T7517] should_fail+0x555/0x770 [ 1599.187237][ T7517] __should_failslab+0x11a/0x160 [ 1599.187255][ T7517] ? security_file_alloc+0x36/0x200 [ 1599.187269][ T7517] should_failslab+0x9/0x20 [ 1599.201883][ T7517] kmem_cache_alloc+0x56/0x2e0 [ 1599.206654][ T7517] security_file_alloc+0x36/0x200 [ 1599.206670][ T7517] __alloc_file+0xde/0x390 [ 1599.206682][ T7517] alloc_empty_file+0xac/0x1b0 [ 1599.206693][ T7517] path_openat+0x9e/0x4420 [ 1599.206706][ T7517] ? __kasan_kmalloc+0x178/0x1b0 [ 1599.206722][ T7517] ? __lock_acquire+0xc75/0x1be0 [ 1599.225303][ T7517] ? lockdep_hardirqs_on+0x3c5/0x7d0 [ 1599.225317][ T7517] ? trace_hardirqs_on_thunk+0x1a/0x20 [ 1599.225332][ T7517] ? retint_kernel+0x2b/0x2b [ 1599.225343][ T7517] ? trace_hardirqs_on_caller+0x74/0x80 [ 1599.225368][ T7517] do_filp_open+0x192/0x3d0 [ 1599.235210][ T7517] ? _raw_spin_unlock+0x2c/0x50 [ 1599.235235][ T7517] do_sys_open+0x29f/0x560 [ 1599.235250][ T7517] __x64_sys_open+0x87/0x90 [ 1599.235261][ T7517] do_syscall_64+0xf7/0x1c0 [ 1599.235275][ T7517] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1599.284875][ T7517] RIP: 0033:0x4143e1 [ 1599.288820][ T7517] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1599.308424][ T7517] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1599.316872][ T7517] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 [ 1599.324844][ T7517] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1599.332801][ T7517] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1599.340778][ T7517] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1599.348747][ T7517] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:08 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x100000000000000, 0x0) 04:01:09 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet_tcp(0x2, 0x1, 0x0) write(r0, &(0x7f0000000300)="27050ea476229092383818c6fb0f0e8c6599bd87f8959bac5899d4c303c7d4bb896421fcfd99604566aa8e492fd534780ec2849db63ee8488f651e605c66fb53f693fca82e071af1e4dc04381d238b65e11cd19887a7e329435ff19e6159a09fa888b556397b7bbbdb93ec221baa33e510795b1cc303c7e8c7d7a3a864a2ce81b50b64bc677c1cdd7f6f26ef4cd66d832a964f7481ebb9af84e4cc9902e40c4456982ca4162554be175ee1f2aebba00558d78760a396121fe7851e23c0da7cabcfd00ead0517a63ececf0b7588f35888ad144c58bbcbfb407ee56951798763252c928f366e6dd05f91be2879a2995193cfa1ea3639a923066307acc14445647cc6a03a48dcd334598dcac615e799dd42cfad7e66f0438836625c25abd81c25f5b44cb5ee6d0dfb13b9085baf0ab756cd489bc4a162356ed9db142cf0a50e2ba636e32c9942de105a759f924e3808e05ef8041148100ab78ca1511b3dcdec98bba74c62de34f2d03a9f08c995503bc8819e261e6dda828f4495f18674e0d3fed71a762cffc775f99b1c50e22de3efc156d6869d296bd418d02da1ad6345b892fc2faadc0d816db544fd30e0fda0c0900941257ec8a583c3cd7cd5887ff56f03bdd3f8ec1f54be2cbe8e0fefbbda2cd45d2d67b26bb755072bcf7096341e0f84a4af5c0ae607bcc43f23156dd7c85e12b1ac25e13ff844b79f3fdf525162addc599af34f1985e2143949b3ab54b2b45134e4c03e1c79b7f051bad168bad526f52070c935d37e19b9e22a04544c8f5ed7be2371597ff2ccf58ae50a9cebd0fdae3bf1cdb862249612ebe580a0bd051449e728b0ce56200c0d521b63c38bcf0664076407a8876aa09cf0c5ba18174cdc79fd5464d45b74cf9e29d473cccd5d24f751e5bf221b063ac7f5ee233ab549154b0c9a9f14e23eb0bd89003ab03e93de43b7e9d32fcb3185c6fdac32d9ca86d01d7318004363b46596f8a3efcf425740603992f67cb843213e9f6068f7a32a295514372e14b0221ba7f39531b7535ea8ad8968912319e7d432869af560e30b8c93af3bffd18cd2c16b4823f0af70bbd5a2694ad9caf8654d03cefd21d2010d02b335302153f3b09702fcbf67d66c2e2e5f2104f26e443320f5bf20c547f0ad2dafa335bd22f19e795937c79455cdd3f2830450b3a8c7edc32b87490d843f8422917edddb03f10c489c76f39241e50369910f8862f8ab2954659b1de278aa25ac4833b5e26d98caf2d7ff4deb65f03472d22d490a53426870e358322f23d685b4f140eda96185517514a20a1a14e0c474bb82f0c73856c14f0a33289389e947743d3bbcfa1b3fd5e912674ec86fa7b71e8bc5c07bdf785585a035016d841f7e1fc1ff5fb064563bd365d390e7ddd8772901708b632edc251cb7c344785f9a421fff841005bb8fee00a45f274858a59c9d88c25a170c53f98706697904ed50314cdfe48ec9a16f7b281a7fa485a1c87010bf862d1c41a8b1dc55900bae23b198038c8c89b65e25993a4bc430b7f9660032d25e0040a32aad62b87d4c356b1e2ce6a3302a32f3a10ca4626b679b5fe6ec607b2c722cf589d42182e5299ee6f399549e75d0c77e71621aa61f6c859c4ed11acdb9fdeab6ebb284d50103a137f54e0b31f69fa28a450e5efac862ce1bf4d433f0e20ea50c851b6461fa23aad819f40d5ce432bf1d5962cea12696eb1e58efac7ba143648285e072d9d72167e0bc84301ce02a94d65347f4ae75a9cd3ae2437571a7bf82cc6b9102c853f7cb9c26edc3359b0f9f466d8ce2a5b7fef5b7f37986d7e8573fd1ec14b4fd51920112df76b910a1c39d7bc0b98f7faa5848474490918571da0b81e591b9c87be89b29ccf1c525f6b542cc63c458d0ebc2c201815a468df51eadcf45f9ccc1e6ba909b04f294e10d5dd1cc75ec19abdc6dfca527f3cf4fee09f52a58ee1073608d399c6ce9a095ab4ec61fa521d61d414d000a1522f976a2683e0bb29257d9c6e5b4764a7c80be02761fdc54650cbb9c95596f0be7d21081aa476a77083ae543d6e70d9f1665b2cdbe129718ceb7da548d6590db83851de5462b6a47aec869be090f95430438e03084b0fd4d77b77126c28757142f565e65eb7dd63ec32b4ce0a5cca4c09634b65f5020071de1a6a5d36e0bab619ba945266248f607bc9715cd4a88defe67b6c293e3727fa7d6261b4c1a01a9cafe027fd01da315d14659c58117dd67c5645291e5213f61bcb8f68d5862c574a0f5f236b05ae41ef17f7b1c1563215d44a159ca9dfbd93cbe469e2ce92e123637a27b573b256a25c6fcf28225e15b4cd674d2b3deb7aa65a581099017e52f010d7ca827c3c78f6ed182766728ef70b2a218af860059c664a5ecdd1c097ede1a777c4edfbe43194989b71d8908d201779bf18b033ab39de8771c6ba54cdf35cdfa00919224fab39b6b39509c04f27359293021fbeeacc59dcc6154e7d644a55d665ed2f1dd1b3a9cafd14cb975c8fa7ca620604dfd0775c3e59cbef4afafc0c179f48617c4045ca6228142a0c87d4625a06ff78d78e580a158d65ebeacb869e0cdaae35805f865f76019affe3db3fabd2dfb1ae2a965f3f65dc5f5cf6e4f52bfab3bd6f95067edaaf3bf80498424feec61632b8e4550a051abd424321a0a1b14d6cb784221ddccc6517243efbeea41f2acf1b21d1ad8a02bde567c9cda6d28a0dd68f9438de9398ff65e498479b30efbf2d3a29fdd0594f23229536229ebf1f20ce8a5a4a4ad290b5e71aec3d69a19e30d0b5d5c3c8f108f35a362faf70478286b6a40790d2fddf6d78790cb32857ba1b69a963ce0ea1959bc425791ea04fc897c23a6c4632cb8782f243a1bcd8abaf0d9e71cd467fdf78f02bc8ce94ecf3705647930e2f74572edcc1f8202ca96bd5fd7dfa653d6d69c7574d95c962d2e0e22a8258dddd4a34fc74f21401dc7bc4eace5058a14dcb6f6b36f178bd6c1c50b0fed835980ce273b32ba8811d5743bf41255dff1354a716e0b8b996453b790cf60870ba851f08d46a80e42eaf17da2e9197b8d8d0c25945d739c788e9009bf930bf1ae70833abeee7171381bfdb4b7d4ed0530f9de65cc4bf548eceba2e63e27aef1e50952fac1238671ad4568c64a48369366b3439f7eeae752fc9d97f1e9d0518588629981a7b4d68c282587db52504e9d3e1d1e30b7958377e017a7b16287881e5fc259046f58ebdb33a980815ab79fa12ba9a71e29915d650d404499aca5316c28c6da1881478146204595bc4f47d2f6ef7c6b96942ee90937c4cee10063b7606871cb4e897208aec4766088a1873852ca217b899a411c29a30916616d1ab50bb7f7682f1753a684bcd0019ebb42b12f4dd0568844ea20cf797dc08534fd6d07dcf7b63aa617918dcd3a2dd1feb56fcf7e982137712e9f7e6c0196aae683b7c45ee592058b8bbd8d4c76cb43047dc0060c9119e82db44b3666078a4c07767f29db294a4653773eb5c83670c6e52b89121d734ea39b13cf5a95df6073e15f1f010ca8d4206b443b5995ec5b8132db7d4238a67d7221d2932c08c400f503f32eb79681ab0869478be1c165905bbf5e795cc0ff9f5f98618b142e96d26b734cc38847cf4e544735efce13d116deb38fb23dca84036a28117c25a91a3c993478b23d3769899b748a05719903f7545da11a52f6a551b667e22e4a06566065852b035bf98f84a84112704063bed6a11c5df49c278c5e6527a6556211a51fd0d6c0a62a6030c89cfa31b63f517b48564294d44dad30cd8cd61b8c6be964685bdf205e955d5c6dc487387ec0be89c852f99369bc4e72c249fb3efbd5182337914f136a445f8c604024606fd4483c7bc64019cc5f1a1174bbb45e02d81a1cee009645b294ba6e64dce943211245875d035cfbdaac8e19ce687edfe0b3e825f51b153ecd2cb3bbe03b609343cb480579b7caf1f85eb175e778535f8f78cd644bcf826e4f5f6513f960831fd3385a965c1db4a9e0293b8a6fcc3f2f87eb6caac2ffae05153b9f6306aa1ffe9da54a30f58fea8215f05b55994130f702e68941b459dbe6c0791450a9c10f52be62f386d7bb1c24cc2e05a0aead399f777e80a75882464eca1c6202a5e0aca9ec75a7a6616f17a9b796a7ccc65ccae43bee04205d48b9faf53dbe797e57ffdeca50e14aec0ae3187329b6d8e50706a36121c9d5eb356cae9e21b4b6a2d99ca2c3b7a519c2f3d30043b815b614a42b452fe85108c2b0c3ae21a857d14c1bd346ebd01347eeecb60615312ddca6d50b89c18e13db32438713bf3991211e59f43b6c2d2ab469fa98d644d9becda40ef0accaaad2d252802e4a1ad488fbbb3af0921558ae3e2a30fa0c806cd2b4b69474527a6818bb093e7cd3aaecd210abdb107b891cd7c72cf5db2c474ee11dd6277cb22ba56a4a26f982183aac72075d0389bbd9c44b199c74b755428178b3b042239a67ecf8c6f24a08e0ad14fe53f5f6e2286e8a4f96850c12f98b95a1656dcdf129ce9590e43f95e8cae6ee0030683ae7cf55d5f1fc74bbead44debe2102fe63a2d29d0a742af7235e6736db93b80271a77e3c5e09f760793604ac5ae131cca80f204d45dc5e998b3792ba4e8dd520fd5e18481649a5e044497fbced8255d23365fb1d4347ca3ce0d159b728d9aa02d0e89498018db2e2bd6f1d00dac546a1a98ef1085506245b80e031ba4651e0ec86e5f8012e64e98939afaaa35e5fcb77098f36a2f759c3ec076aca03bdb3690a0d89564bff075be6639577f3905a0792abaf12f7142cde34133a858fb0ac25836bbbf7e73abe302f0ea7a76eb225a80b1631934a72897e91fe307b4a89472143361f6d2c28355e3a6f3e80ae89f6e2035256914da351296341127342bf9a70f8dcb8ece19c686742a18feba41449a729832eab6df16a6554fa2aa4d613c8cd23e39f8901d577efecc960215780d67e8bac792f5636d3922bd565e7dadc853f3c8746c68ac7abe3401416b10d371af3a1df310d089a1c2e218ff3ad5ba48567c5c0201b0931e218686e6813e524a73a2a7d070ab135503119bd9741284c44f2d07bc5ba7b69e125518b951bc305b7ac2390d9e48d21aa8fe5b42bba3010632178ab684c37e766389f5c68bdece17810c9b299924779a22b94679f891115b24fa6d65271f5925acc87c17788217c8aed049e2856a5045fe63303a054ffee7dd9470437871e2e553c8e32b6473865c4b068985db5feb7d8d93607a9ed5dcf84b4a31b0ae86eca26107726159751648cfce8b40f6343864ec7ff74353aa2d49a29dfb540baf02f8b31b0da4e42cc615eccef5d9a0e488e349c906ad431614cc035dcbe2351d44faf34534b6e1f31e123520e5f24302f891ba541dcb28591003d9e922ed49e5c285157dccec4c26b7cb783cb78a2bd257d5ce93bc6d59eef88dcb9abd1eb3368cb2cc0ba5fc243ac097e019aefac130047b88ab0992e5f6a40eae89981b921fac6c79ad43f33d8a7b2764554eea6759f8fa1a32970a62fe6b68b8af1a25731a3c53c94e90374a063d65c63f925d75ac70bb6a65d67f331de835d6773fa96397509edd91fd2be43b34fb9e4e2d63aea7e77e24133e90cc9f4fbdececdf1fea9a4f603cf3cdb7fad8db7c71750523e020c9ba85a23b1ab9547fd8a1058a4bbe69e01c66dd6a72b93ecc87c953001488b2d899e1d3fe14588cc0382a2030ebab6267dec7f0bceeb72cb682ec388335f70f52569128565ceb0cecc522c3ec74c15cc97e05e56d1b86699daa76711b0da328fc69db651f773aae62449db775", 0x1000) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:01:09 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000900000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:09 executing program 2 (fault-call:0 fault-nth:15): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:09 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x3000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:09 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x400000000000000, 0x0) [ 1601.611950][ T7664] FAULT_INJECTION: forcing a failure. [ 1601.611950][ T7664] name failslab, interval 1, probability 0, space 0, times 0 04:01:09 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x3f00000000000000, 0x0) [ 1601.669728][ T7664] CPU: 1 PID: 7664 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1601.678015][ T7664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1601.678021][ T7664] Call Trace: [ 1601.678041][ T7664] dump_stack+0x1fb/0x318 [ 1601.678058][ T7664] should_fail+0x555/0x770 [ 1601.678076][ T7664] __should_failslab+0x11a/0x160 [ 1601.678093][ T7664] ? tomoyo_encode2+0x273/0x5a0 [ 1601.678104][ T7664] should_failslab+0x9/0x20 [ 1601.678113][ T7664] __kmalloc+0x7a/0x340 [ 1601.678129][ T7664] tomoyo_encode2+0x273/0x5a0 [ 1601.678145][ T7664] tomoyo_realpath_from_path+0x769/0x7c0 [ 1601.678172][ T7664] tomoyo_check_open_permission+0x1ce/0x9d0 [ 1601.705186][ T7664] tomoyo_file_open+0x141/0x190 [ 1601.705201][ T7664] security_file_open+0x65/0x2f0 [ 1601.705218][ T7664] do_dentry_open+0x289/0xff0 [ 1601.718722][ T7664] vfs_open+0x73/0x80 [ 1601.718736][ T7664] path_openat+0x1397/0x4420 [ 1601.718782][ T7664] do_filp_open+0x192/0x3d0 [ 1601.729055][ T7664] do_sys_open+0x29f/0x560 [ 1601.729072][ T7664] __x64_sys_open+0x87/0x90 [ 1601.729088][ T7664] do_syscall_64+0xf7/0x1c0 [ 1601.729104][ T7664] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1601.729115][ T7664] RIP: 0033:0x4143e1 [ 1601.729124][ T7664] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1601.729128][ T7664] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 04:01:09 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) prctl$PR_GET_TSC(0x19, &(0x7f0000000100)) prctl$PR_GET_FP_MODE(0x2e) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) getsockopt$IPT_SO_GET_REVISION_MATCH(r1, 0x0, 0x42, &(0x7f0000000000)={'icmp6\x00'}, &(0x7f0000000040)=0x1e) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1601.729136][ T7664] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 [ 1601.729145][ T7664] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1601.829353][ T7664] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1601.837306][ T7664] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1601.845258][ T7664] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) recvfrom$x25(r1, &(0x7f0000000300)=""/236, 0xec, 0x6142, 0x0, 0x0) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r3 = gettid() clone3(&(0x7f0000001440)={0x4000000, &(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f0000000100), 0x18, 0x0, &(0x7f0000000400)=""/4096, 0x1000, &(0x7f0000000140)=""/82, &(0x7f0000001400)=[r3, r3], 0x2}, 0x50) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) write$FUSE_NOTIFY_POLL(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x1, 0x0, {0xaa9d}}, 0x18) getpgid(r3) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r5, 0x0, 0x0) ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, 0x0, 0xa, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 1601.946443][ T7661] EXT4-fs (loop0): bad geometry: first data block 2304 is beyond end of filesystem (1080) [ 1601.960891][ T7664] ERROR: Out of memory at tomoyo_realpath_from_path. 04:01:09 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x4000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:09 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000a00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1602.063487][ T7664] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (7664) 04:01:09 executing program 2 (fault-call:0 fault-nth:16): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UI_END_FF_ERASE(r2, 0x400c55cb, &(0x7f0000000000)={0xa, 0xb449, 0x5}) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) r4 = getpid() ptrace$cont(0x20, r4, 0x1, 0x400000001) 04:01:09 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x5000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1602.236523][ T8080] EXT4-fs (loop0): bad geometry: first data block 2560 is beyond end of filesystem (1080) [ 1602.284129][ T8151] FAULT_INJECTION: forcing a failure. [ 1602.284129][ T8151] name failslab, interval 1, probability 0, space 0, times 0 [ 1602.321511][ T8151] CPU: 0 PID: 8151 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1602.329803][ T8151] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1602.339867][ T8151] Call Trace: [ 1602.343182][ T8151] dump_stack+0x1fb/0x318 [ 1602.347536][ T8151] should_fail+0x555/0x770 [ 1602.351969][ T8151] __should_failslab+0x11a/0x160 [ 1602.356920][ T8151] ? tomoyo_encode2+0x273/0x5a0 [ 1602.361790][ T8151] should_failslab+0x9/0x20 [ 1602.366296][ T8151] __kmalloc+0x7a/0x340 [ 1602.370468][ T8151] tomoyo_encode2+0x273/0x5a0 [ 1602.375159][ T8151] tomoyo_realpath_from_path+0x769/0x7c0 [ 1602.380805][ T8151] tomoyo_check_open_permission+0x1ce/0x9d0 [ 1602.386704][ T8151] tomoyo_file_open+0x141/0x190 [ 1602.391645][ T8151] security_file_open+0x65/0x2f0 [ 1602.396583][ T8151] do_dentry_open+0x289/0xff0 [ 1602.401260][ T8151] vfs_open+0x73/0x80 [ 1602.405248][ T8151] path_openat+0x1397/0x4420 [ 1602.409969][ T8151] ? cache_alloc_refill+0x3b1/0x3f0 [ 1602.415224][ T8151] do_filp_open+0x192/0x3d0 [ 1602.419736][ T8151] do_sys_open+0x29f/0x560 [ 1602.424141][ T8151] __x64_sys_open+0x87/0x90 [ 1602.428700][ T8151] do_syscall_64+0xf7/0x1c0 [ 1602.433193][ T8151] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1602.439080][ T8151] RIP: 0033:0x4143e1 [ 1602.442970][ T8151] Code: 75 14 b8 02 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 19 00 00 c3 48 83 ec 08 e8 0a fa ff ff 48 89 04 24 b8 02 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fa ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1602.462689][ T8151] RSP: 002b:00007f7c15d84a80 EFLAGS: 00000293 ORIG_RAX: 0000000000000002 [ 1602.462700][ T8151] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 00000000004143e1 04:01:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000180)={0x80000000}, 0x19a) ioctl$KVM_XEN_HVM_CONFIG(r2, 0x4038ae7a, &(0x7f0000000040)={0x1f, 0xbca, &(0x7f0000000100)="b6f1d98d8deb7eb4946863781a2c48f7c8d8cdcc1b114d9e683a546559767e620d3db94aca78ce0626159e086cc7522e85281f2fb2eb7354377d83c3a8d807732ee61b3b8814f0fb13917a15cb9e20c9aa26c436ae0a4961560931eaca915042", &(0x7f0000000300)="d6bd2a64de12f55e494e7342de652a6d494209ad69dba4a2de0aa07550cd3255b27d98ef3aad8a96a0d9449dd7d9b6c67b39c6636bc9d4fb849d4611b09af3965913ad3256ca0abd546d7bc9a3b8ebcd2e57d05bd09c7767b4873dee97e704aa556fe36813c1fb521fbff1349fd42223a28ac93d9e49e1a0988c725372d88d58034ff5582ae74b30dc6cdec38cc1afbe2a9169abdd37e7e2924efd3f008f39e2b464c5808986444dc7610b96eaaa63d7651a0c9f2e10c1ee68beaadeb7343a95497348b2647eff", 0x60, 0xc7}) write(r3, &(0x7f0000000080)="240000001a005f3814f9f407000903018000200000000000000000000800020040000000", 0x24) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1602.462706][ T8151] RDX: 00007f7c15d84b0a RSI: 0000000000000002 RDI: 00007f7c15d84b00 [ 1602.462710][ T8151] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1602.462715][ T8151] R10: 0000000000000075 R11: 0000000000000293 R12: 0000000000000004 [ 1602.462719][ T8151] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1602.470590][ T8151] ERROR: Out of memory at tomoyo_realpath_from_path. 04:01:10 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000b00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1602.580659][ T8151] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (8151) 04:01:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0x8, 0x40) ioctl$TUNGETSNDBUF(r1, 0x800454d3, &(0x7f0000000040)) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1602.768210][ T8278] EXT4-fs (loop0): bad geometry: first data block 2816 is beyond end of filesystem (1080) 04:01:12 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x4000000000000000, 0x0) 04:01:12 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:12 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x6000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$sock_SIOCGSKNS(0xffffffffffffffff, 0x894c, &(0x7f0000000000)=0x2) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:12 executing program 2 (fault-call:0 fault-nth:17): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:12 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000c00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1604.949502][ T8407] FAULT_INJECTION: forcing a failure. [ 1604.949502][ T8407] name failslab, interval 1, probability 0, space 0, times 0 [ 1604.980569][ T8407] CPU: 1 PID: 8407 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1604.988881][ T8407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 04:01:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) ioctl$FS_IOC_FSGETXATTR(r1, 0x801c581f, &(0x7f0000000000)={0x1f, 0x7f, 0x10000, 0x20, 0xa270}) wait4(0x0, 0x0, 0x80000002, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000040)=@assoc_value={0x0}, &(0x7f0000000100)=0x8) setsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000140)={r2, 0x81}, 0x8) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1604.998934][ T8407] Call Trace: [ 1605.002236][ T8407] dump_stack+0x1fb/0x318 [ 1605.006579][ T8407] should_fail+0x555/0x770 [ 1605.011013][ T8407] __should_failslab+0x11a/0x160 [ 1605.015968][ T8407] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1605.021706][ T8407] should_failslab+0x9/0x20 [ 1605.026219][ T8407] __kmalloc+0x7a/0x340 [ 1605.030385][ T8407] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1605.036116][ T8407] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1605.041674][ T8407] tomoyo_path_number_perm+0x166/0x640 04:01:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x6, 0x3) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1605.041790][ T8407] ? smack_file_ioctl+0x226/0x2e0 [ 1605.052151][ T8407] ? __fget+0x441/0x510 [ 1605.056311][ T8407] tomoyo_file_ioctl+0x23/0x30 [ 1605.061073][ T8407] security_file_ioctl+0x6d/0xd0 [ 1605.061089][ T8407] __x64_sys_ioctl+0xa3/0x120 [ 1605.061106][ T8407] do_syscall_64+0xf7/0x1c0 [ 1605.061122][ T8407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.061132][ T8407] RIP: 0033:0x45a4b7 [ 1605.061144][ T8407] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1605.104546][ T8407] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1605.104557][ T8407] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1605.104563][ T8407] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1605.104569][ T8407] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1605.104575][ T8407] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 04:01:12 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1605.104581][ T8407] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1605.128648][ T8407] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1605.189827][ T8407] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (8407) [ 1605.221854][ T8404] EXT4-fs (loop0): bad geometry: first data block 3072 is beyond end of filesystem (1080) 04:01:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x10000147, 0x2) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:13 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x7000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:13 executing program 2 (fault-call:0 fault-nth:18): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1605.512774][ T8586] FAULT_INJECTION: forcing a failure. [ 1605.512774][ T8586] name failslab, interval 1, probability 0, space 0, times 0 [ 1605.533938][ T8586] CPU: 1 PID: 8586 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1605.542216][ T8586] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1605.552277][ T8586] Call Trace: [ 1605.555587][ T8586] dump_stack+0x1fb/0x318 [ 1605.560032][ T8586] should_fail+0x555/0x770 [ 1605.564591][ T8586] __should_failslab+0x11a/0x160 [ 1605.569530][ T8586] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1605.575256][ T8586] should_failslab+0x9/0x20 [ 1605.579757][ T8586] __kmalloc+0x7a/0x340 [ 1605.583911][ T8586] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1605.589758][ T8586] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1605.595314][ T8586] tomoyo_path_number_perm+0x166/0x640 [ 1605.600786][ T8586] ? smack_file_ioctl+0x226/0x2e0 [ 1605.605797][ T8586] ? __fget+0x441/0x510 [ 1605.609939][ T8586] tomoyo_file_ioctl+0x23/0x30 [ 1605.614699][ T8586] security_file_ioctl+0x6d/0xd0 [ 1605.619634][ T8586] __x64_sys_ioctl+0xa3/0x120 [ 1605.624317][ T8586] do_syscall_64+0xf7/0x1c0 [ 1605.628819][ T8586] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1605.634706][ T8586] RIP: 0033:0x45a4b7 [ 1605.638602][ T8586] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1605.658201][ T8586] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1605.666603][ T8586] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1605.674583][ T8586] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1605.682552][ T8586] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1605.690506][ T8586] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1605.698469][ T8586] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1605.708975][ T8586] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1605.728930][ T8586] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (8586) 04:01:15 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x7f00000000000000, 0x0) 04:01:15 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000d00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x40029580, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$cont(0x18, r0, 0x81, 0xfff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x80000) ioctl$RTC_RD_TIME(r2, 0x80247009, &(0x7f0000000040)) tgkill(r1, r0, 0x1b) 04:01:15 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x8000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:15 executing program 2 (fault-call:0 fault-nth:19): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1607.791065][ T8653] FAULT_INJECTION: forcing a failure. [ 1607.791065][ T8653] name failslab, interval 1, probability 0, space 0, times 0 [ 1607.806606][ T8655] IPVS: ftp: loaded support on port[0] = 21 [ 1607.812202][ T8653] CPU: 0 PID: 8653 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1607.820907][ T8653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1607.830962][ T8653] Call Trace: [ 1607.830986][ T8653] dump_stack+0x1fb/0x318 [ 1607.831005][ T8653] should_fail+0x555/0x770 [ 1607.831024][ T8653] __should_failslab+0x11a/0x160 [ 1607.831101][ T8653] ? __kernfs_new_node+0x97/0x680 [ 1607.838641][ T8653] should_failslab+0x9/0x20 [ 1607.838654][ T8653] kmem_cache_alloc+0x56/0x2e0 [ 1607.838670][ T8653] __kernfs_new_node+0x97/0x680 [ 1607.838688][ T8653] ? __kasan_check_write+0x14/0x20 [ 1607.838704][ T8653] ? __mutex_unlock_slowpath+0x13c/0x5b0 [ 1607.848141][ T8653] kernfs_new_node+0x97/0x170 [ 1607.848221][ T8653] __kernfs_create_file+0x4a/0x2f0 [ 1607.848233][ T8653] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1607.848250][ T8653] internal_create_group+0x4be/0xd80 [ 1607.848270][ T8653] sysfs_create_group+0x1f/0x30 [ 1607.857805][ T8653] loop_set_fd+0xf01/0x1410 [ 1607.857828][ T8653] lo_ioctl+0xd5/0x2220 [ 1607.867403][ T8653] ? __kasan_slab_free+0x12a/0x1e0 [ 1607.867412][ T8653] ? kasan_slab_free+0xe/0x10 [ 1607.867419][ T8653] ? kfree+0x115/0x200 [ 1607.867430][ T8653] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1607.867437][ T8653] ? tomoyo_file_ioctl+0x23/0x30 [ 1607.867447][ T8653] ? security_file_ioctl+0x6d/0xd0 [ 1607.867456][ T8653] ? __x64_sys_ioctl+0xa3/0x120 [ 1607.867469][ T8653] ? do_syscall_64+0xf7/0x1c0 [ 1607.867482][ T8653] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1607.867499][ T8653] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1607.867528][ T8653] ? rcu_lock_release+0x9/0x30 [ 1607.878272][ T8653] ? rcu_lock_release+0x9/0x30 [ 1607.878287][ T8653] ? lo_release+0x1f0/0x1f0 [ 1607.878348][ T8653] blkdev_ioctl+0x7f4/0x2ac0 [ 1607.878362][ T8653] ? tomoyo_path_number_perm+0x53e/0x640 [ 1607.888125][ T8653] block_ioctl+0xbd/0x100 [ 1607.888138][ T8653] ? blkdev_iopoll+0x100/0x100 [ 1607.888149][ T8653] do_vfs_ioctl+0x744/0x1730 [ 1607.888158][ T8653] ? __fget+0x441/0x510 [ 1607.888174][ T8653] ? tomoyo_file_ioctl+0x23/0x30 [ 1607.888187][ T8653] ? security_file_ioctl+0xa1/0xd0 [ 1607.888199][ T8653] __x64_sys_ioctl+0xe3/0x120 [ 1607.888214][ T8653] do_syscall_64+0xf7/0x1c0 [ 1607.888229][ T8653] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1607.888237][ T8653] RIP: 0033:0x45a4b7 [ 1607.888249][ T8653] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1607.888257][ T8653] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1607.898868][ T8653] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1607.898875][ T8653] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1607.898881][ T8653] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:15 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x9000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1607.898887][ T8653] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1607.898893][ T8653] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1608.008724][ T8653] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (8653) 04:01:15 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netstat\x00') ioctl$LOOP_SET_DIRECT_IO(r0, 0x4c08, 0x400) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1608.163445][ T8660] EXT4-fs (loop0): bad geometry: first data block 3328 is beyond end of filesystem (1080) 04:01:16 executing program 2 (fault-call:0 fault-nth:20): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:16 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000e00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = fcntl$getown(r1, 0x9) ptrace$cont(0x20, r2, 0x0, 0x0) 04:01:16 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xa000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1608.403836][ T21] tipc: TX() has been purged, node left! [ 1608.438168][ T9099] FAULT_INJECTION: forcing a failure. [ 1608.438168][ T9099] name failslab, interval 1, probability 0, space 0, times 0 [ 1608.476503][ T9099] CPU: 0 PID: 9099 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1608.484787][ T9099] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1608.494853][ T9099] Call Trace: [ 1608.498157][ T9099] dump_stack+0x1fb/0x318 [ 1608.502500][ T9099] should_fail+0x555/0x770 [ 1608.506938][ T9099] __should_failslab+0x11a/0x160 [ 1608.511880][ T9099] ? loop_set_fd+0x1410/0x1410 [ 1608.516641][ T9099] should_failslab+0x9/0x20 [ 1608.521230][ T9099] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1608.526593][ T9099] ? __kthread_create_on_node+0xb2/0x3b0 [ 1608.532360][ T9099] ? loop_set_fd+0x1410/0x1410 [ 1608.537111][ T9099] __kthread_create_on_node+0xb2/0x3b0 [ 1608.542587][ T9099] ? loop_set_fd+0x1410/0x1410 [ 1608.547338][ T9099] kthread_create_on_node+0x72/0xa0 [ 1608.552516][ T9099] ? lockdep_init_map+0x2a/0x680 [ 1608.557438][ T9099] ? __kthread_init_worker+0x5a/0xe0 [ 1608.562734][ T9099] loop_set_fd+0x6ab/0x1410 [ 1608.567230][ T9099] ? check_preemption_disabled+0xb7/0x2a0 [ 1608.572930][ T9099] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1608.578552][ T9099] lo_ioctl+0xd5/0x2220 [ 1608.582748][ T9099] ? __kasan_slab_free+0x12a/0x1e0 [ 1608.587851][ T9099] ? kasan_slab_free+0xe/0x10 [ 1608.592509][ T9099] ? kfree+0x115/0x200 [ 1608.596567][ T9099] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1608.602194][ T9099] ? tomoyo_file_ioctl+0x23/0x30 [ 1608.607133][ T9099] ? security_file_ioctl+0x6d/0xd0 [ 1608.612221][ T9099] ? __x64_sys_ioctl+0xa3/0x120 [ 1608.617067][ T9099] ? do_syscall_64+0xf7/0x1c0 [ 1608.621733][ T9099] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1608.627782][ T9099] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1608.633593][ T9099] ? rcu_lock_release+0x9/0x30 [ 1608.638361][ T9099] ? rcu_lock_release+0x9/0x30 [ 1608.643167][ T9099] ? lo_release+0x1f0/0x1f0 [ 1608.647651][ T9099] blkdev_ioctl+0x7f4/0x2ac0 [ 1608.652274][ T9099] ? tomoyo_path_number_perm+0x53e/0x640 [ 1608.657898][ T9099] block_ioctl+0xbd/0x100 [ 1608.662248][ T9099] ? blkdev_iopoll+0x100/0x100 [ 1608.666991][ T9099] do_vfs_ioctl+0x744/0x1730 [ 1608.671555][ T9099] ? __fget+0x441/0x510 [ 1608.675705][ T9099] ? tomoyo_file_ioctl+0x23/0x30 [ 1608.680631][ T9099] ? security_file_ioctl+0xa1/0xd0 [ 1608.685723][ T9099] __x64_sys_ioctl+0xe3/0x120 [ 1608.690392][ T9099] do_syscall_64+0xf7/0x1c0 [ 1608.694891][ T9099] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1608.700793][ T9099] RIP: 0033:0x45a4b7 [ 1608.704678][ T9099] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1608.724283][ T9099] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1608.732711][ T9099] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1608.740689][ T9099] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1608.748660][ T9099] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1608.756620][ T9099] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1608.764585][ T9099] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1608.812331][ T9097] EXT4-fs (loop0): bad geometry: first data block 3584 is beyond end of filesystem (1080) [ 1608.879296][ T9208] EXT4-fs (loop0): bad geometry: first data block 3584 is beyond end of filesystem (1080) 04:01:18 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xfeffffff00000000, 0x0) 04:01:18 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x15, 0x1, &(0x7f0000000300)=@raw=[@alu={0x4, 0x1, 0xd, 0x2, 0x5, 0x30, 0xffffffffffffffff}], &(0x7f0000000340)='GPL\x00', 0x3, 0xdd, &(0x7f0000000380)=""/221, 0x40f00, 0x2, [], 0x0, 0x11e66547ee3ddc18, 0xffffffffffffffff, 0x8, &(0x7f0000000480)={0x3, 0x5}, 0x8, 0x10, &(0x7f00000004c0)={0x0, 0x4, 0x5, 0x200}, 0x10}, 0x70) ioctl$PERF_EVENT_IOC_SET_BPF(r1, 0x40042408, r2) ptrace$cont(0x20, r0, 0x0, 0x0) r3 = syz_open_dev$cec(&(0x7f0000000000)='/dev/cec#\x00', 0x2, 0x2) readlinkat(r3, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)=""/129, 0x81) 04:01:18 executing program 2 (fault-call:0 fault-nth:21): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:18 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xf000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:18 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000041000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1610.835903][ T9219] FAULT_INJECTION: forcing a failure. [ 1610.835903][ T9219] name failslab, interval 1, probability 0, space 0, times 0 [ 1610.874380][ T9219] CPU: 1 PID: 9219 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1610.882779][ T9219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1610.892839][ T9219] Call Trace: [ 1610.896166][ T9219] dump_stack+0x1fb/0x318 [ 1610.900506][ T9219] should_fail+0x555/0x770 [ 1610.904944][ T9219] __should_failslab+0x11a/0x160 [ 1610.909874][ T9219] ? __kernfs_new_node+0x97/0x680 [ 1610.914886][ T9219] should_failslab+0x9/0x20 [ 1610.919396][ T9219] kmem_cache_alloc+0x56/0x2e0 [ 1610.924178][ T9219] __kernfs_new_node+0x97/0x680 [ 1610.929030][ T9219] ? mutex_unlock+0xd/0x10 04:01:18 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_ASSIGN_PCI_DEVICE(r1, 0x8040ae69, &(0x7f0000000000)={0x2, 0x6, 0x4, 0x2, 0x8}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) vmsplice(r3, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xffd8}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) [ 1610.933466][ T9219] ? kernfs_activate+0x4c7/0x4e0 [ 1610.938415][ T9219] kernfs_new_node+0x97/0x170 [ 1610.943096][ T9219] __kernfs_create_file+0x4a/0x2f0 [ 1610.948204][ T9219] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1610.953561][ T9219] internal_create_group+0x4be/0xd80 [ 1610.958831][ T9219] sysfs_create_group+0x1f/0x30 [ 1610.963665][ T9219] loop_set_fd+0xf01/0x1410 [ 1610.968169][ T9219] lo_ioctl+0xd5/0x2220 [ 1610.972316][ T9219] ? __kasan_slab_free+0x12a/0x1e0 [ 1610.977427][ T9219] ? kasan_slab_free+0xe/0x10 [ 1610.982086][ T9219] ? kfree+0x115/0x200 [ 1610.986149][ T9219] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1610.991775][ T9219] ? tomoyo_file_ioctl+0x23/0x30 [ 1610.996706][ T9219] ? security_file_ioctl+0x6d/0xd0 [ 1611.001792][ T9219] ? __x64_sys_ioctl+0xa3/0x120 [ 1611.006686][ T9219] ? do_syscall_64+0xf7/0x1c0 [ 1611.011343][ T9219] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.017392][ T9219] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1611.023099][ T9219] ? rcu_lock_release+0x9/0x30 [ 1611.027972][ T9219] ? rcu_lock_release+0x9/0x30 [ 1611.032736][ T9219] ? lo_release+0x1f0/0x1f0 [ 1611.037241][ T9219] blkdev_ioctl+0x7f4/0x2ac0 [ 1611.041839][ T9219] ? tomoyo_path_number_perm+0x53e/0x640 [ 1611.047472][ T9219] block_ioctl+0xbd/0x100 [ 1611.051787][ T9219] ? blkdev_iopoll+0x100/0x100 [ 1611.056538][ T9219] do_vfs_ioctl+0x744/0x1730 [ 1611.061105][ T9219] ? __fget+0x441/0x510 [ 1611.065362][ T9219] ? tomoyo_file_ioctl+0x23/0x30 [ 1611.070296][ T9219] ? security_file_ioctl+0xa1/0xd0 [ 1611.075592][ T9219] __x64_sys_ioctl+0xe3/0x120 [ 1611.080252][ T9219] do_syscall_64+0xf7/0x1c0 [ 1611.084736][ T9219] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.090620][ T9219] RIP: 0033:0x45a4b7 [ 1611.094500][ T9219] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1611.114109][ T9219] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1611.122515][ T9219] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1611.130491][ T9219] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1611.138469][ T9219] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1611.149264][ T9219] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1611.157305][ T9219] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1611.229610][ T9224] EXT4-fs (loop0): bad geometry: first data block 4100 is beyond end of filesystem (1080) [ 1611.248465][ T9219] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (9219) 04:01:19 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xffefffffff7f0000, 0x0) 04:01:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = getpid() prlimit64(r1, 0x4, &(0x7f0000000000)={0x7, 0xff}, &(0x7f0000000040)) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x10000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:19 executing program 2 (fault-call:0 fault-nth:22): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:19 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000201000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:19 executing program 3: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000040)='/dev/btrfs-control\x00', 0x100c00, 0x0) ioctl$EVIOCGVERSION(r0, 0x80044501, &(0x7f0000000080)=""/3) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = pkey_alloc(0x0, 0x1) pkey_mprotect(&(0x7f00003e3000/0x2000)=nil, 0x2000, 0x8, r2) pkey_mprotect(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x300000a, r2) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000300)="4600e19280b82c79d1ff9ca46447c2db8af395c6b533576abdabf776376868402c9239b52e4b0352e6dee77a3ccb40ab65c46b9648b8476f0a179e67bc9f3c83e97a11b51fadb7b1b27fa96be67561b226a10ee841549c453c13cea2568965bf491b97f64d468cbf2ee60821eea3") ptrace$cont(0x9, r3, 0x0, 0x0) wait4(r3, &(0x7f0000000000), 0x20000001, &(0x7f0000000100)) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1611.617961][ T9559] FAULT_INJECTION: forcing a failure. [ 1611.617961][ T9559] name failslab, interval 1, probability 0, space 0, times 0 04:01:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x10000120}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1611.681849][ T9559] CPU: 1 PID: 9559 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1611.690145][ T9559] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1611.700295][ T9559] Call Trace: [ 1611.703608][ T9559] dump_stack+0x1fb/0x318 [ 1611.707959][ T9559] should_fail+0x555/0x770 [ 1611.712394][ T9559] __should_failslab+0x11a/0x160 [ 1611.717336][ T9559] ? __kernfs_new_node+0x97/0x680 [ 1611.722359][ T9559] should_failslab+0x9/0x20 [ 1611.726860][ T9559] kmem_cache_alloc+0x56/0x2e0 [ 1611.731623][ T9559] __kernfs_new_node+0x97/0x680 [ 1611.736471][ T9559] ? mutex_unlock+0xd/0x10 [ 1611.740879][ T9559] ? kernfs_activate+0x4c7/0x4e0 [ 1611.745815][ T9559] kernfs_new_node+0x97/0x170 [ 1611.750491][ T9559] __kernfs_create_file+0x4a/0x2f0 [ 1611.755604][ T9559] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1611.760977][ T9559] internal_create_group+0x4be/0xd80 [ 1611.766268][ T9559] sysfs_create_group+0x1f/0x30 [ 1611.771112][ T9559] loop_set_fd+0xf01/0x1410 [ 1611.775623][ T9559] lo_ioctl+0xd5/0x2220 [ 1611.779772][ T9559] ? __kasan_slab_free+0x12a/0x1e0 [ 1611.784871][ T9559] ? kasan_slab_free+0xe/0x10 [ 1611.789539][ T9559] ? kfree+0x115/0x200 [ 1611.793603][ T9559] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1611.799224][ T9559] ? tomoyo_file_ioctl+0x23/0x30 [ 1611.804173][ T9559] ? security_file_ioctl+0x6d/0xd0 [ 1611.809275][ T9559] ? __x64_sys_ioctl+0xa3/0x120 [ 1611.814118][ T9559] ? do_syscall_64+0xf7/0x1c0 [ 1611.818958][ T9559] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.825041][ T9559] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1611.830813][ T9559] ? rcu_lock_release+0x9/0x30 [ 1611.835584][ T9559] ? rcu_lock_release+0x9/0x30 [ 1611.840349][ T9559] ? lo_release+0x1f0/0x1f0 [ 1611.844848][ T9559] blkdev_ioctl+0x7f4/0x2ac0 [ 1611.849436][ T9559] ? tomoyo_path_number_perm+0x53e/0x640 [ 1611.855089][ T9559] block_ioctl+0xbd/0x100 [ 1611.859415][ T9559] ? blkdev_iopoll+0x100/0x100 [ 1611.864172][ T9559] do_vfs_ioctl+0x744/0x1730 [ 1611.868755][ T9559] ? __fget+0x441/0x510 [ 1611.872911][ T9559] ? tomoyo_file_ioctl+0x23/0x30 [ 1611.877859][ T9559] ? security_file_ioctl+0xa1/0xd0 [ 1611.882967][ T9559] __x64_sys_ioctl+0xe3/0x120 [ 1611.887645][ T9559] do_syscall_64+0xf7/0x1c0 [ 1611.892151][ T9559] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1611.898036][ T9559] RIP: 0033:0x45a4b7 [ 1611.901923][ T9559] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1611.921530][ T9559] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 04:01:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_SIOCGPGRP(r2, 0x8904, &(0x7f0000000000)=0x0) fcntl$lock(r1, 0x1, &(0x7f0000000040)={0x1, 0x1, 0x800, 0x6, r3}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair(0x9, 0x800, 0xfd, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r5, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000300)={r5, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000140)='\x02\xfb8', 0xffffffffffffffff}, 0x30) ioctl$sock_FIOSETOWN(r4, 0x8901, &(0x7f0000000340)=r6) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r7 = add_key$keyring(&(0x7f0000000240)='keyring\x00', &(0x7f0000000280)={'\x02\xfb8', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) mount$bpf(0x0, 0x0, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='gid=', @ANYRESHEX=r7]) keyctl$invalidate(0x15, r7) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1611.929940][ T9559] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1611.937909][ T9559] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1611.945881][ T9559] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1611.953846][ T9559] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1611.961959][ T9559] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1612.012864][ T9559] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (9559) [ 1612.039008][ T9564] EXT4-fs (loop0): bad geometry: first data block 4128 is beyond end of filesystem (1080) 04:01:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = open(&(0x7f0000000880)='./file0\x00', 0x8000, 0x154) getsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, &(0x7f00000008c0)=@assoc_value={0x0, 0xfff}, &(0x7f0000000900)=0x8) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000940)={r2, 0xe000}, 0x8) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:19 executing program 2 (fault-call:0 fault-nth:23): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:20 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x11000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1612.404616][ T9689] FAULT_INJECTION: forcing a failure. [ 1612.404616][ T9689] name failslab, interval 1, probability 0, space 0, times 0 [ 1612.417366][ T9689] CPU: 0 PID: 9689 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1612.425606][ T9689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1612.435663][ T9689] Call Trace: [ 1612.438961][ T9689] dump_stack+0x1fb/0x318 [ 1612.443298][ T9689] should_fail+0x555/0x770 [ 1612.447730][ T9689] __should_failslab+0x11a/0x160 [ 1612.452678][ T9689] ? __kernfs_new_node+0x97/0x680 [ 1612.457708][ T9689] should_failslab+0x9/0x20 [ 1612.462213][ T9689] kmem_cache_alloc+0x56/0x2e0 [ 1612.466984][ T9689] __kernfs_new_node+0x97/0x680 [ 1612.471838][ T9689] ? mutex_unlock+0xd/0x10 [ 1612.476251][ T9689] ? kernfs_activate+0x4c7/0x4e0 [ 1612.481191][ T9689] kernfs_new_node+0x97/0x170 [ 1612.485871][ T9689] __kernfs_create_file+0x4a/0x2f0 [ 1612.490981][ T9689] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1612.496359][ T9689] internal_create_group+0x4be/0xd80 [ 1612.501651][ T9689] sysfs_create_group+0x1f/0x30 [ 1612.506613][ T9689] loop_set_fd+0xf01/0x1410 [ 1612.511133][ T9689] lo_ioctl+0xd5/0x2220 [ 1612.515298][ T9689] ? __kasan_slab_free+0x12a/0x1e0 [ 1612.520409][ T9689] ? kasan_slab_free+0xe/0x10 [ 1612.525078][ T9689] ? kfree+0x115/0x200 [ 1612.529142][ T9689] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1612.534768][ T9689] ? tomoyo_file_ioctl+0x23/0x30 [ 1612.539702][ T9689] ? security_file_ioctl+0x6d/0xd0 [ 1612.544814][ T9689] ? __x64_sys_ioctl+0xa3/0x120 [ 1612.549658][ T9689] ? do_syscall_64+0xf7/0x1c0 [ 1612.554332][ T9689] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1612.560488][ T9689] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1612.566222][ T9689] ? rcu_lock_release+0x9/0x30 [ 1612.571086][ T9689] ? rcu_lock_release+0x9/0x30 [ 1612.575848][ T9689] ? lo_release+0x1f0/0x1f0 [ 1612.580352][ T9689] blkdev_ioctl+0x7f4/0x2ac0 [ 1612.584943][ T9689] ? tomoyo_path_number_perm+0x53e/0x640 [ 1612.590589][ T9689] block_ioctl+0xbd/0x100 [ 1612.594910][ T9689] ? blkdev_iopoll+0x100/0x100 [ 1612.599691][ T9689] do_vfs_ioctl+0x744/0x1730 [ 1612.604279][ T9689] ? __fget+0x441/0x510 [ 1612.608433][ T9689] ? tomoyo_file_ioctl+0x23/0x30 [ 1612.613364][ T9689] ? security_file_ioctl+0xa1/0xd0 [ 1612.618475][ T9689] __x64_sys_ioctl+0xe3/0x120 [ 1612.623152][ T9689] do_syscall_64+0xf7/0x1c0 [ 1612.627658][ T9689] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1612.633539][ T9689] RIP: 0033:0x45a4b7 [ 1612.637429][ T9689] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1612.657038][ T9689] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1612.665449][ T9689] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1612.673415][ T9689] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1612.681378][ T9689] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1612.689342][ T9689] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1612.697310][ T9689] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1612.722385][ T9689] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (9689) 04:01:22 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x80) getsockopt$inet_tcp_int(r1, 0x6, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xcef7, 0x0) 04:01:22 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000001100000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x14000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:22 executing program 2 (fault-call:0 fault-nth:24): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xffffffff00000000, 0x0) 04:01:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$cont(0xca8e8afa7c274234, r1, 0x7ff, 0x81) wait4(0x0, 0x0, 0x80000002, 0x0) pipe2(&(0x7f0000001840)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) getsockopt$SO_COOKIE(r2, 0x1, 0x39, &(0x7f0000000000), &(0x7f0000000040)=0x8) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r2, 0x111, 0x4, 0x1, 0x4) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1614.509318][ T9802] FAULT_INJECTION: forcing a failure. [ 1614.509318][ T9802] name failslab, interval 1, probability 0, space 0, times 0 [ 1614.547918][ T9802] CPU: 0 PID: 9802 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1614.556213][ T9802] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1614.566286][ T9802] Call Trace: [ 1614.569591][ T9802] dump_stack+0x1fb/0x318 [ 1614.573944][ T9802] should_fail+0x555/0x770 [ 1614.578380][ T9802] __should_failslab+0x11a/0x160 [ 1614.583444][ T9802] ? __kernfs_new_node+0x97/0x680 [ 1614.588481][ T9802] should_failslab+0x9/0x20 [ 1614.592993][ T9802] kmem_cache_alloc+0x56/0x2e0 [ 1614.597773][ T9802] __kernfs_new_node+0x97/0x680 [ 1614.602638][ T9802] ? mutex_unlock+0xd/0x10 [ 1614.607061][ T9802] ? kernfs_activate+0x4c7/0x4e0 [ 1614.612014][ T9802] kernfs_new_node+0x97/0x170 [ 1614.616689][ T9802] __kernfs_create_file+0x4a/0x2f0 [ 1614.621783][ T9802] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1614.627334][ T9802] internal_create_group+0x4be/0xd80 [ 1614.632627][ T9802] sysfs_create_group+0x1f/0x30 [ 1614.637462][ T9802] loop_set_fd+0xf01/0x1410 [ 1614.641951][ T9802] lo_ioctl+0xd5/0x2220 [ 1614.646099][ T9802] ? __kasan_slab_free+0x12a/0x1e0 [ 1614.651202][ T9802] ? kasan_slab_free+0xe/0x10 [ 1614.655856][ T9802] ? kfree+0x115/0x200 [ 1614.659903][ T9802] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1614.665528][ T9802] ? tomoyo_file_ioctl+0x23/0x30 [ 1614.670450][ T9802] ? security_file_ioctl+0x6d/0xd0 [ 1614.675540][ T9802] ? __x64_sys_ioctl+0xa3/0x120 [ 1614.680367][ T9802] ? do_syscall_64+0xf7/0x1c0 [ 1614.685031][ T9802] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1614.691196][ T9802] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1614.696918][ T9802] ? rcu_lock_release+0x9/0x30 [ 1614.701664][ T9802] ? rcu_lock_release+0x9/0x30 [ 1614.706422][ T9802] ? lo_release+0x1f0/0x1f0 [ 1614.710923][ T9802] blkdev_ioctl+0x7f4/0x2ac0 [ 1614.715517][ T9802] ? tomoyo_path_number_perm+0x53e/0x640 [ 1614.721139][ T9802] block_ioctl+0xbd/0x100 [ 1614.725457][ T9802] ? blkdev_iopoll+0x100/0x100 [ 1614.730218][ T9802] do_vfs_ioctl+0x744/0x1730 [ 1614.734802][ T9802] ? __fget+0x441/0x510 [ 1614.739078][ T9802] ? tomoyo_file_ioctl+0x23/0x30 [ 1614.744004][ T9802] ? security_file_ioctl+0xa1/0xd0 [ 1614.749107][ T9802] __x64_sys_ioctl+0xe3/0x120 [ 1614.753795][ T9802] do_syscall_64+0xf7/0x1c0 [ 1614.758289][ T9802] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1614.764167][ T9802] RIP: 0033:0x45a4b7 [ 1614.768051][ T9802] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1614.787645][ T9802] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1614.796061][ T9802] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1614.804050][ T9802] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1614.812011][ T9802] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1614.819978][ T9802] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1614.827948][ T9802] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x20010010}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0, 0xfffffffffffffefa}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25GCAUSEDIAG(r2, 0x89e6, &(0x7f0000000000)={0x3f, 0x50}) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000100)="10bcf58cfc78cdd48665918bee3f380da9465ae1c4eb6b18733afb23800563255fe038d9c111f385ade55a080a1a549ac21016c7c47d17fdd8c1c2d141b5a9cc52be73c4bb148f0880876385be904a2e8c6ce066a4775d3bf3a472e4838355423995e8301542b91efcee8f98619d2b1fd0e3bd1ac5eb3f7278cebe1dfd0529a027828a3116406924e559e2eb9b89f043fa5075eb5ce7fe9e3d160be53c0000000000000000") ptrace$cont(0x20, r0, 0x0, 0x0) [ 1614.874161][ T9802] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (9802) [ 1614.905870][ T9801] EXT4-fs (loop0): bad geometry: first data block 4352 is beyond end of filesystem (1080) 04:01:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000100)={0x0, 0x0}, &(0x7f0000000140)=0xc) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r6) mount$9p_virtio(&(0x7f0000000000)='\x88}security\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x2000014, &(0x7f0000000300)={'trans=virtio,', {[{@cachetag={'cachetag', 0x3d, 'proc*em1'}}, {@cache_none='cache=none'}, {@access_uid={'access', 0x3d, r2}}, {@mmap='mmap'}], [{@euid_eq={'euid', 0x3d, r4}}, {@euid_gt={'euid>', r6}}, {@obj_type={'obj_type'}}, {@pcr={'pcr', 0x3d, 0xd}}]}}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:22 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000001200000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:22 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x3f000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1615.249696][T10045] EXT4-fs (loop0): bad geometry: first data block 4608 is beyond end of filesystem (1080) 04:01:25 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:25 executing program 2 (fault-call:0 fault-nth:25): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() fcntl$F_SET_FILE_RW_HINT(0xffffffffffffffff, 0x40e, &(0x7f0000000000)=0x2) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0xfffffffffffffffc) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) 04:01:25 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x40000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:25 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000002000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xffffffffff600000, 0x0) [ 1617.909298][T10155] FAULT_INJECTION: forcing a failure. [ 1617.909298][T10155] name failslab, interval 1, probability 0, space 0, times 0 04:01:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) nanosleep(&(0x7f0000000040)={r1, r2+10000000}, &(0x7f0000000080)) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x4) [ 1617.982761][T10155] CPU: 0 PID: 10155 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1617.991145][T10155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1618.001202][T10155] Call Trace: [ 1618.004611][T10155] dump_stack+0x1fb/0x318 [ 1618.008954][T10155] should_fail+0x555/0x770 [ 1618.013380][T10155] __should_failslab+0x11a/0x160 [ 1618.018323][T10155] ? __kernfs_new_node+0x97/0x680 [ 1618.023347][T10155] should_failslab+0x9/0x20 [ 1618.027856][T10155] kmem_cache_alloc+0x56/0x2e0 [ 1618.032624][T10155] __kernfs_new_node+0x97/0x680 [ 1618.037480][T10155] ? mutex_unlock+0xd/0x10 [ 1618.041897][T10155] ? kernfs_activate+0x4c7/0x4e0 [ 1618.046840][T10155] kernfs_new_node+0x97/0x170 [ 1618.051522][T10155] __kernfs_create_file+0x4a/0x2f0 [ 1618.056628][T10155] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1618.062004][T10155] internal_create_group+0x4be/0xd80 [ 1618.067298][T10155] sysfs_create_group+0x1f/0x30 [ 1618.072158][T10155] loop_set_fd+0xf01/0x1410 [ 1618.076676][T10155] lo_ioctl+0xd5/0x2220 [ 1618.080834][T10155] ? __kasan_slab_free+0x12a/0x1e0 [ 1618.085941][T10155] ? kasan_slab_free+0xe/0x10 [ 1618.090616][T10155] ? kfree+0x115/0x200 [ 1618.094694][T10155] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1618.100321][T10155] ? tomoyo_file_ioctl+0x23/0x30 [ 1618.105254][T10155] ? security_file_ioctl+0x6d/0xd0 [ 1618.110360][T10155] ? __x64_sys_ioctl+0xa3/0x120 [ 1618.115210][T10155] ? do_syscall_64+0xf7/0x1c0 [ 1618.119884][T10155] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1618.125961][T10155] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1618.131692][T10155] ? rcu_lock_release+0x9/0x30 [ 1618.136462][T10155] ? rcu_lock_release+0x9/0x30 [ 1618.141226][T10155] ? lo_release+0x1f0/0x1f0 [ 1618.145726][T10155] blkdev_ioctl+0x7f4/0x2ac0 [ 1618.150318][T10155] ? tomoyo_path_number_perm+0x53e/0x640 [ 1618.155966][T10155] block_ioctl+0xbd/0x100 [ 1618.160299][T10155] ? blkdev_iopoll+0x100/0x100 [ 1618.165059][T10155] do_vfs_ioctl+0x744/0x1730 [ 1618.169659][T10155] ? __fget+0x441/0x510 [ 1618.173815][T10155] ? tomoyo_file_ioctl+0x23/0x30 [ 1618.178757][T10155] ? security_file_ioctl+0xa1/0xd0 [ 1618.183951][T10155] __x64_sys_ioctl+0xe3/0x120 [ 1618.188626][T10155] do_syscall_64+0xf7/0x1c0 [ 1618.193128][T10155] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1618.199015][T10155] RIP: 0033:0x45a4b7 [ 1618.202905][T10155] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1618.222516][T10155] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1618.230936][T10155] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1618.238912][T10155] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1618.246888][T10155] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1618.254863][T10155] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1618.262837][T10155] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:26 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x60000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1618.333818][T10167] EXT4-fs (loop0): bad geometry: first data block 8192 is beyond end of filesystem (1080) [ 1618.370301][T10155] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (10155) 04:01:26 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:26 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000102000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:26 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0x78000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1618.693378][T10595] EXT4-fs (loop0): bad geometry: first data block 8208 is beyond end of filesystem (1080) 04:01:29 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:01:29 executing program 2 (fault-call:0 fault-nth:26): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r2) r3 = socket(0x11, 0x5, 0x2) close(r3) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r3, 0x84, 0x66, &(0x7f0000000000)={r5}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r2, 0x84, 0x18, &(0x7f0000000140)={r5}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000000)=@assoc_value={r5, 0xfff}, &(0x7f0000000040)=0x8) ptrace$cont(0x20, r0, 0x0, 0x0) r7 = syz_open_dev$dmmidi(&(0x7f0000000100)='/dev/dmmidi#\x00', 0x2, 0x101040) getsockopt$inet_sctp6_SCTP_STATUS(r7, 0x84, 0xe, &(0x7f0000000300)={r6, 0x80, 0x1, 0x1ff, 0x4, 0x5, 0xb8, 0x400, {r6, @in={{0x2, 0x4e20, @local}}, 0xfffffff8, 0x3, 0x1d, 0xee, 0x5}}, &(0x7f00000003c0)=0xb0) 04:01:29 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000002500000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:29 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xac050000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x2000) [ 1621.396918][T10718] FAULT_INJECTION: forcing a failure. [ 1621.396918][T10718] name failslab, interval 1, probability 0, space 0, times 0 [ 1621.419830][T10718] CPU: 1 PID: 10718 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1621.428196][T10718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1621.438252][T10718] Call Trace: [ 1621.441546][T10718] dump_stack+0x1fb/0x318 04:01:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f0000000440)="2a4890156a70619a5830d0ac7cbb1e0f67555a71318b2304ec65b6483f161ca2fe87e79dbb40d0772150549c3ac8f561118c6fe2aa4b6543d45ef447e36b177dbad35b73a0736e0043eb16e2d38533703249d23891df733b1c062b5a01a180022099210352e7a1a0780f3be682e6b54dbc3be8f55a218f4005a1bb40074d64db49bf4b07d4e9192eab2bcf948f28999f9aa0c39cf7b01a3d0e84afd923a9f898bf9e36d943b0936182358025f548b20d5eea129d65948a7883a93efe63f8ccc55bebfe586cef636b2c0fb6592950a83c2b98dee3937b1f96707010ae66182c2b824b00c75f015ca6a13971dbacbdf63ae27254f380fd6ab12a", 0xf9}, {&(0x7f0000000140)="e55889cb6161c2a91e63e9bf8e6c1f0e5ee3524c1832a8481cc9296e457a8470383478aa9a3ca3bdc92f0b3c619c467008a7335578c620a0af3d726a6a768bca0f9e5eb897598f39cf3f92", 0x4b}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x0, 0x0) ioctl$KVM_GET_DEVICE_ATTR(r1, 0x4018aee2, &(0x7f0000000080)={0x0, 0x2f83bd49, 0x7c24, &(0x7f0000000040)=0xa884}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3f00) [ 1621.445882][T10718] should_fail+0x555/0x770 [ 1621.450312][T10718] __should_failslab+0x11a/0x160 [ 1621.455258][T10718] ? __kernfs_new_node+0x97/0x680 [ 1621.460287][T10718] should_failslab+0x9/0x20 [ 1621.464795][T10718] kmem_cache_alloc+0x56/0x2e0 [ 1621.469555][T10718] __kernfs_new_node+0x97/0x680 [ 1621.474388][T10718] ? mutex_unlock+0xd/0x10 [ 1621.478782][T10718] ? kernfs_activate+0x4c7/0x4e0 [ 1621.483701][T10718] kernfs_new_node+0x97/0x170 [ 1621.488365][T10718] __kernfs_create_file+0x4a/0x2f0 [ 1621.493464][T10718] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1621.498915][T10718] internal_create_group+0x4be/0xd80 [ 1621.504234][T10718] sysfs_create_group+0x1f/0x30 [ 1621.509066][T10718] loop_set_fd+0xf01/0x1410 [ 1621.513566][T10718] lo_ioctl+0xd5/0x2220 [ 1621.517709][T10718] ? __kasan_slab_free+0x12a/0x1e0 [ 1621.522793][T10718] ? kasan_slab_free+0xe/0x10 [ 1621.527491][T10718] ? kfree+0x115/0x200 [ 1621.531547][T10718] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1621.537164][T10718] ? tomoyo_file_ioctl+0x23/0x30 [ 1621.542082][T10718] ? security_file_ioctl+0x6d/0xd0 [ 1621.547192][T10718] ? __x64_sys_ioctl+0xa3/0x120 [ 1621.552036][T10718] ? do_syscall_64+0xf7/0x1c0 [ 1621.556706][T10718] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1621.562760][T10718] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1621.568472][T10718] ? rcu_lock_release+0x9/0x30 [ 1621.573221][T10718] ? rcu_lock_release+0x9/0x30 [ 1621.577975][T10718] ? lo_release+0x1f0/0x1f0 [ 1621.582464][T10718] blkdev_ioctl+0x7f4/0x2ac0 [ 1621.587125][T10718] ? tomoyo_path_number_perm+0x53e/0x640 [ 1621.592742][T10718] block_ioctl+0xbd/0x100 [ 1621.597048][T10718] ? blkdev_iopoll+0x100/0x100 [ 1621.601944][T10718] do_vfs_ioctl+0x744/0x1730 [ 1621.606513][T10718] ? __fget+0x441/0x510 [ 1621.610652][T10718] ? tomoyo_file_ioctl+0x23/0x30 [ 1621.615622][T10718] ? security_file_ioctl+0xa1/0xd0 [ 1621.620757][T10718] __x64_sys_ioctl+0xe3/0x120 [ 1621.625417][T10718] do_syscall_64+0xf7/0x1c0 [ 1621.629900][T10718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1621.635767][T10718] RIP: 0033:0x45a4b7 [ 1621.639636][T10718] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1621.659231][T10718] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1621.667634][T10718] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1621.675594][T10718] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1621.683544][T10718] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1621.691495][T10718] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1621.699443][T10718] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1621.734820][T10718] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (10718) [ 1621.761811][T10713] EXT4-fs (loop0): bad geometry: first data block 9472 is beyond end of filesystem (1080) 04:01:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x4000) 04:01:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f00000009c0)="fe02f582becd73b3971013b30198c4381f1d1a6eccfa264ecc59f58e100c59bcd32aff7236c67b774168d4deaa6b6846b557ad1c5369de674e00ba3bf3eb9087f618a6f6ce7cf971d9a678068f52e0c5148d4208a9b15cde1aa761a8681be1cac27f214be514fe1465ad19daa8f8635edee8f4b937f70020ee06ecb1307ddc3f9f1eae747679a486839b918dbfde71a7acd0a7b6789fdad6e4bbe3abc607b46b5681843d353b2bc6d91528c37c260eb461d4b709f79173e35688b94933818800ea11fbf66b6c6a8af1ce85b493c60d8d260059de77d38966ca675ccb93e52ae4b4dadaec0900") r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r1 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x200000, 0x0) r2 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r2, 0x0, &(0x7f0000000000)) fcntl$getownex(r2, 0x10, &(0x7f0000000080)={0x0, 0x0}) r4 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r4, 0x0, &(0x7f0000000000)) r5 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r5, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) ioctl$KDMKTONE(r1, 0x4b30, 0x101) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r5, 0x0, 0x1, &(0x7f00000003c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r3, r4, 0x0, 0x1, &(0x7f00000000c0)='\x00', r6}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000b00)={r0, r1, 0x0, 0x6, &(0x7f0000000ac0)='minix\x00', r6}, 0x30) syz_mount_image$minix(&(0x7f0000000000)='minix\x00', &(0x7f0000000040)='./file0\x00', 0xffffffff, 0x9, &(0x7f00000008c0)=[{&(0x7f0000000100)="950aa05d4517f6ea0e495410c741c4802cfa5acca3bfc20412d6bd582f2d44a08345df2f96f5973c3df90364f6bca7eeac55ea6a5a7ab9e6f702f4073e577677f813128249d5d8bceb903f8e190c18b25f2c262f337c1ce0f756a71552a509b70400a5334845d224bbd53cd7a13a6329511d42a0f9c66c7098bbb93a99fb74ad22020c62a39f60a093da1f6a9e49c58fc19b66e7cc3a70db544f76a57541190aebeecc7220e11b9d616ef4490a7c0be94efb403fff1ec7f45c1e08702387", 0xbe, 0x9}, {&(0x7f0000000300)="95aa2a48a7b3bd4b61638de877d8191d1a3cc32e62b6c0eec714e822d413200bb2d9c46cc75d1dfe75a97f350c694d00352ec952a26d5214c38de4a2097237076f17b923f1a3e7df3dee6913ef7cd2e8681ce24fc5929426e4e3c3081398160d7336e4556772f721248e562df3278a7bfc396b9a3141e7d00e39", 0x7a, 0x2}, {&(0x7f0000000380)="7afdd20de5c88c72c8a9c1ca4ba361bc11f5c217eb402f990e394b80307817d51d95f0323c29fb08f3c6f3edf5ff55d885d8c5761644250616ace99c24178913f5179c684f4962329b0e4de69e0312bedd6f2442b4421496e1852df874a9985f9cf310d4756bee284e78f4fe8c3206ab5a9f479f6d5741d74266d44d53ac2e638af304137732c0cbc4456586605184992c1a9a585619d5788ce6d9e93f381b7ac0defca03e627ee502f65a77c7931e76630307d112437688410be1f8b587b0eaf4bc3572b1cb3566", 0xc8, 0x101}, {&(0x7f0000000480)="5c34a862dc1b58e889a6b7ac4501f4a47e7e96359a3c59395c8928b3475380dda05ae13282957fdd26afbd2df7c90d97e1229b6da37b8a68b2bd909fd6073fbb9cf43d3104a78e305db4622891bb58a7203e1727b281f41a3b34a54dd338dada306bad8b6b5740a8770bd21c8cf5ed15c2d2c9db0c00ccf5c302d4067e9143f9ec1a906f8ea0d9aa93216068e7d8eb7ac80064d0cd4f2d4840b25427a826b5409349b8eac710f8df53789a32d577d9cf157483770f92a501938317ed4d729ad322afbd4d112e3479e64771e804f1e53ac0f5b9c3f4629b074e813fd10c", 0xdd, 0x30000000000000}, {&(0x7f0000000580)="98efeee527e9e8753913c472fb1a1dc081718f062137b5a678de51db3ee3d5534f33b722d554cb24ab5b2504e765ad3d7fe5d0017ed0ca603eb8d2e03556246250425c309d49bffa2c444a67b8fe30f83fff1332180a2e2cf8d6e98490ed8166096e0abb2fc8a7451ef9df8d9824114196f8434d303411f9d73bf7e5d1ac4e9665b8224eccbb5a466ebe3097dea5ac90e697d66b335c98882f59b0f413b1ab1b392eb8cb", 0xa4, 0x2}, {&(0x7f0000000640)="faff59fb0069826b5e6d03caa4e9e03de0eba400675e6694c1e2cd3f7d434a31c585e2e6cf04bed2406d9a87aefdb1958c8bc79c16a951ea2fa82f776067b26f8aff06b044c943c7cce674fbc2ce555f02a9fcd78b44213546f6e9696c0e7f66e9a3de34ddf310e3ec7259f093cfd85b64e0535bf502e746dd5ace6519306ce3645370a3a11794983e8326d96551c6f67e5a003b25ca66bfba40b6eb44201cb5721f98d50964479dd3f83167355d304b1b7afc74b8394be00be8a0bb1820b50c5c355b23e876af85550cbec9", 0xcc, 0xffffffff}, {&(0x7f0000000740)="2a1f9efbfa7636059d55ba8d1a6ce8a8d0c1424b02130fdb240f1912ca603b2c6e0c4693982a26a51f107b4b61b62c3583ecec496ba1672303a834092c04008a31c737cd87febe224b091f55079e26f582999a3a0fb505195874b6de50f13926787bcaa55df98f74c3", 0x69, 0x4}, {&(0x7f00000007c0)="0c6c54be3526c0ba5a54cc00fa8da789ee5d652735ce4de63d9755c3d3764c04d485d38a6e9e101faca1c91ed46bef2cbd46887e1e48d1ca63e54ddedbf0e600f6956b5ecaa841ffec531ba0b1649fd81afedc0a268817bf9f11bbb0414f63d62d18e8fe8b4d29789a", 0x69, 0x1}, {&(0x7f0000000840)="f9522dc4bde0a6a04922a3473597bcf62ac95202429d4733f772904a3f0aaf721b2dd25aaad8e37534487e14ed9db2c04ffa201dcbc4d674be7036efe43fce39ea2cf1e094c10e3b1f6e77d210fb597a2c813e5f9dc6571e7c09940b38e21d35a48ea71c1113e6851de236cd2e", 0x6d, 0xd09}], 0x40020, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:29 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xc4050000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:29 executing program 2 (fault-call:0 fault-nth:27): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1622.097736][T11098] FAULT_INJECTION: forcing a failure. [ 1622.097736][T11098] name failslab, interval 1, probability 0, space 0, times 0 [ 1622.135148][T11098] CPU: 0 PID: 11098 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1622.143532][T11098] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1622.153588][T11098] Call Trace: [ 1622.156872][T11098] dump_stack+0x1fb/0x318 [ 1622.161197][T11098] should_fail+0x555/0x770 [ 1622.165604][T11098] __should_failslab+0x11a/0x160 [ 1622.170522][T11098] ? kzalloc+0x26/0x40 [ 1622.174570][T11098] should_failslab+0x9/0x20 [ 1622.179052][T11098] __kmalloc+0x7a/0x340 [ 1622.183196][T11098] kzalloc+0x26/0x40 [ 1622.187087][T11098] kobject_get_path+0xa7/0x1d0 [ 1622.191837][T11098] kobject_uevent_env+0x2f2/0x1260 [ 1622.196937][T11098] kobject_uevent+0x1f/0x30 [ 1622.201420][T11098] loop_set_fd+0xf70/0x1410 [ 1622.205925][T11098] lo_ioctl+0xd5/0x2220 [ 1622.210068][T11098] ? __kasan_slab_free+0x12a/0x1e0 [ 1622.215156][T11098] ? kasan_slab_free+0xe/0x10 [ 1622.219806][T11098] ? kfree+0x115/0x200 [ 1622.223853][T11098] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1622.229461][T11098] ? tomoyo_file_ioctl+0x23/0x30 [ 1622.234375][T11098] ? security_file_ioctl+0x6d/0xd0 [ 1622.239674][T11098] ? __x64_sys_ioctl+0xa3/0x120 [ 1622.244504][T11098] ? do_syscall_64+0xf7/0x1c0 [ 1622.249177][T11098] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.255227][T11098] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1622.260925][T11098] ? check_preemption_disabled+0x47/0x2a0 [ 1622.266620][T11098] ? check_preemption_disabled+0x47/0x2a0 [ 1622.272316][T11098] ? rcu_lock_release+0x9/0x30 [ 1622.277060][T11098] ? rcu_lock_release+0x9/0x30 [ 1622.281810][T11098] ? lo_release+0x1f0/0x1f0 [ 1622.286290][T11098] blkdev_ioctl+0x7f4/0x2ac0 [ 1622.290861][T11098] ? tomoyo_path_number_perm+0x53e/0x640 [ 1622.296480][T11098] block_ioctl+0xbd/0x100 [ 1622.300783][T11098] ? blkdev_iopoll+0x100/0x100 [ 1622.305525][T11098] do_vfs_ioctl+0x744/0x1730 [ 1622.310096][T11098] ? __fget+0x441/0x510 [ 1622.314243][T11098] ? tomoyo_file_ioctl+0x23/0x30 [ 1622.319159][T11098] ? security_file_ioctl+0xa1/0xd0 [ 1622.324245][T11098] __x64_sys_ioctl+0xe3/0x120 [ 1622.328911][T11098] do_syscall_64+0xf7/0x1c0 [ 1622.333401][T11098] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1622.339268][T11098] RIP: 0033:0x45a4b7 [ 1622.343142][T11098] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1622.362725][T11098] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1622.371199][T11098] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1622.379147][T11098] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1622.387095][T11098] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1622.395045][T11098] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1622.403011][T11098] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1622.446416][T11098] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11098) 04:01:32 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:01:32 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000002d00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:32 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xe0ffffff}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x38) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0xfffffffffffffffe, 0x0) 04:01:32 executing program 2 (fault-call:0 fault-nth:28): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1624.451231][T11168] FAULT_INJECTION: forcing a failure. [ 1624.451231][T11168] name failslab, interval 1, probability 0, space 0, times 0 [ 1624.478733][T11168] CPU: 1 PID: 11168 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1624.487119][T11168] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1624.497281][T11168] Call Trace: [ 1624.500562][T11168] dump_stack+0x1fb/0x318 [ 1624.505113][T11168] should_fail+0x555/0x770 [ 1624.509516][T11168] __should_failslab+0x11a/0x160 [ 1624.514544][T11168] ? __kernfs_new_node+0x97/0x680 [ 1624.519554][T11168] should_failslab+0x9/0x20 [ 1624.524049][T11168] kmem_cache_alloc+0x56/0x2e0 [ 1624.528792][T11168] __kernfs_new_node+0x97/0x680 [ 1624.533631][T11168] ? mutex_unlock+0xd/0x10 [ 1624.538043][T11168] ? kernfs_activate+0x4c7/0x4e0 [ 1624.542965][T11168] kernfs_new_node+0x97/0x170 [ 1624.547622][T11168] __kernfs_create_file+0x4a/0x2f0 [ 1624.552712][T11168] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1624.558065][T11168] internal_create_group+0x4be/0xd80 [ 1624.563351][T11168] sysfs_create_group+0x1f/0x30 [ 1624.568180][T11168] loop_set_fd+0xf01/0x1410 [ 1624.572667][T11168] lo_ioctl+0xd5/0x2220 [ 1624.576823][T11168] ? __kasan_slab_free+0x12a/0x1e0 [ 1624.581946][T11168] ? kasan_slab_free+0xe/0x10 [ 1624.586602][T11168] ? kfree+0x115/0x200 [ 1624.590657][T11168] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1624.596269][T11168] ? tomoyo_file_ioctl+0x23/0x30 [ 1624.601201][T11168] ? security_file_ioctl+0x6d/0xd0 [ 1624.606349][T11168] ? __x64_sys_ioctl+0xa3/0x120 [ 1624.611185][T11168] ? do_syscall_64+0xf7/0x1c0 [ 1624.615842][T11168] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.621898][T11168] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1624.627611][T11168] ? rcu_lock_release+0x9/0x30 [ 1624.632361][T11168] ? rcu_lock_release+0x9/0x30 [ 1624.637164][T11168] ? lo_release+0x1f0/0x1f0 [ 1624.641644][T11168] blkdev_ioctl+0x7f4/0x2ac0 [ 1624.646215][T11168] ? tomoyo_path_number_perm+0x53e/0x640 [ 1624.651833][T11168] block_ioctl+0xbd/0x100 [ 1624.656139][T11168] ? blkdev_iopoll+0x100/0x100 [ 1624.660879][T11168] do_vfs_ioctl+0x744/0x1730 [ 1624.665441][T11168] ? __fget+0x441/0x510 [ 1624.669572][T11168] ? tomoyo_file_ioctl+0x23/0x30 [ 1624.674498][T11168] ? security_file_ioctl+0xa1/0xd0 [ 1624.679590][T11168] __x64_sys_ioctl+0xe3/0x120 [ 1624.684256][T11168] do_syscall_64+0xf7/0x1c0 [ 1624.688738][T11168] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1624.694617][T11168] RIP: 0033:0x45a4b7 [ 1624.698495][T11168] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1624.718085][T11168] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1624.726489][T11168] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1624.734449][T11168] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1624.742419][T11168] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r0, &(0x7f0000f67fe4)={0xa, 0x0, 0xfffffffd}, 0xfffffffffffffd5a) close(r0) setsockopt$inet6_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000), 0x4) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rt_sigreturn() r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r2 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x6, 0x381000) ioctl$VFIO_SET_IOMMU(r2, 0x3b66, 0x8) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r4 = fcntl$dupfd(r3, 0x406, r2) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r4, 0x894b, &(0x7f0000000080)) socket(0x9, 0xa, 0x0) [ 1624.750369][T11168] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1624.758333][T11168] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1624.772492][T11168] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11168) 04:01:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) keyctl$link(0x8, 0x0, 0xfffffffffffffffc) 04:01:32 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfc000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1624.909576][T11166] EXT4-fs (loop0): bad geometry: first data block 11520 is beyond end of filesystem (1080) 04:01:32 executing program 2 (fault-call:0 fault-nth:29): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:32 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x60ff) 04:01:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x4000, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) rt_sigqueueinfo(r3, 0x4, &(0x7f0000000040)={0x29, 0x1ff, 0x80000000}) fcntl$setown(r1, 0x8, r2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1625.037814][T11291] FAULT_INJECTION: forcing a failure. [ 1625.037814][T11291] name failslab, interval 1, probability 0, space 0, times 0 [ 1625.052592][T11291] CPU: 1 PID: 11291 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1625.060949][T11291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1625.071008][T11291] Call Trace: [ 1625.074315][T11291] dump_stack+0x1fb/0x318 [ 1625.078658][T11291] should_fail+0x555/0x770 [ 1625.083091][T11291] __should_failslab+0x11a/0x160 04:01:32 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000043700000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1625.088034][T11291] ? __kernfs_new_node+0x97/0x680 [ 1625.093064][T11291] should_failslab+0x9/0x20 [ 1625.097578][T11291] kmem_cache_alloc+0x56/0x2e0 [ 1625.102499][T11291] __kernfs_new_node+0x97/0x680 [ 1625.107477][T11291] ? mutex_unlock+0xd/0x10 [ 1625.111888][T11291] ? kernfs_activate+0x4c7/0x4e0 [ 1625.116831][T11291] kernfs_new_node+0x97/0x170 [ 1625.121595][T11291] __kernfs_create_file+0x4a/0x2f0 [ 1625.126704][T11291] sysfs_add_file_mode_ns+0x2dc/0x3a0 [ 1625.132065][T11291] internal_create_group+0x4be/0xd80 [ 1625.137355][T11291] sysfs_create_group+0x1f/0x30 [ 1625.142189][T11291] loop_set_fd+0xf01/0x1410 [ 1625.146675][T11291] lo_ioctl+0xd5/0x2220 [ 1625.150868][T11291] ? __kasan_slab_free+0x12a/0x1e0 [ 1625.155964][T11291] ? kasan_slab_free+0xe/0x10 [ 1625.160615][T11291] ? kfree+0x115/0x200 [ 1625.164663][T11291] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1625.170274][T11291] ? tomoyo_file_ioctl+0x23/0x30 [ 1625.175205][T11291] ? security_file_ioctl+0x6d/0xd0 [ 1625.180303][T11291] ? __x64_sys_ioctl+0xa3/0x120 [ 1625.185133][T11291] ? do_syscall_64+0xf7/0x1c0 [ 1625.189789][T11291] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1625.195901][T11291] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1625.201663][T11291] ? rcu_lock_release+0x9/0x30 [ 1625.206414][T11291] ? rcu_lock_release+0x9/0x30 [ 1625.211165][T11291] ? lo_release+0x1f0/0x1f0 [ 1625.215660][T11291] blkdev_ioctl+0x7f4/0x2ac0 [ 1625.220229][T11291] ? tomoyo_path_number_perm+0x53e/0x640 [ 1625.225848][T11291] block_ioctl+0xbd/0x100 [ 1625.230163][T11291] ? blkdev_iopoll+0x100/0x100 [ 1625.234911][T11291] do_vfs_ioctl+0x744/0x1730 [ 1625.239477][T11291] ? __fget+0x441/0x510 [ 1625.243626][T11291] ? tomoyo_file_ioctl+0x23/0x30 [ 1625.248544][T11291] ? security_file_ioctl+0xa1/0xd0 [ 1625.253641][T11291] __x64_sys_ioctl+0xe3/0x120 [ 1625.258312][T11291] do_syscall_64+0xf7/0x1c0 [ 1625.262850][T11291] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1625.268718][T11291] RIP: 0033:0x45a4b7 [ 1625.272596][T11291] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1625.292345][T11291] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1625.300747][T11291] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1625.308713][T11291] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1625.316679][T11291] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1625.324633][T11291] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1625.332602][T11291] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1625.421893][T11291] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11291) [ 1625.486020][T11399] EXT4-fs (loop0): bad geometry: first data block 14084 is beyond end of filesystem (1080) 04:01:35 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) 04:01:35 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfe800000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000180)) ptrace$cont(0x9, r0, 0x0, 0x0) capset(&(0x7f0000000100)={0x20080522, r0}, &(0x7f0000000140)={0xfff, 0x2, 0x3f, 0x1, 0x5c6, 0x10000}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) r2 = syz_open_dev$mice(&(0x7f0000000000)='/dev/input/mice\x00', 0x0, 0x20642) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$TIOCGPGRP(r4, 0x540f, &(0x7f0000000040)=0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r2, 0xc1105511, &(0x7f0000000300)={{0xa, 0x0, 0xffff, 0x8, '\x00', 0x7fffffff}, 0x6, 0x3, 0xffff, r5, 0x5, 0x100, 'syz0\x00', &(0x7f0000000080)=['\x00', '&.!&[\x14\x00', '@-vmnet0$\x00', '\x00', '\x00'], 0x14, [], [0x1000, 0xff, 0x40, 0x9]}) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:01:35 executing program 2 (fault-call:0 fault-nth:30): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:35 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000043800000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1627.878650][T11426] FAULT_INJECTION: forcing a failure. [ 1627.878650][T11426] name failslab, interval 1, probability 0, space 0, times 0 [ 1627.898266][T11426] CPU: 0 PID: 11426 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1627.906622][T11426] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1627.916703][T11426] Call Trace: [ 1627.920015][T11426] dump_stack+0x1fb/0x318 [ 1627.924356][T11426] should_fail+0x555/0x770 04:01:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r2) r3 = geteuid() ioctl$NS_GET_OWNER_UID(0xffffffffffffffff, 0xb704, &(0x7f0000000100)=0x0) mount$9p_xen(&(0x7f0000000000)='cpuset\'\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x125d014, &(0x7f0000000300)={'trans=xen,', {[{@version_u='version=9p2000.u'}, {@access_any='access=any'}, {@cache_none='cache=none'}, {@msize={'msize', 0x3d, 0xaa8e}}, {@dfltgid={'dfltgid', 0x3d, r2}}, {@afid={'afid', 0x3d, 0x3f}}, {@msize={'msize', 0x3d, 0x8}}], [{@uid_eq={'uid', 0x3d, r3}}, {@context={'context', 0x3d, 'sysadm_u'}}, {@measure='measure'}, {@uid_eq={'uid', 0x3d, r4}}]}}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1627.928890][T11426] __should_failslab+0x11a/0x160 [ 1627.933826][T11426] should_failslab+0x9/0x20 [ 1627.938408][T11426] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1627.943684][T11426] ? kobject_uevent_env+0x2cd/0x1260 [ 1627.949058][T11426] ? dev_uevent_filter+0xb0/0xb0 [ 1627.954002][T11426] kobject_uevent_env+0x2cd/0x1260 [ 1627.959117][T11426] kobject_uevent+0x1f/0x30 [ 1627.963621][T11426] loop_set_fd+0xf70/0x1410 [ 1627.968125][T11426] lo_ioctl+0xd5/0x2220 [ 1627.972275][T11426] ? __kasan_slab_free+0x12a/0x1e0 [ 1627.977362][T11426] ? kasan_slab_free+0xe/0x10 [ 1627.982013][T11426] ? kfree+0x115/0x200 [ 1627.986066][T11426] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1627.991701][T11426] ? tomoyo_file_ioctl+0x23/0x30 [ 1627.996618][T11426] ? security_file_ioctl+0x6d/0xd0 [ 1628.001720][T11426] ? __x64_sys_ioctl+0xa3/0x120 [ 1628.006558][T11426] ? do_syscall_64+0xf7/0x1c0 [ 1628.011224][T11426] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1628.017271][T11426] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1628.022995][T11426] ? rcu_lock_release+0x9/0x30 [ 1628.027742][T11426] ? rcu_lock_release+0x9/0x30 [ 1628.032490][T11426] ? lo_release+0x1f0/0x1f0 [ 1628.036992][T11426] blkdev_ioctl+0x7f4/0x2ac0 [ 1628.041579][T11426] ? tomoyo_path_number_perm+0x53e/0x640 [ 1628.047201][T11426] block_ioctl+0xbd/0x100 [ 1628.051509][T11426] ? blkdev_iopoll+0x100/0x100 [ 1628.056255][T11426] do_vfs_ioctl+0x744/0x1730 [ 1628.060823][T11426] ? __fget+0x441/0x510 [ 1628.064974][T11426] ? tomoyo_file_ioctl+0x23/0x30 [ 1628.069930][T11426] ? security_file_ioctl+0xa1/0xd0 [ 1628.075047][T11426] __x64_sys_ioctl+0xe3/0x120 [ 1628.079736][T11426] do_syscall_64+0xf7/0x1c0 [ 1628.084224][T11426] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1628.090101][T11426] RIP: 0033:0x45a4b7 [ 1628.093979][T11426] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1628.113698][T11426] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1628.122164][T11426] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1628.130122][T11426] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1628.138083][T11426] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1628.146035][T11426] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1628.153993][T11426] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1628.194095][T11426] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11426) [ 1628.233060][T11428] EXT4-fs (loop0): bad geometry: first data block 14340 is beyond end of filesystem (1080) 04:01:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$LOOP_GET_STATUS(r1, 0x4c03, &(0x7f0000000000)) r2 = socket$inet(0x10, 0x2, 0xc) sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) pwrite64(r2, &(0x7f0000000100)="b7a096cf89c6b85cd8223b44f899643fa74003dbd6f57f4fd294433218ca8940e0fecc26362df4c7ef0aefa1bd7b269fd6ddf1115f23c303bff98c4ac5564c", 0x3f, 0x6) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:36 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfe80ffff}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x7600) 04:01:36 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000003f00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:36 executing program 2 (fault-call:0 fault-nth:31): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1628.593147][T11733] FAULT_INJECTION: forcing a failure. [ 1628.593147][T11733] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1628.606413][T11733] CPU: 0 PID: 11733 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1628.614747][T11733] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1628.624820][T11733] Call Trace: [ 1628.628123][T11733] dump_stack+0x1fb/0x318 [ 1628.632468][T11733] should_fail+0x555/0x770 [ 1628.636903][T11733] should_fail_alloc_page+0x55/0x60 04:01:36 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$fou(&(0x7f00000006c0)='fou\x00') sendmsg$FOU_CMD_ADD(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x1c, r4, 0x3, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x2}]}, 0x1c}}, 0x0) sendmsg$FOU_CMD_GET(r2, &(0x7f0000000140)={&(0x7f0000000000), 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x54, r4, 0x2, 0x70bd28, 0x25dfdbfb, {}, [@FOU_ATTR_PEER_V6={0x14, 0x9, @rand_addr="a5d4d44bc5bedfd1eb03a9dde48b7088"}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @rand_addr=0xfff}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e22}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @loopback}, @FOU_ATTR_PEER_V6={0x14, 0x9, @initdev={0xfe, 0x88, [], 0x1, 0x0}}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1628.642134][T11733] prepare_alloc_pages+0x283/0x460 [ 1628.647256][T11733] __alloc_pages_nodemask+0xb2/0x5d0 [ 1628.652567][T11733] kmem_getpages+0x4d/0xa00 [ 1628.653277][T11773] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 1628.657071][T11733] cache_grow_begin+0x7e/0x2c0 [ 1628.657080][T11733] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1628.657092][T11733] cache_alloc_refill+0x311/0x3f0 [ 1628.657103][T11733] ? check_preemption_disabled+0xb7/0x2a0 [ 1628.657118][T11733] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 1628.657132][T11733] ? kobject_uevent_env+0x2cd/0x1260 [ 1628.657143][T11733] ? dev_uevent_filter+0xb0/0xb0 [ 1628.657156][T11733] kobject_uevent_env+0x2cd/0x1260 [ 1628.706920][T11733] kobject_uevent+0x1f/0x30 [ 1628.711407][T11733] loop_set_fd+0xf70/0x1410 [ 1628.715897][T11733] lo_ioctl+0xd5/0x2220 [ 1628.720092][T11733] ? __kasan_slab_free+0x12a/0x1e0 [ 1628.725183][T11733] ? kasan_slab_free+0xe/0x10 [ 1628.729835][T11733] ? kfree+0x115/0x200 [ 1628.733894][T11733] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1628.739523][T11733] ? tomoyo_file_ioctl+0x23/0x30 [ 1628.744446][T11733] ? security_file_ioctl+0x6d/0xd0 [ 1628.749541][T11733] ? __x64_sys_ioctl+0xa3/0x120 [ 1628.754381][T11733] ? do_syscall_64+0xf7/0x1c0 [ 1628.759061][T11733] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1628.765109][T11733] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1628.770839][T11733] ? rcu_lock_release+0x9/0x30 [ 1628.775585][T11733] ? rcu_lock_release+0x9/0x30 [ 1628.780325][T11733] ? lo_release+0x1f0/0x1f0 [ 1628.784815][T11733] blkdev_ioctl+0x7f4/0x2ac0 [ 1628.789423][T11733] ? tomoyo_path_number_perm+0x53e/0x640 [ 1628.795053][T11733] block_ioctl+0xbd/0x100 [ 1628.799364][T11733] ? blkdev_iopoll+0x100/0x100 [ 1628.804131][T11733] do_vfs_ioctl+0x744/0x1730 [ 1628.808743][T11733] ? __fget+0x441/0x510 [ 1628.812883][T11733] ? tomoyo_file_ioctl+0x23/0x30 [ 1628.817802][T11733] ? security_file_ioctl+0xa1/0xd0 [ 1628.822897][T11733] __x64_sys_ioctl+0xe3/0x120 [ 1628.827557][T11733] do_syscall_64+0xf7/0x1c0 [ 1628.832065][T11733] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1628.837934][T11733] RIP: 0033:0x45a4b7 [ 1628.841805][T11733] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1628.861458][T11733] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1628.869852][T11733] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1628.877802][T11733] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1628.885750][T11733] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1628.893699][T11733] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1628.901646][T11733] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1628.957706][T11733] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11733) [ 1628.981806][T11725] EXT4-fs (loop0): bad geometry: first data block 16128 is beyond end of filesystem (1080) [ 1629.066409][T11780] EXT4-fs (loop0): bad geometry: first data block 16128 is beyond end of filesystem (1080) 04:01:38 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfec0ffff}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:38 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 04:01:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r1, 0x6, 0x5, &(0x7f0000000000)=0x5, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:38 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000004000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:38 executing program 2 (fault-call:0 fault-nth:32): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1630.913317][T11794] FAULT_INJECTION: forcing a failure. [ 1630.913317][T11794] name failslab, interval 1, probability 0, space 0, times 0 [ 1630.952998][T11794] CPU: 0 PID: 11794 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 04:01:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$P9_RREMOVE(r1, &(0x7f0000000000)={0x7, 0x7b, 0x2}, 0x7) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r3 = socket$inet(0x10, 0x2, 0xc) r4 = fcntl$getown(r3, 0x9) ptrace$cont(0x7, r4, 0x5, 0x400) ptrace$cont(0x20, r2, 0x0, 0x0) [ 1630.961369][T11794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1630.971428][T11794] Call Trace: [ 1630.974728][T11794] dump_stack+0x1fb/0x318 [ 1630.979069][T11794] should_fail+0x555/0x770 [ 1630.983496][T11794] __should_failslab+0x11a/0x160 [ 1630.988436][T11794] ? __d_alloc+0x2d/0x6e0 [ 1630.992749][T11794] should_failslab+0x9/0x20 [ 1630.997244][T11794] kmem_cache_alloc+0x56/0x2e0 [ 1631.002017][T11794] __d_alloc+0x2d/0x6e0 [ 1631.006176][T11794] d_alloc+0x4e/0x1d0 [ 1631.006194][T11794] __lookup_hash+0xe5/0x290 [ 1631.006208][T11794] filename_create+0x14f/0x670 [ 1631.006218][T11794] ? getname_flags+0x214/0x640 [ 1631.006231][T11794] do_mkdirat+0x5a/0x320 [ 1631.006250][T11794] __x64_sys_mkdir+0x60/0x70 [ 1631.014701][T11794] do_syscall_64+0xf7/0x1c0 [ 1631.014718][T11794] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.014727][T11794] RIP: 0033:0x459a67 [ 1631.014738][T11794] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1631.014743][T11794] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1631.014752][T11794] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1631.014757][T11794] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1631.014763][T11794] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1631.014772][T11794] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 04:01:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SIOCX25GFACILITIES(r2, 0x89e2, &(0x7f0000000000)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1631.033136][T11794] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:38 executing program 2 (fault-call:0 fault-nth:33): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1631.141138][T11791] EXT4-fs (loop0): bad geometry: first data block 16384 is beyond end of filesystem (1080) [ 1631.258977][T11915] FAULT_INJECTION: forcing a failure. [ 1631.258977][T11915] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.271874][T11915] CPU: 1 PID: 11915 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1631.280206][T11915] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1631.290345][T11915] Call Trace: [ 1631.293638][T11915] dump_stack+0x1fb/0x318 [ 1631.297971][T11915] should_fail+0x555/0x770 [ 1631.302399][T11915] __should_failslab+0x11a/0x160 [ 1631.307333][T11915] should_failslab+0x9/0x20 [ 1631.311831][T11915] kmem_cache_alloc_node+0x65/0x280 [ 1631.317024][T11915] ? __alloc_skb+0x9f/0x500 [ 1631.321516][T11915] __alloc_skb+0x9f/0x500 [ 1631.325859][T11915] alloc_uevent_skb+0x7f/0x230 [ 1631.330620][T11915] kobject_uevent_env+0xcbc/0x1260 [ 1631.335744][T11915] kobject_uevent+0x1f/0x30 [ 1631.340249][T11915] loop_set_fd+0xf70/0x1410 [ 1631.344770][T11915] lo_ioctl+0xd5/0x2220 [ 1631.348924][T11915] ? __kasan_slab_free+0x12a/0x1e0 [ 1631.354020][T11915] ? kasan_slab_free+0xe/0x10 [ 1631.358682][T11915] ? kfree+0x115/0x200 [ 1631.362865][T11915] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1631.368474][T11915] ? tomoyo_file_ioctl+0x23/0x30 [ 1631.373388][T11915] ? security_file_ioctl+0x6d/0xd0 [ 1631.378490][T11915] ? __x64_sys_ioctl+0xa3/0x120 [ 1631.383335][T11915] ? do_syscall_64+0xf7/0x1c0 [ 1631.387992][T11915] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.394051][T11915] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1631.399905][T11915] ? rcu_lock_release+0x9/0x30 [ 1631.404672][T11915] ? rcu_lock_release+0x9/0x30 [ 1631.409420][T11915] ? lo_release+0x1f0/0x1f0 [ 1631.413924][T11915] blkdev_ioctl+0x7f4/0x2ac0 [ 1631.418519][T11915] ? tomoyo_path_number_perm+0x53e/0x640 [ 1631.424163][T11915] block_ioctl+0xbd/0x100 [ 1631.428473][T11915] ? blkdev_iopoll+0x100/0x100 [ 1631.433222][T11915] do_vfs_ioctl+0x744/0x1730 [ 1631.437798][T11915] ? __fget+0x441/0x510 [ 1631.441952][T11915] ? tomoyo_file_ioctl+0x23/0x30 [ 1631.446878][T11915] ? security_file_ioctl+0xa1/0xd0 [ 1631.451970][T11915] __x64_sys_ioctl+0xe3/0x120 [ 1631.456642][T11915] do_syscall_64+0xf7/0x1c0 [ 1631.461136][T11915] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1631.467004][T11915] RIP: 0033:0x45a4b7 [ 1631.470871][T11915] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1631.490466][T11915] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1631.498877][T11915] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1631.506922][T11915] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1631.514885][T11915] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1631.522844][T11915] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1631.530825][T11915] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x7f00) 04:01:39 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000004800000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:39 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfeffffff}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1631.555742][T11915] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (11915) 04:01:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001300)="6653070000053c07bc3376003639405cb4aed12f0000000000ae4719ea1584a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x109}], 0x4, 0x2) r1 = semget$private(0x0, 0x7, 0x0) semop(r1, &(0x7f0000000000)=[{0x6}], 0x1) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000000)) semctl$GETPID(r1, 0x0, 0xb, &(0x7f0000000300)=""/4096) ptrace$setopts(0x4206, r0, 0x0, 0x0) r2 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f00000014c0)='/dev/btrfs-control\x00', 0x402000, 0x0) accept$inet6(r2, &(0x7f0000001500)={0xa, 0x0, 0x0, @initdev}, &(0x7f0000001540)=0x1c) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$TCSETS2(r2, 0x402c542b, &(0x7f0000000040)={0x8001, 0x60, 0x81, 0xc362, 0x8, "b3e315a1f38a8b7bbf1b6dccf389a862370414", 0x0, 0x4}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:39 executing program 2 (fault-call:0 fault-nth:34): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1631.721535][T11921] EXT4-fs (loop0): bad geometry: first data block 18432 is beyond end of filesystem (1080) [ 1631.851583][T12139] FAULT_INJECTION: forcing a failure. [ 1631.851583][T12139] name failslab, interval 1, probability 0, space 0, times 0 [ 1631.878846][T12139] CPU: 0 PID: 12139 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1631.887229][T12139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1631.897273][T12139] Call Trace: [ 1631.900582][T12139] dump_stack+0x1fb/0x318 [ 1631.904900][T12139] should_fail+0x555/0x770 [ 1631.909304][T12139] __should_failslab+0x11a/0x160 [ 1631.914248][T12139] ? skb_clone+0x1cc/0x380 [ 1631.919096][T12139] should_failslab+0x9/0x20 [ 1631.923590][T12139] kmem_cache_alloc+0x56/0x2e0 [ 1631.928351][T12139] skb_clone+0x1cc/0x380 [ 1631.932708][T12139] netlink_broadcast_filtered+0x619/0x1080 [ 1631.938579][T12139] netlink_broadcast+0x3a/0x50 [ 1631.943333][T12139] kobject_uevent_env+0xcf1/0x1260 [ 1631.948431][T12139] kobject_uevent+0x1f/0x30 [ 1631.952917][T12139] loop_set_fd+0xf70/0x1410 [ 1631.957409][T12139] lo_ioctl+0xd5/0x2220 [ 1631.961575][T12139] ? __kasan_slab_free+0x12a/0x1e0 [ 1631.966683][T12139] ? kasan_slab_free+0xe/0x10 [ 1631.971339][T12139] ? kfree+0x115/0x200 [ 1631.975411][T12139] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1631.981027][T12139] ? tomoyo_file_ioctl+0x23/0x30 [ 1631.985946][T12139] ? security_file_ioctl+0x6d/0xd0 [ 1631.991046][T12139] ? __x64_sys_ioctl+0xa3/0x120 [ 1631.995901][T12139] ? do_syscall_64+0xf7/0x1c0 [ 1632.000598][T12139] ? entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1632.006653][T12139] ? debug_check_no_obj_freed+0x505/0x5b0 [ 1632.012363][T12139] ? rcu_lock_release+0x9/0x30 [ 1632.017114][T12139] ? rcu_lock_release+0x9/0x30 [ 1632.021868][T12139] ? lo_release+0x1f0/0x1f0 [ 1632.026359][T12139] blkdev_ioctl+0x7f4/0x2ac0 [ 1632.030930][T12139] ? tomoyo_path_number_perm+0x53e/0x640 [ 1632.036553][T12139] block_ioctl+0xbd/0x100 [ 1632.040864][T12139] ? blkdev_iopoll+0x100/0x100 [ 1632.045609][T12139] do_vfs_ioctl+0x744/0x1730 [ 1632.050179][T12139] ? __fget+0x441/0x510 [ 1632.054319][T12139] ? tomoyo_file_ioctl+0x23/0x30 [ 1632.059236][T12139] ? security_file_ioctl+0xa1/0xd0 [ 1632.064329][T12139] __x64_sys_ioctl+0xe3/0x120 [ 1632.068990][T12139] do_syscall_64+0xf7/0x1c0 [ 1632.073475][T12139] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1632.079376][T12139] RIP: 0033:0x45a4b7 [ 1632.083264][T12139] Code: 48 83 c4 08 48 89 d8 5b 5d c3 66 0f 1f 84 00 00 00 00 00 48 89 e8 48 f7 d8 48 39 c3 0f 92 c0 eb 92 66 90 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 0d b8 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1632.102849][T12139] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1632.111257][T12139] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 000000000045a4b7 [ 1632.119210][T12139] RDX: 0000000000000004 RSI: 0000000000004c00 RDI: 0000000000000005 [ 1632.127789][T12139] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1632.135753][T12139] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1632.143706][T12139] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1632.169091][T12139] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (12139) 04:01:41 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:41 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 04:01:41 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000004c00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat(r2, &(0x7f0000000380)='./file0\x00', 0x2c25823c5218a0af, 0x80) ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000400)={&(0x7f00000003c0), 0x0, 0x100, 0x7, 0x7f, 0x41c, 0x9, {0xb07, 0x91, 0x0, 0x8, 0x7, 0x1, 0xfd4, 0x8, 0x3, 0x7ff, 0x3, 0x7f7, 0x8001, 0x10000, "2757296e09734fa87fc50cf5a873d832a714efdba5c07b86e8f39bbc3161da2e"}}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) fcntl$dupfd(r1, 0x406, r5) r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) setsockopt$bt_l2cap_L2CAP_CONNINFO(r11, 0x6, 0x2, &(0x7f0000000340)={0x0, 0x8, 0x9, 0x2}, 0x2) r12 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000140)='/dev/sequencer\x00', 0x2000, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r12, 0x84, 0x8, &(0x7f0000000080), &(0x7f0000000300)=0xfd7e) r13 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) r14 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r15 = dup(r14) ioctl$PERF_EVENT_IOC_ENABLE(r15, 0x8912, 0x400200) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={r0, r15, 0x0, 0x7f, &(0x7f0000000480)=')@\x00\xe5\xe1\"\xed\xac\xfc\"\xd4L\xa3\x1f\x10\xf8\xd2\xfa\xb6RBq\x81\xb9\x8b\xb7\x96\x0f\x05\xfb\x02\xee9\x18%\xfe\xb4\xd9\xce\xb6\x9fv\x14\xfd~\xb9}\xcf\xca\xcc\xbeg\x1f\x9d5\x8d%\x82\xc4^\x18\xe2\x90\x86\x12\x0f\x8a\x9c$\xc5`Q5\x8c\x1d\xb7\'\xb2~&P\xdft\xca+.\xe5\x13#\xda\xf5]\a\xa3\x91\xb7\x18\t\xdf\xf1@\x90\xf2\xc4XeX\xf2\xcf\x02\xbc|\xb1\x82\x83m+\xae:\x92\rF\xac\r\x7f\xfbq', 0xffffffffffffffff}, 0x30) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:41 executing program 2 (fault-call:0 fault-nth:35): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1634.017928][T12150] FAULT_INJECTION: forcing a failure. [ 1634.017928][T12150] name failslab, interval 1, probability 0, space 0, times 0 [ 1634.055106][T12150] CPU: 0 PID: 12150 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1634.063478][T12150] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1634.073537][T12150] Call Trace: [ 1634.073560][T12150] dump_stack+0x1fb/0x318 [ 1634.073576][T12150] should_fail+0x555/0x770 [ 1634.073596][T12150] __should_failslab+0x11a/0x160 [ 1634.073612][T12150] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1634.073621][T12150] should_failslab+0x9/0x20 [ 1634.073630][T12150] __kmalloc+0x7a/0x340 [ 1634.073644][T12150] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1634.081269][T12150] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1634.081291][T12150] tomoyo_path_number_perm+0x166/0x640 [ 1634.081329][T12150] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1634.081344][T12150] ? trace_kmem_cache_free+0xb2/0x110 [ 1634.132853][T12150] tomoyo_path_mkdir+0x9c/0xc0 [ 1634.137602][T12150] security_path_mkdir+0xed/0x170 [ 1634.142606][T12150] do_mkdirat+0x15c/0x320 [ 1634.146914][T12150] __x64_sys_mkdir+0x60/0x70 [ 1634.151482][T12150] do_syscall_64+0xf7/0x1c0 [ 1634.155968][T12150] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.161838][T12150] RIP: 0033:0x459a67 [ 1634.165715][T12150] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1634.185299][T12150] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1634.193687][T12150] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1634.201651][T12150] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1634.209604][T12150] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000000)='/dev/audio\x00', 0x80842, 0x0) ioctl$VIDIOC_S_AUDIO(r1, 0x40345622, &(0x7f0000000040)={0x7, "7574da9da64e6ff9099ea097c8b20e071cd2888f1885b5ffa60af5615e7279f7", 0x1, 0x1}) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1634.217551][T12150] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1634.225519][T12150] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1634.244286][T12153] EXT4-fs (loop0): bad geometry: first data block 19456 is beyond end of filesystem (1080) 04:01:42 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xffff0000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1634.333798][T12150] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1634.361119][T12150] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (12150) 04:01:42 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x9600) 04:01:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$LOOP_SET_STATUS64(r2, 0x4c04, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x2, 0x5, 0x0, 0x1, 0x11, 0x9, "66b274fc96e7cd03d34e32e49a384f336e934d439319ad4c00f1bc8a59a223647b446a7466aca5495875e20fc2844be09a0eb26bd94df1a1d870581e37a075ec", "8ddd31cf63cfef039ad7c7a8b118ec6696eaad2b4fbf812b38efd0f8a7e9a3d961cdec4878d27b9dbf950ec568d7868dc07ad9587a820f6ca09f033b498eea5c", "a16034230ba4bd480d4b342b96f22105752235992c52eec5815024e1a4aa8b62", [0xffffffffffff8000, 0xcd9]}) 04:01:42 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000005c00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:42 executing program 2 (fault-call:0 fault-nth:36): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:42 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xffff80fe}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1634.630398][T12379] FAULT_INJECTION: forcing a failure. [ 1634.630398][T12379] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1634.643687][T12379] CPU: 1 PID: 12379 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1634.652007][T12379] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1634.662079][T12379] Call Trace: [ 1634.665376][T12379] dump_stack+0x1fb/0x318 [ 1634.669713][T12379] should_fail+0x555/0x770 [ 1634.674136][T12379] should_fail_alloc_page+0x55/0x60 [ 1634.679469][T12379] prepare_alloc_pages+0x283/0x460 [ 1634.684591][T12379] __alloc_pages_nodemask+0xb2/0x5d0 [ 1634.684606][T12379] ? lo_release+0x1f0/0x1f0 [ 1634.684616][T12379] ? blkdev_ioctl+0x7f4/0x2ac0 [ 1634.684632][T12379] kmem_getpages+0x4d/0xa00 [ 1634.684645][T12379] cache_grow_begin+0x7e/0x2c0 [ 1634.684657][T12379] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1634.699170][T12379] cache_alloc_refill+0x311/0x3f0 [ 1634.718869][T12379] ? check_preemption_disabled+0xb7/0x2a0 [ 1634.724593][T12379] kmem_cache_alloc+0x2b9/0x2e0 [ 1634.729442][T12379] ? getname_flags+0xba/0x640 [ 1634.734119][T12379] getname_flags+0xba/0x640 [ 1634.738627][T12379] do_mkdirat+0x3c/0x320 [ 1634.742863][T12379] ? trace_irq_disable_rcuidle+0x23/0x1e0 [ 1634.748587][T12379] ? do_syscall_64+0x1d/0x1c0 [ 1634.753271][T12379] __x64_sys_mkdir+0x60/0x70 [ 1634.757868][T12379] do_syscall_64+0xf7/0x1c0 [ 1634.762375][T12379] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1634.768267][T12379] RIP: 0033:0x459a67 [ 1634.772168][T12379] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1634.791786][T12379] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1634.800204][T12379] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1634.808176][T12379] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1634.816146][T12379] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ubi_ctrl\x00', 0x20000, 0x0) write$ppp(r1, &(0x7f0000000040)="12aee1dd25a197c83b1f54ecb1", 0xd) [ 1634.824116][T12379] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1634.832077][T12379] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1634.869394][T12381] EXT4-fs (loop0): bad geometry: first data block 23552 is beyond end of filesystem (1080) [ 1634.879765][T12379] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (12379) [ 1634.970685][T12601] EXT4-fs (loop0): bad geometry: first data block 23552 is beyond end of filesystem (1080) 04:01:44 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) 04:01:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$can_raw(0x1d, 0x3, 0x1) r3 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x20000044}, 0x0) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r2, &(0x7f0000000140)={0x1d, r4}, 0x10) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = bpf$PROG_LOAD(0x5, &(0x7f0000000a40)={0x12, 0x5, &(0x7f0000000880)=@raw=[@ldst={0x71f8fdc7855a436b, 0x2, 0x0, 0x6, 0x4, 0xffffffffffffffc0, 0x5}, @map_val={0x18, 0x6, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40}, @map_val={0x18, 0x0, 0x2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x800}], &(0x7f00000008c0)='GPL\x00', 0x6b42, 0xa6, &(0x7f0000000900)=""/166, 0x41100, 0x7, [], r4, 0x0, r6, 0x8, &(0x7f00000009c0)={0x5, 0x3}, 0x8, 0x10, &(0x7f0000000a00)={0x1, 0xb, 0x1, 0x9f0fe56}, 0x10}, 0x70) vmsplice(r7, &(0x7f00000000c0)=[{0x0, 0xfffffffffffffe7d}, {0x0, 0xe5}, {0x0, 0x3bf}, {&(0x7f0000000300)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61428349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d00000000010000005f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6a10d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20db2f50d541bf9a31eae46ef563a58e28f1903d494a96d9584e90d906ffa18d451ff08c2120300090c2d1232df1edb32ecdcfe1b3ac1eec6ae9c66a39e86d926ded7e64e37eed98e3c105a05dfc039b969e74eacca4666a29d2557107087c5b47897cd93670a03a9e39f24097378dce1fc9069eee48fc869cc287b592008d743a39cd6412e094f196a3c5475f6a92e8028b1b1a9875eec69e806348b14dc95381e10daf2d33438d23038bc30c352f44051e4b45fd570237ae9ba963735036c8a81d348344dcf0bc487edb182cfd76b9628c3ebf59a9adbbf35f5520986ffe779440be8123bb7ec6493d42480dabcd9f547977af2b855e9d7725aa0e02cb0eff347303b1c27dc7008b84d7b1de21dd12118c3904af5b65a2095dab246d84f9e25a60d620b4d039b5264ae321fd51c3b79b678a16005f67311842c2d2a9a1b86f501bc08bd57ba56cd1e8700701c4187a06695d", 0x105}], 0x4, 0x4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) syz_open_dev$sndseq(&(0x7f0000000000)='/dev/snd/seq\x00', 0x0, 0x511200) 04:01:44 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xffffc0fe}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:44 executing program 2 (fault-call:0 fault-nth:37): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:44 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000006000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x4, 0x4000) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(r1, 0x84, 0x16, &(0x7f0000000040)={0x3, [0x3ff, 0x40, 0x100]}, 0xa) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1637.120634][T12611] FAULT_INJECTION: forcing a failure. [ 1637.120634][T12611] name failslab, interval 1, probability 0, space 0, times 0 [ 1637.148695][T12611] CPU: 1 PID: 12611 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1637.157067][T12611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1637.167131][T12611] Call Trace: [ 1637.170435][T12611] dump_stack+0x1fb/0x318 [ 1637.174769][T12611] should_fail+0x555/0x770 [ 1637.179194][T12611] __should_failslab+0x11a/0x160 [ 1637.184134][T12611] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1637.189852][T12611] should_failslab+0x9/0x20 [ 1637.194354][T12611] __kmalloc+0x7a/0x340 [ 1637.198507][T12611] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1637.204226][T12611] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1637.209780][T12611] tomoyo_path_number_perm+0x166/0x640 [ 1637.215262][T12611] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1637.220976][T12611] ? trace_kmem_cache_free+0xb2/0x110 [ 1637.226347][T12611] tomoyo_path_mkdir+0x9c/0xc0 [ 1637.231120][T12611] security_path_mkdir+0xed/0x170 [ 1637.236161][T12611] do_mkdirat+0x15c/0x320 [ 1637.236178][T12611] __x64_sys_mkdir+0x60/0x70 [ 1637.236192][T12611] do_syscall_64+0xf7/0x1c0 [ 1637.236207][T12611] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1637.236217][T12611] RIP: 0033:0x459a67 [ 1637.236228][T12611] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1637.236236][T12611] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1637.245128][T12611] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1637.245134][T12611] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1637.245139][T12611] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1637.245145][T12611] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1637.245151][T12611] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1637.274425][T12611] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1637.344625][T12609] EXT4-fs (loop0): bad geometry: first data block 24576 is beyond end of filesystem (1080) [ 1637.355745][T12611] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (12611) [ 1637.472691][T12725] EXT4-fs (loop0): bad geometry: first data block 24576 is beyond end of filesystem (1080) 04:01:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x107100) 04:01:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x4000004, 0x9) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) perf_event_open(&(0x7f0000000000)={0x3e51161f8363e5d2, 0x70, 0x0, 0x6, 0x3, 0x7, 0x0, 0xdf0, 0x4000, 0x4, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x2, @perf_config_ext={0x1, 0x100000000}, 0x4449, 0x1, 0x4, 0x3, 0x9, 0x1ff, 0x1}, r0, 0x2, r2, 0x1) tkill(r0, 0x3c) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) ptrace$cont(0x1f, r3, 0x0, 0xfffffffffffffffd) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:45 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xffffff7f}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:45 executing program 2 (fault-call:0 fault-nth:38): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:45 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000006800000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1637.731263][T12732] FAULT_INJECTION: forcing a failure. [ 1637.731263][T12732] name failslab, interval 1, probability 0, space 0, times 0 [ 1637.784425][T12732] CPU: 1 PID: 12732 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1637.792800][T12732] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1637.802955][T12732] Call Trace: [ 1637.806265][T12732] dump_stack+0x1fb/0x318 [ 1637.810605][T12732] should_fail+0x555/0x770 [ 1637.815038][T12732] __should_failslab+0x11a/0x160 [ 1637.819980][T12732] ? __d_alloc+0x2d/0x6e0 [ 1637.824306][T12732] should_failslab+0x9/0x20 [ 1637.828805][T12732] kmem_cache_alloc+0x56/0x2e0 [ 1637.833581][T12732] __d_alloc+0x2d/0x6e0 [ 1637.837740][T12732] d_alloc+0x4e/0x1d0 [ 1637.841722][T12732] __lookup_hash+0xe5/0x290 [ 1637.846219][T12732] filename_create+0x14f/0x670 [ 1637.850976][T12732] ? getname_flags+0x214/0x640 [ 1637.855732][T12732] do_mkdirat+0x5a/0x320 [ 1637.855749][T12732] __x64_sys_mkdir+0x60/0x70 [ 1637.855763][T12732] do_syscall_64+0xf7/0x1c0 [ 1637.855777][T12732] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1637.855787][T12732] RIP: 0033:0x459a67 04:01:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_kcm_SIOCKCMCLONE(r2, 0x89e2, &(0x7f0000000000)={0xffffffffffffffff}) r4 = socket$inet(0x10, 0x2, 0xc) sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000040)={0x6, 0x8208, 0x4, 0x4, 0x0}, &(0x7f0000000080)=0x10) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(r3, 0x84, 0x23, &(0x7f0000000100)={r5, 0x1f}, 0x8) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1637.855801][T12732] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1637.855806][T12732] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1637.855815][T12732] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1637.855821][T12732] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1637.855825][T12732] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1637.855834][T12732] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1637.922983][T12732] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1637.947769][T12733] EXT4-fs (loop0): bad geometry: first data block 26624 is beyond end of filesystem (1080) [ 1638.112846][T12847] EXT4-fs (loop0): bad geometry: first data block 26624 is beyond end of filesystem (1080) 04:01:47 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000006c00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0xfffffffffffffffc, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:47 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xffffffe0}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:47 executing program 2 (fault-call:0 fault-nth:39): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:47 executing program 1: mknod$loop(&(0x7f0000000000)='.//ile0\x00', 0x2000, 0x0) creat(&(0x7f0000000180)='.//ile0\x00', 0x0) [ 1640.212791][T12856] FAULT_INJECTION: forcing a failure. [ 1640.212791][T12856] name failslab, interval 1, probability 0, space 0, times 0 [ 1640.225640][T12856] CPU: 0 PID: 12856 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1640.233970][T12856] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1640.244026][T12856] Call Trace: [ 1640.247327][T12856] dump_stack+0x1fb/0x318 [ 1640.251660][T12856] should_fail+0x555/0x770 [ 1640.256094][T12856] __should_failslab+0x11a/0x160 [ 1640.261230][T12856] ? __es_insert_extent+0x7ba/0x17c0 [ 1640.266516][T12856] should_failslab+0x9/0x20 [ 1640.271014][T12856] kmem_cache_alloc+0x56/0x2e0 [ 1640.275778][T12856] __es_insert_extent+0x7ba/0x17c0 [ 1640.280889][T12856] ? __kasan_check_write+0x14/0x20 [ 1640.285999][T12856] ? do_raw_write_lock+0xf3/0x460 [ 1640.291029][T12856] ext4_es_insert_extent+0x250/0x2ea0 [ 1640.296410][T12856] ext4_ext_map_blocks+0x1806/0x7170 [ 1640.301716][T12856] ? __down_read+0x14b/0x360 [ 1640.306308][T12856] ext4_map_blocks+0x424/0x1e30 [ 1640.311167][T12856] ? __kasan_check_write+0x14/0x20 [ 1640.316275][T12856] ext4_getblk+0xae/0x460 [ 1640.320603][T12856] ext4_bread+0x4a/0x340 [ 1640.324922][T12856] ext4_append+0x175/0x310 [ 1640.329343][T12856] ext4_mkdir+0x7ad/0x1450 [ 1640.333777][T12856] vfs_mkdir+0x43f/0x610 [ 1640.338020][T12856] do_mkdirat+0x1d7/0x320 [ 1640.342346][T12856] __x64_sys_mkdir+0x60/0x70 [ 1640.346932][T12856] do_syscall_64+0xf7/0x1c0 [ 1640.351434][T12856] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1640.357323][T12856] RIP: 0033:0x459a67 [ 1640.361211][T12856] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1640.380814][T12856] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1640.389215][T12856] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1640.397178][T12856] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1640.405256][T12856] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a 04:01:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x0, 0x0) sendmsg$TIPC_NL_SOCK_GET(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x18, 0x0, 0x30, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MEDIA={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x5c111}, 0x20000000) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) ptrace$cont(0x1f, r2, 0x1, 0x1ff) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1640.413232][T12856] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1640.421204][T12856] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1640.445644][T12856] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (12856) [ 1640.532124][T12855] EXT4-fs (loop0): bad geometry: first data block 27648 is beyond end of filesystem (1080) [ 1640.650412][T12966] EXT4-fs (loop0): bad geometry: first data block 27648 is beyond end of filesystem (1080) 04:01:48 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x200000) 04:01:48 executing program 1: r0 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xaa3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ftruncate(0xffffffffffffffff, 0x0) socket(0x0, 0x2, 0x81) bind(0xffffffffffffffff, 0x0, 0x0) r1 = socket$inet6(0xa, 0x401000000001, 0x0) close(r1) syz_open_procfs(0x0, &(0x7f00000002c0)='comm\x00') r2 = open(&(0x7f0000000400)='./bus\x00', 0x1044142, 0x0) mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000007, 0x11, r0, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r3, 0x208200) sendfile(r1, r2, 0x0, 0x8000fffffffe) 04:01:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ptrace$cont(0x7, r1, 0x9, 0x0) 04:01:48 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3, 0x0, 0xfffffffe}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:48 executing program 2 (fault-call:0 fault-nth:40): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:48 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000007400000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x9, r0, 0xfffffffffffffff9, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1640.834160][T12975] FAULT_INJECTION: forcing a failure. [ 1640.834160][T12975] name failslab, interval 1, probability 0, space 0, times 0 [ 1640.850073][ T26] audit: type=1800 audit(1574827308.544:68): pid=12977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17478 res=0 [ 1640.884274][T12975] CPU: 0 PID: 12975 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1640.892785][T12975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1640.902851][T12975] Call Trace: [ 1640.906154][T12975] dump_stack+0x1fb/0x318 [ 1640.910492][T12975] should_fail+0x555/0x770 [ 1640.914922][T12975] __should_failslab+0x11a/0x160 [ 1640.919867][T12975] ? __d_alloc+0x2d/0x6e0 [ 1640.924211][T12975] should_failslab+0x9/0x20 [ 1640.928728][T12975] kmem_cache_alloc+0x56/0x2e0 [ 1640.933501][T12975] __d_alloc+0x2d/0x6e0 [ 1640.937668][T12975] d_alloc+0x4e/0x1d0 [ 1640.941665][T12975] __lookup_hash+0xe5/0x290 [ 1640.946171][T12975] filename_create+0x14f/0x670 [ 1640.950940][T12975] ? getname_flags+0x214/0x640 [ 1640.955709][T12975] do_mkdirat+0x5a/0x320 [ 1640.956720][ T26] audit: type=1800 audit(1574827308.584:69): pid=12977 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=17478 res=0 [ 1640.959950][T12975] __x64_sys_mkdir+0x60/0x70 04:01:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x12, r2, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) 04:01:48 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x205100) [ 1640.959968][T12975] do_syscall_64+0xf7/0x1c0 [ 1640.988461][T12975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1640.994352][T12975] RIP: 0033:0x459a67 [ 1640.998241][T12975] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1641.017840][T12975] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1641.017850][T12975] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 04:01:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x80001b1d, 0x1) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = syz_open_dev$vcsa(&(0x7f0000000000)='/dev/vcsa#\x00', 0xfd, 0x280101) ioctl$VIDIOC_UNSUBSCRIBE_EVENT(r2, 0x4020565b, &(0x7f0000000040)={0xc1c7506d98593407, 0xea, 0x5}) 04:01:48 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0xc, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1641.017855][T12975] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1641.017860][T12975] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1641.017865][T12975] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1641.017871][T12975] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1641.123070][T12980] EXT4-fs (loop0): bad geometry: first data block 29696 is beyond end of filesystem (1080) 04:01:48 executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000032000/0x18000)=nil, &(0x7f0000000280)=[@text32={0x20, &(0x7f00000000c0)="b9800000c00f3235010000000f309a090000006500660f3882af724d00002ed8ddc74424008fc4bd87c7442402c43a727fc7442406000000000f011424f30f090f013a360f06c4c18d72d68366baa100ed", 0x51}], 0x1, 0x0, 0x0, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x4cb, 0x1000000007]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x4e23, @rand_addr=0x6}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0xfffffffffffffec1, 0x0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) perf_event_open(&(0x7f0000000000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x200000000000, 0x2000, 0x7}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 04:01:49 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:49 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000007a00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:49 executing program 1: clone(0x84007bf7, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = getpid() mknod(0x0, 0x0, 0x0) execve(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) ptrace(0x10, r0) creat(0x0, 0x0) getpeername$unix(0xffffffffffffffff, 0x0, 0x0) ptrace(0x11, r0) 04:01:49 executing program 2 (fault-call:0 fault-nth:41): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:49 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x14, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1641.510170][T13438] FAULT_INJECTION: forcing a failure. [ 1641.510170][T13438] name failslab, interval 1, probability 0, space 0, times 0 [ 1641.578983][T13438] CPU: 1 PID: 13438 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1641.587505][T13438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1641.597573][T13438] Call Trace: [ 1641.597597][T13438] dump_stack+0x1fb/0x318 [ 1641.597615][T13438] should_fail+0x555/0x770 [ 1641.597638][T13438] __should_failslab+0x11a/0x160 [ 1641.597747][T13438] ? ext4_alloc_inode+0x1f/0x560 [ 1641.597762][T13438] should_failslab+0x9/0x20 [ 1641.614683][T13438] kmem_cache_alloc+0x56/0x2e0 [ 1641.614696][T13438] ? set_qf_name+0x3c0/0x3c0 [ 1641.614709][T13438] ext4_alloc_inode+0x1f/0x560 [ 1641.614718][T13438] ? set_qf_name+0x3c0/0x3c0 [ 1641.614732][T13438] new_inode_pseudo+0x68/0x240 [ 1641.614744][T13438] new_inode+0x28/0x1c0 [ 1641.614754][T13438] ? trace_ext4_request_inode+0x28b/0x2d0 [ 1641.614763][T13438] __ext4_new_inode+0x43d/0x5650 [ 1641.614775][T13438] ? memset+0x31/0x40 [ 1641.614798][T13438] ? smk_curacc+0xa3/0xe0 [ 1641.614811][T13438] ext4_mkdir+0x3f5/0x1450 [ 1641.675025][T13438] ? security_inode_permission+0xdd/0x120 [ 1641.680740][T13438] vfs_mkdir+0x43f/0x610 [ 1641.685059][T13438] do_mkdirat+0x1d7/0x320 [ 1641.689368][T13438] __x64_sys_mkdir+0x60/0x70 [ 1641.693938][T13438] do_syscall_64+0xf7/0x1c0 [ 1641.698424][T13438] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1641.704293][T13438] RIP: 0033:0x459a67 [ 1641.708960][T13438] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1641.728552][T13438] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1641.736942][T13438] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1641.744889][T13438] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1641.752833][T13438] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1641.760778][T13438] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1641.768725][T13438] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1641.779871][T13435] EXT4-fs (loop0): bad geometry: first data block 31232 is beyond end of filesystem (1080) 04:01:49 executing program 2 (fault-call:0 fault-nth:42): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:49 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c00000003dd00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:49 executing program 1: openat$autofs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) setpriority(0x2, 0x0, 0xffff) [ 1642.098335][T13561] EXT4-fs (loop0): bad geometry: first data block 56579 is beyond end of filesystem (1080) [ 1642.306116][T13564] FAULT_INJECTION: forcing a failure. [ 1642.306116][T13564] name failslab, interval 1, probability 0, space 0, times 0 [ 1642.335054][T13564] CPU: 1 PID: 13564 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1642.343433][T13564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1642.353497][T13564] Call Trace: [ 1642.356795][T13564] dump_stack+0x1fb/0x318 [ 1642.361124][T13564] should_fail+0x555/0x770 [ 1642.365546][T13564] __should_failslab+0x11a/0x160 [ 1642.370484][T13564] ? smack_inode_init_security+0x3cf/0x490 [ 1642.376285][T13564] should_failslab+0x9/0x20 [ 1642.380782][T13564] __kmalloc_track_caller+0x79/0x340 [ 1642.386061][T13564] kstrdup+0x34/0x70 [ 1642.389963][T13564] smack_inode_init_security+0x3cf/0x490 [ 1642.395605][T13564] security_inode_init_security+0xfe/0x310 [ 1642.401418][T13564] ? ext4_init_security+0x40/0x40 [ 1642.406452][T13564] ext4_init_security+0x34/0x40 [ 1642.411303][T13564] __ext4_new_inode+0x446c/0x5650 [ 1642.416346][T13564] ? smk_curacc+0xa3/0xe0 [ 1642.420684][T13564] ext4_mkdir+0x3f5/0x1450 [ 1642.425241][T13564] ? security_inode_permission+0xdd/0x120 [ 1642.430967][T13564] vfs_mkdir+0x43f/0x610 [ 1642.435215][T13564] do_mkdirat+0x1d7/0x320 [ 1642.439637][T13564] __x64_sys_mkdir+0x60/0x70 [ 1642.444231][T13564] do_syscall_64+0xf7/0x1c0 [ 1642.448739][T13564] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1642.454627][T13564] RIP: 0033:0x459a67 [ 1642.458517][T13564] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1642.478123][T13564] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1642.486541][T13564] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1642.494515][T13564] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1642.502486][T13564] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1642.510455][T13564] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1642.518429][T13564] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:51 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x400000) 04:01:51 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x200000c0, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:51 executing program 1 (fault-call:11 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:51 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000c0ed00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:51 executing program 2 (fault-call:0 fault-nth:43): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1644.128950][T13571] FAULT_INJECTION: forcing a failure. [ 1644.128950][T13571] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1644.142205][T13571] CPU: 0 PID: 13571 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1644.150529][T13571] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1644.160586][T13571] Call Trace: [ 1644.163887][T13571] dump_stack+0x1fb/0x318 [ 1644.168230][T13571] should_fail+0x555/0x770 [ 1644.172655][T13571] should_fail_alloc_page+0x55/0x60 [ 1644.177854][T13571] prepare_alloc_pages+0x283/0x460 [ 1644.182972][T13571] __alloc_pages_nodemask+0xb2/0x5d0 [ 1644.188282][T13571] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1644.193924][T13571] kmem_getpages+0x4d/0xa00 [ 1644.198434][T13571] cache_grow_begin+0x7e/0x2c0 [ 1644.203196][T13571] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1644.208751][T13571] cache_alloc_refill+0x311/0x3f0 [ 1644.214036][T13571] ? check_preemption_disabled+0xb7/0x2a0 [ 1644.219769][T13571] kmem_cache_alloc+0x2b9/0x2e0 [ 1644.224623][T13571] ? ext4_alloc_inode+0x1f/0x560 [ 1644.229559][T13571] ? set_qf_name+0x3c0/0x3c0 [ 1644.234156][T13571] ext4_alloc_inode+0x1f/0x560 [ 1644.238921][T13571] ? set_qf_name+0x3c0/0x3c0 [ 1644.243518][T13571] new_inode_pseudo+0x68/0x240 [ 1644.248288][T13571] new_inode+0x28/0x1c0 [ 1644.252447][T13571] ? trace_ext4_request_inode+0x28b/0x2d0 [ 1644.258180][T13571] __ext4_new_inode+0x43d/0x5650 [ 1644.263124][T13571] ? memset+0x31/0x40 [ 1644.267125][T13571] ? smk_curacc+0xa3/0xe0 [ 1644.271458][T13571] ext4_mkdir+0x3f5/0x1450 [ 1644.275889][T13571] ? security_inode_permission+0xdd/0x120 [ 1644.281613][T13571] vfs_mkdir+0x43f/0x610 [ 1644.285875][T13571] do_mkdirat+0x1d7/0x320 [ 1644.290215][T13571] __x64_sys_mkdir+0x60/0x70 [ 1644.294807][T13571] do_syscall_64+0xf7/0x1c0 [ 1644.299315][T13571] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1644.305202][T13571] RIP: 0033:0x459a67 [ 1644.309209][T13571] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1644.328822][T13571] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1644.337248][T13571] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1644.345230][T13571] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1644.353215][T13571] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1644.361195][T13571] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1644.369171][T13571] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1644.463720][T13683] EXT4-fs (loop0): bad geometry: first data block 60864 is beyond end of filesystem (1080) 04:01:52 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="020004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1644.558917][T13571] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (13571) 04:01:52 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000fff00000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:52 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="030004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1644.729422][T13873] EXT4-fs (loop0): bad geometry: first data block 65295 is beyond end of filesystem (1080) 04:01:52 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000201000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:52 executing program 2 (fault-call:0 fault-nth:44): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:52 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="040004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1645.018061][T13996] EXT4-fs (loop0): bad geometry: first data block 66048 is beyond end of filesystem (1080) [ 1645.204547][T14091] FAULT_INJECTION: forcing a failure. [ 1645.204547][T14091] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1645.217798][T14091] CPU: 0 PID: 14091 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1645.226117][T14091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1645.226122][T14091] Call Trace: [ 1645.226143][T14091] dump_stack+0x1fb/0x318 [ 1645.226160][T14091] should_fail+0x555/0x770 [ 1645.226183][T14091] should_fail_alloc_page+0x55/0x60 [ 1645.226193][T14091] prepare_alloc_pages+0x283/0x460 [ 1645.226208][T14091] __alloc_pages_nodemask+0xb2/0x5d0 [ 1645.226221][T14091] ? tomoyo_path_number_perm+0x4e1/0x640 [ 1645.226238][T14091] kmem_getpages+0x4d/0xa00 [ 1645.273946][T14091] cache_grow_begin+0x7e/0x2c0 [ 1645.273957][T14091] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1645.273971][T14091] cache_alloc_refill+0x311/0x3f0 [ 1645.273982][T14091] ? check_preemption_disabled+0xb7/0x2a0 [ 1645.273994][T14091] kmem_cache_alloc+0x2b9/0x2e0 [ 1645.274006][T14091] ? ext4_alloc_inode+0x1f/0x560 [ 1645.274013][T14091] ? set_qf_name+0x3c0/0x3c0 [ 1645.274024][T14091] ext4_alloc_inode+0x1f/0x560 [ 1645.274036][T14091] ? set_qf_name+0x3c0/0x3c0 [ 1645.318616][T14091] new_inode_pseudo+0x68/0x240 [ 1645.323397][T14091] new_inode+0x28/0x1c0 [ 1645.327570][T14091] ? trace_ext4_request_inode+0x28b/0x2d0 [ 1645.333296][T14091] __ext4_new_inode+0x43d/0x5650 [ 1645.338241][T14091] ? memset+0x31/0x40 [ 1645.342235][T14091] ? smk_curacc+0xa3/0xe0 [ 1645.346572][T14091] ext4_mkdir+0x3f5/0x1450 [ 1645.351005][T14091] ? security_inode_permission+0xdd/0x120 [ 1645.356739][T14091] vfs_mkdir+0x43f/0x610 [ 1645.360996][T14091] do_mkdirat+0x1d7/0x320 [ 1645.365342][T14091] __x64_sys_mkdir+0x60/0x70 [ 1645.369944][T14091] do_syscall_64+0xf7/0x1c0 [ 1645.374594][T14091] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1645.380534][T14091] RIP: 0033:0x459a67 [ 1645.384533][T14091] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 04:01:52 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000002000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1645.404138][T14091] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1645.412677][T14091] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1645.420666][T14091] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1645.428647][T14091] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1645.436632][T14091] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1645.444616][T14091] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1645.477694][T14091] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (14091) [ 1645.496666][T14105] EXT4-fs (loop0): bad geometry: first data block 131072 is beyond end of filesystem (1080) 04:01:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x512000) 04:01:54 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="060004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:54 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000102000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:54 executing program 2 (fault-call:0 fault-nth:45): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(0xffffffffffffffff, &(0x7f0000000780)={0x10, 0x30, 0xfa00, {&(0x7f0000000740)={0xffffffffffffffff}, 0x2, {0xa, 0x4e22, 0x5, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x7ff}}}, 0x38) write$RDMA_USER_CM_CMD_LEAVE_MCAST(r2, &(0x7f00000007c0)={0x11, 0x10, 0xfa00, {&(0x7f0000000700), r3}}, 0x18) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, &(0x7f0000000500)={{{@in6=@remote, @in6=@initdev, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@ipv4}, 0x0, @in=@local}}, &(0x7f0000000600)=0xe8) syz_mount_image$ext4(&(0x7f0000000000)='ext3\x00', &(0x7f0000000040)='./file0\x00', 0x0, 0x4, &(0x7f0000000480)=[{&(0x7f0000000100)="6bda122b412c52564b551f7a34a61fefee5270064a9b4c707c0f5c26cd797630f135445ef4c09657ff9d692335daf8d36efe1456f8b2a8f84b1188cfa73c44d920329ad7918d92db0ddf5512ac81dc812c9e238f38bb0202766e1b33848a7275e025e77bd24f9bc98e34552e14eb602c5cf09a77ba784480807db213448196ce4c3474cac05f3c60cb555884fef33da621913890ae148f9c51d960da92f2680e3696cff1b8a7529f687cf13130159eec", 0xb0, 0x1000}, {&(0x7f0000000300)="248199faa8b669bcc097221f8cdcb2afeaa46a603e6547246b7e3cac10d9e3213ffa14c2a22366fabb1ecff838619c604837fa348d729d5dd645f3471830eb73c9ee956df8c8ecc7138f62f38b7ab1e55c6db8d347bd09494a892937380017d38288b0dbd8ae66fee1c882035382b788205d91fb321387dc329840cf65da6d65eafa3f4ff8cca04897dadb84b877f17a0ac91f2fb19b51cb64dd85c482a8e609f53a1f3515c0dacd0cecf092cc6b45097c6c55ee0d58f759da87cced5c277fa5cd842826aa20ce6f7eb7143b98e5", 0xce, 0x4}, {&(0x7f0000000400)="042cbc6ed041eb881251c8138468cf2dcc9e261fd898df6e62858f02f94e6d7570ef7f602459d1b000338de073aed19783a6c99b200574bb05b83469c5cf23952900578501dc3a8a593b636f457c838bf0f4f3bbac15243b60ed1d0ea8a963e3528c9f5435b3ea5c3040541501b9b08f8f90a5a6ada1b5c2", 0x78, 0xde}, {&(0x7f0000000080)="94be411d7a118b6926299d477aefe052212486", 0x13, 0x7ff}], 0x82, &(0x7f0000000640)={[{@noinit_itable='noinit_itable'}, {@jqfmt_vfsv0='jqfmt=vfsv0'}, {@grpquota='grpquota'}], [{@uid_eq={'uid', 0x3d, 0xee01}}, {@fsuuid={'fsuuid', 0x3d, {[0x31, 0x2b, 0x34, 0x1, 0x66, 0x66, 0x34, 0x33], 0x2d, [0x1e, 0x30, 0x31, 0xf1], 0x2d, [0x7c, 0x66, 0xf4119224e217f5f1, 0x66], 0x2d, [0x63, 0x5b, 0x32, 0x57], 0x2d, [0x4, 0x33, 0x34, 0x25, 0x63, 0x65, 0x39, 0x63]}}}, {@euid_lt={'euid<', r4}}, {@smackfshat={'smackfshat', 0x3d, 'M\xdcppp0-\'posix_acl_access'}}, {@measure='measure'}, {@appraise='appraise'}, {@obj_type={'obj_type', 0x3d, '\xba'}}]}) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:54 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:01:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') sendmsg$IPVS_CMD_DEL_DAEMON(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0xc00}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x18, r0, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_DEST={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0x84) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1647.194498][T14118] FAULT_INJECTION: forcing a failure. [ 1647.194498][T14118] name failslab, interval 1, probability 0, space 0, times 0 [ 1647.230193][T14118] CPU: 1 PID: 14118 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1647.238556][T14118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1647.238562][T14118] Call Trace: [ 1647.238585][T14118] dump_stack+0x1fb/0x318 [ 1647.238601][T14118] should_fail+0x555/0x770 [ 1647.238622][T14118] __should_failslab+0x11a/0x160 [ 1647.238639][T14118] ? smack_inode_init_security+0x3cf/0x490 [ 1647.238649][T14118] should_failslab+0x9/0x20 [ 1647.238659][T14118] __kmalloc_track_caller+0x79/0x340 [ 1647.238681][T14118] kstrdup+0x34/0x70 [ 1647.238692][T14118] smack_inode_init_security+0x3cf/0x490 [ 1647.238711][T14118] security_inode_init_security+0xfe/0x310 [ 1647.238720][T14118] ? ext4_init_security+0x40/0x40 [ 1647.238744][T14118] ext4_init_security+0x34/0x40 [ 1647.260803][T14118] __ext4_new_inode+0x446c/0x5650 [ 1647.260837][T14118] ? smk_curacc+0xa3/0xe0 [ 1647.271552][T14118] ext4_mkdir+0x3f5/0x1450 [ 1647.271573][T14118] ? security_inode_permission+0xdd/0x120 [ 1647.271597][T14118] vfs_mkdir+0x43f/0x610 [ 1647.330260][T14118] do_mkdirat+0x1d7/0x320 [ 1647.334592][T14118] __x64_sys_mkdir+0x60/0x70 [ 1647.339171][T14118] do_syscall_64+0xf7/0x1c0 [ 1647.343696][T14118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1647.349575][T14118] RIP: 0033:0x459a67 [ 1647.353457][T14118] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1647.373051][T14118] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1647.381465][T14118] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1647.389429][T14118] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1647.397377][T14118] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1647.405325][T14118] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1647.413275][T14118] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:55 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="070004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000300)='/dev/vga_arbiter\x00', 0x100, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000100)={0x0}, &(0x7f0000000140)=0xc) ioctl$TIOCSPGRP(r0, 0x5410, &(0x7f0000000180)=r1) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = socket$inet(0x10, 0x2, 0xc) sendmsg(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) fsconfig$FSCONFIG_SET_FD(r4, 0x5, &(0x7f0000000000)='wlan0wlan1security\x00', 0x0, r5) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) fcntl$getownex(r5, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$setopts(0x2103, r6, 0x1, 0x8) ptrace$cont(0x20, r2, 0x0, 0x0) 04:01:55 executing program 2 (fault-call:0 fault-nth:46): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1647.614389][T14112] EXT4-fs (loop0): bad geometry: first data block 131328 is beyond end of filesystem (1080) [ 1647.633255][T14336] FAULT_INJECTION: forcing a failure. [ 1647.633255][T14336] name failslab, interval 1, probability 0, space 0, times 0 [ 1647.646329][T14336] CPU: 0 PID: 14336 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1647.654658][T14336] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1647.664716][T14336] Call Trace: [ 1647.668015][T14336] dump_stack+0x1fb/0x318 [ 1647.672352][T14336] should_fail+0x555/0x770 [ 1647.676774][T14336] __should_failslab+0x11a/0x160 [ 1647.681713][T14336] ? __es_insert_extent+0x7ba/0x17c0 [ 1647.687000][T14336] should_failslab+0x9/0x20 [ 1647.691498][T14336] kmem_cache_alloc+0x56/0x2e0 [ 1647.696260][T14336] __es_insert_extent+0x7ba/0x17c0 [ 1647.701373][T14336] ? __kasan_check_write+0x14/0x20 [ 1647.706478][T14336] ? do_raw_write_lock+0xf3/0x460 [ 1647.711506][T14336] ext4_es_insert_extent+0x250/0x2ea0 [ 1647.716889][T14336] ext4_ext_map_blocks+0x1806/0x7170 [ 1647.722205][T14336] ? __down_read+0x14b/0x360 [ 1647.726795][T14336] ext4_map_blocks+0x424/0x1e30 [ 1647.731651][T14336] ? __kasan_check_write+0x14/0x20 [ 1647.736762][T14336] ext4_getblk+0xae/0x460 [ 1647.741100][T14336] ext4_bread+0x4a/0x340 [ 1647.745339][T14336] ext4_append+0x175/0x310 [ 1647.749753][T14336] ext4_mkdir+0x7ad/0x1450 [ 1647.754189][T14336] vfs_mkdir+0x43f/0x610 [ 1647.758432][T14336] do_mkdirat+0x1d7/0x320 [ 1647.762768][T14336] __x64_sys_mkdir+0x60/0x70 [ 1647.767357][T14336] do_syscall_64+0xf7/0x1c0 [ 1647.771859][T14336] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1647.777744][T14336] RIP: 0033:0x459a67 [ 1647.781636][T14336] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1647.801320][T14336] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 04:01:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r2, 0xc4c85512, &(0x7f0000000300)={{0x8, 0x6, 0x9, 0x9, 'syz0\x00', 0x3f}, 0x0, [0x3, 0xffff, 0x4, 0x5, 0x0, 0x8, 0xfffffffffffffffe, 0xfff, 0xffffffff7fffffff, 0x3, 0x3, 0x994, 0x0, 0xffffffffffffffea, 0x4, 0x8, 0xf2, 0x7264, 0x1, 0x3, 0x7f, 0x72, 0x3, 0x100, 0x3, 0x10001, 0x9, 0x7, 0x7, 0x9fc, 0x0, 0x9, 0x9000, 0x3, 0x7fff, 0x8, 0x2, 0xffffffff, 0x3a7, 0x0, 0x800, 0x80000000, 0x8, 0x7ff, 0x6, 0x8001, 0x7, 0x9, 0xffffffff, 0x17, 0x5, 0x0, 0x7, 0xf663, 0x200, 0x3, 0x5, 0x8000, 0x200, 0x6, 0x762b, 0x101, 0x400, 0x32, 0x2, 0x1e5d, 0x5fe, 0x7, 0x10001, 0x3f, 0x1, 0x5, 0x8021, 0xfffffffffffffffe, 0x9, 0x4, 0x40, 0x3, 0x3, 0x5, 0x7fffffff, 0x3, 0x5, 0xffffffff, 0x80000000, 0x20, 0x4, 0x1, 0x8, 0xffffffffffffff7f, 0x1, 0xce1, 0xffffffffffffb751, 0x0, 0xcf, 0x0, 0x2, 0x6, 0x1, 0xfffffffffffffff8, 0x5, 0x0, 0x401, 0xfffffffffffffffb, 0x40, 0x71f, 0x4, 0x5, 0x3, 0x1b, 0x6, 0x2, 0x3, 0x2, 0xed20, 0x10001, 0x6, 0x101, 0x5, 0x3f, 0x9, 0x7ff, 0x3, 0x4066, 0x37, 0x7, 0x9, 0xfffffffffffffff7]}) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1647.809727][T14336] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1647.817692][T14336] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1647.825658][T14336] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1647.833625][T14336] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1647.841589][T14336] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1647.904037][T14336] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (14336) 04:01:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() getrandom(&(0x7f0000000300)=""/4096, 0x1000, 0x1) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r0, 0x0, &(0x7f0000000000)) r1 = open(&(0x7f0000000100)='./file0\x00', 0x200000, 0x202) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000001440)={r1, &(0x7f0000001300)="2ebbed6c6b7061cff2184fd0ea81c31cd8c342dce6cf207084568a50fdb85f2ca5b4893d3431bae3afd01ee2f9c7a2455022d55a9cad74ee20678cf8c61317fe9c4b8ac8e9a1ff9def660a5e1ae8e80e27fff1b4bae6d1885db3056ed7a971fcc243b434eabf78b8c484f7abf51e6b5263f991e1", &(0x7f0000001380)="aad110a3654c01c60e733797a756da7158ec446b8044ffb41a058a0d8e1a7408d8ad3bf87ee3e45eebcab55fc6df00f688c180032a75e6848754dba824c6b4454c16e98352df1477e0d04a80cf161d9308448034b3bd0f7831e7e04dc9b8dea31ceac0ec2992c91109371a6c9090e73d9c3a79d2fa1c05354842556c3ce287c8f8bba48e", 0x3}, 0x20) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r0, r1, 0x0, 0x4, &(0x7f0000000140)=')})\x00'}, 0x30) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = socket$inet(0x10, 0x2, 0xc) sendmsg(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) getsockopt$inet_sctp_SCTP_I_WANT_MAPPED_V4_ADDR(r2, 0x84, 0xc, &(0x7f0000000000), &(0x7f0000000040)=0x4) 04:01:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x711000) 04:01:57 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000402000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:01:57 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="080004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:01:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) pipe2(&(0x7f0000000000)={0xffffffffffffffff}, 0x4000) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_S_EDID(r3, 0xc0285629, &(0x7f0000000100)={0x0, 0x7fffffff, 0x1, [], &(0x7f0000000080)=0x1}) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x8}) 04:01:57 executing program 2 (fault-call:0 fault-nth:47): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:57 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$RNDGETENTCNT(r2, 0x80045200, &(0x7f0000001940)) ptrace$cont(0x18, r0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) recvmsg$kcm(r4, &(0x7f0000000180)={&(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}}}, 0x80, &(0x7f00000017c0)=[{&(0x7f0000000100)=""/109, 0x6d}, {&(0x7f00000002c0)=""/242, 0xf2}, {&(0x7f00000003c0)=""/4096, 0x1000}, {&(0x7f00000013c0)=""/177, 0xb1}, {&(0x7f0000001480)=""/87, 0x57}, {&(0x7f0000001500)=""/86, 0x56}, {&(0x7f0000001580)=""/251, 0xfb}, {&(0x7f0000001680)=""/173, 0xad}, {&(0x7f0000001740)=""/92, 0x5c}], 0x9, &(0x7f0000001880)=""/104, 0x68}, 0x2000) setsockopt$inet_sctp_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000001900)=0x400, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) r6 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$KVM_PPC_ALLOCATE_HTAB(r6, 0xc004aea7, &(0x7f0000000000)=0x5) [ 1650.262288][T14449] FAULT_INJECTION: forcing a failure. [ 1650.262288][T14449] name failslab, interval 1, probability 0, space 0, times 0 [ 1650.293884][T14449] CPU: 0 PID: 14449 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1650.302275][T14449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1650.312331][T14449] Call Trace: [ 1650.315633][T14449] dump_stack+0x1fb/0x318 [ 1650.319973][T14449] should_fail+0x555/0x770 [ 1650.324406][T14449] __should_failslab+0x11a/0x160 [ 1650.329496][T14449] ? kcalloc+0x2f/0x50 [ 1650.333573][T14449] should_failslab+0x9/0x20 [ 1650.338081][T14449] __kmalloc+0x7a/0x340 [ 1650.342240][T14449] kcalloc+0x2f/0x50 [ 1650.346186][T14449] ext4_find_extent+0x216/0xaa0 [ 1650.351053][T14449] ? trace_ext4_ext_map_blocks_enter+0x2ca/0x310 [ 1650.357396][T14449] ext4_ext_map_blocks+0x170/0x7170 [ 1650.362618][T14449] ? trace_lock_acquire+0x159/0x1d0 [ 1650.367957][T14449] ? __kasan_check_write+0x14/0x20 [ 1650.367973][T14449] ext4_map_blocks+0x8f4/0x1e30 [ 1650.367994][T14449] ? __kasan_check_write+0x14/0x20 [ 1650.368005][T14449] ext4_getblk+0xae/0x460 [ 1650.368020][T14449] ext4_bread+0x4a/0x340 [ 1650.368035][T14449] ext4_append+0x175/0x310 [ 1650.368053][T14449] ext4_mkdir+0x7ad/0x1450 [ 1650.391678][T14449] vfs_mkdir+0x43f/0x610 [ 1650.391697][T14449] do_mkdirat+0x1d7/0x320 04:01:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) ptrace$setopts(0x4200, r0, 0xffffffffffff0001, 0x0) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x403c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:01:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0xffffffffefffffff) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000040)="55e2f960e2f6e73925f67e3c5b6f9bb338945b34bd57c927400fd9ef5025713c8e172480f871f4f3aa8e58831f780d53d50cede5dc8daf1c31c80e67789dcf6ae083d024b936432c4fdc93") ptrace$cont(0x9, r2, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_REPLACE(r1, 0xc1105518, &(0x7f0000000300)={{0x3, 0x0, 0x2, 0x8, 'syz0\x00', 0x3}, 0x4, 0x200, 0x1, r2, 0x9, 0x401, 'syz0\x00', &(0x7f0000000000)=['\x00', '\x00', '\x00', ':\'-\x00', '\x00', '#\x00', '\x00', '\\eth0wlan1!security.\x00', 'md5sum\x00'], 0x27, [], [0x8, 0x5e74, 0x8, 0x4]}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$sock_inet_SIOCSIFPFLAGS(r3, 0x8934, &(0x7f0000000100)={'batadv0\x00', 0x3}) r4 = gettid() wait4(r4, 0x0, 0x2, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$cont(0x18, r4, 0x0, 0x0) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) r5 = syz_open_dev$dmmidi(&(0x7f0000000140)='/dev/dmmidi#\x00', 0x1, 0x80000) ioctl$KDSKBLED(r5, 0x4b65, 0x10000) ptrace$cont(0x20, r4, 0x0, 0x0) [ 1650.391714][T14449] __x64_sys_mkdir+0x60/0x70 [ 1650.391729][T14449] do_syscall_64+0xf7/0x1c0 [ 1650.391745][T14449] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1650.424201][T14449] RIP: 0033:0x459a67 [ 1650.428099][T14449] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1650.447704][T14449] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 04:01:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() readlinkat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000300)=""/215, 0xd7) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0, 0xfffffffffffffc5d}, {0x0, 0x23e}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x100000002, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x8) [ 1650.447715][T14449] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1650.447721][T14449] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1650.447726][T14449] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1650.447731][T14449] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1650.447736][T14449] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:01:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) ioprio_get$pid(0x0, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1650.530454][T14467] EXT4-fs (loop0): bad geometry: first data block 132096 is beyond end of filesystem (1080) 04:01:58 executing program 2 (fault-call:0 fault-nth:48): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:01:58 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="090004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1650.745132][T14686] FAULT_INJECTION: forcing a failure. [ 1650.745132][T14686] name failslab, interval 1, probability 0, space 0, times 0 [ 1650.757889][T14686] CPU: 0 PID: 14686 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1650.766222][T14686] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1650.776282][T14686] Call Trace: [ 1650.779587][T14686] dump_stack+0x1fb/0x318 [ 1650.783929][T14686] should_fail+0x555/0x770 [ 1650.788356][T14686] __should_failslab+0x11a/0x160 [ 1650.793295][T14686] ? __es_insert_extent+0x7ba/0x17c0 [ 1650.798933][T14686] should_failslab+0x9/0x20 [ 1650.803448][T14686] kmem_cache_alloc+0x56/0x2e0 [ 1650.808216][T14686] __es_insert_extent+0x7ba/0x17c0 [ 1650.813329][T14686] ? __kasan_check_write+0x14/0x20 [ 1650.818431][T14686] ? do_raw_write_lock+0xf3/0x460 [ 1650.823459][T14686] ext4_es_insert_extent+0x250/0x2ea0 [ 1650.828842][T14686] ext4_ext_map_blocks+0x1806/0x7170 [ 1650.834147][T14686] ? __down_read+0x14b/0x360 [ 1650.838738][T14686] ext4_map_blocks+0x424/0x1e30 [ 1650.843593][T14686] ? __kasan_check_write+0x14/0x20 [ 1650.848698][T14686] ext4_getblk+0xae/0x460 [ 1650.853028][T14686] ext4_bread+0x4a/0x340 [ 1650.857270][T14686] ext4_append+0x175/0x310 [ 1650.861682][T14686] ext4_mkdir+0x7ad/0x1450 [ 1650.866115][T14686] vfs_mkdir+0x43f/0x610 [ 1650.870360][T14686] do_mkdirat+0x1d7/0x320 [ 1650.874702][T14686] __x64_sys_mkdir+0x60/0x70 [ 1650.879286][T14686] do_syscall_64+0xf7/0x1c0 [ 1650.883789][T14686] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1650.889829][T14686] RIP: 0033:0x459a67 [ 1650.893729][T14686] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1650.913335][T14686] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1650.921749][T14686] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1650.929717][T14686] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1650.937693][T14686] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1650.945663][T14686] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1650.953629][T14686] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1650.964552][T14686] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (14686) 04:02:01 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x71a000) 04:02:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) syz_mount_image$nfs(&(0x7f0000000000)='nfs\x00', &(0x7f0000000040)='./file0\x00', 0x7fff, 0x6, &(0x7f00000005c0)=[{&(0x7f0000000080)="316b062e81c8186b6e27f37dc3456a590888ced3ac665ced16429fbc133253cfd03af0572766768cbb04c610c25ab890ad72cb6e", 0x34, 0x1ff}, {&(0x7f0000000300)="ac28edffcc3d62bc4185754065f4c952a49b58ad2b681e1c338809f9bd58b9630d32b11bdca92c3fc7030a3c32bcba5c39e1c26a3de4337280e8c9d1128b1496d50719e73bcf5070555934a897e1b04fa061bd71cffdc9b54174a305190e340eac1730af25e8db6e9ee078b66803154db8d0b937a7f4b1b62c09b6bf45bba95a301738c9383408a2197db76e781e3cc445422d2ca49048c5238eb67dc52bacb03e11afadcc1b448ce1134887daafe550bb0edf33712e350cca9626a0e0eca5c9728462ba35d3a1043dc3581cdf4bd308249744490c93b39edd67ac86b2a450f07b4baf8bf7ffbd3c61bb1277ccbe49d98d3f770bba4a737163d5e57f23cbdf", 0xff, 0x4}, {&(0x7f0000000100)="dc0bdd3580abdf84704d66c353f61865c0c81623f82ba83e3cf523", 0x1b, 0x100000000}, {&(0x7f0000000400)="dc583d6d5a7746db0fdc1629c5d6b8a06a5d5450fa3bafd95cba6a9ddfc1b366a680dbac3ca0b1d78e79efa2d806bd6e7f74ee8244c2aa91dc4d74b8132acc435222d43883e8aa01fdfb07c5570ba740c39fbd1e21d77b137191e431825266f74d7d517a4111e2c1e1cee5489e3d300ad2fbb82ce7398751629344bad66436de1a05f71860b85c723986111ebcd025e94c47d1264a995ba8959e0c6e754267a8ee55d550da6e668b47b6d676e35cdcf6d0", 0xb1, 0x2}, {&(0x7f00000004c0)="996dc7cd7476af5ef22994a2d0c76c8f47bb2f217f02984b3914fa58a4efb8b63ba674761b6f378aa8dfad73a8659a1c4c432bbcd7b4def1a5d53d4d910882972e5a259a2dd933854beba96b84a64f2bf4eeea0f23142717f37b14509fad461616ff333d8f3c6373a5316e17aab3cb5d4b27291d934ef7e277b8abb1ace8c89ed65ab6515e198c33afe569b7d4e95d033e08b693d446b3d63d107a8e9c911a5c1ddaa433051f0eb27cf55b787b5ab93d7daf7518a3033a30c95f0865101719fca81c9e35b8f49764b36adc687c879a45c332900d6f18d9", 0xd7}, {&(0x7f0000000140)="cf8d215f6eec8d5ab09ea0b54a", 0xd, 0x6}], 0x20, &(0x7f0000000180)=']trustedem1&\x00') vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:01 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:01 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0a0004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:01 executing program 2 (fault-call:0 fault-nth:49): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:01 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x1f, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet6_mtu(r2, 0x29, 0x17, &(0x7f0000000000)=0x4, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1653.362693][T14796] FAULT_INJECTION: forcing a failure. [ 1653.362693][T14796] name failslab, interval 1, probability 0, space 0, times 0 [ 1653.390097][T14796] CPU: 0 PID: 14796 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1653.398574][T14796] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1653.408641][T14796] Call Trace: [ 1653.411948][T14796] dump_stack+0x1fb/0x318 [ 1653.416304][T14796] should_fail+0x555/0x770 [ 1653.420746][T14796] __should_failslab+0x11a/0x160 [ 1653.425706][T14796] ? ext4_mb_new_blocks+0x2ac/0x2cc0 [ 1653.430997][T14796] should_failslab+0x9/0x20 [ 1653.435506][T14796] kmem_cache_alloc+0x56/0x2e0 [ 1653.440276][T14796] ext4_mb_new_blocks+0x2ac/0x2cc0 [ 1653.445394][T14796] ? trace_kmalloc+0xcd/0x130 [ 1653.450081][T14796] ? kcalloc+0x2f/0x50 [ 1653.454148][T14796] ? __kmalloc+0x26c/0x340 [ 1653.458564][T14796] ? kcalloc+0x2f/0x50 [ 1653.462637][T14796] ? ext4_ext_search_right+0x4cb/0x940 [ 1653.468099][T14796] ? ext4_find_extent+0x8e0/0xaa0 [ 1653.473129][T14796] ? ext4_inode_to_goal_block+0x27b/0x3b0 [ 1653.478861][T14796] ext4_ext_map_blocks+0x4b8c/0x7170 [ 1653.484190][T14796] ext4_map_blocks+0x8f4/0x1e30 [ 1653.489054][T14796] ? __kasan_check_write+0x14/0x20 [ 1653.494182][T14796] ext4_getblk+0xae/0x460 [ 1653.498524][T14796] ext4_bread+0x4a/0x340 [ 1653.502770][T14796] ext4_append+0x175/0x310 [ 1653.507188][T14796] ext4_mkdir+0x7ad/0x1450 [ 1653.511619][T14796] vfs_mkdir+0x43f/0x610 [ 1653.515869][T14796] do_mkdirat+0x1d7/0x320 [ 1653.520201][T14796] __x64_sys_mkdir+0x60/0x70 [ 1653.524787][T14796] do_syscall_64+0xf7/0x1c0 [ 1653.529289][T14796] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1653.535174][T14796] RIP: 0033:0x459a67 [ 1653.539064][T14796] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1653.558668][T14796] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1653.567082][T14796] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1653.575064][T14796] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1653.583137][T14796] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1653.591116][T14796] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1653.599091][T14796] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:01 executing program 2 (fault-call:0 fault-nth:50): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', 0x0, 0xb4) open_tree(r1, &(0x7f0000000180)='./file0\x00', 0x1000) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r2 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x3941e5050b514556, 0x0) accept4$ax25(r2, &(0x7f0000000040)={{}, [@netrom, @bcast, @netrom, @default, @default, @remote, @rose, @bcast]}, &(0x7f0000000300)=0xffffffffffffffef, 0x81000) ptrace$cont(0x20, r0, 0x0, 0x0) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) connect$rds(r4, &(0x7f0000000100)={0x2, 0x4e20, @rand_addr=0x10000}, 0x10) 04:02:01 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050003ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1653.700131][T14802] EXT4-fs (loop0): bad geometry: first data block 262144 is beyond end of filesystem (1080) 04:02:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) tkill(r1, 0x6) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:01 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000204000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1653.803289][T15118] FAULT_INJECTION: forcing a failure. [ 1653.803289][T15118] name failslab, interval 1, probability 0, space 0, times 0 [ 1653.895552][T15118] CPU: 1 PID: 15118 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1653.904072][T15118] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1653.914138][T15118] Call Trace: [ 1653.917441][T15118] dump_stack+0x1fb/0x318 [ 1653.921786][T15118] should_fail+0x555/0x770 [ 1653.926212][T15118] __should_failslab+0x11a/0x160 [ 1653.931151][T15118] should_failslab+0x9/0x20 [ 1653.935650][T15118] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1653.940931][T15118] ? smack_d_instantiate+0x732/0xd70 [ 1653.946231][T15118] smack_d_instantiate+0x732/0xd70 [ 1653.951370][T15118] ? lockdep_init_map+0x2a/0x680 [ 1653.956320][T15118] security_d_instantiate+0xa5/0x100 [ 1653.961615][T15118] d_instantiate_new+0x65/0x120 [ 1653.966470][T15118] ext4_mkdir+0xfa9/0x1450 [ 1653.970906][T15118] vfs_mkdir+0x43f/0x610 [ 1653.975152][T15118] do_mkdirat+0x1d7/0x320 [ 1653.979489][T15118] __x64_sys_mkdir+0x60/0x70 [ 1653.984078][T15118] do_syscall_64+0xf7/0x1c0 [ 1653.988585][T15118] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1653.994473][T15118] RIP: 0033:0x459a67 [ 1653.998365][T15118] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1654.017966][T15118] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1654.026373][T15118] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1654.034339][T15118] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 04:02:01 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050204ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1654.042304][T15118] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1654.050267][T15118] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1654.058229][T15118] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1654.108835][T15118] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (15118) [ 1654.147334][T15224] EXT4-fs (loop0): bad geometry: first data block 262656 is beyond end of filesystem (1080) 04:02:04 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x760000) 04:02:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) seccomp$SECCOMP_GET_NOTIF_SIZES(0x3, 0x0, &(0x7f0000000000)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000640)={r3, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000040)='system\x00'}, 0x30) process_vm_readv(r4, &(0x7f0000000940)=[{&(0x7f0000000680)=""/30, 0x1e}, {&(0x7f00000006c0)=""/139, 0x8b}, {&(0x7f0000000780)=""/21, 0x15}, {&(0x7f00000007c0)=""/85, 0x55}, {&(0x7f0000000840)=""/163, 0xa3}, {&(0x7f0000000900)=""/6, 0x6}], 0x6, &(0x7f0000000d00)=[{&(0x7f00000009c0)=""/230, 0xe6}, {&(0x7f0000000ac0)=""/122, 0x7a}, {&(0x7f0000000b40)=""/5, 0x5}, {&(0x7f0000000b80)=""/227, 0xe3}, {&(0x7f0000000c80)=""/29, 0x1d}, {&(0x7f0000000cc0)=""/30, 0x1e}], 0x6, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$PPPIOCSMRU1(r6, 0x40047452, &(0x7f0000000d80)) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$KDSETLED(r8, 0x4b32, 0x4) ioctl$DRM_IOCTL_MAP_BUFS(r2, 0xc0186419, &(0x7f0000000600)={0x5, &(0x7f0000000040), &(0x7f0000000580)=[{0x7ff, 0x2a, 0x401, &(0x7f0000000080)=""/42}, {0x2, 0x87, 0x38, &(0x7f0000000100)=""/135}, {0x10001, 0xc2, 0x431, &(0x7f0000000300)=""/194}, {0x3, 0xed, 0x80, &(0x7f0000000400)=""/237}, {0x9c, 0x5e, 0x1f, &(0x7f0000000500)=""/94}]}) 04:02:04 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050304ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:04 executing program 2 (fault-call:0 fault-nth:51): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:04 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000fc0704000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:04 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_ENUMSTD(r2, 0xc0485619, &(0x7f0000000000)={0x1ff, 0x2, "1948ef8765471116ab876bbd6c43086ebe0860d878681f52", {0xfffffffa, 0x5}, 0x9}) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1656.447504][T15337] FAULT_INJECTION: forcing a failure. [ 1656.447504][T15337] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.503742][T15337] CPU: 0 PID: 15337 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1656.512144][T15337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1656.522208][T15337] Call Trace: [ 1656.525525][T15337] dump_stack+0x1fb/0x318 [ 1656.529877][T15337] should_fail+0x555/0x770 [ 1656.534308][T15337] __should_failslab+0x11a/0x160 [ 1656.539256][T15337] ? ksys_mount+0x6a/0x100 [ 1656.543680][T15337] should_failslab+0x9/0x20 [ 1656.548187][T15337] __kmalloc_track_caller+0x79/0x340 [ 1656.553489][T15337] strndup_user+0x76/0x130 [ 1656.557918][T15337] ksys_mount+0x6a/0x100 [ 1656.562176][T15337] __x64_sys_mount+0xbf/0xd0 [ 1656.566782][T15337] do_syscall_64+0xf7/0x1c0 [ 1656.571306][T15337] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1656.577234][T15337] RIP: 0033:0x45d09a [ 1656.581141][T15337] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:04 executing program 3: r0 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x101000, 0x0) connect$tipc(r0, &(0x7f0000000040)=@nameseq={0x1e, 0x1, 0x1, {0x1, 0x0, 0x1}}, 0x10) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) nanosleep(&(0x7f0000000080)={0x77359400}, 0x0) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1656.600855][T15337] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1656.609266][T15337] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1656.617236][T15337] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1656.625304][T15337] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1656.633274][T15337] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1656.641261][T15337] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:04 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050404ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1656.671810][T15338] EXT4-fs (loop0): bad geometry: first data block 264188 is beyond end of filesystem (1080) 04:02:04 executing program 2 (fault-call:0 fault-nth:52): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000000)={[{0x5, 0x9, 0x40, 0x4, 0x0, 0x1f, 0x1, 0x9, 0x4, 0x9, 0x81, 0x5, 0x8}, {0x1, 0x7ff, 0x5, 0x7, 0x0, 0x3, 0xff, 0x0, 0x3, 0x47, 0x5, 0x1, 0x2}, {0x8, 0x81, 0x40, 0x6, 0x10, 0x6f, 0x9, 0x9, 0xa4, 0x6e, 0xb2, 0x3, 0x800}], 0x7}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae68, &(0x7f0000000080)={0x6000, 0x13800}) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:04 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000804000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1656.821650][T15563] FAULT_INJECTION: forcing a failure. [ 1656.821650][T15563] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.843137][T15563] CPU: 1 PID: 15563 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1656.851511][T15563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1656.861570][T15563] Call Trace: [ 1656.864875][T15563] dump_stack+0x1fb/0x318 [ 1656.869228][T15563] should_fail+0x555/0x770 [ 1656.873662][T15563] __should_failslab+0x11a/0x160 [ 1656.878609][T15563] ? kzalloc+0x1f/0x40 [ 1656.878624][T15563] should_failslab+0x9/0x20 [ 1656.878636][T15563] __kmalloc+0x7a/0x340 [ 1656.878653][T15563] kzalloc+0x1f/0x40 [ 1656.878665][T15563] smk_parse_smack+0x197/0x230 [ 1656.878678][T15563] smk_import_entry+0x27/0x590 [ 1656.900005][T15563] smack_d_instantiate+0x78f/0xd70 [ 1656.900026][T15563] ? lockdep_init_map+0x2a/0x680 [ 1656.900040][T15563] security_d_instantiate+0xa5/0x100 04:02:04 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$USBDEVFS_DISCARDURB(r1, 0x550b, &(0x7f0000000000)=0x5db1) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) ptrace$getenv(0x4201, r3, 0x8, &(0x7f00000000c0)) ptrace$cont(0x18, r2, 0x1, 0x9) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) r5 = perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x3, 0x62, 0x0, 0x3, 0x0, 0x6, 0x800, 0x4, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x2, 0x1, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x9, 0x6, @perf_config_ext={0x2, 0xfed282f}, 0x148c0, 0x4, 0xff, 0x4, 0x5, 0x81, 0x8000}, r4, 0xb, 0xffffffffffffffff, 0x8) r6 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r6, 0x0, &(0x7f0000000000)) fcntl$getownex(r6, 0x10, &(0x7f0000000080)={0x0, 0x0}) r8 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r8, 0x0, &(0x7f0000000000)) r9 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r9, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r9, 0x0, 0x1, &(0x7f00000003c0)='\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r7, r8, 0x0, 0x1, &(0x7f00000000c0)='\x00', r10}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000001c0)={r3, r5, 0x0, 0xb, &(0x7f0000000180)='eth0-ppp0/\x00', r10}, 0x30) vmsplice(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f0000000440)="4b42dde30dcc32b9601358b6ab71160768453bc918d1eeff6b931efc6252077697e9eb1625245c52c0e35ddda1bff7fe27f9465f1dbb6aed109519c252dd8606acf05fd2fa6f3de50cd9366271091b5885fbf311000bcbf9a50aac516661fbd4911ab7acaaec13a2263ef0510329c5bcec8e0ad7d69aa4e1dba7b3749f0fcb5e1996b744ccdaf6c29115589b524343a42b5987b9b36bf75a44de6da4468091ab9d3f2c4a0ce54d0485204b16bbdf5c03ca43affc66af8994a9491a3ac1b0b42a5c24559223c8b1f2c792c27104cee6d934ab230532d2ff63ff13bff12abc802e7cda946cb7cfe7cf87893ccb9a1511ca0b7deee92c4a647078fb179ea36d90bd7e55635ab67fe357b5f55a93cead308ea1eaabb6fb61a5eacd0da1e47990c023eaa0f315a1112270cbebb82baf9ace334bfc871a580195e8e76b3487131be3e190ea9a67ee55d7bc95004de9c37bb87d3acd93aaab1764610d28d76823e4f68835b16349cf1771d885020a841af41d5c900ec3fb977548540037d18b4d4b1bf5143865006d072923d760faff8010ec3320f4baa73ff47e10093f27b09baa192d0a74a91c72eb04bc2c358ca0dfeb7d31dac5e22ec3e4a97bf87238ec800941e5e687e02e6e521b97a664defb119576d6c5f31dc548ab253136dba99bdec0c9dcb40b1750afefb9831b3ab8bb9c564272eaab08a298554c3d1ad54f511b2e077e768e4856e717b28b6c22ab409c57655d4c60abaaaa0eee72ef2dced73be4305dec424c55c9e9ef44a4cdfed5c6165c941698e9d79b8f1bdde58e3fef0e2d86d45c643f57db5ba21ed5e54b72a02c28d4d5f7a23f77060cfc34ea3b5ab602ba03c017b1a177ddd1c57466de82da3aec5ecd717a7c1bbd16dd6ba4ff6dd6216ab5457c25e820f3c708375d15734b444a42ee5b9782bbd7f43ab8f1224cdd0616982480c6b4177cda8ae93fa299b9b7039f29fd86a9283de4a9c7d887f302dac00f4c92728d1ad787cfbae8c43c1645c62e73f05eb7c81333f63e59d97e0adcf4906c7c37e99f3e6db6478e77fbdf2165f5363bc4cabca64afd6189deff3b2e01dfb217f61588e55ad25d65eb0a307732d1c1268aaf0570ac5cd4875c6cf05081c181a1f3ce725c01b505b19fd3a522bd65080f477f27c94dee5763be28924744d86eaa05a1a7825fa267215ada0420f892524a4d6ca13fcc1a19ed84eedf30eaa62a395159bf5b5dc2f18f7d0a07e7905bee6bcdac021cc89ed2164a57129a5ed6ffc0861b8d3e2ee2c823d0ae07a555b5b2cd967ee9b6dcaf736ce5288e2e26da2d89c386d892948a3b06dae5c795845066b82b71cc7cdee8b3c1a8c67eaf3f38508d4655c099156aacd25ca1e72037501e0f8e0a02622b88068b731188313bdb66d9f0cbbef2360a5639595a8ef6101584262476de1e4f76f66f3e12a6f84f6f6adf5836b6c0637633ee2abeebb960dba59545bafa3161524595526c14725d1858a254f901210852c0b2826e01672747b59e673b79988d3790ae4c7d936ffe72702060f76ee14d69290f1e5b7fd5ba2f84774d9ef7f4bf7977b67275090c9e6e209aa0348354cb393cc42e2045448e3606d5e4fc67adcd4cefc066b9ee38447c9e3ac09796f2606c6cd0ec116d6f2e746fe99822aba91b13700812dedb8e79b11af12572d98bd5b294bfde8654b603fbd2d0c93b8ce48ec874766091e8819844681759a24f9d41524e914382006a0d0da9cb096113d676800fab3f33c351d67dcd43f8affec96a63e61bffbe56d2732a36fe5baca3b32deffc79853661a48f34954bdb3cf3b9a939b69808f8caa997796cf08980749b6a2a4ebbe12c99abc9ac6d1822609181001b3b0ad268b1daa0d109b65a1d0c351747ab9a318d4bf6f793c3ec88077ae74fd5c507aa2c9ff86435ad35eb1c9db9dfaef3070f5a8980b56c467a8cd58352c71cde63c0a3ec3bdd6094ab4aa6a52fb09fc199301f71c70610d8faa457586963d3fd8e930cdbac9d4d8ce5bae861e3e1b7d02bf97e58b1489d1f758a40a40a4b8234cae317fed420ccfb675dc7b2a6a6efa019adbeb63f5d2e3523298896eaa68058f281687978dd87b036c45cbf173c136999e8561d5f410dce30e6979f41b83fa4df5a46d81807884b63c2e265da79ded0cb438eed7cada1b3fa84343e373d68f6d65f4ccbe5f5f5edc0bda7b8d1a15cfa5f5e86a809e2e806b346491a890616fdab5cc94cd1fce7bcfc2225c2bd0907a7ae1b5a99edb507aafa82190f43406e8005f4bf835b0b7cbae8636725c95d4544041a5024ef68cf14066ba1dd002f129c1dc6fa14ea5c5a018c348607e4a40db230cfd41549543602e9a44bc7ae82715244083286980ebcae3f351defe6a0f3824a0b277bda1e0e6decdc29c9ae4d0ac7ef87785312e1cc146c1382346383c338a73fec239d4241679c9ce11b7de0e3b3ce39f30345756403191f913664369540beac6fa0bef57bc270cd5a4e1f84a8e455aa55c54cd4b1f667529240bb552947b6be36d552c9217a70d69c6e3b8d0d9daf519845f0787f717c351118cd00b2de566847ce642a5d0d46630c44f924f0ed3ee25ff1b6178cb310155920900a15c23cde1f1b234ec92bb5ab20ee2d21ef23a66d712c0d17ec0506a625cc3d333ce7063b55641390a0c795245720ce0314de4cfce4f9bc68d5bf9d87e03c472b7dcd7e4960a6dd97ca7324ecc6080800df17859981aeb61b5ded5c06b080def52d0c83d153287e2cd2a93747b0043fbb65fb2c76ab20e00fcc4358097ae2a85d4012d64910f9087f2847a04297d4fc806226f84a2c2701fdd6ecb1424111cc1ca17ce4edabba0a554e5ea77077fa99373424d4ca881c3e0b82617c592f3e30d754d4ded302070eeaf32681a7f79c8c3d8af32acdbd0af51ec589d8378842142a2d274b6e08d8a21eada29a05ccfbbf4d59a460bfe1c0abebda94d1a32224810d8d89d594ffbf33c3e5bc9aa7b59bd9cfaff51c83b73822ab9a2ded9711fb680cf1bb67345beedaaecbe68a3ae55d0aa529134652073b59097d61843cdd28c22afd733dd3a4eedca56e8806e7a16a435d28282a489631a2c453c69549af84110fa78e33df326e64bdc5586f7516f4c04c7633014254ae34fae6bb0d9e6c7a6285ff6a157c9b9a88af24d3affae67b11bbfa5dd8d15dfb556380b47c27497c79093393f6cd60767b37ffbf90fc0af0933d6ee585177443c8c6048e94c5605d9a8db97f2ffb46623b4c786f3ea523de8b3a9f445b572714e8dafe603a03dc5a204f76313317f15a4c36866126b9530522f7defc603e714d4e0622c6c22b3b3031558d1850cf60a0b527ad4b622cf242a82af1e2332b5a4c94e4b94c0f2de870f0021765b35258090244260a0489054c8875a9a10c00794b665920471c9b53b25ebc83807b8e216b66b716c4c59181d74db3173b559dc45a0568597e9e60073174582065074a63b9806cef0971b638dda501324dfca50c408650c3ccff95425327fc347c6e56a7673ed5c27be064bf3b7d76634b66fa7658025d6fc25a8f372da68e8978a638773b921fd6a5a1432f517c5820b82c777c1691d9255cc6417de9e5c14af2b6d840f36f9a6f3bd544c99f190088e5f6db1b26720790d178b887cc3bcb4c768d6c50309310229fa2d1d8d8db83766f7c5f3ef257222337a468cb1f22c374c3ea0cf87ca39c65ca373a26d467667962e3d9ec9eab388829a5916a2219fdfed0b636336836870a3bf306c974ad7af64233715c4e28c7cefe428ccb1a76b69df40f15d81c6a14fcbb4ce9961300b761e4405d4ecc57404be867e7b502e4da3dedd0555df71eea25f42653fce001244e3ce8be8286651a9adca082b2a0e997bd99825793e6ef51374e06e4f34df8510f7bcf75920170bc3646b8bd8d82667beaa11f0be852fe70e675a9fbf97a8bcfb7b3c13d691affe6e66cef51c7416123e754985fe6e0d4563294d2dc353d365bf44b350b8674ed56557cd942bf2c24186a9e629275a4d597db3fcc5f33988735282547eb67a69414c59ec7ec4d51e20f166d3cdcd5ba2957e2b334ae585f5d91a9f9da5e4fc043a72af98f9798c06121e5a95d293c27eb24a7c6cec870f55cb9415a27de4b1b4334e8443ed061eac323ac295924cba885ae29f4b89592ee1254b2fd33816226238cdbbee68719c8688ecfb2b4a0fd04f3048cad14592a5e2cd6bd70182ba1f1dcd73634210ec3ede31989028e41c785cb8b249e66a6ce3a169339c999fca2fa400f9853e95a97520a7cd18b09f0e1f8b88780fbd73a94da357eb7403ee466edba57ef84d6b12d6ed3ac35befe24f7e987efef5723272e6c439371e3f9a5a06c309723312a152f5d3a6ad863a1dc73c549afd235e1997e3ca28864d198d9ea7701445935ce038cda2710aecf5dbf27f9c56bba67e2f63ec9aa02c843e4b8f267944eb3a8f5b2973d20a7835fd21b52bf5bb2e3003d5937b1c0ea07dc847950ae2f7bf61f7e5694abc0a82fcfc6770edf2c66d48a1617a83d6d3a922888981622cba8e6cd5c83b5b4b287179c0a2bfd06c3885612f90c5c812fe2f0b38ba03fa93c7c2e313f7e7c445c2ba674a74c94d778e6122a3beb827167d95bbd73eb8ff04c9989672a31c044f0b38848df72190d0e3dcae53d806d97096b6011e958bd3839046fe8e38d3c79b5726b87959cdc84d7e04b15d7d2922f9221e81e7c81aa5d0421cb90dad5c81804002df43a8c8b8fbd67e52a161e6228ae4ae5a7d934dde48180f68af36e1be4b88d2983dd802be8e8e7ba0330c87d18aadfc46f0cc7d926e0abd7a9b8a9389fed915660a3ca98c6bec7e386842bf0ce9915f2b86b588f4016b12fbd43fd855bc92b88696efa1e25450abbc27eb2ee1be1e8cd77bb2e1da3f4f2059b7764688a4c84a7cf055e52407aae5c1b7cb4e213455b80f1fb59ec40aded81e6aa91cdbea2158c4ddcc7c72acde342fdfaaf73d8fd9d85cd52f267d80c612b51fa9dd546951402b4e13e93149f768e42fdbd20d398a3b1bbc942983c9ae9fcb16d5649d625d91d14b1e65cb13dc6b284420dec694f72e384b3378db85c0d146c239bbf75481c23775f440675e828bf3136a80fdfab3dcac7f0dc86cc9f56bbcf84ae706ca480d5ef97bb2c966b017ccec5874850626fcd6867436de640d76c90b45d3751c4df9dc29404b16015cf03fbd1e7167b335e7450064337c95ee1f80e9bb4892a3871799495de1ed9f0e8e71056c13a28e42dfc214358711f6a9f3f8ac50b8d162c90b72b36e228e30eae59e792b52d128d15c78c88f7c5e78f2e5651cd14f203bac8bb530d4d1947f390eebf3fe1428ea8a9f111c72c76f7a6c303c1538e5b33812d6d4b4561d1943ee1eb4168a3da4281283d8b4cf8615fbc8544ebc5b271d35ab03fbbe6c7485bc4f1fcf5becad778b9158ca9b5f18f992d6cf8f202be524894f5e78ad0470f069e6e385057a60d274ea3d99762ef34530f7290ea63f7ed00923386a9390aea9409693bf850f2457ad80592be4755f4669bdbea605c0100fdc3cef7630443c745c68bed4462468dc972adfd1a443e61b581e15fddd09aff1b7c6152aedc91d2f431440b0f2cfedd37741e1853c972c29f59e673da7f71a5f2b50db1d9a26e415a0725a27052432437f5f100c4f30f09088fe6581290cb551ba3e4756a5720be83ae73b4db7dbde28b19ad8126ab9c8d2ff9234d31bcc43d0bb931135f0be552bc016285827442aa3d1c4fa429796304c587437d63a6d12d27c728f842ea9f39db0d19a1"}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0xffffffffffffacf4) ioctl$EXT4_IOC_PRECACHE_EXTENTS(0xffffffffffffffff, 0x6612) ptrace$setregs(0xe49c3cd5fb5a581a, 0xffffffffffffffff, 0x3ff, &(0x7f0000000080)="707d1c5d7d6f69f2a276964fe619c33a7d") ptrace$cont(0x20, r2, 0x0, 0x0) [ 1656.900056][T15563] d_instantiate_new+0x65/0x120 [ 1656.900075][T15563] ext4_mkdir+0xfa9/0x1450 [ 1656.929583][T15563] vfs_mkdir+0x43f/0x610 [ 1656.933834][T15563] do_mkdirat+0x1d7/0x320 [ 1656.938170][T15563] __x64_sys_mkdir+0x60/0x70 [ 1656.938187][T15563] do_syscall_64+0xf7/0x1c0 [ 1656.938205][T15563] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1656.938216][T15563] RIP: 0033:0x459a67 [ 1656.938228][T15563] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1656.938233][T15563] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1656.953353][T15563] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1656.953360][T15563] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1656.953366][T15563] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1656.953373][T15563] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1656.953378][T15563] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1657.031716][T15563] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (15563) [ 1657.055533][T15667] EXT4-fs (loop0): bad geometry: first data block 264192 is beyond end of filesystem (1080) [ 1657.212522][T15672] EXT4-fs (loop0): bad geometry: first data block 264192 is beyond end of filesystem (1080) 04:02:07 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x800000) 04:02:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, &(0x7f0000000000)={0x8, 0xfbff, 0xe14}) 04:02:07 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050504ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:07 executing program 2 (fault-call:0 fault-nth:53): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:07 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000008000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = getpgid(r0) capget(&(0x7f0000000080)={0x19980330, r1}, &(0x7f0000000100)={0xcb4, 0xbb0, 0x7, 0x9, 0x0, 0x101}) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) r2 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x200, 0x0) ioctl$EVIOCSMASK(r2, 0x40104593, &(0x7f0000000040)={0x1, 0x1000, &(0x7f00000002c0)="d206d4a0fc71b5dae393bab523a2cf88a948cd8037897ba30648b77f724bc77d2fc79911f332cd08d4e8e116f81a15fd64e2fe01d8dcfae526d74d893f909226dd62d198789a836bf994084230a788139f0197a80a4ab3905e1a829384b466df6b82a165cfe233f190fe74f6c84f3b155bd7c0bca01b8010a8dadf85d8935d67cda7ed19030c93f2d30fa160abaaac1845e24e2a38fabb566154e4781e7d4eab030043ff9003bab27f9e3bf5ff0d86c248dc4f7e7555f0406e2c6183c867dd4593c67758288d603181a8b1832aecafe039653483609b7725888eb2d3f03dee2c658d5f55b1952dcc759abd7db76f103d962833c6c9ad9bd05bf0a7dd164c95a75d598b084cc28b12b4f40368a3d1146c0557a18ddde72e4b12cbf3a1fa97f5ca49dc76ce616e31887ee4fdef5eb9c33ec6aea725c2b68ca91ac4f47df8048f0ccd21636b9f9ce27375e5fa83b8c5ee049f3f2ce440c877542522419301582d6361c5e1cb9b1acdbd0e35ba06da99dfb0155e31937c4aa78489d7f13e02a6fbbd5c556f3c2157daaa8a29e7a527078e5167e3f09b28209810385b34c326cc43058d638f52ad5a5bd0c3ad65f784fd0899495031bdb6f2ce0d638e40030eb19503a9cad57ac38db6943aac3070390aa24c56dab3875b013f2d34ad1ee3514245fda92bf472451b3a67b2d681e01eb5a6e4ff81b178a79366bd25150d6afc98b301b0cd08719eb4839a3ceceed20526b3e01a7e2cd92294b21378fc0619142b3cd1d849600f4ce54707c47aea4558f249b02bbc3af3797ae9ecada16da46b59289982f75762e4ed74aaa17212cf77ae1dcbb960cc19e62f8d10ab17eb6832fc3ac10a73e02956f5a35ae7e0d86436d1e1d6ab2f45185517bed306c6b52d51a1160e77ae6f25c649537c6c6aedea5917a460a05b5747181c3d0181d7b32636ba2d6bb4387c6835ab8b91a5409d656aaee0e206240c999d61eab9eb4540e9abeadc741ceab5009feae45f0bd784095349c7f1db69877595439d5f6e19310904977270f443f4b693eff3133dd60ec98efe5a8ae0f8562d6d00719cbc964e9f5d6d61aae54381417c6245e65c600a0d78835afcde004b7dc78ef5f2c79d70b739e26c47a791d7556682c533bb2a7f3006c30b76370cccc0abc40bd095764edb82461eae3e8b12ec89a7475e866a1e25137c97bec2b5bd200f7fbed09a4950291c0c567a24456918dc71424204ae808e3a46683f19ab01bd108441b525da82d3fc2b9b2ab222fda787869f3cb803b513e615e0ddbd1ed432db52f26d4161e8e6eee823718204c6f6e4fb8fb3e67b5b6bec24becdabe01dbc31acffb1b4e6d39fbe981241a7e8efa8b46a1ff9efa54c1a828b9af1d34e7d314b476e6d36fc1686af4e0723464aa5a9cd70ed278956be591092e9d953e4de1cd62bff2b6f72993496d203e8ee6f4a0487c8d13549218dd39c6607aafa160137344b6fa9749c6318bf0e8704c7b47a0f0b7e232f9ef70da9c2dc2fc2215a183356a6b0fae1da0dd1734bc0b5a22b7f12dce62cbda616576d90292b1e30f004b97fef646c7394d51bbec77e478bca275cd59219fabd891c5550cfec70f9511e8bac8f85ba3e0bc895b97618408979bb4ea3588b052f1020dac545dbc7e6ed15772270724dde26a7216d0faf62d41480b82050fd94e053315f940cb3dcd24e1dac25710b3acad1e48d6726e5c9418c0973b1d407e7918c4b0a709f6ebd71ed0144bf733e25c0a5d29dbc999a129f4373437b9ec3dad823e66f9e53afa77e9d91bec50a716fff3c7cf5133efd9d12cf4d14c862bda56c0cd704e376b40a0cfa08e8657182bc7a890b39bd78db2394b016a02119aa7a80f8a5b66286ff626d4e291052a8dd9148d0011241354c23051611ac2249baeed0efa49ccfced6a0adf858ed124e82e953f5b6b5daf2d31062b132811bc4d5c1cc7ea24e9e19c35c47d748eeeaca85e0982d415538bc179402d1a6850e72c241e4be3bce58c5ed504d563a6613ae29217c7deba320e4f31a53f9d99e1e69cef9b8fc4cbb9e04cd711891348f37df2197de307d4d6cea87d8213c67fa1e67b410e84b5f1ed4cf66ff7442491af8f3892dc2136047350cc921e06e9488cb5fb0f72975b8b9b39d76573073764f966e0c043bc10ad557c2c432ab459476ba54bd57ea5aa8691ad20ca97e2f8b7ec1c814718c3fab959cf5b85cf3fca2bd53856b7262c6a48ec45869af7112e262e88f87e077967f550569a946ad13f7f68040d067e7072912a42a0e9f08e433e8d8217529606a243b6ed3b6c410f8fcdfb5e483cb0ae1c8521ce29cce2763e866cc8b6e495d2f97615c251d8a10c2e6536c0dfa24d8a6d70431677f38ee1b04fc2bbf6ca41bf290ae19197a8f7bcd68164c3f6ccf38d3eb7ccd4c02230a58b2588e83d5428e8e170a821c4c593c3fee0a2250d9de21fa85cd1d595b812940c71489a422f31bb1e01995ed10ef782f91ed7384f8b93de3ed258c11d4b00ff5e6b6f83eac8e1dd19725c862004b6bb02c969f9303ec586c209ee10b9e9781c9f2bae7c68f8829cfe80f8f009b4d3587a23d53c8afa5fed7491c350bb3294af441623092ab2b17356461285f6a09f2e5565d00ab6a60045e061ea8b51028e43fd2bd01f2afd0a364fc3d50a2c7206f55f8fb4b95c7e135376f07b223ddc2bf19e1625138a1fe55161b86cbf705317e3d040a807606ee4203e6f9e75c888bd93ad239fc4a9f43f4d9b818397e8a854f00c82646e5ad3d94c08e607df0ba2887d3ba7b64ce29c0c5ee88c56ea15d64d53dd9ce1d6344a2c130dcb62346789430842ed8d5a731720b6350be8a34ed5e52d0c5d6864ce507b1577f39de823d5e46b296a59c9ca5753728860e097f2b28a9e8940520c738648b6a8c352a96d418dca0406376c02be21dd5ba8c8968e3c0d3e8c310229cd778d489edbddff5ff108f7fa29b31ddf572b95e1e7f28fe2d9398df7d0cc1e189d4a1d0ef18ff9eb69b7d6834edcb0db0a5210e335ee06de7bc6d78b58d11be4a9a2a4bce17105c4b4650fbd4bac35f075321e1cd0bfd6a80d1be61d634e7bcaa03c4faa4dfdf35a6774360a0ec9908577d85c259eb6290a3359ed130537accb1874a1eeb5d42481d926982e9a048bc0e0da7b8fbfd3333b4ca2184b3705fe79a33a18d41a4a80b6f84c8bda4a55a8bada2d2599139dc41d0895617d79be6cfcb0918e2678225096ddc7956cdf096f3f000fa420699535912b92caec9e2e5086bde4822a5545b0ca336805c412389f60ac6f2a2740f5176ef1058cbab62b4509f4ddda3a3d7e5e5e90d009bfd4db4458ff329b5a282abf0e5773f216c151f29963255a784ab90fdae3c897e95764a6d6fa7a539f6b87bffe9224ca9ffd380cefa081241ad14697f0568855f339d53a1477369135b5d17aba981cef33927827304052a6bfd0217b093cac500c307c693e8c139295ccc3f4a3e995d9abea09703685cdb8be102a073b98774718e32452a9d55ec475b3cff0a698de8627d34350f9d444517c0ad2011f573e402e604a800e5f04abc130d9cad3ceec2ccc7241c607aefa6b852789564cca9c32950d4e58612c0e3d1fba100b08ebcdc417c13d6433085c089a283890d82998ce6292eb10ec830cdd1e813f5b87178735a2a5e86cd98ccf7cf589855ca0b209486a3800ae6c2abb12e612d0cd3433bddc6728399994d404aa8ee8005e94f2b2ad5c608b1c59fcd5bdcb68d2abc2558251e83b63e82d2fa11316e204e4f17c6c38c0c7594acb117ddccce377d4d40d851497056392b191bfc57d13b5316bc3900708e6a0577e5be6449ea260144442ca9430c85e84f67899128425b6bf5e5bb01918789ad48a9896a0eeac16f882f26002afe9ff18fc5c7a1ba5e6c994b50b988bc1c40933d62bf251322bd17a0e2b4d5ba36cec15204aaebee9cf2424325804e62b9612c74ddffb2ffa4b509389a6b7af47ccba1970e5ddece2e3de91e43f83fc5e2c4d0e551d83dbc86d6b63dd8a31e405689164c4169be0f76901f643d3936170084ea34706a25890834d9255361376c218a4fd5efdb8d19b0873679afbd91aab708778a9a4783514142da17a27bdaf3b8ab111da4e7ef0030119acef3a6b466410dac4949c59d8541c0973e5f6f916eeec1c634fa8ebb80a3b41c675a41734e96259bc81e42d09eda7c2c398efb5b6d86ae949baa3a65e8f47b24b080cdaa3fb957f358f70cc287e1bd5a5518316401650858a850bbcb1823534175f1b58533c7524038032fdbfd18751843cc1eacc1e49fb498428d2a23153a6eab6aa8b499c2fc61aa143dd448bbdb3c80dc821a0c03506494d0b98b93014528c2c00fdc0826c1f53eedfaa43a0b2d4853ab2b5abcf918d46d2997effe69a6e8acb1bca50545ff89fc3c8c26d21c123e5b520006fd3c1ce56424172277019e99a5cf168a884107116296d3ac88bab138c5368cff0ebe8d4ba80f5bd025d4ca4f5cb12f61032269b9d94e71b9d71425ca0b466600dfc5c8db44154094f61e968aa25ef4f635eef8a788dfabbc1caeb08760a23707e5d230bfe80968ebbf1fdf657b64b8d122763873336906171b761f374908a5eb2ef5f8dac553083e31a82f0d721cdbbd7177fab409bf2e879a4fa0a0814d42fff689007d5a54ff86ac386b8cd47dcd8f3b2be9169956a7d7154a177eb2d814ecc11fab4cc933a66617a326d1223cde14a196b1990e1e3ac7755571cd58e9c039dba81751ba068eb502a7a479980c34e877fd8d55372c4faa12bc8147ca618777dcd407528ea6287ac2c55e5563dba162bf5f6890c264d616c62d0bd73411490b0753e29f20bf75a2dac6a4d07bbd7551e1d38e729d814d1757fb8b0828ffd06fb88d38b5fb430c812f68348a08447c7e0063affc4bae3ac99d2bf8bcde04956118c03ece97636dc46da4e529371d34e2beee49ba59308cba2d01faf708f63eac8acd8755171b5807472d10ee2bf0bc0c2d3ba241238bf08e7ff13f6e6de1ae49ac333d2eaf987aaf2b4f6c08fac2c191951b24c89b9d249e602964a41acfd83b15e9bf85c1d4bc8fcc906ec7ff7f8253a618120343d6f62e47d4fe7be954a1df79a9ef59e9c9e953ebc996e6be0d6ff3002de95054e9e18ccd78bfe746b7b9f5cc16b12598c45773c04d2a2db27316213ad936b166cb7b70359e01df32e6f6ae6610c3fd607bf06a180b55ce9744ed5232c949208c1b64b0ad080ef77ca718324bf9a7fc9b34704b80fee438bae5a5d5b4b81634f28769de9d42a68fdd084b7aba1d48142062d1b2cb3bc59e8bf58f1da220d2a1656a10f57e1fdcaa60c31c42a14c39f2c9b401b18ef85156a9375842cef48760a489d4301c6cf81b3491f09bd1f516e656641fe6ac167ce2cc61d8e338a5dbc60d5a54975ddbd6ccaa32c9a763c6da0dd10488e4be408fe009d2a1fab14d5cf3eec7ebd705ecc8b8cfa56bb1499ef2d8564c1427d677e17098c5111357735ef919185184a28c691734010c657d01ab43a454708ec5390493641446f421b62d4b7c3f9c6cbed7ccdc05c65fd740e525ffe40d3192145c70241c10fa974517a9d11c9b4366bf89d9aeb8577ec9fa491a03261bd067575281a704b08f902fd94ede29ebde83070245ae99425c81a9bc0aa4db1b022ca3fc980a6b7e6b0ad923ae0b79f77998dfd712f9afd400967085bff261da0cebbc23ef5867d515fd162fbed77317cc58ad1a00795679a711cf07aa83a4b10a049850f60060b110f1ff81f26295902ebc11a4d25be661c3"}) r3 = getpid() ptrace$getregs(0x18, r3, 0x1fd98e21, &(0x7f0000000140)=""/71) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1659.566227][T15684] FAULT_INJECTION: forcing a failure. [ 1659.566227][T15684] name failslab, interval 1, probability 0, space 0, times 0 04:02:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000080)=[{0x0}, {0x0, 0x117}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000)='\xecock\x10\x00\x00\x00\x00\x00\x01\x00', 0x80, 0x0) ioctl$TIOCGPGRP(r1, 0x540f, &(0x7f0000000040)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1659.607686][T15684] CPU: 1 PID: 15684 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1659.616064][T15684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1659.626123][T15684] Call Trace: [ 1659.626147][T15684] dump_stack+0x1fb/0x318 [ 1659.626161][T15684] should_fail+0x555/0x770 [ 1659.626179][T15684] __should_failslab+0x11a/0x160 [ 1659.626193][T15684] should_failslab+0x9/0x20 [ 1659.626201][T15684] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1659.626211][T15684] ? smack_d_instantiate+0x962/0xd70 [ 1659.626225][T15684] smack_d_instantiate+0x962/0xd70 [ 1659.663257][T15684] ? lockdep_init_map+0x2a/0x680 [ 1659.668203][T15684] security_d_instantiate+0xa5/0x100 [ 1659.673488][T15684] d_instantiate_new+0x65/0x120 [ 1659.678347][T15684] ext4_mkdir+0xfa9/0x1450 [ 1659.682778][T15684] vfs_mkdir+0x43f/0x610 [ 1659.687023][T15684] do_mkdirat+0x1d7/0x320 [ 1659.691357][T15684] __x64_sys_mkdir+0x60/0x70 [ 1659.695948][T15684] do_syscall_64+0xf7/0x1c0 [ 1659.700451][T15684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1659.706340][T15684] RIP: 0033:0x459a67 [ 1659.710230][T15684] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1659.729840][T15684] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1659.738249][T15684] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1659.746220][T15684] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 04:02:07 executing program 1: r0 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-monitor\x00', 0x80000, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) write$P9_RGETLOCK(r0, &(0x7f0000000040)={0x38, 0x37, 0x1, {0x2, 0x7, 0x5, r1, 0x1a, 'cgroup\xa9\\GPLnodevnodev[eth0'}}, 0x38) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) r4 = socket$can_raw(0x1d, 0x3, 0x1) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r4, &(0x7f0000000140)={0x1d, r6}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x9, 0x4, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4}, [@alu={0x7, 0x1, 0x8, 0x4, 0x7, 0x30}]}, &(0x7f0000000100)='GPL\x00', 0x5, 0xd1, &(0x7f00000002c0)=""/209, 0x41000, 0x2, [], r6, 0x3, r3, 0x8, &(0x7f0000000140)={0x4, 0x2}, 0x8, 0x10, &(0x7f0000000180)={0x0, 0x9, 0xf5e, 0x7}, 0x10}, 0x70) ioctl$sock_bt_hidp_HIDPGETCONNINFO(r5, 0x800448d3, &(0x7f0000000440)={{0x9, 0x6, 0x40, 0x3, 0x3, 0x7}, 0x5, 0x1, 0x6, 0x5, 0x8, "86ad744d19fa4da9fb191e6f370ea47013ddabf0b3c0551946b4cb38d44e7210f6545d51827d95887e381ddb86c123a7eaae853079730563d4893997934e73c61a8b9e9600c33c3caee5759cba98b0bf53ab177fcab9058c7f9eca82da4432d37ea9934e400714bf4b2dc738a5183449604626e938ed57b2aaac09cd630bd535"}) ptrace$cont(0x20, r2, 0x0, 0x0) [ 1659.754193][T15684] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1659.762161][T15684] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1659.770126][T15684] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1659.796675][T15680] EXT4-fs (loop0): bad geometry: first data block 524288 is beyond end of filesystem (1080) [ 1659.807704][T15684] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (15684) 04:02:07 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ioctl$FS_IOC_MEASURE_VERITY(0xffffffffffffffff, 0xc0046686, &(0x7f0000000440)={0x2, 0x1000, "c96528895a00fbaae0deb5a56a6819d8218d46e23eb9a049ee956e41007131af953d13830e7fb7e075a225f6c546caba613d050531308e7629f2ccfaa82225154ae3c8b152cfbd98caa123da2005c58f92247e96268b71719fa93f6b53046cae908038afc53abd7c6030067b210db4770648c6755589c4a150ba68840df30709cc71a016bfcc541ccfeb53cf22464a53d584f73927522d455157da9bd90f1787ede644049cc8448c5c24776997ec72baddabd39ed71e399d1700f4faedd6d267787e1a262120f20bbadb2b309e5e2be091b0aed39b62e24b70870d1f8ffa8ea11eb7e54ee19b63e9881e5f65a2034b91d59bdc33488d9c6a5b2c7599b8697b93f5b11f1e1ac15e8c34c63db7138e4fce6eae5bd26db99952369cc7cad5b4a1b3a5f7bc33932919e7f38858364e5bc8188fd5e0eccb7239daa76d78ed6393c940b251f881949c8e9fa681161bffd47656d0046719fbe9ff9c447c1a990c6d86b4660d1db0f8020057bb74c4a0bb212b8f9b8aff9ece2aba205e6ea0203a8b0aa6ffd532a539666b6ce19eda57e6d699d8abee6245483cddaeaf7b07e8cf32fbf8e51a4dc96fc7f1aab30ed55c9b424b591f090c3f4f3703c5762e773ceb930f31042f9d0afa64522128e5580d84c8bd1df7ddae08005e8b0c9fb70c11688291e3ee602b26fab3b300f1d19244c323c08e67180f0f34943e6c96dfc4f1831dbe0a0bb4487b5f5e58680b81c422607fd6e9c7f673081176b4799a5c216e963df88ae3b6564a56d6e42af7c24c5c21cfabafa8c725f97da2cc28986252c3172da2360fa61c04209d03aca814a2df20b6a7a7ce77bb4c1dde235edb7f653001472d40bcf98ec119f693e07af92284022545a742acef5c6a984ceeec2ab5c412ecd1c0ccae0d0d1e850b30c28365656705456be304da63d6c7dc945fae98827a0cebe3bc73a0b41505d5a850d35528ee94c28d1c63b07455e1389054f379296108f0dbd957b9d17a0cb464f67ca99849a00b1679caa5f293be05a2dc916a66018cd1898e97f36ed4557a5bf7f3862e58b3d56667e599537927f80558cb6d6b53daaaad75ac1dacd779209a900e495cddf6d89cb5df52209998fb7069007cb2f832e74f68e11c942803816e54c58dc0ccc11e8a3b928af1ac392155b205e1db57af70c9678d160794e18c5546f8c7f5c762be78d1ecd96491bd085fd81eae5a499c4a9d59ee96d60e7b6b5724183778bf51159bee18cbfb7bb249ca7d42c4f838a3d8ea9ffedf838683803f774560041fdb056095ac9bd8805760b29e3a71c8f83145f8bcdc866f006567821675ca9857f163bce8248c9b9e14a219256a6d62957448289b3a13a9775638f4051893354b8c978c66d9f587fc342d12d3969ce42454460aebac70de59fe2be741b7e9513c9b657c78f0dd3caab2032ad6fedb566154abba81b5ae091a6bd2ac132e2808ad9e34cab781ec6ce3db3e96c9084a34f0ed27dccb53e94d85ecba2455c20d007bb650de2c17e91df3b410212661d7f6435da40cea66b984a5603912274449a5fe173ed8e2779c4b9bd34d22340be94b12856cca2c1a6739c3ea2613e19d400eda1f861194ccf6a74dc3f505b44686cdb5b8dbf952446222d160dc418cc99ee5c7e45380b2c5f85d2652ab19a2c9087732c2111507b2b0bc76840409c74019917fa0d8146f7829a44d23c343027ba6cbdf853120b576e5a59231f51d1248ee6f87da1c8bd48a967e42c344241ebbdca5211c4c643a73e7140c0865ef9638fb04e96abf2a0fc60f46a635938a96da3a645d277e21f018a5f2427f5b54fe2c27c9ea23e1c81e312904ea53fc279f8c5789109e7a0d2170536679973f351272a193d4fc03a0a670467c0b8b8f97b6bf280f8d4c3fde762086be726e0f0814ad902fa919c40cf184b933ac9e6591de94b09c80a9c5b385002373c4bb6dde307d68c741ea2121a97f3b01d2be5b8f135d4f3941c26feff3b1611fabcf3149cb4106538ed342168bdc360f5bf2b58e466ea5f69538aeba0dc8cc8d3eb2a7f21169becfd9f13ae301e11742797ee4dc27759b622dca3d3102064f381fb87ae75b39f3651cf5211f3880716158dbfb725fd640271360c5bc89b40e1c01c203bc697fc0fc80277de211d64c676b6dbb032a0701f4352f627c0696350fac0eb7a9ff60729155c1e367467db44307e49881be6b8ebc3e334c7d0232daa05a2247014032c1a315a82ae1e617f7509ba6aa12cbaf56c5e71b07ee4c164f9f7b3673d04e9f1064aaf2c9b7cf535c30717698e607f003f18355d445c1a08dd49e7f4a78c0069d5e3bb4737d35716c064e035136e67ab159b468c6ed7593ccc0ed8de3b051215ecbef91a09b06ddce55d4bbf058aaa2374ab133e02c7d4561db6f9505ddd38f13a40ed3119131aa1367608cd5dbfdfbb5d15546bb67fe691bda2d9f91c57967847682b3dbd1fdf8ad9cfb15be2e2de207a91df8ee73649ba242c1351c883cfebc080c66e077818112346faddca58571f6f2be923c8595c292c3eb6f768243449981950d43d1f52f3a83336f51ba24a52b521786e198de2b234675fc01abc9adda16965bbe210799b01c649f4766bd1dd8e3c0620c6554ce2b04580096404bc7b3402fa74517b45c5df5d40ec109aa89036e8c2914bad074459eb0cdca96122eb9ee15651df277eba478279aa6e905178faefcb6c295ed88d8e69d8e3864a9870e8655b8096d5ebb10d84b7c2599707a31eb182e6f16bb8c9c40c3e3c304053ad2e163763fd1b036780e79d427e371842c934ed4869691541dd823cd6a065865c2f6bc776865e6396aed99882fa523c9a0c538f1a2cf825f18596b2c5e89703436967d600e7a509aaafe3577c363f6e2f45140ba20ee3f4d0e50e6169fed0f4441d0e4f8753d66ac040b41d04c9df8dfa6c64bd33e45d744675a3cae57acf3180b484838a619194f8d7b22716f60820ad5ed765c1748d515b6b2df685bb1e57e19590a3d441d3ba13597711303c0484cbce86f91234badea6c0a048cb8c0691d1a582f6f915a3784b84d82494e8802a1eaf82161e21f25528cff9b6f9ce61cc6bba5562797a9ace5d9738d48a00413004df6a15da75684ad5a8c0fbe4d743881dfdcdee1e63e6a18bd0eb75bcacaf5092c563637bc00723e0b168dc34de7ea0ee26848c151bb08fd5b6cdb750451800abf775e8264ddf9b3f9577b7c3981c682948f56d98da9ac51b4ec145b85092ca87ee7c95d8d8cbfb27519943a5497f30a860324514b529853b56edcbcf19ce8c41696169f5f73a7818632abd396c5057c55297a27a43c3e85e0626ffbdd858ffbc2294036ac0ab4bc924fb03ffaac5e3e12e15456d398cae84a255fbb0de123dc70d8ec47c2d9dfcd642107e8964704e1cd51f6b363187be86da0795546dd66947031df11086f865acb2e4a84f41836dcb78153e082eab8d66ff09ee3d65a04f4aa7b07638cec77d8ea32742388eccbc7407c9ee7745bb2e2a32f9ad0c8f7fd3cf06b05f29bb7b3b0b76edb81f2ddf8aef841bc532a34ec17b733b133ad52ff7abdde1e0a563f44e1e4f9fa14d9add98f91152f67f0c398098b45d4a015a9fbf76eacbec6f04936489277d0d8608b44ff89e25e082e3dc337c0efeebb1dc61b1f9dd5d7aae8dca6b62bd93c47c24a02aabbd20e7e0546ad116f1fbbda78b98fa6428e1a1df6279c56de4c8fce844db9c5913f894fb0fca45ebbc7c674a2f08e538f529b744513e6d838313bfea91d2664ac54d161842986e4d9a6f153868f27aba8192435f83b5de242aa4ed10239f571dcb86a852a22be13d5eda0b9e576220bca2ddd6b2958006f884f59fa94bbd81e4eb5b94c80c78dac6f5c4577e4d13888b0af0dc23322451feca7bb5391311517941fdb974cd23c6cfd3ab72a0af47ee3a61aa39f734f86781652a24d1ac918ba1f1305b5b303251d5571419b18edae26863372d7be7470f3959b0421144e2bdad34c8ea5055a61f45749d39aa355947155bf191a09a07cce4e4db23ba307d5fd87e6962966f1da0122074e41984355c1221955725cfefaa769eb9cf45b3f3c24369967a8c7a2795142f3a814d8b1f538ad5a9c16db70ae1a784f021b0c96fa1557b3a4e6c6dd679c4715ed2d9b91e13cfbc3f431d52caa0c17847987198b0b7cd52240c97237c03e45b2a52b569135b79b1def168fdfde5162852d9a6544b534ec1e84b103f3404a94e70b66dbb79849f63afc7c266095f2ce7645dcbfe9b206d9a66371daae0bb3bf65fd0130f7c686497430e406d22d079a47beac4240d13664fafa268a2c25f669b53579a71ebec336277792a12adb104fc995ca87e4b4eea2241ae73270561423306bcc19128a1b46d93f2a5cb80a186232cac6789c048db31213434ef5b73301ff815f8da38292dca5f0ed68aad2befa1d1b27ef71d2e7d752814536f50885ec3d8cb19e5737abd1f46057f1fdeb0bc913cb099f1db07f1a0b63cb549ea86f09660b1fe127b598ea2e5e8dc36d949275845caf789d3c9c0f0942fa77833d1a2cd25ff241a8314e0bef4036f10f8d9e8ad4812a781057c6f7246ca012343d9a1929fad08bf49744878792c9c4eacc797bcfe6b483011b459ec79c81a5ac456e98c0c9cb6be6955b1ffedc5bac38914e5e0d37ff3b2669a33eb3f95b06c5e602f53b01a323654b9b634265237f8a9bae45c2afc935803d0c78f073f85a2ed74b6c95417a9bbf6c649eb0e64d0a789042bcde83fcfe2f2a1e3b21718cfd982507521a5dd4bbf67faba756b18793d56ece85a44d9b29a65da1a6e25ba4f18ec827303bb834159d97591a49293fbaa6e99d21f15fa1ffc9320bf8609a65b253f243549dad6f5f348e063e34266c6cd06cf6bcbca2ae27b6253d7e8158c47e9d6fb69ac3c5f5f2ce5f5fb6657c9ef8712aa705c8c6ba317ecd67e7739807d96a60d09232e959db6e490520933b4810c14fb6e91b4506668609eef82c6e59a72c86138e68fd8146653e170892f872ad50b85cf31148e35677636a7e60c74f926c76d60003388e9170de04c02eca893ae517498823d666e7d89a37b9e7f36916c0d42f9551298a81cdc93346756c9958ef20a6c2b17100644ec6460b0121c1fc152c50a8b9e0b4f4c4b573926c06775e2aa0bf4f11c79f148c2ce4a5a17d3bb3b9cbd883bb1df5bae76a94c81d74fccecd9e18f1c5053f19c98b3a7d35315cb011bb0cce8cbe78b389e478e5378af61ebc6c55751f63260b63c141185278746224046ef63d1c3051a94902e36f6ec16f505c69d3b6ebb467c5b536b138abb29301f717e5917a641269299e5c47cb8905c57529e35e3b89768ced6411835f8fe6b831581df43b262e1b1ff31d56b931c73bbffc98eb18751e83024e214a8d70f5eb6be52f52038a8b88c56e5abe96b85e200b00ab812db19ee836d5292cceddbe787f307282f3615a7f1d22bf4cb1b853e23950ff7b05ad8c9d1267fae3f612459e5eb8668c7cdde7faa9e644e85dcdf98d638a5ee0b81bda5d67f4278cc70d3c452c96fb50b5eb05602790260ac5fcc64f67119b33855275f7f3e3843b15cf2ba6190bad3240a1ff852e2aea64833bd4415378ea5189bca7dda81f9a56c3888f43c4be6fd2f31e1c8b0f6898cad90b4ad1f2891244d945d6af4befe43e13604f37788ca58cea0052ff1ed080db7865597c9e19084432792e447421fff6ad7ddcf708cac791cd9bbe04922c9837f0cb6053afed15bfa363dd53599e74751b38cf36f259c05de10b437ee2b9b39ee986e220"}) r1 = syz_open_dev$vcsa(&(0x7f00000002c0)='/dev/vcsa#\x00', 0x100000001, 0x300) setsockopt$inet_group_source_req(r1, 0x0, 0x2f, &(0x7f0000000300)={0x4, {{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}}, {{0x2, 0x4e24, @multicast2}}}, 0x108) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000100)='/dev/dlm_plock\x00', 0x800, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r2, 0x891a, &(0x7f0000000140)={'irlan0\x00', {0x2, 0x4e20, @rand_addr=0x5fc}}) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) openat$rtc(0xffffffffffffff9c, &(0x7f0000000180)='/dev/rtc0\x00', 0x4000, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) accept4$nfc_llcp(r4, &(0x7f0000000000), &(0x7f0000000080)=0x60, 0x80000) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) prctl$PR_GET_NO_NEW_PRIVS(0x27) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:07 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000408000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:07 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050604ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1660.071433][T15909] EXT4-fs (loop0): bad geometry: first data block 525312 is beyond end of filesystem (1080) [ 1660.178826][T16003] EXT4-fs (loop0): bad geometry: first data block 525312 is beyond end of filesystem (1080) 04:02:10 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x960000) 04:02:10 executing program 2 (fault-call:0 fault-nth:54): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x5, 0x70, 0xd8, 0x4, 0x2, 0xc8, 0x0, 0x3, 0x80011, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x2, 0x1, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x40, 0x1, @perf_bp={&(0x7f0000000000), 0x2}, 0x2000, 0xe8b, 0x0, 0x5, 0x100000001, 0x2, 0x3}, r1, 0x9, 0xffffffffffffffff, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x400400, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000040)={0x0, 0x0}) ptrace$cont(0x20, r2, 0x9a, 0xfffffffffffffffb) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) inotify_add_watch(r4, &(0x7f0000000100)='./file0\x00', 0xfb50a8180bc342b6) socket$isdn(0x22, 0x3, 0x0) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:10 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050704ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:10 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c00000000000c000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1662.620500][T16019] FAULT_INJECTION: forcing a failure. [ 1662.620500][T16019] name failslab, interval 1, probability 0, space 0, times 0 [ 1662.688026][T16019] CPU: 0 PID: 16019 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1662.696408][T16019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1662.706464][T16019] Call Trace: [ 1662.709756][T16019] dump_stack+0x1fb/0x318 [ 1662.714074][T16019] should_fail+0x555/0x770 [ 1662.718507][T16019] __should_failslab+0x11a/0x160 [ 1662.723455][T16019] should_failslab+0x9/0x20 [ 1662.727948][T16019] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1662.733220][T16019] ? copy_mount_options+0x5f/0x3c0 [ 1662.738345][T16019] copy_mount_options+0x5f/0x3c0 [ 1662.743313][T16019] ksys_mount+0xa0/0x100 [ 1662.747561][T16019] __x64_sys_mount+0xbf/0xd0 [ 1662.752408][T16019] do_syscall_64+0xf7/0x1c0 [ 1662.756909][T16019] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1662.762787][T16019] RIP: 0033:0x45d09a [ 1662.766684][T16019] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockname$tipc(r2, &(0x7f0000000000)=@name, &(0x7f0000000040)=0x10) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1662.786290][T16019] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1662.794704][T16019] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1662.802675][T16019] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1662.810628][T16019] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1662.818599][T16019] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1662.826571][T16019] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:10 executing program 1: socketpair$unix(0x1, 0xaad9a6915a5e149d, 0x0, &(0x7f0000000080)) r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r3 = openat$vsock(0xffffffffffffff9c, &(0x7f0000000000)='/dev/vsock\x00', 0x80000, 0x0) ioctl$EXT4_IOC_SETFLAGS(r3, 0x40086602, &(0x7f0000000040)=0x4000) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 1662.844337][T16024] EXT4-fs (loop0): bad geometry: first data block 786432 is beyond end of filesystem (1080) 04:02:10 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050804ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:10 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x3, 0x0) sched_setparam(0x0, &(0x7f0000000000)=0x2) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_open_dev$usbfs(&(0x7f0000000040)='/dev/bus/usb/00#/00#\x00', 0x80000000, 0x200) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) openat$vfio(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vfio/vfio\x00', 0x20000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = syz_open_dev$mouse(&(0x7f0000000140)='/dev/input/mouse#\x00', 0x9, 0x484782) ioctl$TIOCMIWAIT(r3, 0x545c, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$VIDIOC_EXPBUF(r5, 0xc0405610, &(0x7f0000000100)={0xc, 0xffff, 0x80, 0x84000, r7}) dup3(r8, r2, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:10 executing program 2 (fault-call:0 fault-nth:55): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RWRITE(r2, &(0x7f0000000180)={0xb, 0x77, 0x1, 0x9}, 0xb) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r3 = accept4$inet6(0xffffffffffffffff, 0x0, &(0x7f0000000000), 0x80000) r4 = socket$inet(0x10, 0x2, 0xc) sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r5 = socket$can_raw(0x1d, 0x3, 0x1) r6 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r5, &(0x7f0000000140)={0x1d, r7}, 0x10) sendmsg$xdp(r1, &(0x7f00000004c0)={&(0x7f0000000380)={0x2c, 0x2, r7, 0x18}, 0x10, &(0x7f0000000480)=[{&(0x7f00000003c0)="1bbf9aa15a11f72c66adcbc04732eb12d2f52f8e7de43df68634c6e6c992be6f19b9937c353f4b67c5dbbdf72393c2f7d1047e2dbc32348563d9a5506bd50f197dedf514e4aaee15af9fbebf74e6550b4d6d0198272087c138cc6b83c0e5d93262ea0f244ca144f4ce93f3e7c4b9a5130d5bcd80df8da07d8352b8a9b750e0d2f92c2b595d70131739b3977de575d971408b76c0fa444684751a8321a0caf497f5162b8be0e3593b", 0xa8}], 0x1, 0x0, 0x0, 0x2000801}, 0x4004) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000080)={0x0, 0x20, &(0x7f0000000040)=[@in={0x2, 0x4e20, @remote}, @in={0x2, 0x4e22, @multicast1}]}, &(0x7f0000000100)=0x10) r9 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$VIDIOC_G_AUDOUT(r2, 0x80345631, &(0x7f0000000340)) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$TUNGETFEATURES(r10, 0x800454cf, &(0x7f0000000300)) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000140)={r8, 0x4}, 0x8) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1663.099515][T16248] FAULT_INJECTION: forcing a failure. [ 1663.099515][T16248] name failslab, interval 1, probability 0, space 0, times 0 [ 1663.122033][T16248] CPU: 1 PID: 16248 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1663.130579][T16248] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1663.140658][T16248] Call Trace: [ 1663.140683][T16248] dump_stack+0x1fb/0x318 [ 1663.140699][T16248] should_fail+0x555/0x770 [ 1663.140718][T16248] __should_failslab+0x11a/0x160 [ 1663.148313][T16248] should_failslab+0x9/0x20 [ 1663.148326][T16248] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1663.148339][T16248] ? smack_d_instantiate+0xabf/0xd70 [ 1663.148354][T16248] smack_d_instantiate+0xabf/0xd70 [ 1663.177833][T16248] ? lockdep_init_map+0x2a/0x680 [ 1663.182778][T16248] security_d_instantiate+0xa5/0x100 [ 1663.188079][T16248] d_instantiate_new+0x65/0x120 [ 1663.192932][T16248] ext4_mkdir+0xfa9/0x1450 [ 1663.197384][T16248] vfs_mkdir+0x43f/0x610 [ 1663.201631][T16248] do_mkdirat+0x1d7/0x320 [ 1663.205965][T16248] __x64_sys_mkdir+0x60/0x70 [ 1663.210555][T16248] do_syscall_64+0xf7/0x1c0 [ 1663.215061][T16248] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1663.220948][T16248] RIP: 0033:0x459a67 [ 1663.224839][T16248] Code: 1f 40 00 b8 5a 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 7d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 5d c2 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1663.244441][T16248] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000246 ORIG_RAX: 0000000000000053 [ 1663.252849][T16248] RAX: ffffffffffffffda RBX: 0000000020000068 RCX: 0000000000459a67 [ 1663.260961][T16248] RDX: 0000000000000004 RSI: 00000000000001ff RDI: 0000000020000100 [ 1663.268944][T16248] RBP: 0000000000000001 R08: 0000000000000000 R09: 000000000000000a [ 1663.276923][T16248] R10: 0000000000000075 R11: 0000000000000246 R12: 0000000000000004 [ 1663.284919][T16248] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1663.298641][T16248] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (16248) 04:02:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xa07100) 04:02:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x7f, r0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:13 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000010100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) rt_sigtimedwait(&(0x7f0000000000)={0xeb2}, &(0x7f0000000040), &(0x7f0000000100)={0x0, 0x989680}, 0x8) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:13 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050904ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:13 executing program 2 (fault-call:0 fault-nth:56): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) tkill(r1, 0x1d) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r2 = openat$null(0xffffffffffffff9c, &(0x7f0000001480)='/dev/null\x00', 0x80, 0x0) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f00000014c0)) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1665.682464][T16353] FAULT_INJECTION: forcing a failure. [ 1665.682464][T16353] name failslab, interval 1, probability 0, space 0, times 0 [ 1665.743323][T16353] CPU: 0 PID: 16353 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1665.751699][T16353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1665.761795][T16353] Call Trace: [ 1665.765102][T16353] dump_stack+0x1fb/0x318 [ 1665.769447][T16353] should_fail+0x555/0x770 [ 1665.773878][T16353] __should_failslab+0x11a/0x160 [ 1665.778828][T16353] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1665.784553][T16353] should_failslab+0x9/0x20 [ 1665.789061][T16353] __kmalloc+0x7a/0x340 [ 1665.793489][T16353] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1665.797774][T16370] ptrace attach of "/root/syz-executor.5"[16369] was attempted by "/root/syz-executor.5"[16370] [ 1665.799211][T16353] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1665.799234][T16353] tomoyo_mount_permission+0x294/0xa30 [ 1665.799248][T16353] ? filename_lookup+0x4b0/0x690 [ 1665.799265][T16353] ? kmem_cache_free+0xd8/0xf0 [ 1665.830337][T16353] tomoyo_sb_mount+0x35/0x40 [ 1665.834936][T16353] security_sb_mount+0x84/0xe0 [ 1665.839707][T16353] do_mount+0x10a/0x2510 [ 1665.843959][T16353] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1665.849506][T16353] ? copy_mount_options+0x5f/0x3c0 [ 1665.854629][T16353] ? copy_mount_options+0x308/0x3c0 [ 1665.859834][T16353] ksys_mount+0xcc/0x100 [ 1665.864084][T16353] __x64_sys_mount+0xbf/0xd0 [ 1665.868683][T16353] do_syscall_64+0xf7/0x1c0 [ 1665.873194][T16353] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1665.879084][T16353] RIP: 0033:0x45d09a [ 1665.882979][T16353] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1665.902596][T16353] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1665.911014][T16353] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1665.918988][T16353] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1665.926958][T16353] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1665.934931][T16353] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:02:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)={0x0, 0x0}) migrate_pages(r1, 0x2, &(0x7f0000000040)=0x24, &(0x7f0000000080)=0x7fff) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x1000000) 04:02:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000053c07bc3376003639405cb4aed12f00000000001a47a825d8e05f272acff47d0100fe7f5ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da38a1295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def112807b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551465056515c7ce70148cf813016f4215379b8c7f6eca05126bd1d2a76ad9c0747aebe607984af46b7c23149ae5a0a128da4b7ab9095c2667fc22384bc126199d7f1dc75efbe65e6a6e880a68cde7840d09c23367fdd1ad699f18a5f05cb58e4e33982aeb56e87727ab29a9b4200d221c9ac309b5c0e772130470900f02d533a07819b4b42dcb31f66d8d14de0feec7cc8a97ff344ec78d4c2379c6952514e22275d220d1ea081f7d999c161dd23228c07ca0242611b1fdb8ce1082d0183310757bd7ff23ef73e6121ef4c6fd86b14d37d79ed615ede7267c80bac1bda67238a654d382f08327c2979b89038ece9353722bfddd1e23c855d480e43a03d64668ec26bc2d0479030916a", 0x1e6}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) tkill(r2, 0x3f) r3 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000)='/dev/snapshot\x00', 0x2, 0x0) ioctl$VIDIOC_SUBDEV_S_EDID(r3, 0xc0285629, &(0x7f0000000080)={0x0, 0xfcf, 0x800, [], &(0x7f0000000040)=0x20}) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) syz_extract_tcp_res(&(0x7f0000000100), 0x9, 0x5) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1665.942904][T16353] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1665.954904][T16353] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1665.978423][T16358] EXT4-fs (loop0): bad geometry: first data block 16777216 is beyond end of filesystem (1080) 04:02:13 executing program 2 (fault-call:0 fault-nth:57): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:13 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ioctl$TCXONC(0xffffffffffffffff, 0x540a, 0x0) r1 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r1, 0x0, &(0x7f0000000000)) fcntl$getownex(r1, 0x10, &(0x7f0000000080)={0x0, 0x0}) r3 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r3, 0x0, &(0x7f0000000000)) r4 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r4, 0x9) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={r6, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r4, 0x0, 0x1, &(0x7f0000000500)='self\x00', r7}, 0x2a1) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r2, r3, 0x0, 0x1, &(0x7f00000000c0)='\x00', r7}, 0x30) r8 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r8, 0x0, &(0x7f0000000000)) fcntl$getownex(r8, 0x10, &(0x7f0000000080)={0x0, 0x0}) r10 = open(&(0x7f0000000140)='./bus\x00', 0x14103e, 0x0) accept$packet(r10, 0x0, &(0x7f0000000000)) r11 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x1f, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x1000000000, 0x6}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) fcntl$getown(r11, 0x9) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000002c0)={0xffffffffffffffff, 0xc0, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000200), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000400)={0x0, r11, 0x0, 0x1, &(0x7f00000003c0)='\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={r9, r10, 0x0, 0x1, &(0x7f00000000c0)='\x00', r12}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)='\x00', 0xffffffffffffffff}, 0x18) r14 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x4000, 0x0) r15 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r16 = dup(r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r16, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000140)=0xffffffffffffff7f, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x4, 0x3}, 0x0, 0x0, &(0x7f00000002c0)={0x4, 0x5, 0x0, 0x5}, &(0x7f0000000300)=0xff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=0x3ff}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r13, r14, 0x0, 0x2d, &(0x7f0000000100)='-(keyring\\em1bdevvboxnet0vboxnet1n,+usereth0\x00', r17}, 0x30) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:13 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050a04ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:13 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000020100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x4000000) 04:02:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) recvfrom$rxrpc(r2, &(0x7f0000000000)=""/89, 0x59, 0x10, &(0x7f0000000080)=@in4={0x21, 0x2, 0x2, 0x10, {0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x24) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1666.205989][T16491] FAULT_INJECTION: forcing a failure. [ 1666.205989][T16491] name failslab, interval 1, probability 0, space 0, times 0 [ 1666.225593][T16491] CPU: 1 PID: 16491 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1666.233953][T16491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1666.244003][T16491] Call Trace: [ 1666.247301][T16491] dump_stack+0x1fb/0x318 [ 1666.251637][T16491] should_fail+0x555/0x770 [ 1666.256067][T16491] __should_failslab+0x11a/0x160 [ 1666.261018][T16491] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1666.266745][T16491] should_failslab+0x9/0x20 [ 1666.271253][T16491] __kmalloc+0x7a/0x340 [ 1666.275413][T16491] ? tomoyo_realpath_from_path+0xca/0x7c0 [ 1666.281170][T16491] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1666.286731][T16491] tomoyo_mount_permission+0x294/0xa30 [ 1666.292193][T16491] ? kmem_cache_free+0xb9/0xf0 [ 1666.296970][T16491] ? filename_lookup+0x4b0/0x690 [ 1666.301930][T16491] ? kmem_cache_free+0xd8/0xf0 [ 1666.306709][T16491] tomoyo_sb_mount+0x35/0x40 [ 1666.311309][T16491] security_sb_mount+0x84/0xe0 [ 1666.316082][T16491] do_mount+0x10a/0x2510 [ 1666.320329][T16491] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1666.325872][T16491] ? copy_mount_options+0x5f/0x3c0 [ 1666.330987][T16491] ? copy_mount_options+0x308/0x3c0 [ 1666.336204][T16491] ksys_mount+0xcc/0x100 [ 1666.340456][T16491] __x64_sys_mount+0xbf/0xd0 [ 1666.345055][T16491] do_syscall_64+0xf7/0x1c0 [ 1666.349577][T16491] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1666.355471][T16491] RIP: 0033:0x45d09a [ 1666.359368][T16491] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1666.378978][T16491] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1666.387418][T16491] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1666.395394][T16491] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 04:02:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x107b557099feb3a0}) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1666.403362][T16491] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1666.411329][T16491] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1666.419301][T16491] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:14 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050f04ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1666.542418][T16630] EXT4-fs (loop0): bad geometry: first data block 33554432 is beyond end of filesystem (1080) 04:02:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r2, 0x54a2) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1666.628612][T16491] ERROR: Out of memory at tomoyo_realpath_from_path. 04:02:14 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004020100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:14 executing program 2 (fault-call:0 fault-nth:58): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:14 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="051004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1666.879287][T16921] FAULT_INJECTION: forcing a failure. [ 1666.879287][T16921] name failslab, interval 1, probability 0, space 0, times 0 [ 1666.906834][T16921] CPU: 1 PID: 16921 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1666.915212][T16921] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1666.925280][T16921] Call Trace: [ 1666.928583][T16921] dump_stack+0x1fb/0x318 [ 1666.932915][T16921] should_fail+0x555/0x770 [ 1666.937334][T16921] __should_failslab+0x11a/0x160 [ 1666.942270][T16921] should_failslab+0x9/0x20 [ 1666.946786][T16921] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1666.952086][T16921] ? alloc_fs_context+0x65/0x640 [ 1666.957031][T16921] alloc_fs_context+0x65/0x640 [ 1666.961813][T16921] ? _raw_read_unlock+0x2c/0x50 [ 1666.966668][T16921] ? get_fs_type+0x47f/0x500 [ 1666.971353][T16921] fs_context_for_mount+0x24/0x30 [ 1666.976473][T16921] do_mount+0x10a7/0x2510 [ 1666.980808][T16921] ? copy_mount_options+0x308/0x3c0 [ 1666.986012][T16921] ksys_mount+0xcc/0x100 [ 1666.990251][T16921] __x64_sys_mount+0xbf/0xd0 [ 1666.994847][T16921] do_syscall_64+0xf7/0x1c0 [ 1666.999359][T16921] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1667.005253][T16921] RIP: 0033:0x45d09a [ 1667.009148][T16921] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1667.028745][T16921] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1667.037151][T16921] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1667.045115][T16921] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1667.053082][T16921] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1667.061046][T16921] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1667.069008][T16921] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1667.093455][T16919] EXT4-fs (loop0): bad geometry: first data block 33816576 is beyond end of filesystem (1080) 04:02:16 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) write$uinput_user_dev(r1, &(0x7f00000002c0)={'syz1\x00', {0x101, 0x101, 0x70fe, 0x5}, 0xd, [0x687a, 0x1ff, 0x8, 0x7, 0x8, 0x1ff, 0xbd5, 0x6, 0x2, 0x0, 0x800, 0x401, 0xff, 0x5, 0x7fe0, 0x3, 0x9, 0x49f, 0x36, 0xa3, 0x5, 0xffffffff, 0xfffffc01, 0x2, 0x7fff, 0x8, 0x3f, 0x10000, 0x3f, 0x6, 0xfffffffc, 0xc44da46e, 0xfffffffe, 0x7ff, 0x1, 0x1, 0xfc000000, 0xe1, 0xa8a5, 0x1, 0x6, 0x7, 0xd9, 0x8, 0xe20, 0x400, 0xfffffbff, 0x10000, 0x7f, 0x0, 0x1, 0x7fffffff, 0xfffff6e6, 0x1, 0x5, 0xfff, 0x3, 0xd2, 0x6f1, 0x800, 0x1, 0x180000, 0x20, 0x6], [0x3ff, 0x800, 0x7, 0x2, 0x85f3, 0x3, 0xfffff001, 0x1, 0x3f, 0xfffeffff, 0xfffffff7, 0x1, 0x2, 0x91, 0x1d, 0x6c, 0x6, 0x68b8, 0x3, 0xfaf4, 0xfffff7da, 0x1, 0x6, 0x1ff, 0x8000, 0x7, 0xbc, 0x1, 0x200, 0x6, 0x1, 0xffff7fff, 0x2, 0x7, 0x1, 0x9d26, 0x2, 0x6, 0x35858, 0x1, 0x4, 0x4, 0x2, 0x71ae, 0x80000001, 0x40, 0x7, 0xd2d6, 0x80000001, 0x2b1, 0x4, 0x7, 0xe44, 0x4, 0x1, 0xfff, 0x9, 0xfff, 0x6, 0x7ff, 0x200, 0x200, 0x8, 0xffffffff], [0x101, 0x10001, 0x7fff, 0x3, 0x1f, 0x9, 0x163, 0x40, 0x5, 0xfff, 0x3, 0xfffffff8, 0x80000001, 0xff, 0x5, 0x8, 0x2, 0x8, 0x8000, 0x6, 0x1000, 0xe8, 0x7, 0x2, 0x7ff, 0x3, 0x5, 0x800, 0xa0, 0xaa, 0xe0, 0x81, 0x57, 0x1, 0x6, 0x9, 0x0, 0x0, 0x823, 0x7ff, 0x9, 0x9, 0xf38, 0x10000, 0x0, 0x5d9ca33b, 0x6, 0x2, 0x0, 0x0, 0x4, 0x0, 0x6, 0x9, 0x5, 0x7, 0x38c0f9da, 0x4, 0x7fffffff, 0x2, 0xc258, 0xffffffff, 0x6, 0x2], [0x60, 0x40, 0x1, 0xcc000000, 0x84ce, 0x6, 0x5b, 0x5, 0x3, 0x9, 0x2, 0x4, 0x7fff, 0x401, 0xfffffffa, 0x6, 0x7f, 0x8, 0x7, 0x3, 0x2d, 0xd42, 0x2, 0x1, 0x0, 0x219d, 0x1fde, 0x5, 0x4, 0xf813, 0x13, 0x4, 0x5, 0x2, 0x80000000, 0x6, 0xf9f4, 0x1, 0xcb8, 0x1, 0xf7a6, 0x7f, 0x1000, 0x2, 0xd52b, 0x4, 0x1, 0x7, 0x1000, 0xe11, 0x7fffffff, 0x80000001, 0x8, 0x3f, 0x7, 0x3f, 0x3, 0x2, 0x9, 0x1, 0x8, 0x9, 0x80000000, 0x1]}, 0x45c) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) 04:02:16 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="051104ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffc000/0x4000)=nil) shmat(r1, &(0x7f0000ffc000/0x4000)=nil, 0x800004000) shmat(r1, &(0x7f0000ffb000/0x4000)=nil, 0x1000) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) sched_setattr(r2, &(0x7f0000000100)={0x30, 0x1, 0x1, 0x7, 0x3, 0xff, 0x5, 0x3ff}, 0x0) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) ioctl$sock_SIOCGPGRP(r3, 0x8904, &(0x7f0000000000)=0x0) migrate_pages(r4, 0x100000000, &(0x7f0000000040)=0x3ff, &(0x7f0000000080)=0x7ff) 04:02:16 executing program 2 (fault-call:0 fault-nth:59): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3f000000) 04:02:16 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000030100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1669.236947][T17031] FAULT_INJECTION: forcing a failure. [ 1669.236947][T17031] name failslab, interval 1, probability 0, space 0, times 0 04:02:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x40002100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4a, 0x0) getpid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000040)={r1, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000000)='\x00', 0xffffffffffffffff}, 0x30) ptrace$cont(0x18, r2, 0x0, 0x80000001) [ 1669.313741][T17031] CPU: 0 PID: 17031 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1669.322311][T17031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1669.332373][T17031] Call Trace: [ 1669.335686][T17031] dump_stack+0x1fb/0x318 [ 1669.340033][T17031] should_fail+0x555/0x770 [ 1669.344471][T17031] __should_failslab+0x11a/0x160 [ 1669.349414][T17031] ? getname_flags+0xba/0x640 [ 1669.354094][T17031] should_failslab+0x9/0x20 [ 1669.354110][T17031] kmem_cache_alloc+0x56/0x2e0 [ 1669.354128][T17031] getname_flags+0xba/0x640 [ 1669.354144][T17031] user_path_at_empty+0x2d/0x50 [ 1669.354156][T17031] do_mount+0xd7/0x2510 [ 1669.354170][T17031] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1669.363498][T17031] ? copy_mount_options+0x5f/0x3c0 [ 1669.363515][T17031] ? __kasan_check_read+0x11/0x20 [ 1669.363524][T17031] ? copy_mount_options+0x308/0x3c0 [ 1669.363542][T17031] ksys_mount+0xcc/0x100 [ 1669.363553][T17031] __x64_sys_mount+0xbf/0xd0 [ 1669.363568][T17031] do_syscall_64+0xf7/0x1c0 [ 1669.363584][T17031] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1669.377059][T17031] RIP: 0033:0x45d09a [ 1669.377071][T17031] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1669.377078][T17031] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1669.377087][T17031] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a 04:02:17 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="051404ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1669.377098][T17031] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1669.431344][T17107] IPVS: ftp: loaded support on port[0] = 21 [ 1669.440730][T17031] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1669.440738][T17031] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1669.440744][T17031] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1669.538359][T17108] EXT4-fs (loop0): bad geometry: first data block 50331648 is beyond end of filesystem (1080) 04:02:17 executing program 2 (fault-call:0 fault-nth:60): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8ae7891e20", 0x105}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = gettid() r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$FUSE_LK(r3, &(0x7f0000000040)={0x28, 0x0, 0x3, {{0x1, 0x1, 0x2, r1}}}, 0x28) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) sched_setaffinity(r1, 0x8, &(0x7f0000000000)=0x20) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r4, &(0x7f0000f67fe4), 0x1c) close(r4) setsockopt$inet_sctp6_SCTP_INITMSG(r4, 0x84, 0x2, &(0x7f0000000080)={0x3, 0x8, 0x2, 0x3}, 0x8) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:17 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000040100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1669.754419][T17458] FAULT_INJECTION: forcing a failure. [ 1669.754419][T17458] name failslab, interval 1, probability 0, space 0, times 0 [ 1669.774737][T17458] CPU: 1 PID: 17458 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1669.783145][T17458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1669.793228][T17458] Call Trace: [ 1669.796532][T17458] dump_stack+0x1fb/0x318 [ 1669.800867][T17458] should_fail+0x555/0x770 [ 1669.805296][T17458] __should_failslab+0x11a/0x160 [ 1669.810238][T17458] should_failslab+0x9/0x20 [ 1669.814738][T17458] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1669.820019][T17458] ? alloc_fs_context+0x65/0x640 [ 1669.824957][T17458] alloc_fs_context+0x65/0x640 [ 1669.829721][T17458] ? _raw_read_unlock+0x2c/0x50 [ 1669.834570][T17458] ? get_fs_type+0x47f/0x500 [ 1669.839162][T17458] fs_context_for_mount+0x24/0x30 [ 1669.844184][T17458] do_mount+0x10a7/0x2510 [ 1669.848521][T17458] ? copy_mount_options+0x308/0x3c0 [ 1669.853712][T17458] ksys_mount+0xcc/0x100 [ 1669.857954][T17458] __x64_sys_mount+0xbf/0xd0 [ 1669.862538][T17458] do_syscall_64+0xf7/0x1c0 [ 1669.867040][T17458] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1669.872925][T17458] RIP: 0033:0x45d09a [ 1669.876812][T17458] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1669.896421][T17458] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:17 executing program 3: dup(0xffffffffffffffff) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000000)="120000001200e7ef007b0000f4afd7030a7c", 0xfcd1, 0x0, 0x0, 0x0) dup2(0xffffffffffffffff, 0xffffffffffffffff) recvmmsg(r0, &(0x7f0000007500)=[{{0x0, 0x0, &(0x7f0000000040)=[{0x0}, {&(0x7f0000000300)=""/148, 0x94}, {0x0}, {&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/87, 0x57}], 0x5}}, {{0x0, 0x0, 0x0}}, {{&(0x7f0000002e40)=@nl=@proc, 0x80, 0x0}}], 0x3, 0x40, 0x0) [ 1669.904843][T17458] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1669.912812][T17458] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1669.920786][T17458] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1669.928755][T17458] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1669.936724][T17458] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1669.973706][ T21] tipc: TX() has been purged, node left! [ 1670.018123][T17463] EXT4-fs (loop0): bad geometry: first data block 67108864 is beyond end of filesystem (1080) [ 1670.106919][T17462] EXT4-fs (loop0): bad geometry: first data block 67108864 is beyond end of filesystem (1080) 04:02:19 executing program 2 (fault-call:0 fault-nth:61): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:19 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="056004ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:19 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000050100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:19 executing program 3: r0 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r1, 0xc0184900, &(0x7f0000000080)={0x4e, 0x20000000209, 0x0, 0xffffffffffffffff}) r3 = dup2(r1, r2) ioctl$ION_IOC_ALLOC(r3, 0xc0184900, &(0x7f0000000080)={0x24024e, 0x2000000023b, 0x0, 0xffffffffffffffff}) dup2(r0, r4) 04:02:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x40000000) 04:02:20 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0, 0x2a3}, {0x0, 0xfffffd5c}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x10000000000000d9, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_G_FREQUENCY(r2, 0xc02c5638, &(0x7f0000000000)={0x8, 0x1, 0xfffffffe}) socketpair$unix(0x1, 0x0, 0x0, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) write$P9_RGETLOCK(r3, &(0x7f0000000040)=ANY=[@ANYBLOB="210000003701000201000000000000003f00000000000000", @ANYRES32=r4, @ANYBLOB="9c1014222c"], 0x21) [ 1672.334007][T17574] FAULT_INJECTION: forcing a failure. [ 1672.334007][T17574] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1672.347278][T17574] CPU: 0 PID: 17574 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1672.347285][T17574] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1672.347294][T17574] Call Trace: [ 1672.368983][T17574] dump_stack+0x1fb/0x318 [ 1672.373329][T17574] should_fail+0x555/0x770 [ 1672.377883][T17574] should_fail_alloc_page+0x55/0x60 [ 1672.377893][T17574] prepare_alloc_pages+0x283/0x460 [ 1672.377906][T17574] __alloc_pages_nodemask+0xb2/0x5d0 [ 1672.388209][T17574] kmem_getpages+0x4d/0xa00 [ 1672.397955][T17574] cache_grow_begin+0x7e/0x2c0 [ 1672.402733][T17574] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1672.408225][T17574] cache_alloc_refill+0x311/0x3f0 [ 1672.413251][T17574] ? check_preemption_disabled+0xb7/0x2a0 [ 1672.418990][T17574] __kmalloc+0x318/0x340 [ 1672.423228][T17574] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1672.428951][T17574] tomoyo_realpath_from_path+0xdc/0x7c0 [ 1672.434489][T17574] tomoyo_mount_permission+0x294/0xa30 [ 1672.439945][T17574] ? filename_lookup+0x4b0/0x690 [ 1672.444863][T17574] ? kmem_cache_free+0xd8/0xf0 [ 1672.449620][T17574] tomoyo_sb_mount+0x35/0x40 [ 1672.454206][T17574] security_sb_mount+0x84/0xe0 [ 1672.458952][T17574] do_mount+0x10a/0x2510 [ 1672.463171][T17574] ? copy_mount_options+0x278/0x3c0 [ 1672.468344][T17574] ? copy_mount_options+0x25e/0x3c0 [ 1672.473609][T17574] ? __sanitizer_cov_trace_const_cmp4+0x4/0x90 [ 1672.479749][T17574] ? copy_mount_options+0x308/0x3c0 [ 1672.484948][T17574] ksys_mount+0xcc/0x100 [ 1672.489170][T17574] __x64_sys_mount+0xbf/0xd0 [ 1672.493744][T17574] do_syscall_64+0xf7/0x1c0 [ 1672.498228][T17574] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1672.504103][T17574] RIP: 0033:0x45d09a [ 1672.507976][T17574] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1672.527559][T17574] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1672.535945][T17574] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1672.543896][T17574] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1672.551860][T17574] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1672.559810][T17574] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1672.567761][T17574] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:20 executing program 3: syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_OPEN(0xffffffffffffffff, &(0x7f0000000200)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x20) r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') ioctl$DRM_IOCTL_GEM_OPEN(r2, 0xc010640b, &(0x7f0000000280)={0x0, 0x0, 0x3}) ioctl$DRM_IOCTL_GEM_FLINK(0xffffffffffffffff, 0xc008640a, &(0x7f0000000340)) r3 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) dup2(r3, 0xffffffffffffffff) r4 = socket(0xa, 0x3, 0x8) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) r5 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) gettid() r6 = syz_open_dev$sg(0x0, 0x0, 0x5) writev(r6, &(0x7f0000000000)=[{&(0x7f0000000100)}, {&(0x7f0000000180)="53000000c90dca807737f408177021bd01d3be55090000000001a0000000000000000000", 0x24}], 0x2) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) shutdown(r0, 0x1) ioctl$sock_inet_udp_SIOCINQ(r0, 0x541b, &(0x7f00000002c0)) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x202800, 0x0) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000100)={0x0, 0x1, 0x8000}) [ 1672.620557][T17573] EXT4-fs (loop0): bad geometry: first data block 83886080 is beyond end of filesystem (1080) 04:02:20 executing program 1: r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000140)='/d\x00', 0x602000, 0x0) getsockopt$inet_sctp6_SCTP_NODELAY(r0, 0x84, 0x3, &(0x7f0000000040), &(0x7f0000000080)=0x4) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x202500, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:02:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x7f000000) 04:02:20 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="057804ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1672.903853][T17574] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (17574) 04:02:20 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, 0x12, r3, 0x0) openat$capi20(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x0, 0x0, 0xfffffffffffffd9c) 04:02:20 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000060100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:20 executing program 2 (fault-call:0 fault-nth:62): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:20 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="05fc04ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1673.182310][T18101] EXT4-fs (loop0): bad geometry: first data block 100663296 is beyond end of filesystem (1080) [ 1673.202764][T18108] FAULT_INJECTION: forcing a failure. [ 1673.202764][T18108] name failslab, interval 1, probability 0, space 0, times 0 [ 1673.238339][T18108] CPU: 1 PID: 18108 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1673.246715][T18108] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1673.256778][T18108] Call Trace: [ 1673.260088][T18108] dump_stack+0x1fb/0x318 [ 1673.264431][T18108] should_fail+0x555/0x770 [ 1673.268862][T18108] __should_failslab+0x11a/0x160 [ 1673.273811][T18108] ? getname_kernel+0x59/0x2f0 [ 1673.278590][T18108] should_failslab+0x9/0x20 [ 1673.283099][T18108] kmem_cache_alloc+0x56/0x2e0 [ 1673.287876][T18108] getname_kernel+0x59/0x2f0 [ 1673.292470][T18108] kern_path+0x1f/0x40 [ 1673.296546][T18108] tomoyo_mount_permission+0x7f1/0xa30 [ 1673.302023][T18108] ? kmem_cache_free+0xd8/0xf0 [ 1673.306806][T18108] tomoyo_sb_mount+0x35/0x40 [ 1673.311404][T18108] security_sb_mount+0x84/0xe0 [ 1673.316172][T18108] do_mount+0x10a/0x2510 [ 1673.320421][T18108] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1673.325965][T18108] ? copy_mount_options+0x5f/0x3c0 [ 1673.331080][T18108] ? copy_mount_options+0x308/0x3c0 [ 1673.336279][T18108] ksys_mount+0xcc/0x100 [ 1673.340532][T18108] __x64_sys_mount+0xbf/0xd0 [ 1673.345133][T18108] do_syscall_64+0xf7/0x1c0 [ 1673.349651][T18108] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1673.355563][T18108] RIP: 0033:0x45d09a [ 1673.359459][T18108] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1673.379070][T18108] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:21 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050005ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1673.387495][T18108] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1673.395480][T18108] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1673.403471][T18108] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1673.411450][T18108] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1673.419427][T18108] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1673.486796][T17934] debugfs: Directory '17934-4' with parent 'kvm' already present! 04:02:21 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004060100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:21 executing program 2 (fault-call:0 fault-nth:63): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:21 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x6}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) mkdir(&(0x7f0000000040)='./file0\x00', 0x0) setxattr$trusted_overlay_upper(&(0x7f0000006bc0)='./file0\x00', &(0x7f0000006c00)='trusted.overlay.upper\x00', &(0x7f0000006e00)=ANY=[@ANYBLOB="00fb03023f3664dbb8aa6053b0cd45b7ff7d51bf020ad239a4ffaafb67ebe491debc88c5dda3db6dcb41aace88638348633eb76f58d4f265bd7e384b56d79d1c27d4c71aea93322fe9de15b9026b5680cf42478f8a0a5001b28de486f31262505c15a0578ad91027429dfdbb708785eec87e9ac3cf0d1c12968e7d243e20b7bd52d5fbee32751ff7c11cf12d592e0d481c157ff29ac2b0b5d3199faff29fcabfcba30ee0e74c24ab205d8ab1af31b9f478a03e022884ed96e4b955a2dda34d586323b707d299df94af00e0d32d9b1cdaf25bb6ad1dc0e833370ea04116d2cd3ddd17383d9a8da72b35d4b72eccac99ca90ddc65e21881d4237cfa2a422cdbe5f2ac7fd693f51ee441e44c81b262b86aff12c5731b1c1"], 0x1, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x3) setxattr$trusted_overlay_upper(&(0x7f0000006a80)='./file0\x00', 0x0, &(0x7f0000006b00)=ANY=[@ANYBLOB="00fbad01093df40fdceebb1003ff54b78d3a286dab66aaf183074c87ec2702493c6008490847a229a92e486fdaec23751cce48058c113f28aacb39ae6d1789853e0fba58c79dd1be24acfc73a9c74616a3a1b69c447ccb99d8b74d821df7200e014f3df8551ffda0e53c506b2481674eac2f46c15b431d76"], 0x1, 0xf1395dc5d9f55562) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000280)='devtmpfs\x00', 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8924, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) chdir(&(0x7f0000000300)='./file0\x00') rmdir(&(0x7f0000000140)='./file0\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000240)='coredump_filter\x00') r2 = syz_open_procfs(0x0, &(0x7f0000000000)='personality\x00') pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(0x0, &(0x7f00000004c0)='net/wireless\x00') r4 = accept$inet(r3, &(0x7f00000082c0)={0x2, 0x0, @broadcast}, &(0x7f0000008300)=0x10) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000009080)=@broute={'broute\x00', 0x20, 0x2, 0xcd2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x20008380], 0x0, &(0x7f0000008340), &(0x7f0000008380)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000fcffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000009bc0076c0100000011000000100000009000627269646765300000000000000000006970365f767469300000000000000000697036746e6c3000000000000000000076657468305f746f5f7465616d000000aaaaaaaaaaaaff7e00fffe00aaaaaaaaaa110000feff00ffde00000076010000be01000072617465657374000000000000000000000000000000000000000000000000004800000000000000736974300000000000000000000000006970365f76746930000000000000000023000000e1000000000000800000000004000000000000000002000000000000070000000000000049444c4554494d4552000000000000000000000000000000000000000000000028000000000000001f00000073797a3100000000000000000000000000000000000000000000000000000000000000004552524f520000000000000000000000000000000000000000000000000000002000000000000000079076d9bef3ffc2fc37919b39c5969505c23586887e4d59b2f321d23d8d00004552524f52000000000000000000000000000000000000000000000000000000200000000000000085909c8dfe14142e4d616b3df07a9c794aae58b3a3cea63120775c742065000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000ffffffff010000000300000008000000809b697036677265746170300000000000006272696467655f736c6176655f31000076657468315f746f5f6873720000000064756d6d793000000000000000000000aaaaaaaaaaaa0000fe00ff7f00000000000001fe7effffff4e090000f60900006e0a0000737461746500000000000000000000000000000000000000000000000000000008000000000000000000000000000000616d6f6e67000000000000000000000000000000000000000000000000000000880800000000000000000000000000000200000090010000ffffff7f080000009c0000000000000040000000020000000900000001000000b1070000090000000104000001000000af5e000007000000ff0700000000000013000000008000000400000003000000030000000900000022000000df02000006000000e0dd0000040000000600000000000000800000000000000002000000090000000d000000070000007b1cd244ff01000001000000f70c00000000000006000000800000001f060000090000003f000000080000000300000001000000fd000000050000000000010001000000020000000700000000000000050000000100010005000000ed0d0000ffff00000800000006000000010000004fcd000002000000ff03000000000080000000004000000000000000080000000600000001000000040000005a00000005000000020000000101000006000000a9aa9a1c09000000050000000200000001000000211d0000a1000000040000000000000005000000040000001400000002000000020000000800000009000000e2c1000074a0be5f80ffffff07000000060000000900000005000000080000000104000006000000ff01000000000000040000000300000001000000ffffff7f010000000101000007000000fbffffff01000000a8c50000001000000500000000100000010000003f000000010000008100000006000000930f00000200000003000000000400000400000000000000000000800004000007000000090000000900000000010000d2ffffff0000000001000000020000000400000080640500f30100000104000000100000010000800800000008000000020000000900000005000000000000000500000002000000002f00000000000007000000b3b20000020000000600000020000000e500000004000000020000000000000008000000890e00000800000001000000050000000600000000000000060000000600000002000000070000000010000005000000c70600001f000000ff0f000001000000090000000300000002000000000000800100000005000000270400004ed46f590bb1cc7f0000000004000000ff0f00000900000009000000000400000010000003000000810000000000000006000000b49affff080000000900000003000000dc000000000400000200000004000000000000000901cc1a0200000006000000ff070000010001003f0000009e000000010000000000008006000000fffffefff7ffffff0900000000000000ff7f00000180000000000080020000003f00000007000000ee000000000100000600000001000000de000000060000000200000008000000510700000001000007000000050000000300000008000000090000000300000001040000ffff000040000000810000000500000000000000030000000700000008000000ffff0000050000007f000001ffff000009000000ac1414aa07000000ff0f0000ac1414aa05000000ff000000ac1414bb0300000001000000ac1e00010700000001000000ac1414aa02000000ffffff7fac1414aa01000080ffffffff7f0000010300000002000000ffffffff000000000300000005000000080000000400000000000020000000080000000500000005000000ff7f0000ff000000001010000300000009000000b1d6000001000000260000000000000000800000d8000000000000000300000009000000ff0f0000da00000000000000010000007f000000090000000900000003000000000080000000000000040000f8000000008000000300000002000000ff0300000200000008000000b1000000010000000800000009000000000000000010000007000000020000000000000006000000c0940000000001000180000000f01f000400000005000000030000001f00000007000000030000000100000009000000040000000101000000080000880a0000010000003f000000ff7f0000050000000800000005000000ff0100000600000006000000090000000100000001000100080000003f00000021000000c0ffffff00040000060000000010000003000000036c0000ffffff7f020000000000000008000000080000000010000063070000080000000001000000040000c4e10000070000000800000009000000500800000800000000040000ffffff7f00000000010000003f000000ff030000010000000000000009000000070000000500000003000000ffffffff09000000000000000800000000000000070000007f0000000700000005000000001000007f00000018050000000001000400000000000800030000000900000081000000400000006500000000000080ff0300000200000001000000d1ffffff090000003f0000000000000009000000f7ffffff6828000007000000070000003f000000bf0c0000090000006b0a000008000000040000000100000022080000080000000100008005000000b60000000000000003000000a10d00000500000009000000090000001f00000005000000fcffffff0600000005000000560000000400000007000000ffffff7f0400000001000000090000002f00000040000000fdffffff05000000ffffff7f0180000000080000dfc90000d70e000003000000000000809557000004000000010000000700000005000000060000000100000000040000001000000800000008000000b40f00000800000032bd00007f00000003000000040000000400000001000100fe00000008000000feffffff0800000001010000ff7f000004000000060000000400000000020000030000002000000002000000ff7f00000700000003000000000000000800000040000000020000001f00000009000000080000000700000004000000000000000700000007000000f8ffffff03000000390000000300000003000000f400000000000100f4000000ff0f0000ffffff7f0305000009000000d3000000ffffffff090000000100000003000000010000800000000000000000000000000000000000000000000000000000000000000000000000000800000000000000fcffffff000000004e464c4f4700000000000000000000000000000000000000000000000000000050000000000000007d8100001f00050001000000a9e5ea48017ab25cc3b5c7a319adb0e14348f1063ddfe226b3046af10adecd8d0ce829ad458e1e21d18d8eae313bd8935c17998a9071f2f579a1ead659a52b5e000000004e464c4f470000000000000000000000000000000000000000000000000000005000000000000000050000000400090000000000916f1fb88776b1218ffe76aeba03373f660af64b7256acbde8fcdc6d5aa757d354edce90ad011b3e58fe110f2c2807"]}, 0xd4a) sendfile(r1, r2, 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='stat\t\xc0\xd2\xfe\xbc\xf9\xdf-\xea\xc8\xc1w\xff\x17\x12H\xe9\x11\x93Q0I\xf81U\ro}\xe6l\xf67\xbd\xbf\x13\x11\x92\f\x8a&\xed\xa4\xdc\xc3x?\x9d\xb5\x11k4\xd3\x1b\x05\x12\xa5`\x8a\xaf\xf0\x1eyR4\f\xd6\xfd\x00\x00\x00\x00', 0x275a, 0x0) prctl$PR_GET_SECCOMP(0x15) fallocate(r5, 0x0, 0x0, 0x110001) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000000c0)="0800b5055e0bcfe87b") ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f0000006dc0)) pipe(&(0x7f0000000200)) 04:02:21 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050006ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1673.787775][T18349] EXT4-fs (loop0): bad geometry: first data block 100925440 is beyond end of filesystem (1080) [ 1673.910100][T18476] FAULT_INJECTION: forcing a failure. [ 1673.910100][T18476] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1673.923345][T18476] CPU: 0 PID: 18476 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1673.931672][T18476] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1673.941750][T18476] Call Trace: [ 1673.945061][T18476] dump_stack+0x1fb/0x318 [ 1673.949407][T18476] should_fail+0x555/0x770 [ 1673.949427][T18476] should_fail_alloc_page+0x55/0x60 [ 1673.949436][T18476] prepare_alloc_pages+0x283/0x460 [ 1673.949450][T18476] __alloc_pages_nodemask+0xb2/0x5d0 [ 1673.949470][T18476] kmem_getpages+0x4d/0xa00 [ 1673.964160][T18476] cache_grow_begin+0x7e/0x2c0 [ 1673.964169][T18476] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1673.964182][T18476] cache_alloc_refill+0x311/0x3f0 [ 1673.964194][T18476] ? check_preemption_disabled+0xb7/0x2a0 [ 1673.964209][T18476] kmem_cache_alloc+0x2b9/0x2e0 [ 1673.964217][T18476] ? getname_kernel+0x59/0x2f0 [ 1673.964228][T18476] getname_kernel+0x59/0x2f0 [ 1674.009024][T18476] kern_path+0x1f/0x40 [ 1674.013075][T18476] tomoyo_mount_permission+0x7f1/0xa30 [ 1674.018519][T18476] ? kmem_cache_free+0xd8/0xf0 [ 1674.023270][T18476] tomoyo_sb_mount+0x35/0x40 [ 1674.027858][T18476] security_sb_mount+0x84/0xe0 [ 1674.032614][T18476] do_mount+0x10a/0x2510 [ 1674.036833][T18476] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1674.042358][T18476] ? copy_mount_options+0x5f/0x3c0 [ 1674.047493][T18476] ? copy_mount_options+0x308/0x3c0 [ 1674.052707][T18476] ksys_mount+0xcc/0x100 [ 1674.056964][T18476] __x64_sys_mount+0xbf/0xd0 [ 1674.061567][T18476] do_syscall_64+0xf7/0x1c0 [ 1674.066069][T18476] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1674.071962][T18476] RIP: 0033:0x45d09a [ 1674.075842][T18476] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1674.095425][T18476] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1674.103813][T18476] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1674.111776][T18476] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1674.119751][T18476] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1674.127713][T18476] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1674.135672][T18476] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1674.310647][T18476] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (18476) [ 1674.331444][T18511] EXT4-fs (loop0): bad geometry: first data block 100925440 is beyond end of filesystem (1080) 04:02:23 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = syz_open_procfs(r0, &(0x7f0000000200)='net/rpc\x00') setsockopt$inet_sctp6_SCTP_RESET_ASSOC(r1, 0x84, 0x78, &(0x7f0000000240), 0x4) wait4(0x0, 0x0, 0x80000002, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:23 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050007ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:23 executing program 3: perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = getpid() sched_setscheduler(r0, 0x5, &(0x7f0000000380)) r1 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r2 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r2, 0xc0184900, &(0x7f0000000080)={0x4e, 0x20000000209, 0x0, 0xffffffffffffffff}) r4 = dup2(r2, r3) ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f0000000080)={0x24024e, 0x2000000023b, 0x0, 0xffffffffffffffff}) dup2(r1, r5) 04:02:23 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000070100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:23 executing program 2 (fault-call:0 fault-nth:64): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xfeffffff) [ 1675.968180][T18633] FAULT_INJECTION: forcing a failure. [ 1675.968180][T18633] name failslab, interval 1, probability 0, space 0, times 0 [ 1676.044876][T18633] CPU: 1 PID: 18633 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1676.053269][T18633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1676.063326][T18633] Call Trace: [ 1676.066633][T18633] dump_stack+0x1fb/0x318 [ 1676.070964][T18633] should_fail+0x555/0x770 [ 1676.075389][T18633] __should_failslab+0x11a/0x160 [ 1676.080339][T18633] ? vfs_parse_fs_string+0xed/0x1a0 [ 1676.085539][T18633] should_failslab+0x9/0x20 [ 1676.090045][T18633] __kmalloc_track_caller+0x79/0x340 [ 1676.095334][T18633] kmemdup_nul+0x2a/0xa0 [ 1676.099578][T18633] vfs_parse_fs_string+0xed/0x1a0 [ 1676.104611][T18633] vfs_kern_mount+0x77/0x160 [ 1676.109317][T18633] btrfs_mount+0x34f/0x18e0 [ 1676.113822][T18633] ? check_preemption_disabled+0x47/0x2a0 [ 1676.119548][T18633] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1676.124830][T18633] ? cap_capable+0x250/0x290 [ 1676.129488][T18633] ? safesetid_security_capable+0x89/0xf0 [ 1676.135210][T18633] legacy_get_tree+0xf9/0x1a0 [ 1676.139881][T18633] ? btrfs_resize_thread_pool+0x260/0x260 [ 1676.145597][T18633] vfs_get_tree+0x8b/0x2a0 [ 1676.150016][T18633] do_mount+0x16c0/0x2510 [ 1676.154347][T18633] ? copy_mount_options+0x308/0x3c0 [ 1676.159540][T18633] ksys_mount+0xcc/0x100 [ 1676.163794][T18633] __x64_sys_mount+0xbf/0xd0 [ 1676.168379][T18633] do_syscall_64+0xf7/0x1c0 [ 1676.172895][T18633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1676.178784][T18633] RIP: 0033:0x45d09a [ 1676.182676][T18633] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1676.202386][T18633] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1676.210809][T18633] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1676.218783][T18633] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1676.226753][T18633] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1676.234725][T18633] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1676.242698][T18633] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:24 executing program 2 (fault-call:0 fault-nth:65): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1676.311987][T18635] EXT4-fs (loop0): bad geometry: first data block 117440512 is beyond end of filesystem (1080) 04:02:24 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050009ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:24 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000080100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:24 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="05000affffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1676.559766][T18957] FAULT_INJECTION: forcing a failure. [ 1676.559766][T18957] name failslab, interval 1, probability 0, space 0, times 0 [ 1676.582098][T18933] EXT4-fs (loop0): bad geometry: first data block 134217728 is beyond end of filesystem (1080) [ 1676.598183][T18957] CPU: 0 PID: 18957 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1676.606555][T18957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1676.606562][T18957] Call Trace: [ 1676.606585][T18957] dump_stack+0x1fb/0x318 [ 1676.606603][T18957] should_fail+0x555/0x770 [ 1676.606626][T18957] __should_failslab+0x11a/0x160 [ 1676.606639][T18957] should_failslab+0x9/0x20 [ 1676.606649][T18957] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1676.606661][T18957] ? legacy_init_fs_context+0x51/0xc0 [ 1676.606674][T18957] legacy_init_fs_context+0x51/0xc0 [ 1676.606684][T18957] alloc_fs_context+0x53a/0x640 [ 1676.606703][T18957] fs_context_for_mount+0x24/0x30 [ 1676.606715][T18957] vfs_kern_mount+0x2c/0x160 [ 1676.606728][T18957] btrfs_mount+0x34f/0x18e0 [ 1676.606747][T18957] ? check_preemption_disabled+0x47/0x2a0 [ 1676.606764][T18957] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1676.606775][T18957] ? cap_capable+0x250/0x290 [ 1676.606787][T18957] ? safesetid_security_capable+0x89/0xf0 [ 1676.606800][T18957] legacy_get_tree+0xf9/0x1a0 [ 1676.699796][T18957] ? btrfs_resize_thread_pool+0x260/0x260 [ 1676.705521][T18957] vfs_get_tree+0x8b/0x2a0 [ 1676.709945][T18957] do_mount+0x16c0/0x2510 [ 1676.714278][T18957] ? copy_mount_options+0x308/0x3c0 [ 1676.719474][T18957] ksys_mount+0xcc/0x100 [ 1676.723721][T18957] __x64_sys_mount+0xbf/0xd0 [ 1676.728321][T18957] do_syscall_64+0xf7/0x1c0 [ 1676.732840][T18957] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1676.738728][T18957] RIP: 0033:0x45d09a [ 1676.742615][T18957] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1676.762211][T18957] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1676.770617][T18957] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1676.778677][T18957] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1676.786756][T18957] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1676.794725][T18957] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1676.802691][T18957] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:24 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000090100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:24 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050020ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1677.015693][T19074] EXT4-fs (loop0): bad geometry: first data block 150994944 is beyond end of filesystem (1080) [ 1677.096013][T19205] EXT4-fs (loop0): bad geometry: first data block 150994944 is beyond end of filesystem (1080) 04:02:26 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r3, &(0x7f0000000140)={0x1d, r5}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)={0x19, 0x2, 0x81, 0x1, 0x40, r2, 0x3f, [], r5, 0xffffffffffffffff, 0x0, 0x2}, 0x3c) 04:02:26 executing program 3: r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_OPEN(r0, &(0x7f0000000200)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x20) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r2, 0x0, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x4, 0x141001) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') ioctl$DRM_IOCTL_GEM_OPEN(r4, 0xc010640b, &(0x7f0000000280)={0x0, 0x0, 0x3}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000340)={r5}) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r6, r7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x202800, 0x0) r8 = socket(0xa, 0x3, 0x8) r9 = syz_open_dev$amidi(0x0, 0x9c4, 0x70000) write$RDMA_USER_CM_CMD_CREATE_ID(r9, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) waitid(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000480)) sendmsg$key(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f0000000640)=ANY=[@ANYRES64, @ANYRESHEX, @ANYRESDEC]], 0xfffffffffffffe56}}, 0x20004850) memfd_create(&(0x7f0000000580)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) gettid() r10 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r10, &(0x7f0000000000)=[{&(0x7f0000000100)}, {&(0x7f0000000180)="53000000c90dca807737f408177021bd01d3be55090000000001a0000000000000000000", 0x24}], 0x2) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001880)='bond_slave_0\x00'}, 0x30) shutdown(r1, 0x1) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000002c0)) r11 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x202800, 0x0) ioctl$VIDIOC_G_STD(r11, 0x80085617, &(0x7f0000000140)) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000100)={0x0, 0x1, 0x8000}) 04:02:26 executing program 2 (fault-call:0 fault-nth:66): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:26 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050040ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:26 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000000a0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xff600000) [ 1679.063289][T19278] FAULT_INJECTION: forcing a failure. [ 1679.063289][T19278] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1679.076536][T19278] CPU: 0 PID: 19278 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1679.084863][T19278] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1679.094921][T19278] Call Trace: [ 1679.098267][T19278] dump_stack+0x1fb/0x318 [ 1679.102608][T19278] should_fail+0x555/0x770 [ 1679.107039][T19278] should_fail_alloc_page+0x55/0x60 [ 1679.112249][T19278] prepare_alloc_pages+0x283/0x460 [ 1679.117379][T19278] __alloc_pages_nodemask+0xb2/0x5d0 [ 1679.122679][T19278] kmem_getpages+0x4d/0xa00 [ 1679.127192][T19278] cache_grow_begin+0x7e/0x2c0 [ 1679.131968][T19278] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1679.137439][T19278] cache_alloc_refill+0x311/0x3f0 [ 1679.142468][T19278] ? check_preemption_disabled+0xb7/0x2a0 [ 1679.148202][T19278] kmem_cache_alloc+0x2b9/0x2e0 [ 1679.153054][T19278] ? getname_kernel+0x59/0x2f0 [ 1679.157820][T19278] getname_kernel+0x59/0x2f0 04:02:26 executing program 3: r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_OPEN(r0, &(0x7f0000000200)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x20) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r2, 0x0, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x4, 0x141001) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') ioctl$DRM_IOCTL_GEM_OPEN(r4, 0xc010640b, &(0x7f0000000280)={0x0, 0x0, 0x3}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000340)={r5}) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r6, r7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x202800, 0x0) r8 = socket(0xa, 0x3, 0x8) r9 = syz_open_dev$amidi(0x0, 0x9c4, 0x70000) write$RDMA_USER_CM_CMD_CREATE_ID(r9, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) waitid(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000480)) sendmsg$key(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f0000000640)=ANY=[@ANYRES64, @ANYRESHEX, @ANYRESDEC]], 0xfffffffffffffe56}}, 0x20004850) memfd_create(&(0x7f0000000580)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) gettid() r10 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r10, &(0x7f0000000000)=[{&(0x7f0000000100)}, {&(0x7f0000000180)="53000000c90dca807737f408177021bd01d3be55090000000001a0000000000000000000", 0x24}], 0x2) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001880)='bond_slave_0\x00'}, 0x30) shutdown(r1, 0x1) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000002c0)) r11 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x202800, 0x0) ioctl$VIDIOC_G_STD(r11, 0x80085617, &(0x7f0000000140)) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000100)={0x0, 0x1, 0x8000}) [ 1679.162414][T19278] kern_path+0x1f/0x40 [ 1679.166490][T19278] tomoyo_mount_permission+0x7f1/0xa30 [ 1679.172049][T19278] ? kmem_cache_free+0xd8/0xf0 [ 1679.176831][T19278] tomoyo_sb_mount+0x35/0x40 [ 1679.182747][T19278] security_sb_mount+0x84/0xe0 [ 1679.187513][T19278] do_mount+0x10a/0x2510 [ 1679.187528][T19278] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1679.187538][T19278] ? copy_mount_options+0x5f/0x3c0 [ 1679.187552][T19278] ? copy_mount_options+0x308/0x3c0 [ 1679.187566][T19278] ksys_mount+0xcc/0x100 [ 1679.187578][T19278] __x64_sys_mount+0xbf/0xd0 [ 1679.187595][T19278] do_syscall_64+0xf7/0x1c0 [ 1679.197343][T19278] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1679.197353][T19278] RIP: 0033:0x45d09a [ 1679.197364][T19278] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1679.197370][T19278] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1679.197380][T19278] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1679.197386][T19278] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1679.197393][T19278] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1679.197399][T19278] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1679.197404][T19278] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1679.305836][T19278] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (19278) [ 1679.327499][T19277] EXT4-fs (loop0): bad geometry: first data block 167772160 is beyond end of filesystem (1080) 04:02:27 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500fcffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:27 executing program 3: r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x3, 0x2) write$FUSE_OPEN(r0, &(0x7f0000000200)={0x20, 0x0, 0x0, {0x0, 0x11}}, 0x20) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @broadcast}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000180)='/dev/snd/midiC#D#\x00', 0x2, 0x0) read(r2, 0x0, 0x0) r3 = syz_open_dev$mouse(&(0x7f0000000240)='/dev/input/mouse#\x00', 0x4, 0x141001) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/route\x00') ioctl$DRM_IOCTL_GEM_OPEN(r4, 0xc010640b, &(0x7f0000000280)={0x0, 0x0, 0x3}) ioctl$DRM_IOCTL_GEM_FLINK(r3, 0xc008640a, &(0x7f0000000340)={r5}) r6 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000002800)='/dev/ashmem\x00', 0x0, 0x0) r7 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/sequencer2\x00', 0x2, 0x0) dup2(r6, r7) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vga_arbiter\x00', 0x202800, 0x0) r8 = socket(0xa, 0x3, 0x8) r9 = syz_open_dev$amidi(0x0, 0x9c4, 0x70000) write$RDMA_USER_CM_CMD_CREATE_ID(r9, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000080)=ANY=[], 0x1de}}, 0x0) waitid(0x0, 0x0, &(0x7f0000000040), 0x0, &(0x7f0000000480)) sendmsg$key(r8, &(0x7f00000006c0)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYPTR64=&(0x7f0000000640)=ANY=[@ANYRES64, @ANYRESHEX, @ANYRESDEC]], 0xfffffffffffffe56}}, 0x20004850) memfd_create(&(0x7f0000000580)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x4) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) gettid() r10 = syz_open_dev$sg(&(0x7f0000001580)='/dev/sg#\x00', 0x0, 0x5) writev(r10, &(0x7f0000000000)=[{&(0x7f0000000100)}, {&(0x7f0000000180)="53000000c90dca807737f408177021bd01d3be55090000000001a0000000000000000000", 0x24}], 0x2) syz_open_dev$dmmidi(&(0x7f00000000c0)='/dev/dmmidi#\x00', 0x5, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000018c0)={0x0, 0xffffffffffffffff, 0x0, 0xd, &(0x7f0000001880)='bond_slave_0\x00'}, 0x30) shutdown(r1, 0x1) ioctl$sock_inet_udp_SIOCINQ(r1, 0x541b, &(0x7f00000002c0)) r11 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x202800, 0x0) ioctl$VIDIOC_G_STD(r11, 0x80085617, &(0x7f0000000140)) ioctl$CAPI_REGISTER(0xffffffffffffffff, 0x400c4301, &(0x7f0000000100)={0x0, 0x1, 0x8000}) 04:02:27 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000000b0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:27 executing program 2 (fault-call:0 fault-nth:67): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1679.608573][T19620] EXT4-fs (loop0): bad geometry: first data block 184549376 is beyond end of filesystem (1080) [ 1679.622137][T19709] FAULT_INJECTION: forcing a failure. [ 1679.622137][T19709] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1679.635366][T19709] CPU: 1 PID: 19709 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1679.643692][T19709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1679.653751][T19709] Call Trace: [ 1679.657057][T19709] dump_stack+0x1fb/0x318 [ 1679.661509][T19709] should_fail+0x555/0x770 [ 1679.665937][T19709] should_fail_alloc_page+0x55/0x60 [ 1679.671143][T19709] prepare_alloc_pages+0x283/0x460 [ 1679.676264][T19709] __alloc_pages_nodemask+0xb2/0x5d0 [ 1679.681572][T19709] kmem_getpages+0x4d/0xa00 [ 1679.686087][T19709] cache_grow_begin+0x7e/0x2c0 [ 1679.690865][T19709] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1679.696339][T19709] cache_alloc_refill+0x311/0x3f0 [ 1679.701378][T19709] ? check_preemption_disabled+0xb7/0x2a0 [ 1679.707114][T19709] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 1679.712509][T19709] ? btrfs_mount_root+0x12c/0x1030 [ 1679.717630][T19709] btrfs_mount_root+0x12c/0x1030 [ 1679.722589][T19709] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1679.727874][T19709] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1679.733607][T19709] ? trace_kfree+0xb2/0x110 [ 1679.738116][T19709] legacy_get_tree+0xf9/0x1a0 [ 1679.742794][T19709] ? btrfs_control_open+0x40/0x40 [ 1679.747823][T19709] vfs_get_tree+0x8b/0x2a0 [ 1679.752239][T19709] vfs_kern_mount+0xc2/0x160 [ 1679.756825][T19709] btrfs_mount+0x34f/0x18e0 [ 1679.761337][T19709] ? check_preemption_disabled+0x47/0x2a0 [ 1679.767062][T19709] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1679.772348][T19709] ? cap_capable+0x250/0x290 [ 1679.776952][T19709] ? safesetid_security_capable+0x89/0xf0 [ 1679.782675][T19709] legacy_get_tree+0xf9/0x1a0 [ 1679.787360][T19709] ? btrfs_resize_thread_pool+0x260/0x260 [ 1679.793084][T19709] vfs_get_tree+0x8b/0x2a0 [ 1679.797509][T19709] do_mount+0x16c0/0x2510 [ 1679.801841][T19709] ? copy_mount_options+0x308/0x3c0 [ 1679.807041][T19709] ksys_mount+0xcc/0x100 [ 1679.811285][T19709] __x64_sys_mount+0xbf/0xd0 [ 1679.815879][T19709] do_syscall_64+0xf7/0x1c0 [ 1679.820391][T19709] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1679.826293][T19709] RIP: 0033:0x45d09a [ 1679.830197][T19709] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1679.849813][T19709] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:27 executing program 3: [ 1679.858235][T19709] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1679.866208][T19709] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1679.874181][T19709] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1679.882154][T19709] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1679.890134][T19709] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1679.942752][T19709] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (19709) 04:02:29 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000008, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(0xffffffffffffffff, 0xc1105511, &(0x7f00000002c0)={{0x6, 0x7, 0x8, 0x7f, '\x00', 0x2}, 0x5, 0x8, 0x9, r1, 0x4, 0xd42, 'syz1\x00', &(0x7f0000000000)=['\x00', '\x00', '\x00', '\x00'], 0x4, [], [0x81, 0x0, 0x2, 0x9]}) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:29 executing program 3: 04:02:29 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050002ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:29 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000000c0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:29 executing program 2 (fault-call:0 fault-nth:68): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xfffffffe) [ 1682.138506][T19718] FAULT_INJECTION: forcing a failure. [ 1682.138506][T19718] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1682.151765][T19718] CPU: 1 PID: 19718 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1682.160092][T19718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1682.170149][T19718] Call Trace: [ 1682.170171][T19718] dump_stack+0x1fb/0x318 [ 1682.170189][T19718] should_fail+0x555/0x770 [ 1682.170209][T19718] should_fail_alloc_page+0x55/0x60 [ 1682.177806][T19718] prepare_alloc_pages+0x283/0x460 [ 1682.177823][T19718] __alloc_pages_nodemask+0xb2/0x5d0 [ 1682.177845][T19718] kmem_getpages+0x4d/0xa00 [ 1682.177859][T19718] cache_grow_begin+0x7e/0x2c0 [ 1682.207068][T19718] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1682.212526][T19718] cache_alloc_refill+0x311/0x3f0 [ 1682.217559][T19718] ? check_preemption_disabled+0xb7/0x2a0 [ 1682.223294][T19718] __kmalloc+0x318/0x340 [ 1682.227552][T19718] ? tomoyo_realpath_from_path+0xdc/0x7c0 [ 1682.233290][T19718] tomoyo_realpath_from_path+0xdc/0x7c0 04:02:29 executing program 3: [ 1682.238857][T19718] tomoyo_mount_permission+0x923/0xa30 [ 1682.244340][T19718] ? kmem_cache_free+0xd8/0xf0 [ 1682.249125][T19718] tomoyo_sb_mount+0x35/0x40 [ 1682.253722][T19718] security_sb_mount+0x84/0xe0 [ 1682.258493][T19718] do_mount+0x10a/0x2510 [ 1682.262733][T19718] ? kmem_cache_alloc_trace+0x23a/0x2f0 [ 1682.268272][T19718] ? copy_mount_options+0x5f/0x3c0 [ 1682.273384][T19718] ? copy_mount_options+0x308/0x3c0 [ 1682.278585][T19718] ksys_mount+0xcc/0x100 [ 1682.282827][T19718] __x64_sys_mount+0xbf/0xd0 [ 1682.287427][T19718] do_syscall_64+0xf7/0x1c0 [ 1682.291946][T19718] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1682.297847][T19718] RIP: 0033:0x45d09a [ 1682.301744][T19718] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1682.321355][T19718] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1682.329768][T19718] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1682.337737][T19718] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1682.345709][T19718] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1682.353684][T19718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1682.361658][T19718] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:30 executing program 3: [ 1682.387017][T19718] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (19718) [ 1682.406558][T19717] EXT4-fs (loop0): bad geometry: first data block 201326592 is beyond end of filesystem (1080) 04:02:30 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = request_key(&(0x7f0000000000)='encrypted\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f0000000080)='\x00', 0xfffffffffffffffc) keyctl$instantiate_iov(0x14, r2, &(0x7f0000002500)=[{&(0x7f00000012c0)="b3cf7929c06d19e0ccfcc8ab6a5d902173dbd6f4657a779193f6784d3d6d616f78962bbf1f4fdf933b1510a4779d97ddd6a3ebb81ced2721407679e6df5a5702607f9b047808364d5b3a7587753a2ac3a1b9da794e8f6a902cb23875c0285ad653ff6b20d11c4d1b50f1ac021a52fc2a5ab8875ac125be60db7fa545051416e88730cba9470d19cb4200733d5f7ed5b11315e23f4fc8676373743b3f4969702a710563436167cf7dcdde17aad448d29d1b3a04bc1d19aeba7f5e17a929e4afe0df28d57fa548579da8e59d6442b4c2fcb7d592e872097f096c941aacb5fbfe97b5085fddf17c30fa5255b1e76a0e2ca4453faada373138546947070b7c66b752058be697a368a8413cb268f63bf1d5b8ae670d9752c091245efb717abd16b998fdcaa27e01ad630eee45bde4f1306e8622b83b449f73be4bc2dd6ead0ab995cf213a480c30950fc4bc85c98458d56b3eda1fcc405c37cb9677ee0a6592df7654d7aa4cf93f12a1e6bfa996c817108d5aa96501de56ae4a5c80845ee61ee2e606b7a9194fe8c3432eab1b7e4ad7acf60b1c6360fb235beea8fefe89d16d087fcfb69b1af0e81cdcfd24b5f6dc5b1f10b9959c55f4d71cc32127a157b21e2c9b3ef6a145f128e70d12a968483ed95256ab1ecf13b1ccfcb777bbd28a2856c633d9d31b9da436ac42177a3b7a64a0d232f88bf35ffcbbea8c08a5cb23d873230f91daccf1a8138d420c83de16262d2f1f7e70d0b2e5b5d48fdd055085875574f1aab78cea82a92326a3913bfe28d223345e47bb09e8cf267c1b441f09f8f652b2ca72f1499b2d2237ad5a1da00544e3971efb1e6afd592c79e9194ca89b9542db1e0e54488dad751897923f9a75c22300e92fad9eb273b7a434dc37f6d336788006f0d525212d354186729028d583b6c0bcaaa261353c10e583a524015da42fae568ab867d8045aa84ae27386ff0b97cc21889114698052ac08b05c2bb704b5f663b901bc271025381412d4a471051a56f6f77dfc0717e647e8924eae4e53f03bdedbea785bbee6c7fa772f10e9a72b7747eeb65bed6c9d10b58bb57bc3ce11fca3feef36c0648a6759e6bd75f82145c12bcbdf880fc2c147c26a9b883f0bdd0ffea7454f572d0c7238c3a3b4c83c1870a97f49755c8c282d9337abe7b424d0bbe966a798fa650020cf70f506730623f7f70a1ccb80cd6577a1f461291c6cfb359ca9e1b60e66026db69c8242e48c6afa89851beb9b4d3f9a769303b9578b7cbbfeb3d22c9f5fd7c592799a1be804a4ffa2bf2c1ac594eb810364e03e328e1885e1f7f2af92cb4cd4a2086ea85a33106d897657f8c410cff01f38edd818de81eba3cbd58a547c21386cb2462542c792109fc9badf13d55b81b89870bac254ec200d9f11cde5cb5a14f203109985fb49fb58413be59cb6ad8ec6f901007df126fa2de209a64309499b346b8291d6e3decb924054e30ddd28ac8ffa3e709325bd84b7cc11d1b0f6cfd3f12ab3da629261882ecebaf71c53e5842d0b4dcc0b8e70f143c51deeac09ce3fa7ceb110888656c946ddc6a453e5f109c69a93ce7a9716b4d2c3fcc4df0e0f71fa7f0b88564c8b7aa66d5bc76be3f6df7306220a98587e14b116709e95bf74e22cb2912c8c7bc0da03b9bdbafcc6dcf20ab28392123bb66f719408c847e8cb98db2004e583162537810061f009be4436eeeeb10a3e9c0f2e7bddbee4a6392867835fd2639b3cdf6a1b506987fe0b205615a3a9195bbb47980075efdc0c4917e1f349c1453e7814a8cab000460af5b0deba17056e3eb4aaa08610a914eaf75ff7713a7f000b15bd4883bef7732795b6514b919739968bd9428494fd7bf432153dbe639eaf75ad7bb37c35c918e8973eb7653fd9022d52ce3f64184716b5031be0fc5d1c36733706b8e0fa200a5b491984cb5d4a74de9983fac835138709de4c4af0830f8cefc0584280b14c0b86a056d2dc96084a94335c8a21ebbcb3f578552fa316bbea46b0c82894fb8bcd2abdec081ad79945515c36a941ab51b820fde7ab62ffb8f7993632ad7a8d5f8895ac5f6c8d3d4921527e4cc2e063b670560b2bfad271319696a89699b497c85a32e5d39ffa87192aef17f8dd1eed7d09e6d5d1b3cfafbf911d00bbea582d90b570f8ca1b45d487f4d457fef6a0bd60921156ca52e728c05fa14e223316dd096e24b9e77f2f5f1298de8d01601358494bef48ce220492b6da00299b790c3e74115150b4ced62f1e610361ce89528d02aee343ac31ba76d95ffd774e2681a0fee3cc6391e2d9fd5d99289a31349beaa06414a4e54ef04def2057bc64163a1c192164328adc452ef4a3b1ac44100e9182fd02557447fd8f716addf6bc8b58dce2d807dafc833af1e2c679b7a10ceeb1e937d6f9fd94d7cbe822cca7267d870750a49d1106ad45f6cd338eb0ea057176523e96a51e5aec98c5a06dddf9f22f3b2a21534deb9e01f47bcaee15bd47af24365d19a7c8ff518cb3a5a5aff1fb96dba87acfc3c7db655242d2cdd46f2c7e60f5d79d3c91a63c4aba0a0af98e7ff601ad6950568cb8419833fffbb07c9e10d5c2afa74d216bde02c2add4bdf71db17cdf4756109fe3c6aeab129548c29ceefc1b815a6932a81797745cda180a993a52d40ca394216648bfe41713a717d5362bb4e8da2b5a031c58fd69afe6e2b5f3925dc8f9caf531e0878786ac30ffe9aa38980d547a6f493fe4de69512d60c145d8a96a94400cda87d6929ebdab3520a49ff398db23baf9e0562855fd7f6f82060fbc4481f07ec9f2213fc6bb50a1eeb29a8e5a83ea5cf7315582bdf3e7f26bb6be82d8dfec77fbf1f5e359d4ca681bddecee1f9aa97c8fb5bcdfc27ab73e52423af2611b06afe2d7ebd10402dc5933a7e794c877b66e29db1e4adc080082e9badee98a84fca91ee3866b0c8956bc6ee3ac7204757c515f29722ec9a891493136d930f4957bec1cf2f72cb2c4cc9a160b2f86c61c28c46e93853fc91250331aca7fb18b792484787c9f8b48b3d80eaa569ae5e6636ee7098f091f856536db2eb33f99d9a2c2ab8a632ff1dcf7b146f50e3cde4d11c7edfac3976187b048a90c281f49ea5e094846785e45e1cb20b6b24e48868dae4071c750603590160cd1b7c0a383bffb6d0593f63ef050ef2fb40b6ca773d0e8663f6e17e14297832066dc0acbbcf38c0dc6a12525f9336a38f701fc38bb842e5334748a6260c14f9155c1f8c0c5f5fa972cb780978258791cc32c032c72c95a189a86aec00d9dac285ae03af88c32da7e64b41fa851d88cf305f3600c1c802fa35796b7a926d9ea8349ebaa0dcec651601b5253a53c1ddf66d9f8556c374a9b5d7b3ea8a69cd261b6c830f2b4a9558ae3032ac1d5570d9d827db27abf574ec80acbc0c237a99642425805ac0403353cf02628a1c2081a36e2d4eb0475ef4126c32e898c26dcc599efcef872ee83355eb0abb3a86fa9f7d072e5980843a0a35390b160ddedbb20fad5b9f00522552a21d0a7ba87347749382ee208e3758b5eeb557122ecf4a7a036d2e5a79dc96f6d9bde981ff69e68eec882091115a3d9106dfc560685038f4a60caf93dd9a6a350c53b2ebb4b1d011e6c85b1f960eb58a119b5900c0da8ed80d8e99eca3bc070f3bad9e18ca8ee86c9ed4d160c7bc9520f1c36759509a16645c07e5ebbb2e2e5fb6da79e488b9a03fba3529e26d7982d696fceefd00f3267b7d41db81c3348cd52504b40532a79aa9eafbaea7018867d210bf80dde480bb2600d206c3790644adb4b7229ae462d4333edfeb03bb21e0878b18e4f509ad08cb0ac80130ac4346a84bc13df2080b8d8a1923405d928f8b5a05d221f3e39e838bc48048caf17b9ce19c8d7082eff69356ff90880108aea08b99809d937c4a6badd7f135c95487d4e2e2096dfd551ddd09e517dc7f3e47b17813488d85bb657261837728e31305e8d3719b542cf64cbe55b6a177c48865f33529136027e1b81ad172a3e3d729ce4ab530f1e49874bfef8ddb08cf40b72ae90585af947f86eea8509e9542a21d837bcdf1de2d79abb02d5d07eb7805af46d67134fa11c29aaec5c528cf81397e79c8e28009b867068918be1d4974abc48a511286aebd1ee13371757c6099b2568a5b8579f6fac2c879ae43e531214cc43ade47a7fa208e0576d062db736e95a4981e55ad9cce1a3f6d7ed6c1685796976fb7e05e2385187c61d8b39585b65f78dd14d3f83604ce01491f5d63ec5b6076f6e0897249398ca66a90078b1510e2c148e1f45a9bf317bf9cdc0f0c053fe600a37be75f24e206bfb2ea36a8e1f763ae167b07531df3c81cb604ff68a1c0a9674d002e1c8cb1520bc20ebdf312407816adb8a552238f189b393cae5450c4721e7284296a98040357bf29e2faf953492d4e21b2b36f2193e96d6d94d8cf3653fc5b24829db74e95d9e4b4d369a77f5590198bd2d4e7d5c6746ab0ac8d83df274823f3da7dd90a89318561264ca7362857cb898cc014c7779dc990005a5dd1616eebbb4d58d1405b6ceede0a4bdb1cdc6af28a951211dea947b5a68aa7f565dc1f376ea5429c89df0d65d8ec18acfa1acb1444dce50238b7b0171bc3af443cb7d7e0af25937903e95ecc6f102f7abfc476bba4a53094e42def8a9dced76618dc04b1d06d1d3f90fcc4b867e6c71d35dc29574bc7b88d26fa024d3cf359f93f99e3296070d97501e7669041c97fa17cc225043eacbb8d0fa158af28fe5e8b134926c7394225efc6fb5306e714af8a2a28f9e3657632d885591134c91efac7788180dec6350b40f4ed096bcef10c01a25969e52ea62df1e434d2983a6b74d17c07bb935ea4e6451fc77e8f4c3350716b08e582d934cc62617f3921133c2f0bf7ed4340c11f3c64945e66462a3ea59cfffef4daa9ad2b865afc1b9a4be5e5c3d0cc233173cf8f33d479480d7adf4a293ed445e829eeaefaf390682613f6259d48bea52c36cb8ba22119fb319c882448f683423376292c9e4bdc62fd10444150b7740f45034caf6122f994bffd6942460bcd6413077df9eb59c06a338f294f2ea3dd4bd147a9eb3da5a35beaf0d2891048b877080d58b6ee33132075fda5b5cb11f3c9058db0f5e509b61be8a6a4036f6de49208cb93ee190776983f05f319df703adc75dab49b24df451c0b6b71f0f22b16a80be619430f1911931e5b3792dcab19967a034b22ef53fff6e1463d7db55992b57438a0d8755dbb00bb3da08424e3797b79bc43ccd075c93e63040e357255153b6503848e5df87dcbd3db02fddbf0fc4a196d47646a1c24d0d07da59d652970d5af1448a764fa58e408ba0863294076f849c2a7c7a9843515c94c509d5bb5a07a3eb8f6e05319cee38b41e6d605aa656efd70defa6cf9b8bb30f76c2f5e3d127699da256e7e0a7abf4b3a956ea8122b04d2c85a1a83ca5736332fa7d649496ef180be3cbc13f565ba77aea016b5c820a9263da0d1bad781df8f862d20659f88bf6dbace45da02f930a9b78e0a2c4b72a66275d8d37f15cc2f0015dd005fbb9982283d8341b21ee192490ec56b308c0e40088ccf8e54e67fa1d4d7cae91faec02dd526cec83290bcaf1fdf94b8910e8059eeb66e909f70b0b1e7cfdd2abe4ddd5cd0efef1c523996fdf7820ed5be03e5f3f19a1ed5833b01d99ac4d704a0255ad178cf8b4948aeeecd1b4be287096cd51424540a8dc73c78d8204c0a79ce223609d17e9f0a2928bd5628f56b6c853908f14b4de55b74a180050db9e783d5f4af40189aac5555691542f726ed30001a5043e", 0x1000}, {&(0x7f0000000100)="942f752783a1a84bead7c68132ec167550e14227d5a3945351ef7ee9b285c49deed3de097470fd2e91d391a542f4f5a4f2d973a8effd3d77dd7e99eddb2ba5a2f78d3a7a93e12f9c415f9af95bde07fc42d4f700fbe2964fba42d077ac9c218c0e7657acc832b87d5b3f903065d6143bdc16816f5af8a9d95fb0367d5ab961ca3d1e8ac9545c3e304268590991572a477a80608efc", 0x95}, {&(0x7f00000022c0)="caae91a4337957b03fba7559269798300f0c4abf1ea0aed1dee94de1024c267b3afc9cbd4e4b3e26aad48a5d00358c9a7d0ac12495cd52c7feb723d3415c0d02f6d37adafb6154b7f7ff257106a273aedc1aa646e04dfcc3353f26d53d010b7b374c23eb8ad6fff16618a39f5b0acb4425970f00f683300ce439bdb6b32327dbe0f1474a1d5c68910d93339ebb9bac6a0facf721d442f3c9cf8ac1", 0x9b}, {&(0x7f0000002380)}, {&(0x7f00000023c0)="372a807d4fe39c748d6426b865c0325aaea5038a7d828d829e382e2e3c37191d640fe825e07fb038e7485b32f560fae35132e9838f68e3cc65d1fe26b33424dade49229440e430e855347a68bccab032583b2d58069dbf6b6db29464cc3de1f4fa92c030efe56238d742508f594eb3968346b3270cad73d22dd399e913ed4b39d0f14b48ea989320", 0x88}, {&(0x7f0000002480)="2f7ffbb77527fe7a0fba38c14fb59e7c5afa8115ab66106010fbb75cbe0ac2424f3e2fb8e7d3a948e8fa5319db906f04ea278fce8e1b79e560813a54f7e65cbf828b71557e8dfa3b77828b947b550475531a323bdaf2e95146362c0c7facc740ba73cbc4bd0352e46207", 0x6a}], 0x6, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ioctl$EVIOCGABS0(r1, 0x80184540, &(0x7f00000002c0)=""/4096) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:30 executing program 3: 04:02:30 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050003ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:30 executing program 3: 04:02:30 executing program 2 (fault-call:0 fault-nth:69): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:30 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000000d0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:30 executing program 3: r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000000)={{0x6, @rose}, [@rose, @rose, @default, @netrom, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @rose]}, 0x48) listen(r0, 0x0) socket(0x0, 0x0, 0x0) r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00'}) syz_genetlink_get_family_id$tipc(0x0) recvmsg(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000180)=""/152, 0x98}, {&(0x7f0000000300)=""/53, 0x35}], 0x2}, 0x0) 04:02:30 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) lsetxattr$trusted_overlay_redirect(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000300)='trusted.overlay.redirect\x00', &(0x7f0000000340)='./file0\x00', 0x8, 0x2) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000180)='/dev/dlm-monitor\x00', 0x80, 0x0) ioctl$TIOCGSID(r4, 0x5429, &(0x7f0000000040)=0x0) ioctl$TIOCSPGRP(r2, 0x5410, &(0x7f0000000080)=r5) ptrace$cont(0x18, r0, 0x0, 0x0) setsockopt$inet6_tcp_int(r2, 0x6, 0x17, &(0x7f0000000140)=0x9a35, 0x4) socketpair$unix(0x1, 0x0, 0x0, 0x0) r6 = socket$inet(0x10, 0x2, 0xc) sendmsg(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r7 = dup3(r6, 0xffffffffffffffff, 0x80000) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$netrom_NETROM_T2(r7, 0x103, 0x2, &(0x7f0000000100)=0x20, 0x4) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) signalfd4(r10, &(0x7f0000000380)={0x5}, 0x8, 0x800) openat$cgroup_ro(r9, &(0x7f0000000000)='hugetlb.2MB.usage_in_bytes\x00', 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1682.652898][T19941] FAULT_INJECTION: forcing a failure. [ 1682.652898][T19941] name failslab, interval 1, probability 0, space 0, times 0 [ 1682.695659][T19941] CPU: 0 PID: 19941 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1682.704134][T19941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1682.714199][T19941] Call Trace: [ 1682.717500][T19941] dump_stack+0x1fb/0x318 [ 1682.721836][T19941] should_fail+0x555/0x770 [ 1682.726264][T19941] __should_failslab+0x11a/0x160 [ 1682.731207][T19941] should_failslab+0x9/0x20 [ 1682.735719][T19941] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 1682.741443][T19941] ? __kmalloc_node+0x3c/0x60 [ 1682.746136][T19941] ? smack_sb_eat_lsm_opts+0x867/0xa20 [ 1682.751604][T19941] __kmalloc_node+0x3c/0x60 [ 1682.756116][T19941] kvmalloc_node+0xcc/0x130 [ 1682.760615][T19941] btrfs_mount_root+0xe3/0x1030 [ 1682.765456][T19941] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1682.765469][T19941] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1682.765482][T19941] ? trace_kfree+0xb2/0x110 [ 1682.765497][T19941] legacy_get_tree+0xf9/0x1a0 [ 1682.765507][T19941] ? btrfs_control_open+0x40/0x40 [ 1682.765523][T19941] vfs_get_tree+0x8b/0x2a0 [ 1682.776492][T19941] vfs_kern_mount+0xc2/0x160 [ 1682.776506][T19941] btrfs_mount+0x34f/0x18e0 [ 1682.776527][T19941] ? check_preemption_disabled+0x47/0x2a0 [ 1682.776544][T19941] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1682.776553][T19941] ? cap_capable+0x250/0x290 [ 1682.776564][T19941] ? safesetid_security_capable+0x89/0xf0 [ 1682.776576][T19941] legacy_get_tree+0xf9/0x1a0 [ 1682.776584][T19941] ? btrfs_resize_thread_pool+0x260/0x260 [ 1682.776595][T19941] vfs_get_tree+0x8b/0x2a0 [ 1682.776606][T19941] do_mount+0x16c0/0x2510 [ 1682.844456][T19941] ? copy_mount_options+0x308/0x3c0 [ 1682.849631][T19941] ksys_mount+0xcc/0x100 [ 1682.853856][T19941] __x64_sys_mount+0xbf/0xd0 [ 1682.858425][T19941] do_syscall_64+0xf7/0x1c0 [ 1682.862907][T19941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1682.869135][T19941] RIP: 0033:0x45d09a [ 1682.873015][T19941] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1682.892594][T19941] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1682.900978][T19941] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1682.908928][T19941] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1682.916876][T19941] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1682.924824][T19941] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1682.932772][T19941] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:30 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050005ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1682.942998][T20014] EXT4-fs (loop0): bad geometry: first data block 218103808 is beyond end of filesystem (1080) [ 1683.132744][T19941] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (19941) 04:02:32 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x200000000000) 04:02:32 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) clock_gettime(0x4, &(0x7f0000000000)) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:32 executing program 3: capset(&(0x7f0000000240)={0x20080522}, &(0x7f0000000000)={0x0, 0x2}) clone(0x4000000006ffd, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='personality\x00') exit(0x0) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)=""/141, 0x8d}], 0x1, 0x0) 04:02:32 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000000e0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:32 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050006ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:32 executing program 2 (fault-call:0 fault-nth:70): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1685.290314][T20259] FAULT_INJECTION: forcing a failure. [ 1685.290314][T20259] name failslab, interval 1, probability 0, space 0, times 0 [ 1685.312671][T20259] CPU: 1 PID: 20259 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1685.321059][T20259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1685.331123][T20259] Call Trace: [ 1685.334413][T20259] dump_stack+0x1fb/0x318 [ 1685.338757][T20259] should_fail+0x555/0x770 [ 1685.343333][T20259] __should_failslab+0x11a/0x160 [ 1685.348268][T20259] ? btrfs_mount+0x83/0x18e0 [ 1685.352851][T20259] should_failslab+0x9/0x20 [ 1685.357349][T20259] __kmalloc_track_caller+0x79/0x340 [ 1685.362627][T20259] ? __fs_reclaim_release+0x4/0x20 [ 1685.367721][T20259] kstrdup+0x34/0x70 [ 1685.371597][T20259] btrfs_mount+0x83/0x18e0 [ 1685.376000][T20259] ? check_preemption_disabled+0x47/0x2a0 [ 1685.381700][T20259] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1685.386960][T20259] ? cap_capable+0x250/0x290 [ 1685.391533][T20259] ? safesetid_security_capable+0x89/0xf0 [ 1685.397235][T20259] legacy_get_tree+0xf9/0x1a0 [ 1685.401890][T20259] ? btrfs_resize_thread_pool+0x260/0x260 [ 1685.407599][T20259] vfs_get_tree+0x8b/0x2a0 [ 1685.411999][T20259] do_mount+0x16c0/0x2510 [ 1685.416323][T20259] ? copy_mount_options+0x308/0x3c0 [ 1685.421500][T20259] ksys_mount+0xcc/0x100 [ 1685.425720][T20259] __x64_sys_mount+0xbf/0xd0 [ 1685.430292][T20259] do_syscall_64+0xf7/0x1c0 [ 1685.434779][T20259] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1685.440667][T20259] RIP: 0033:0x45d09a [ 1685.444541][T20259] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1685.464122][T20259] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1685.472512][T20259] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1685.480463][T20259] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1685.488424][T20259] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1685.496371][T20259] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1685.504319][T20259] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1685.517612][T20264] EXT4-fs (loop0): bad geometry: first data block 234881024 is beyond end of filesystem (1080) 04:02:33 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050007ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:33 executing program 2 (fault-call:0 fault-nth:71): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:33 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000100100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1685.765498][T20486] EXT4-fs (loop0): bad geometry: first data block 268435456 is beyond end of filesystem (1080) 04:02:33 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050008ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1685.855758][T20590] FAULT_INJECTION: forcing a failure. [ 1685.855758][T20590] name failslab, interval 1, probability 0, space 0, times 0 [ 1685.897616][T20590] CPU: 0 PID: 20590 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1685.905995][T20590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1685.916064][T20590] Call Trace: [ 1685.919367][T20590] dump_stack+0x1fb/0x318 [ 1685.923707][T20590] should_fail+0x555/0x770 [ 1685.928129][T20590] __should_failslab+0x11a/0x160 [ 1685.933077][T20590] ? btrfs_mount_root+0x2f4/0x1030 [ 1685.938188][T20590] should_failslab+0x9/0x20 [ 1685.942690][T20590] __kmalloc_track_caller+0x79/0x340 [ 1685.947977][T20590] kstrdup+0x34/0x70 [ 1685.951872][T20590] btrfs_mount_root+0x2f4/0x1030 [ 1685.956817][T20590] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1685.962097][T20590] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1685.967814][T20590] ? trace_kfree+0xb2/0x110 [ 1685.972320][T20590] legacy_get_tree+0xf9/0x1a0 [ 1685.976991][T20590] ? btrfs_control_open+0x40/0x40 [ 1685.982013][T20590] vfs_get_tree+0x8b/0x2a0 [ 1685.986438][T20590] vfs_kern_mount+0xc2/0x160 [ 1685.991029][T20590] btrfs_mount+0x34f/0x18e0 [ 1685.995535][T20590] ? check_preemption_disabled+0x47/0x2a0 [ 1686.001258][T20590] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1686.006537][T20590] ? cap_capable+0x250/0x290 [ 1686.011147][T20590] ? safesetid_security_capable+0x89/0xf0 [ 1686.016868][T20590] legacy_get_tree+0xf9/0x1a0 [ 1686.021540][T20590] ? btrfs_resize_thread_pool+0x260/0x260 [ 1686.027392][T20590] vfs_get_tree+0x8b/0x2a0 [ 1686.031817][T20590] do_mount+0x16c0/0x2510 [ 1686.036212][T20590] ? copy_mount_options+0x308/0x3c0 [ 1686.041443][T20590] ksys_mount+0xcc/0x100 [ 1686.045694][T20590] __x64_sys_mount+0xbf/0xd0 [ 1686.050296][T20590] do_syscall_64+0xf7/0x1c0 [ 1686.054814][T20590] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1686.060701][T20590] RIP: 0033:0x45d09a [ 1686.064596][T20590] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1686.084201][T20590] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1686.092610][T20590] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1686.100580][T20590] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1686.108549][T20590] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1686.116520][T20590] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1686.124494][T20590] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:33 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_open_dev$vcsa(0x0, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x29cb5a25, &(0x7f0000000340), 0x0, 0x0, 0xffbe}, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, 0x0, 0x0) ioctl$VIDIOC_S_CTRL(0xffffffffffffffff, 0xc008561c, &(0x7f00000000c0)={0x0, 0xff}) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000080)={'bcsh0\x00', 0x21}) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x0) pipe(0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='ns\x00') getdents(r0, &(0x7f0000000040)=""/46, 0x2e) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setgid(0x0) ptrace$peekuser(0x3, 0xffffffffffffffff, 0x8067) socketpair(0x1, 0x5, 0x0, &(0x7f0000000740)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_SET_FILTER(r1, 0x89f1, &(0x7f0000000080)='ip6tnl0\x00') 04:02:33 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004100100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1686.389319][T20814] EXT4-fs (loop0): bad geometry: first data block 268697600 is beyond end of filesystem (1080) [ 1686.469946][T20902] EXT4-fs (loop0): bad geometry: first data block 268697600 is beyond end of filesystem (1080) 04:02:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x400000000000) 04:02:36 executing program 2 (fault-call:0 fault-nth:72): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:36 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050009ffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:36 executing program 3: ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8910, &(0x7f0000000180)={'lapb0\x00'}) socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_MMAP_OFFSETS(0xffffffffffffffff, 0x11b, 0x1, 0x0, 0x0) r0 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) ioctl$VT_ACTIVATE(0xffffffffffffffff, 0x5606, 0x2) perf_event_open(&(0x7f0000000600)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() getpid() fcntl$getownex(r0, 0x10, &(0x7f0000000000)) r1 = getpid() sched_setscheduler(r1, 0x5, &(0x7f0000000380)) rt_tgsigqueueinfo(0x0, r1, 0x40014, 0x0) getsockopt$inet_IP_IPSEC_POLICY(0xffffffffffffffff, 0x0, 0x10, 0x0, 0x0) getegid() dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) listen(0xffffffffffffffff, 0x0) listen(0xffffffffffffffff, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) chown(0x0, 0x0, 0x0) getpid() stat(&(0x7f00000005c0)='./file0\x00', 0x0) r2 = getegid() chown(0x0, 0x0, r2) openat$vimc1(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$xdp(0x2c, 0x3, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) r4 = openat$ion(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ion\x00', 0x0, 0x0) ioctl$ION_IOC_ALLOC(r4, 0xc0184900, &(0x7f0000000080)={0x4e, 0x20000000209, 0x0, 0xffffffffffffffff}) r6 = dup2(r4, r5) ioctl$ION_IOC_ALLOC(r6, 0xc0184900, &(0x7f0000000080)={0x24024e, 0x2000000023b, 0x0, 0xffffffffffffffff}) dup2(r3, r7) socket$xdp(0x2c, 0x3, 0x0) 04:02:36 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000110100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:36 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000080)='/dev/uinput\x00', 0x1804, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$ax25(r1, &(0x7f0000000000)="5bb5d3fe41795b9aa7fb4b45b18ac63810b529fecc1fb44310d3dd67528b18da5238c60833e35f2a06f7be4aaf864a69ab3f15a4066e4dbbc762cbe75cf5bc1dff03f2a784a5819ddd375e985da4cd1799e21e832e1b5174f915f718371a40b0b93b5c4198", 0x65, 0x8030, &(0x7f0000000100)={{0x3, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, 0x2}, [@default, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @bcast, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}, 0x48) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1688.357221][T20906] FAULT_INJECTION: forcing a failure. [ 1688.357221][T20906] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.388927][T20906] CPU: 1 PID: 20906 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1688.397305][T20906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1688.407397][T20906] Call Trace: [ 1688.410806][T20906] dump_stack+0x1fb/0x318 [ 1688.415153][T20906] should_fail+0x555/0x770 [ 1688.419586][T20906] __should_failslab+0x11a/0x160 [ 1688.424531][T20906] should_failslab+0x9/0x20 [ 1688.429055][T20906] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1688.434349][T20906] ? alloc_fs_context+0x65/0x640 [ 1688.439293][T20906] alloc_fs_context+0x65/0x640 [ 1688.444067][T20906] ? kfree+0x194/0x200 [ 1688.448141][T20906] fs_context_for_mount+0x24/0x30 [ 1688.453167][T20906] vfs_kern_mount+0x2c/0x160 [ 1688.457764][T20906] btrfs_mount+0x34f/0x18e0 [ 1688.462276][T20906] ? check_preemption_disabled+0x47/0x2a0 [ 1688.467999][T20906] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1688.473285][T20906] ? cap_capable+0x250/0x290 [ 1688.477886][T20906] ? safesetid_security_capable+0x89/0xf0 [ 1688.483614][T20906] legacy_get_tree+0xf9/0x1a0 [ 1688.488290][T20906] ? btrfs_resize_thread_pool+0x260/0x260 [ 1688.494014][T20906] vfs_get_tree+0x8b/0x2a0 [ 1688.498430][T20906] do_mount+0x16c0/0x2510 [ 1688.502770][T20906] ? copy_mount_options+0x308/0x3c0 [ 1688.507966][T20906] ksys_mount+0xcc/0x100 [ 1688.512214][T20906] __x64_sys_mount+0xbf/0xd0 [ 1688.516840][T20906] do_syscall_64+0xf7/0x1c0 [ 1688.521352][T20906] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1688.527245][T20906] RIP: 0033:0x45d09a [ 1688.531138][T20906] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x60ffffffffff) [ 1688.550751][T20906] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1688.559170][T20906] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1688.567150][T20906] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1688.575256][T20906] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1688.583240][T20906] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1688.591216][T20906] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:36 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="05000affffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1688.619187][T20908] EXT4-fs (loop0): bad geometry: first data block 285212672 is beyond end of filesystem (1080) 04:02:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x760000000000) 04:02:36 executing program 3: clone(0x110, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket(0x0, 0x0, 0x0) r1 = gettid() tkill(r1, 0x1000000000015) write(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x68512488b25442b, 0x10008011, r0, 0x0) 04:02:36 executing program 2 (fault-call:0 fault-nth:73): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:36 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000120100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1688.790615][T21181] FAULT_INJECTION: forcing a failure. [ 1688.790615][T21181] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.849224][T21181] CPU: 0 PID: 21181 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1688.857615][T21181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1688.867670][T21181] Call Trace: [ 1688.870965][T21181] dump_stack+0x1fb/0x318 [ 1688.875292][T21181] should_fail+0x555/0x770 [ 1688.879713][T21181] __should_failslab+0x11a/0x160 [ 1688.884647][T21181] ? btrfs_mount_root+0x2f4/0x1030 [ 1688.889754][T21181] should_failslab+0x9/0x20 [ 1688.894254][T21181] __kmalloc_track_caller+0x79/0x340 [ 1688.899535][T21181] kstrdup+0x34/0x70 [ 1688.903425][T21181] btrfs_mount_root+0x2f4/0x1030 [ 1688.908367][T21181] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1688.913646][T21181] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1688.919358][T21181] ? trace_kfree+0xb2/0x110 [ 1688.923867][T21181] legacy_get_tree+0xf9/0x1a0 [ 1688.928534][T21181] ? btrfs_control_open+0x40/0x40 [ 1688.933558][T21181] vfs_get_tree+0x8b/0x2a0 [ 1688.937971][T21181] vfs_kern_mount+0xc2/0x160 [ 1688.942555][T21181] btrfs_mount+0x34f/0x18e0 [ 1688.947067][T21181] ? check_preemption_disabled+0x47/0x2a0 [ 1688.952789][T21181] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1688.958066][T21181] ? cap_capable+0x250/0x290 [ 1688.962650][T21181] ? safesetid_security_capable+0x89/0xf0 [ 1688.968373][T21181] legacy_get_tree+0xf9/0x1a0 [ 1688.973129][T21181] ? btrfs_resize_thread_pool+0x260/0x260 [ 1688.978846][T21181] vfs_get_tree+0x8b/0x2a0 [ 1688.983257][T21181] do_mount+0x16c0/0x2510 [ 1688.987589][T21181] ? copy_mount_options+0x308/0x3c0 [ 1688.992781][T21181] ksys_mount+0xcc/0x100 [ 1688.997020][T21181] __x64_sys_mount+0xbf/0xd0 [ 1689.001604][T21181] do_syscall_64+0xf7/0x1c0 [ 1689.006104][T21181] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1689.011995][T21181] RIP: 0033:0x45d09a [ 1689.015880][T21181] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1689.035508][T21181] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:36 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500fcffffff890000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1689.043930][T21181] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1689.051906][T21181] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1689.059874][T21181] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1689.067845][T21181] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1689.075816][T21181] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1689.159885][T21342] EXT4-fs (loop0): bad geometry: first data block 301989888 is beyond end of filesystem (1080) 04:02:36 executing program 2 (fault-call:0 fault-nth:74): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:36 executing program 3 (fault-call:12 fault-nth:0): prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:37 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000200100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1689.294959][T21549] FAULT_INJECTION: forcing a failure. [ 1689.294959][T21549] name failslab, interval 1, probability 0, space 0, times 0 [ 1689.330596][T21549] CPU: 1 PID: 21549 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1689.338991][T21549] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1689.349056][T21549] Call Trace: [ 1689.352361][T21549] dump_stack+0x1fb/0x318 [ 1689.356697][T21549] should_fail+0x555/0x770 [ 1689.361122][T21549] __should_failslab+0x11a/0x160 [ 1689.366049][T21549] should_failslab+0x9/0x20 [ 1689.370547][T21549] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1689.375836][T21549] ? legacy_init_fs_context+0x51/0xc0 [ 1689.381215][T21549] legacy_init_fs_context+0x51/0xc0 [ 1689.386419][T21549] alloc_fs_context+0x53a/0x640 [ 1689.391283][T21549] fs_context_for_mount+0x24/0x30 [ 1689.396312][T21549] vfs_kern_mount+0x2c/0x160 [ 1689.400913][T21549] btrfs_mount+0x34f/0x18e0 [ 1689.405426][T21549] ? check_preemption_disabled+0x47/0x2a0 [ 1689.411152][T21549] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1689.416430][T21549] ? cap_capable+0x250/0x290 [ 1689.421030][T21549] ? safesetid_security_capable+0x89/0xf0 [ 1689.426756][T21549] legacy_get_tree+0xf9/0x1a0 [ 1689.431430][T21549] ? btrfs_resize_thread_pool+0x260/0x260 [ 1689.437149][T21549] vfs_get_tree+0x8b/0x2a0 [ 1689.441565][T21549] do_mount+0x16c0/0x2510 [ 1689.445898][T21549] ? copy_mount_options+0x308/0x3c0 [ 1689.451098][T21549] ksys_mount+0xcc/0x100 [ 1689.455340][T21549] __x64_sys_mount+0xbf/0xd0 [ 1689.459931][T21549] do_syscall_64+0xf7/0x1c0 [ 1689.464450][T21549] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1689.470355][T21549] RIP: 0033:0x45d09a [ 1689.474244][T21549] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1689.493841][T21549] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1689.502245][T21549] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1689.510209][T21549] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1689.518170][T21549] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1689.526159][T21549] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1689.534124][T21549] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1689.560407][T21553] EXT4-fs (loop0): bad geometry: first data block 536870912 is beyond end of filesystem (1080) [ 1689.670871][T21560] EXT4-fs (loop0): bad geometry: first data block 536870912 is beyond end of filesystem (1080) 04:02:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r4 = syz_open_dev$vcsa(&(0x7f0000000040)='/dev/vcsa#\x00', 0x101, 0x40) ioctl$BLKTRACESTOP(r4, 0x1275, 0x0) 04:02:39 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004000000010000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:39 executing program 2 (fault-call:0 fault-nth:75): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1691.403238][T21567] FAULT_INJECTION: forcing a failure. [ 1691.403238][T21567] name failslab, interval 1, probability 0, space 0, times 0 [ 1691.433501][T21567] CPU: 0 PID: 21567 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1691.441878][T21567] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1691.451944][T21567] Call Trace: [ 1691.451967][T21567] dump_stack+0x1fb/0x318 [ 1691.451986][T21567] should_fail+0x555/0x770 [ 1691.452007][T21567] __should_failslab+0x11a/0x160 [ 1691.452020][T21567] should_failslab+0x9/0x20 [ 1691.452031][T21567] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1691.452045][T21567] ? legacy_init_fs_context+0x51/0xc0 [ 1691.452058][T21567] legacy_init_fs_context+0x51/0xc0 [ 1691.452070][T21567] alloc_fs_context+0x53a/0x640 [ 1691.452089][T21567] fs_context_for_mount+0x24/0x30 [ 1691.464094][T21567] vfs_kern_mount+0x2c/0x160 [ 1691.464111][T21567] btrfs_mount+0x34f/0x18e0 [ 1691.464130][T21567] ? check_preemption_disabled+0x47/0x2a0 [ 1691.464149][T21567] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1691.464160][T21567] ? cap_capable+0x250/0x290 [ 1691.464174][T21567] ? safesetid_security_capable+0x89/0xf0 [ 1691.464188][T21567] legacy_get_tree+0xf9/0x1a0 [ 1691.534184][T21567] ? btrfs_resize_thread_pool+0x260/0x260 [ 1691.539911][T21567] vfs_get_tree+0x8b/0x2a0 [ 1691.544324][T21567] do_mount+0x16c0/0x2510 [ 1691.548660][T21567] ? copy_mount_options+0x308/0x3c0 [ 1691.553850][T21567] ksys_mount+0xcc/0x100 [ 1691.558086][T21567] __x64_sys_mount+0xbf/0xd0 [ 1691.562822][T21567] do_syscall_64+0xf7/0x1c0 [ 1691.567337][T21567] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1691.573238][T21567] RIP: 0033:0x45d09a [ 1691.577135][T21567] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1691.596761][T21567] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1691.605176][T21567] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1691.613142][T21567] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1691.621108][T21567] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1691.629081][T21567] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1691.637051][T21567] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x7fffffffefff) 04:02:39 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000010200100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:39 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = dup(r1) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) ioctl$LOOP_SET_FD(r2, 0x4c00, r3) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PIO_FONTX(r1, 0x4b6c, &(0x7f00000001c0)="b5deaf80a2f506215b74fe43298c8fffb760e61d51f9587c2e7355debdbcb32f47b8b6a257619052c02f875c2c1f62ec636d106ed91666a077f97990fba9fed9f38c73422b74728252fe34d61fa0d08052b3653901acaa478699f5a5c1aadd51b9839ad169ada9a6b4a610434cf529756f4a79cbbc808d84043b7a1c49e184c2be456aa32884a29d60020bfa831a774c516dc1ae90af7d5a9dca1e6d4bff6bfdf0e42034ec6f39665abe4204cd50068a6012b2f83c4bf077dfc374255ff14c86b2d8adf6e3e62aeacd8eeb3486aa2aff87969995") ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = accept4(r1, 0x0, &(0x7f0000000040), 0x80000) vmsplice(r2, &(0x7f00000000c0)=[{0x0, 0x3da}, {0x0, 0x288}, {0x0}, {&(0x7f0000000440)="6653070000053c07bc3376003639405cb4aed12f0000000000ae31a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7c8ef00fca4fafa924edfe92175aaa1c4ecc5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ad5449b5814e0187eb06a52fcfce7c467c7e62604998fadf4c708a9dbc51500fa761c03e05ba433f5505ed98a506940822672562b2775d0ac2f38fb2b3cfb5ce2d36883f1255ed76532aec76e084e4fcaa80c4249ed568f0479d75ca6da89bac570bf1e2763c217eb8840cc542445698786ef73ae7b5cb228a8fa81fd5fd3792df338b879a7", 0xff25}], 0x4, 0x2) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) prctl$PR_SET_MM_MAP_SIZE(0x23, 0xf, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xf, r0, 0x0, &(0x7f00000002c0)="2468afb1273e0d301c3bf681f1673efde1114e8cb7f40a1e4d86fa60fbf6f110331f9fa411ce0dfc2900e1d8174a0c8bf7a0a191accc8937b7212d4727e531003d75e5995763826eb8dbff40548f252927a04650b7045f86e48f2de144d839451b6a5efba6120853f09a9789861e8250ece826effc43d0c28877e012599ae807e21366df38df10c87e06d05239d81772de4bbf55c0f1248a07ee66452b5b56ea0e5d3d3b3d5f5b27b25d06a59096d80c458598e48f19f1b8ecc910b2853960d1da45e529f43980b1708c828db430f90636ca5186661d33e111a82220e287cca0f66f26ab090265b9456104a4a7ad468bc90ebcbdd64db511") r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) connect$rds(r7, &(0x7f0000000100)={0x2, 0x4e24, @broadcast}, 0x10) ptrace$cont(0x20, r0, 0x0, 0x0) socket(0xa, 0x80000, 0x4) 04:02:39 executing program 2 (fault-call:0 fault-nth:76): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:39 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004000000040000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1691.845665][T21684] FAULT_INJECTION: forcing a failure. [ 1691.845665][T21684] name failslab, interval 1, probability 0, space 0, times 0 [ 1691.858482][T21684] CPU: 0 PID: 21684 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1691.866823][T21684] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1691.876881][T21684] Call Trace: [ 1691.880218][T21684] dump_stack+0x1fb/0x318 [ 1691.880243][T21684] should_fail+0x555/0x770 [ 1691.888982][T21684] __should_failslab+0x11a/0x160 04:02:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x7ffffffff000) 04:02:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000040)='/dev/vga_arbiter\x00', 0x228000, 0x0) ioctl$VIDIOC_G_JPEGCOMP(r0, 0x808c563d, &(0x7f0000000100)) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:02:39 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, &(0x7f0000000000)=0x0) r3 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r4) r5 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r5, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0, 0x0}, &(0x7f0000cab000)=0xc) setfsgid(r6) setsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000040)={r2, r4, r6}, 0xc) [ 1691.893919][T21684] should_failslab+0x9/0x20 [ 1691.893933][T21684] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1691.893945][T21684] ? legacy_init_fs_context+0x51/0xc0 [ 1691.893959][T21684] legacy_init_fs_context+0x51/0xc0 [ 1691.893969][T21684] alloc_fs_context+0x53a/0x640 [ 1691.893983][T21684] fs_context_for_mount+0x24/0x30 [ 1691.893993][T21684] vfs_kern_mount+0x2c/0x160 [ 1691.894005][T21684] btrfs_mount+0x34f/0x18e0 [ 1691.894023][T21684] ? check_preemption_disabled+0x47/0x2a0 [ 1691.894038][T21684] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1691.894047][T21684] ? cap_capable+0x250/0x290 [ 1691.894060][T21684] ? safesetid_security_capable+0x89/0xf0 [ 1691.894072][T21684] legacy_get_tree+0xf9/0x1a0 [ 1691.894088][T21684] ? btrfs_resize_thread_pool+0x260/0x260 [ 1691.914381][T21684] vfs_get_tree+0x8b/0x2a0 [ 1691.914396][T21684] do_mount+0x16c0/0x2510 [ 1691.914412][T21684] ? copy_mount_options+0x308/0x3c0 [ 1691.914422][T21684] ksys_mount+0xcc/0x100 [ 1691.914432][T21684] __x64_sys_mount+0xbf/0xd0 [ 1691.914447][T21684] do_syscall_64+0xf7/0x1c0 [ 1691.914461][T21684] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1691.914470][T21684] RIP: 0033:0x45d09a [ 1691.914479][T21684] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1691.914484][T21684] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1691.914494][T21684] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a 04:02:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) pipe2(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80800) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1691.914498][T21684] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1691.914503][T21684] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1691.914507][T21684] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1691.914512][T21684] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:39 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004000000060000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1692.104084][T21675] EXT4-fs (loop0): bad geometry: first data block 537919488 is beyond end of filesystem (1080) 04:02:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x960000000000) 04:02:39 executing program 2 (fault-call:0 fault-nth:77): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1692.263766][T21887] FAULT_INJECTION: forcing a failure. [ 1692.263766][T21887] name failslab, interval 1, probability 0, space 0, times 0 [ 1692.276801][T21887] CPU: 1 PID: 21887 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1692.285127][T21887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1692.295196][T21887] Call Trace: [ 1692.298501][T21887] dump_stack+0x1fb/0x318 [ 1692.302846][T21887] should_fail+0x555/0x770 [ 1692.307277][T21887] __should_failslab+0x11a/0x160 [ 1692.312229][T21887] ? xas_create+0x1197/0x1910 [ 1692.316915][T21887] should_failslab+0x9/0x20 [ 1692.321422][T21887] kmem_cache_alloc+0x56/0x2e0 [ 1692.326198][T21887] xas_create+0x1197/0x1910 [ 1692.330701][T21887] ? rcu_lock_release+0x4/0x20 [ 1692.335473][T21887] xas_store+0x95/0x1440 [ 1692.339712][T21887] ? xas_load+0x434/0x450 [ 1692.344047][T21887] __add_to_page_cache_locked+0x5f0/0xbf0 [ 1692.349776][T21887] ? workingset_activation+0x2b0/0x2b0 [ 1692.355229][T21887] add_to_page_cache_lru+0x156/0x4a0 [ 1692.360602][T21887] do_read_cache_page+0x216/0xcb0 [ 1692.365630][T21887] read_cache_page_gfp+0x29/0x30 [ 1692.370632][T21887] btrfs_scan_one_device+0x16a/0x450 [ 1692.375913][T21887] ? trace_hardirqs_on+0x74/0x80 [ 1692.380849][T21887] btrfs_mount_root+0x4af/0x1030 [ 1692.385790][T21887] ? trace_kfree+0xb2/0x110 [ 1692.390318][T21887] legacy_get_tree+0xf9/0x1a0 [ 1692.394999][T21887] ? btrfs_control_open+0x40/0x40 [ 1692.400017][T21887] vfs_get_tree+0x8b/0x2a0 [ 1692.404572][T21887] vfs_kern_mount+0xc2/0x160 [ 1692.409170][T21887] btrfs_mount+0x34f/0x18e0 [ 1692.413697][T21887] ? check_preemption_disabled+0x47/0x2a0 [ 1692.419425][T21887] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1692.424724][T21887] ? cap_capable+0x250/0x290 [ 1692.429330][T21887] ? safesetid_security_capable+0x89/0xf0 [ 1692.435060][T21887] legacy_get_tree+0xf9/0x1a0 [ 1692.439756][T21887] ? btrfs_resize_thread_pool+0x260/0x260 [ 1692.445491][T21887] vfs_get_tree+0x8b/0x2a0 [ 1692.449922][T21887] do_mount+0x16c0/0x2510 [ 1692.454276][T21887] ? copy_mount_options+0x308/0x3c0 [ 1692.459494][T21887] ksys_mount+0xcc/0x100 [ 1692.463755][T21887] __x64_sys_mount+0xbf/0xd0 [ 1692.468365][T21887] do_syscall_64+0xf7/0x1c0 [ 1692.472883][T21887] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1692.478783][T21887] RIP: 0033:0x45d09a [ 1692.482875][T21887] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1692.502491][T21887] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:40 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000250100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$FUSE_NOTIFY_INVAL_INODE(r2, &(0x7f0000000040)={0x28, 0x2, 0x0, {0x3, 0x90, 0x6}}, 0x28) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1692.510912][T21887] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1692.518893][T21887] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1692.527005][T21887] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1692.534995][T21887] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1692.542966][T21887] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) unlink(&(0x7f0000000040)='./file0\x00') ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1692.572434][T21887] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (21887) 04:02:40 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004000000290000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) socketpair(0x0, 0x2, 0x6, &(0x7f0000000040)) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1692.718723][T22016] EXT4-fs (loop0): bad geometry: first data block 620756992 is beyond end of filesystem (1080) 04:02:40 executing program 2 (fault-call:0 fault-nth:78): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000040)=0xc03) [ 1692.988529][T22132] FAULT_INJECTION: forcing a failure. [ 1692.988529][T22132] name failslab, interval 1, probability 0, space 0, times 0 [ 1693.002277][T22132] CPU: 0 PID: 22132 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1693.010616][T22132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1693.020668][T22132] Call Trace: [ 1693.023965][T22132] dump_stack+0x1fb/0x318 [ 1693.028304][T22132] should_fail+0x555/0x770 [ 1693.032728][T22132] __should_failslab+0x11a/0x160 [ 1693.037662][T22132] should_failslab+0x9/0x20 [ 1693.042160][T22132] kmem_cache_alloc_node_trace+0x6e/0x2d0 [ 1693.047873][T22132] ? __kmalloc_node+0x3c/0x60 [ 1693.052544][T22132] ? smack_sb_eat_lsm_opts+0x867/0xa20 [ 1693.058000][T22132] __kmalloc_node+0x3c/0x60 [ 1693.062500][T22132] kvmalloc_node+0xcc/0x130 [ 1693.067001][T22132] btrfs_mount_root+0xe3/0x1030 [ 1693.071847][T22132] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1693.077130][T22132] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1693.082844][T22132] ? trace_kfree+0xb2/0x110 [ 1693.087352][T22132] legacy_get_tree+0xf9/0x1a0 [ 1693.092034][T22132] ? btrfs_control_open+0x40/0x40 [ 1693.097060][T22132] vfs_get_tree+0x8b/0x2a0 [ 1693.101473][T22132] vfs_kern_mount+0xc2/0x160 [ 1693.106059][T22132] btrfs_mount+0x34f/0x18e0 [ 1693.110561][T22132] ? check_preemption_disabled+0x47/0x2a0 [ 1693.116287][T22132] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1693.121564][T22132] ? cap_capable+0x250/0x290 [ 1693.126151][T22132] ? safesetid_security_capable+0x89/0xf0 [ 1693.131872][T22132] legacy_get_tree+0xf9/0x1a0 [ 1693.136548][T22132] ? btrfs_resize_thread_pool+0x260/0x260 [ 1693.142269][T22132] vfs_get_tree+0x8b/0x2a0 [ 1693.146684][T22132] do_mount+0x16c0/0x2510 [ 1693.151012][T22132] ? copy_mount_options+0x308/0x3c0 [ 1693.156217][T22132] ksys_mount+0xcc/0x100 [ 1693.160464][T22132] __x64_sys_mount+0xbf/0xd0 [ 1693.165086][T22132] do_syscall_64+0xf7/0x1c0 [ 1693.169586][T22132] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1693.175469][T22132] RIP: 0033:0x45d09a [ 1693.179355][T22132] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1693.198955][T22132] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1693.207363][T22132] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1693.215328][T22132] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1693.223294][T22132] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1693.231265][T22132] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1693.239230][T22132] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1693.251664][T22132] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (22132) 04:02:42 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$vbi(&(0x7f0000000040)='/dev/vbi#\x00', 0x0, 0x2) ioctl$RTC_IRQP_SET(r0, 0x4008700c, 0x199a) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000002c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) syz_emit_ethernet(0x22, &(0x7f0000000000)={@local, @empty, [{[], {0x8100, 0x2, 0x1, 0x4}}], {@can={0xc, {{0x1, 0x1, 0x0, 0x1}, 0x0, 0x1, 0x0, 0x0, "5d919207c31dd075"}}}}, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 04:02:42 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000002d0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:42 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000002b0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1695.066980][T22136] EXT4-fs (loop0): bad geometry: first data block 754974720 is beyond end of filesystem (1080) [ 1695.158069][T22245] EXT4-fs (loop0): bad geometry: first data block 754974720 is beyond end of filesystem (1080) 04:02:42 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x10710000000000) 04:02:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$VIDIOC_RESERVED(r5, 0x5601, 0x0) ptrace$setregs(0xd, r0, 0xfffffffffffffffe, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:42 executing program 2 (fault-call:0 fault-nth:79): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:42 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000002c0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:42 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004370100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1695.268842][T22252] FAULT_INJECTION: forcing a failure. [ 1695.268842][T22252] name failslab, interval 1, probability 0, space 0, times 0 [ 1695.301848][T22252] CPU: 1 PID: 22252 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1695.310217][T22252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1695.310222][T22252] Call Trace: [ 1695.310245][T22252] dump_stack+0x1fb/0x318 [ 1695.310262][T22252] should_fail+0x555/0x770 [ 1695.310281][T22252] __should_failslab+0x11a/0x160 [ 1695.310296][T22252] should_failslab+0x9/0x20 [ 1695.310306][T22252] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1695.310317][T22252] ? btrfs_mount_root+0x12c/0x1030 [ 1695.310329][T22252] btrfs_mount_root+0x12c/0x1030 [ 1695.310343][T22252] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1695.310356][T22252] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1695.310369][T22252] ? trace_kfree+0xb2/0x110 [ 1695.337347][T22252] legacy_get_tree+0xf9/0x1a0 [ 1695.337360][T22252] ? btrfs_control_open+0x40/0x40 [ 1695.337373][T22252] vfs_get_tree+0x8b/0x2a0 [ 1695.337387][T22252] vfs_kern_mount+0xc2/0x160 [ 1695.352497][T22252] btrfs_mount+0x34f/0x18e0 [ 1695.352518][T22252] ? check_preemption_disabled+0x47/0x2a0 [ 1695.352537][T22252] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1695.352546][T22252] ? cap_capable+0x250/0x290 [ 1695.352561][T22252] ? safesetid_security_capable+0x89/0xf0 04:02:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1695.362756][T22252] legacy_get_tree+0xf9/0x1a0 [ 1695.362768][T22252] ? btrfs_resize_thread_pool+0x260/0x260 [ 1695.362782][T22252] vfs_get_tree+0x8b/0x2a0 [ 1695.362794][T22252] do_mount+0x16c0/0x2510 [ 1695.436611][T22252] ? copy_mount_options+0x308/0x3c0 [ 1695.441823][T22252] ksys_mount+0xcc/0x100 [ 1695.446086][T22252] __x64_sys_mount+0xbf/0xd0 [ 1695.450698][T22252] do_syscall_64+0xf7/0x1c0 [ 1695.455239][T22252] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1695.461137][T22252] RIP: 0033:0x45d09a 04:02:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r2 = fcntl$dupfd(r1, 0x605, 0xffffffffffffffff) fcntl$lock(r2, 0x25, &(0x7f0000000040)={0x3, 0x0, 0x5, 0x0, r0}) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = syz_open_dev$dspn(&(0x7f0000000300)='/dev/dsp#\x00', 0x5, 0x4002) getsockopt$inet_sctp_SCTP_NODELAY(r5, 0x84, 0x3, &(0x7f0000000340), &(0x7f0000000380)=0x4) r6 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1695.465025][T22252] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1695.484632][T22252] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1695.493045][T22252] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1695.501007][T22252] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1695.501015][T22252] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 04:02:43 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x20510000000000) [ 1695.501020][T22252] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1695.501026][T22252] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:43 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000002f0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1695.599725][T22282] EXT4-fs (loop0): bad geometry: first data block 923009024 is beyond end of filesystem (1080) 04:02:45 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace(0x4208, r0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) syz_open_dev$video4linux(&(0x7f0000000040)='/dev/v4l-subdev#\x00', 0xe7, 0x100662) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r2, 0x80045300, &(0x7f0000000000)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:45 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004000000330000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:45 executing program 2 (fault-call:0 fault-nth:80): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = msgget(0x2, 0x52) r1 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r2) lstat(0xfffffffffffffffd, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r5) r6 = getgid() r7 = gettid() r8 = gettid() ptrace$setopts(0x4206, r8, 0x0, 0x0) tkill(r8, 0x3c) ptrace$setregs(0xd, r8, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r8, 0x0, 0x0) msgctl$IPC_SET(r0, 0x1, &(0x7f0000000300)={{0x200, r2, r3, r5, r6, 0x44}, 0x9, 0x5827, 0x800, 0x8, 0x1000, 0xf095, r7, r8}) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r9 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r9, 0x0, 0x0) tkill(r9, 0x3c) ptrace$cont(0x18, r9, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r12 = dup3(r11, r10, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r12, 0x8912, 0x400200) ptrace$setregs(0xd, r9, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r9, 0x0, 0x0) r13 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r14 = dup(r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) r15 = socket$inet(0x10, 0x2, 0xc) sendmsg(r15, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) getsockopt$inet_pktinfo(r15, 0x0, 0x8, &(0x7f0000000400)={0x0, @local, @local}, &(0x7f0000000440)=0xc) setsockopt$inet6_IPV6_PKTINFO(r14, 0x29, 0x32, &(0x7f0000000480)={@mcast1, r16}, 0x14) 04:02:45 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000004380100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1698.118571][T22581] FAULT_INJECTION: forcing a failure. [ 1698.118571][T22581] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1698.131827][T22581] CPU: 0 PID: 22581 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1698.140161][T22581] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1698.150225][T22581] Call Trace: [ 1698.153531][T22581] dump_stack+0x1fb/0x318 [ 1698.157863][T22581] should_fail+0x555/0x770 [ 1698.162289][T22581] should_fail_alloc_page+0x55/0x60 [ 1698.167493][T22581] prepare_alloc_pages+0x283/0x460 [ 1698.172625][T22581] __alloc_pages_nodemask+0xb2/0x5d0 [ 1698.177927][T22581] kmem_getpages+0x4d/0xa00 [ 1698.182435][T22581] cache_grow_begin+0x7e/0x2c0 [ 1698.187194][T22581] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1698.192650][T22581] cache_alloc_refill+0x311/0x3f0 [ 1698.197669][T22581] ? check_preemption_disabled+0xb7/0x2a0 [ 1698.203390][T22581] kmem_cache_alloc_trace+0x2d0/0x2f0 [ 1698.208761][T22581] ? btrfs_mount_root+0x12c/0x1030 [ 1698.213872][T22581] btrfs_mount_root+0x12c/0x1030 [ 1698.218815][T22581] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1698.224094][T22581] ? rcu_read_lock_sched_held+0x10b/0x170 [ 1698.229811][T22581] ? trace_kfree+0xb2/0x110 [ 1698.234339][T22581] legacy_get_tree+0xf9/0x1a0 [ 1698.239014][T22581] ? btrfs_control_open+0x40/0x40 [ 1698.244039][T22581] vfs_get_tree+0x8b/0x2a0 [ 1698.248455][T22581] vfs_kern_mount+0xc2/0x160 [ 1698.253047][T22581] btrfs_mount+0x34f/0x18e0 [ 1698.257554][T22581] ? check_preemption_disabled+0x47/0x2a0 [ 1698.263276][T22581] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1698.268560][T22581] ? cap_capable+0x250/0x290 [ 1698.273151][T22581] ? safesetid_security_capable+0x89/0xf0 [ 1698.278880][T22581] legacy_get_tree+0xf9/0x1a0 [ 1698.283696][T22581] ? btrfs_resize_thread_pool+0x260/0x260 [ 1698.289428][T22581] vfs_get_tree+0x8b/0x2a0 [ 1698.293854][T22581] do_mount+0x16c0/0x2510 [ 1698.298193][T22581] ? copy_mount_options+0x308/0x3c0 [ 1698.303399][T22581] ksys_mount+0xcc/0x100 [ 1698.307649][T22581] __x64_sys_mount+0xbf/0xd0 [ 1698.312251][T22581] do_syscall_64+0xf7/0x1c0 [ 1698.316758][T22581] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1698.322648][T22581] RIP: 0033:0x45d09a [ 1698.326538][T22581] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1698.346162][T22581] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1698.354589][T22581] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a 04:02:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) splice(r3, &(0x7f0000000040)=0x5, r4, &(0x7f0000000080)=0x8, 0x3d, 0x5) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1698.362558][T22581] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1698.370527][T22581] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1698.378509][T22581] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1698.386482][T22581] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1698.431545][T22581] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (22581) [ 1698.450090][T22580] EXT4-fs (loop0): bad geometry: first data block 939786240 is beyond end of filesystem (1080) 04:02:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x50) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$bt_BT_POWER(r2, 0x112, 0x9, &(0x7f0000000040)=0xb, 0x1) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:46 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000003f0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:46 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x80000000000000) 04:02:46 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000003a0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:46 executing program 1: fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000000)) getpid() gettid() r0 = gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000040)='\x00'}, 0x30) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) tkill(r0, 0x32) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) prctl$PR_SET_PTRACER(0x59616d61, r1) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) 04:02:46 executing program 2 (fault-call:0 fault-nth:81): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) r1 = gettid() r2 = gettid() ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r2, 0x0, 0x0) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) r4 = syz_open_dev$midi(&(0x7f0000000000)='/dev/midi#\x00', 0x1, 0x1) kcmp(r1, r2, 0x1, r3, r4) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xfff, 0x32882) ioctl$SG_SET_DEBUG(r1, 0x227e, &(0x7f0000000080)=0x1) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1698.688893][T22714] FAULT_INJECTION: forcing a failure. [ 1698.688893][T22714] name failslab, interval 1, probability 0, space 0, times 0 [ 1698.750187][T22714] CPU: 0 PID: 22714 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1698.758569][T22714] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1698.768630][T22714] Call Trace: [ 1698.771929][T22714] dump_stack+0x1fb/0x318 [ 1698.776267][T22714] should_fail+0x555/0x770 [ 1698.780695][T22714] __should_failslab+0x11a/0x160 [ 1698.785676][T22714] ? getname_kernel+0x59/0x2f0 [ 1698.790446][T22714] should_failslab+0x9/0x20 [ 1698.794966][T22714] kmem_cache_alloc+0x56/0x2e0 04:02:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() munlockall() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0xfffffffffffffffc, 0x10) tkill(r0, 0x3c) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, 0x0, 0x9, 0x0) r2 = getpgid(r0) setpgid(r1, r2) r3 = gettid() ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r3, 0x0, 0x0) ioctl$EXT4_IOC_SWAP_BOOT(0xffffffffffffffff, 0x6611) openat$apparmor_task_exec(0xffffffffffffff9c, 0x0, 0x2, 0x0) r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0) syncfs(r4) r5 = gettid() ptrace$setopts(0x4206, r5, 0x0, 0x0) tkill(r5, 0x3c) ioctl$DRM_IOCTL_AGP_ALLOC(0xffffffffffffffff, 0xc0206434, &(0x7f0000000040)={0x0, 0x0, 0x10000, 0x2}) ioctl$DRM_IOCTL_AGP_FREE(0xffffffffffffffff, 0x40206435, &(0x7f0000000080)={0x1, r6, 0x2, 0x4}) ptrace$setregs(0xd, r5, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r5, 0x0, 0x0) 04:02:46 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) gettid() ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) fallocate(r1, 0x52, 0x3f, 0x81) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000d1c000)=0x6, 0x4) bind$inet6(r4, &(0x7f0000f67fe4), 0x1c) close(r4) setsockopt$inet_sctp6_SCTP_AUTOCLOSE(r4, 0x84, 0x4, &(0x7f0000000100)=0xe3, 0x4) r5 = semget$private(0x0, 0x1, 0x632) r6 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080)='/dev/sequencer2\x00', 0x404600, 0x0) ioctl$PERF_EVENT_IOC_DISABLE(r6, 0x2401, 0x6) semop(r5, &(0x7f0000000040)=[{0x1, 0x0, 0x92218b08f7da4ed}, {0x2, 0x8, 0x1000}], 0x2) [ 1698.799730][T22714] getname_kernel+0x59/0x2f0 [ 1698.804321][T22714] kern_path+0x1f/0x40 [ 1698.808399][T22714] blkdev_get_by_path+0x71/0x270 [ 1698.813346][T22714] btrfs_scan_one_device+0xbd/0x450 [ 1698.818544][T22714] ? btrfs_mount_root+0x477/0x1030 [ 1698.823655][T22714] ? trace_hardirqs_on+0x74/0x80 [ 1698.828594][T22714] btrfs_mount_root+0x4af/0x1030 [ 1698.833535][T22714] ? trace_kfree+0xb2/0x110 [ 1698.838050][T22714] legacy_get_tree+0xf9/0x1a0 [ 1698.842726][T22714] ? btrfs_control_open+0x40/0x40 04:02:46 executing program 1: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$EVIOCGNAME(r1, 0x80404506, &(0x7f00000002c0)=""/204) prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r3 = socket$inet(0x10, 0x2, 0xc) sendmsg(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1}, 0x0) vmsplice(r3, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000003c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f364602e651996156f5672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100190000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def112336a1b57f45a0788e3aba04551e4a522e15c7ce70dd9f9667fcf55cc0e1cce77b3aa897028679cd0a6a45ddf8fb24d7c5aea545fc3d3bd0333fabaf070e0228298175b9de67d5df6a1acb0c6f43dfd9d17b42f116ccef05df06d57c2794e4f97470bce919ac824a6053425abd671e2c4d65f68ec2b9dfcb490fc4f3543f47007e31aadc5d5e87acb25cf36a0346b5c3d834bab86dffa684f8c4d07d6017b40a186a2438d1334a913eb", 0x160}], 0x4, 0xe) ptrace$setopts(0x4206, r2, 0x0, 0x0) tkill(r2, 0x3c) ptrace$cont(0x18, r2, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) dup3(0xffffffffffffffff, r0, 0x0) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r2, 0x0, 0x0) [ 1698.847754][T22714] vfs_get_tree+0x8b/0x2a0 [ 1698.852180][T22714] vfs_kern_mount+0xc2/0x160 [ 1698.856775][T22714] btrfs_mount+0x34f/0x18e0 [ 1698.861298][T22714] ? check_preemption_disabled+0x47/0x2a0 [ 1698.867029][T22714] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1698.872312][T22714] ? cap_capable+0x250/0x290 [ 1698.876906][T22714] ? safesetid_security_capable+0x89/0xf0 [ 1698.882639][T22714] legacy_get_tree+0xf9/0x1a0 [ 1698.887422][T22714] ? btrfs_resize_thread_pool+0x260/0x260 [ 1698.893156][T22714] vfs_get_tree+0x8b/0x2a0 [ 1698.897584][T22714] do_mount+0x16c0/0x2510 [ 1698.901933][T22714] ? copy_mount_options+0x308/0x3c0 [ 1698.907148][T22714] ksys_mount+0xcc/0x100 [ 1698.911401][T22714] __x64_sys_mount+0xbf/0xd0 [ 1698.916006][T22714] do_syscall_64+0xf7/0x1c0 [ 1698.920524][T22714] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1698.926502][T22714] RIP: 0033:0x45d09a [ 1698.930393][T22714] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r1 = socket$inet(0x10, 0x2, 0xc) sendmsg(r1, &(0x7f0000000380)={0x0, 0xffffff98, &(0x7f0000009ff0)=[{&(0x7f0000000300)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x23b}, 0x0) r2 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) getsockopt$sock_timeval(r1, 0x1, 0x42, &(0x7f0000000040), &(0x7f0000000080)=0x10) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$DRM_IOCTL_IRQ_BUSID(r5, 0xc0106403, &(0x7f0000000580)={0x200, 0x1, 0x7ff, 0x4}) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$KVM_GET_REGS(r9, 0x8090ae81, &(0x7f0000000100)) r10 = dup3(r7, r6, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r11 = syz_open_dev$media(&(0x7f00000003c0)='/dev/media#\x00', 0x73, 0x880007) sendmsg$DEVLINK_CMD_PORT_GET(r11, &(0x7f0000000540)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x1020044}, 0xc, &(0x7f0000000500)={&(0x7f0000000440)={0xac, 0x0, 0x100, 0x70bd2b, 0x25dfdbfd, {}, [{{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x3}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x1}}}, {{@nsim={{0x10, 0x1, 'netdevsim\x00'}, {0x10, 0x2, {'netdevsim', 0x0}}}, {0x8}}}, {{@pci={{0x8, 0x1, 'pci\x00'}, {0x14, 0x2, '0000:00:10.0\x00'}}, {0x8, 0x3, 0x2}}}]}, 0xac}, 0x1, 0x0, 0x0, 0x800}, 0x0) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1698.950001][T22714] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1698.950028][T22714] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1698.950033][T22714] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1698.950039][T22714] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1698.950044][T22714] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1698.950050][T22714] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1699.024145][T22708] EXT4-fs (loop0): bad geometry: first data block 1056964608 is beyond end of filesystem (1080) 04:02:46 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000400100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1699.366287][T22943] EXT4-fs (loop0): bad geometry: first data block 1073741824 is beyond end of filesystem (1080) 04:02:49 executing program 2 (fault-call:0 fault-nth:82): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:49 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xa0710000000000) 04:02:49 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000003b0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:49 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000480100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = shmget$private(0x0, 0x1000, 0x0, &(0x7f0000ffc000/0x1000)=nil) r5 = shmat(r4, &(0x7f0000ffc000/0x4000)=nil, 0x0) shmdt(r5) shmdt(r5) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r6 = gettid() ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r6, 0x0, 0x0) ptrace$cont(0x27, 0x0, 0x7ffffffffe, 0x2) [ 1701.705193][T22953] FAULT_INJECTION: forcing a failure. [ 1701.705193][T22953] name failslab, interval 1, probability 0, space 0, times 0 [ 1701.748802][T22953] CPU: 1 PID: 22953 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1701.750079][T22950] EXT4-fs (loop0): bad geometry: first data block 1207959552 is beyond end of filesystem (1080) [ 1701.757177][T22953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1701.757183][T22953] Call Trace: [ 1701.757207][T22953] dump_stack+0x1fb/0x318 [ 1701.757227][T22953] should_fail+0x555/0x770 [ 1701.757250][T22953] __should_failslab+0x11a/0x160 [ 1701.757264][T22953] should_failslab+0x9/0x20 [ 1701.757274][T22953] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1701.757285][T22953] ? device_list_add+0x8e7/0x1980 [ 1701.757300][T22953] device_list_add+0x8e7/0x1980 [ 1701.757320][T22953] btrfs_scan_one_device+0x2f7/0x450 [ 1701.757342][T22953] btrfs_mount_root+0x4af/0x1030 [ 1701.757361][T22953] ? trace_kfree+0xb2/0x110 [ 1701.757384][T22953] legacy_get_tree+0xf9/0x1a0 [ 1701.834150][T22953] ? btrfs_control_open+0x40/0x40 [ 1701.839179][T22953] vfs_get_tree+0x8b/0x2a0 [ 1701.843601][T22953] vfs_kern_mount+0xc2/0x160 [ 1701.848188][T22953] btrfs_mount+0x34f/0x18e0 [ 1701.852710][T22953] ? check_preemption_disabled+0x47/0x2a0 [ 1701.858437][T22953] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1701.863720][T22953] ? cap_capable+0x250/0x290 [ 1701.868309][T22953] ? safesetid_security_capable+0x89/0xf0 [ 1701.874028][T22953] legacy_get_tree+0xf9/0x1a0 [ 1701.878708][T22953] ? btrfs_resize_thread_pool+0x260/0x260 [ 1701.884434][T22953] vfs_get_tree+0x8b/0x2a0 [ 1701.888848][T22953] do_mount+0x16c0/0x2510 [ 1701.893181][T22953] ? copy_mount_options+0x308/0x3c0 [ 1701.898407][T22953] ksys_mount+0xcc/0x100 [ 1701.902650][T22953] __x64_sys_mount+0xbf/0xd0 [ 1701.907248][T22953] do_syscall_64+0xf7/0x1c0 [ 1701.911751][T22953] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1701.917639][T22953] RIP: 0033:0x45d09a [ 1701.921539][T22953] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1701.941147][T22953] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) clone(0x80000, &(0x7f0000000100)="ae40159dbb46132b2804a44afe42d3e004216804b2f991a0f0bd83ca8085c1486ba9bc35f9a002f5bd10562219ad36858d33c9dfec0d940cdf3d4fa57602141983f5d43e23727ab805f3bd17763872ee06827a72d3e2968b3abe73092ec0dec4cb0f1f24a4331faa889ffa4b587ffc12a379327bc3244b930be0e319d57b3aa3b9807ca1cd571af0", &(0x7f0000000040), &(0x7f0000000080), &(0x7f0000000300)="6aafc804a720c872e3d4753a5f94fb493ccfcc48fd37") 04:02:49 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0xf0ffffff7f0000) 04:02:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f00000000c0)='TIPCv2\x00') sendmsg$TIPC_NL_MEDIA_SET(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="18000000", @ANYRES16=r4, @ANYBLOB="010000001100000000001700000004000600"], 0x18}}, 0x0) sendmsg$TIPC_NL_MEDIA_GET(r2, &(0x7f0000000100)={&(0x7f0000000040), 0xfffffffffffffe9f, &(0x7f0000000080)={&(0x7f0000000300)={0x1e4, r4, 0x214, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_MEDIA={0xa8, 0x5, [@TIPC_NLA_MEDIA_PROP={0x14, 0x2, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1c}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1f}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}, @TIPC_NLA_MEDIA_PROP={0x3c, 0x2, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2af}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x4}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x44, 0x2, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0xf3e4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x2e12}]}]}, @TIPC_NLA_LINK={0x70, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfff}]}, @TIPC_NLA_LINK_NAME={0xc, 0x1, 'syz0\x00'}, @TIPC_NLA_LINK_PROP={0x14, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf4eb}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8001}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xffffffff}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x12000}, @TIPC_NLA_PROP_PRIO={0x0, 0x1, 0x18}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7}]}]}, @TIPC_NLA_NET={0x30, 0x7, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x1}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xf5c}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x9a2}]}, @TIPC_NLA_BEARER={0xc, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x1}]}, @TIPC_NLA_MON={0x2c, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xfff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x9fce}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7fff}, @TIPC_NLA_MON_REF={0x8}]}, @TIPC_NLA_LINK={0x48, 0x4, [@TIPC_NLA_LINK_PROP={0x44, 0x7, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x800}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x100}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3ff}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x11}]}]}, @TIPC_NLA_SOCK={0x8, 0x2, [@TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x1e4}, 0x1, 0x0, 0x0, 0x440}, 0x44) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup3(r6, r5, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) r8 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) getsockopt$TIPC_SOCK_RECVQ_DEPTH(r9, 0x10f, 0x84, &(0x7f0000000140), &(0x7f0000000180)=0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:49 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) wait4(r1, 0x0, 0x4, &(0x7f0000000000)) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1701.949558][T22953] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1701.957698][T22953] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1701.965668][T22953] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1701.973631][T22953] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1701.981599][T22953] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:49 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="0500040000003c0000068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:49 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000004c0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:49 executing program 2 (fault-call:0 fault-nth:83): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:49 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$setopts(0xc60a, r1, 0xfffffffffffffffd, 0x100006) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000000)='/dev/autofs\x00', 0x80000, 0x0) ioctl$UI_ABS_SETUP(r2, 0x401c5504, &(0x7f0000000040)={0x9, {0xbe, 0x20000000, 0x401, 0x5, 0x8000, 0x40c3131d}}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$sock_FIOGETOWN(r3, 0x8903, &(0x7f0000000040)) [ 1702.218786][T23201] FAULT_INJECTION: forcing a failure. [ 1702.218786][T23201] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.231430][T23201] CPU: 1 PID: 23201 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1702.239756][T23201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1702.249813][T23201] Call Trace: [ 1702.253115][T23201] dump_stack+0x1fb/0x318 [ 1702.257461][T23201] should_fail+0x555/0x770 [ 1702.261890][T23201] __should_failslab+0x11a/0x160 [ 1702.266831][T23201] ? xas_create+0x1197/0x1910 [ 1702.271505][T23201] should_failslab+0x9/0x20 [ 1702.276030][T23201] kmem_cache_alloc+0x56/0x2e0 [ 1702.280813][T23201] xas_create+0x1197/0x1910 [ 1702.285320][T23201] ? rcu_lock_release+0x4/0x20 [ 1702.290092][T23201] xas_store+0x95/0x1440 [ 1702.294347][T23201] ? xas_load+0x434/0x450 [ 1702.298682][T23201] __add_to_page_cache_locked+0x5f0/0xbf0 [ 1702.304414][T23201] ? workingset_activation+0x2b0/0x2b0 [ 1702.309875][T23201] add_to_page_cache_lru+0x156/0x4a0 [ 1702.315169][T23201] do_read_cache_page+0x216/0xcb0 [ 1702.320198][T23201] read_cache_page_gfp+0x29/0x30 [ 1702.325144][T23201] btrfs_scan_one_device+0x16a/0x450 [ 1702.330428][T23201] ? trace_hardirqs_on+0x74/0x80 [ 1702.335371][T23201] btrfs_mount_root+0x4af/0x1030 [ 1702.340319][T23201] ? trace_kfree+0xb2/0x110 [ 1702.344826][T23201] legacy_get_tree+0xf9/0x1a0 [ 1702.349503][T23201] ? btrfs_control_open+0x40/0x40 [ 1702.354526][T23201] vfs_get_tree+0x8b/0x2a0 [ 1702.358940][T23201] vfs_kern_mount+0xc2/0x160 [ 1702.363534][T23201] btrfs_mount+0x34f/0x18e0 04:02:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_S_PRIORITY(r4, 0x40045644, 0x2) r5 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1702.368056][T23201] ? check_preemption_disabled+0x47/0x2a0 [ 1702.373787][T23201] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1702.379064][T23201] ? cap_capable+0x250/0x290 [ 1702.383708][T23201] ? safesetid_security_capable+0x89/0xf0 [ 1702.389436][T23201] legacy_get_tree+0xf9/0x1a0 [ 1702.394124][T23201] ? btrfs_resize_thread_pool+0x260/0x260 [ 1702.399856][T23201] vfs_get_tree+0x8b/0x2a0 [ 1702.404269][T23201] do_mount+0x16c0/0x2510 [ 1702.404287][T23201] ? copy_mount_options+0x308/0x3c0 [ 1702.404301][T23201] ksys_mount+0xcc/0x100 [ 1702.404314][T23201] __x64_sys_mount+0xbf/0xd0 [ 1702.404328][T23201] do_syscall_64+0xf7/0x1c0 [ 1702.404342][T23201] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1702.404351][T23201] RIP: 0033:0x45d09a [ 1702.404362][T23201] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1702.404367][T23201] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(r0, 0x0, 0x8, 0x0) ptrace$getsig(0x4202, r0, 0x1be7ae2b, &(0x7f0000000040)) socket$inet6_sctp(0xa, 0x5, 0x84) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) connect$rose(r2, &(0x7f0000000180)=@short={0xb, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @null, 0x1, @bcast}, 0x1c) tkill(r0, 0x3c) r3 = dup2(0xffffffffffffffff, 0xffffffffffffffff) connect$unix(r3, &(0x7f0000000100)=@file={0x0, './file0\x00'}, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup3(r5, r4, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) syz_init_net_socket$netrom(0x6, 0x5, 0x0) msgget$private(0x0, 0x600) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1702.404375][T23201] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1702.404381][T23201] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1702.404386][T23201] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1702.404391][T23201] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1702.404397][T23201] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1702.409559][T23201] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (23201) 04:02:50 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890200068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1702.532582][T23082] EXT4-fs (loop0): bad geometry: first data block 1275068416 is beyond end of filesystem (1080) 04:02:50 executing program 2 (fault-call:0 fault-nth:84): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1702.718763][T23401] FAULT_INJECTION: forcing a failure. [ 1702.718763][T23401] name failslab, interval 1, probability 0, space 0, times 0 [ 1702.737021][T23401] CPU: 0 PID: 23401 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1702.745388][T23401] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1702.755447][T23401] Call Trace: [ 1702.758751][T23401] dump_stack+0x1fb/0x318 [ 1702.763090][T23401] should_fail+0x555/0x770 [ 1702.767518][T23401] __should_failslab+0x11a/0x160 [ 1702.772463][T23401] ? getname_kernel+0x59/0x2f0 [ 1702.777240][T23401] should_failslab+0x9/0x20 [ 1702.781755][T23401] kmem_cache_alloc+0x56/0x2e0 [ 1702.786527][T23401] getname_kernel+0x59/0x2f0 [ 1702.791119][T23401] kern_path+0x1f/0x40 [ 1702.795192][T23401] blkdev_get_by_path+0x71/0x270 [ 1702.800139][T23401] btrfs_scan_one_device+0xbd/0x450 [ 1702.805335][T23401] ? btrfs_mount_root+0x477/0x1030 [ 1702.810441][T23401] ? trace_hardirqs_on+0x74/0x80 [ 1702.815374][T23401] btrfs_mount_root+0x4af/0x1030 [ 1702.820314][T23401] ? trace_kfree+0xb2/0x110 [ 1702.824816][T23401] legacy_get_tree+0xf9/0x1a0 [ 1702.829480][T23401] ? btrfs_control_open+0x40/0x40 [ 1702.834497][T23401] vfs_get_tree+0x8b/0x2a0 [ 1702.838906][T23401] vfs_kern_mount+0xc2/0x160 [ 1702.843488][T23401] btrfs_mount+0x34f/0x18e0 [ 1702.847991][T23401] ? check_preemption_disabled+0x47/0x2a0 [ 1702.853707][T23401] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1702.858984][T23401] ? cap_capable+0x250/0x290 [ 1702.863566][T23401] ? safesetid_security_capable+0x89/0xf0 [ 1702.869279][T23401] legacy_get_tree+0xf9/0x1a0 [ 1702.873946][T23401] ? btrfs_resize_thread_pool+0x260/0x260 [ 1702.879666][T23401] vfs_get_tree+0x8b/0x2a0 [ 1702.884076][T23401] do_mount+0x16c0/0x2510 [ 1702.888412][T23401] ? copy_mount_options+0x308/0x3c0 [ 1702.893623][T23401] ksys_mount+0xcc/0x100 [ 1702.897877][T23401] __x64_sys_mount+0xbf/0xd0 [ 1702.902488][T23401] do_syscall_64+0xf7/0x1c0 [ 1702.907001][T23401] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1702.912891][T23401] RIP: 0033:0x45d09a [ 1702.916779][T23401] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1702.936381][T23401] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1702.944785][T23401] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1702.952749][T23401] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1702.960712][T23401] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1702.968677][T23401] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1702.976640][T23401] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 04:02:52 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890300068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:52 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x100000000000000) 04:02:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$capi20(r2, &(0x7f0000000040)={0x10, 0x2, 0x2, 0x81, 0x7fff, 0x6}, 0x10) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:52 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000005c0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:52 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000180)={0x0}) ioctl$DRM_IOCTL_LOCK(r4, 0x4008642a, &(0x7f00000001c0)={r5}) ioctl$DRM_IOCTL_SWITCH_CTX(r2, 0x40086424, &(0x7f0000000000)={r5, 0x4}) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:52 executing program 2 (fault-call:0 fault-nth:85): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) [ 1705.114487][T23407] FAULT_INJECTION: forcing a failure. [ 1705.114487][T23407] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1705.151786][T23407] CPU: 1 PID: 23407 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 04:02:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = syz_open_dev$radio(&(0x7f0000000040)='/dev/radio#\x00', 0x0, 0x2) ioctl$RTC_VL_READ(r0, 0x80047013, &(0x7f0000000080)) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$cont(0x18, r1, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) fsetxattr$security_selinux(r7, &(0x7f0000000100)='security.selinux\x00', &(0x7f0000000140)='system_u:object_r:auditctl_exec_t:s0\x00', 0x25, 0x2) r8 = dup3(r6, r2, 0xc0000) dup2(r3, r5) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 1705.160172][T23407] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1705.160179][T23407] Call Trace: [ 1705.160202][T23407] dump_stack+0x1fb/0x318 [ 1705.160221][T23407] should_fail+0x555/0x770 [ 1705.160243][T23407] should_fail_alloc_page+0x55/0x60 [ 1705.187465][T23407] prepare_alloc_pages+0x283/0x460 [ 1705.192583][T23407] __alloc_pages_nodemask+0xb2/0x5d0 [ 1705.197868][T23407] ? rcu_lock_release+0x26/0x30 [ 1705.197889][T23407] alloc_pages_current+0x2db/0x500 [ 1705.197903][T23407] __page_cache_alloc+0x7d/0x1e0 [ 1705.197916][T23407] do_read_cache_page+0x1f8/0xcb0 [ 1705.217886][T23407] read_cache_page_gfp+0x29/0x30 [ 1705.217900][T23407] btrfs_scan_one_device+0x16a/0x450 [ 1705.217913][T23407] ? trace_hardirqs_on+0x74/0x80 [ 1705.228102][T23407] btrfs_mount_root+0x4af/0x1030 [ 1705.228125][T23407] ? trace_kfree+0xb2/0x110 [ 1705.228143][T23407] legacy_get_tree+0xf9/0x1a0 [ 1705.228151][T23407] ? btrfs_control_open+0x40/0x40 [ 1705.228165][T23407] vfs_get_tree+0x8b/0x2a0 [ 1705.228178][T23407] vfs_kern_mount+0xc2/0x160 04:02:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() r1 = getpgid(0xffffffffffffffff) ptrace$cont(0xc06550107d258cb7, r1, 0x80000001, 0x80000000) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) socket(0x12, 0xa, 0x3) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) r2 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm-control\x00', 0x400000, 0x0) sendmsg$inet6(r2, &(0x7f0000001840)={&(0x7f0000000180)={0xa, 0x4e20, 0x8000, @ipv4={[], [], @broadcast}, 0x5}, 0x1c, &(0x7f00000016c0)=[{&(0x7f0000000380)="e077a897d1658db8560f88b1f630133857d3a3e54da8f58f851ac2e725cf0699e1c537f5d1872e2b3095b1d4f2fd41dea86e7df72d7d0ff9e467dc625f27d09bff15b4447305e3a26e46646b3d5e38030be9619c", 0x54}, {&(0x7f0000000400)="aae6b2c6414141d4268d88747f0ce5efd5fc7334615404929a941e7b9ae1b536848c56c5d79a0ad8d59dd3a807972b578f67cca043bc44a353c394140931537fbe6b04bfa1ebee21d2e520ca3bd021b5bae86cb0b05a69779e342541b71461f41197207db35a2a36d9a3de065de76f8484d9d21a93dcb4d08cc3ae924c1d51205c80abe3511b6f03bafa289774cfc1e15533215e553fb4f3b55d5f4ac15f5887c3d8ed6fc8c57cff5b75f3df8750131331c8e77ae1d254ea26f969d24fe88ef83ad99bef3eb81877a5f61a47fac10486e96119553c2f1e7d889a1d3d543d2ab343b5894308", 0xe5}, {&(0x7f0000000500)="e0706644446bd69296c02f4dd582fb1f4fed32f682579e1221c0e669357db0b679381b1b360ba6978a6eb80e70113dc3c7a65813697d14c106b075ad79b7c9d3087e94110dae3a6f59f24389cbb74a192282f9147335c3aaab75faeb6abfd1b5103f9e1e0cd371f9c18ace7f9ea0d4a08f4aad1dba3187ab", 0x78}, {&(0x7f0000000580)="636b44d836bd04031f36a74c95e26d73d2590715ac717ec469b680eb57830d9c5f9a782f2547249f8c8b869725998e3fa5e9d3c04c38f9ac3ee7f3621a2e9356abc89dba63916751818682f719a09a76ef578095a795986acce168d68db82706a968e02364432fa80c0020eb0865a3036d54eac191b9e3592f312ccbef0888f67c80867e9e3186ec2b4a8a9ce3c31b8b02091cf8ed483a5639ed7ccb027e120da98366264fffc796cac8e8e55669304998606690e80d4cdb0168df01351ca5309f344018d6a48cde4de4f0ac3ff19c6249a076f8a77c77fb8b3e8bbe3354c0cea5e8f287e51837373e8778196619f2d96529c8f8d5c0f9a03b5c19b91cdf745010c1e075fa2e17be2c2a9f215ca72f2e6cb870d672cadb809e01ebded12239334b6d63dfeb494426cb00e1d87bbe50ade01bde1b83e9dc39a9bede0556909e4ee190d8f5923259c4e80e08a81c039b43060531155998b6a90996e77609b1c0172a4981b76e4b739ec7b451ec5b668a4199851cb1af27f1c2f4295141478910865488c4ed7c8ce27bcdfef20e20222ae74bbb357a34fc90d0ae8ba3115fbcb08a53c7851c54633b19de8a0090fdca668dee7bd7504c486899e6b256e01f2f041f875178de36df2894d6c26c65eb9735fa6ccf52bda071c1ca338b0fa3eff57ae06ab206efd918e2bb40f7141d54f4830ea328e311d7d34a2eba95258b3a26005c0fe2da7f710ddc14d74602b0438a9782c121fea43da1862b27aa3e60280d1cdda8248244dff15eed8d4c3b5b37c365c2fe02b77d016e43589a01c48c83f1b83c18a0ed932cc388fa467c30d7c7e15e1eed82647885dcdf767e1995b364170effaf4ade67d25e9cd5dfb1e27c5977249270315e2e28ec0fdd5548a0a8706803eadc11b542f8d4c67e4d7bc176dbd6c8b5702848102676392062c0600d3cb478d5afe976990b9b4e12563083bcb1fa329fe2d45c2db1ecce08fb46618d4825d110f5cf9e3b937bf17599079e5f46c233717472130a97193858c5028e5b6d748db27bf34df1ee275eed14bd27f2670a807de987aaf437136e1ca9bdc2179c67012c910a4e33119e6a14f6a37b7bf46b7098bc7573c38dbde9dd7db74838cde9ba37b6013ad548ca80d40f18577e52c46f667d1f1c2ac056ecea2c180b6eaff7910baaf0899d9539a581df121a2ba576ca1d65e098c2542564c3575f354cb63b326ee0cef75fa69c9b0ca11d3af25b93467ab71f215132adde3ad6cb8fb39e92aa6f00d4114a776c13dade37201b66c116e405ba2d382cd40e703c2b8117077924aa46481edb437f3a212e6b697d10d7f77fdbe1fecf31c14457a83da78c6d72115ce9638bca79258b95bd4d32bdf4d3676b9512804e63853de59eeb48e6e8564988fa39608f967a940656b810ae7e985bd96eb16d82ed7ff70d79b7cf87ae1795d4456fa3fe58732c4ca7a94dc0e103f4f0a8695a9b7c7a3850c74d849aabf98af8ea3454a9a2b652bfa0e91c33d003e4270609bfda470a94b4601ebb4774cda4da18840ef642a3122ce141365f62330635348e026070e0686017059e5452a6d2da003f6009cf303a3c0a591079d74ebef390df7234012dc8c2b6df7e63ff7870ee9e3a630142909b6c871226c6760354a972b85213b8bbc5addba2c4a40d1ffd2e85f34e59fbb4cf55ec6c0348f96697122caac1a3b822f6b83bc41fcd941ed6a6c9ba49d12ece9724098bba00039204828e4892b3b78802e0de5df5a326f8bd437d4b5479222a038b61606223bcb10cb9b043498605cf9af7c7b7c54d63f76d0bc3e44a781d3b914e3dfc748181e1b777a8a29d55eb267c2892083796e5b313eabf47a5ee166defd15765acca5dde6bff6afd3eebc3da0e17c12e458aa75eb5601a53faad02a6f7a87188112251f44a8e61c3784609b1bfbbe9a458d2c76360973f82c213ffdbf55e03928192bfc23e8e4f7402edc7b80eb7f35292de63928575f5cab4baff8102d7da0e5ed0276edfee0dbb6424572f7bc7849280d6be080fff9afb55e74d5e3ca5bff6ce6a1bd73d620f1db5a27f607726b422b9ba842bd577e023096840532e97d676b67b61da998ec6ea0b7b7f0c086eef983e5893ae020557a0920920ca63e018ff795c643cddc3feab83814d319a3fb6e277699ce15b5202ce1e8d053ff1c9623134d6255a7649ecc2b47c3962933a8ce588e1f3933ea1db346c167a76bc3975c5c62c6a4c1ea9fd4095087354538dbd9f4b9520a6666538ca8cd56657e164d0d2ddc4220337231187d5e82dfab37160410fbf3ae7c890fd04c1d0ba36fe676437653ad6bb5408009a1d3f8d372bbcab882d2c8c4aba28c3a31ea4a31a77afa1108663e148b98b7fb4a5fcc4933562f69655d29ecc48f7721cb2a7c7695c5c08bbf2e209c43e438e9c5cc6c7b5bf54aa5e4a2010edb13da16f2784d3b99c8180c59c9008431e655752580b960816e57754d9b5f3d1c838c82aeb4e0c1a788f80165fb55ce85774bda9b44ac4e5773f83dca4867c616b62b64c057f351d8687acba2b71cf34f387fcc472d7affcf82c8e82fec9f5fb0140033593e24ad1869cc546e58c73f816cde96de8239e7d579a966b69ec2527909cf452b9b83376dfb4ee1fc307462d6017a9825191a5004fa81c961f40bb900efb075c00f323bf48f06dd4c291a1f25f71329a5aadf7365f91709cce4aede9a6134fa58834ac7c09822158528b0bf74a2425028fe17fb13239dee69b2ec197a8d4df7962a8a2bc3ca7ea07b8a7c7e95aa9bbeb62bb5987244601608eb946695c7dc650af5ca1bd13c2e72cf00ae24e7c01b1a45def3ce2718fd412a300228eb913300b0d578c98dff1f3d6250124d2bfd5f42d4e437d87e1fd2200ec1ebe6be7f170129101a9018a37355146bf5eb9c47b806bef84e0ad433baa6574b09ca4acd3ab062db22add93cea244fd5fa38f8ac82b0eb112ef533f7634049e793a76fd6e6d7b7709ee025d6f9910c8cd2902eb8e4778d307e9ceb69697658860e9a27f62e6c80f57d196cab2d9516c459b32d9fbbdbcd83a55b6f9d5d6f6b6b525df933ba59fb0d523b36fd45736c938970c93a354e4aefb89000ac6226ced7332715d83efb2d7f6396016020cbbaabe31f8baba5bb4618fa2552d9ce8f9c7f38e8f7958ae7dbc1cf257ee897e669b64759b725c18e48f3d93cc79bf4b14597c559d773fa5cf480009b491129f5a758548db1938c8d608d2ebc2fad58748a8c3cd6cca32f2a6d415addae3eab814e3f6e2fcaf768ecdd959b668553595807156ad10f766eaa7f0c33e7c2fc30047f67df3bb0a03260411c3ba40c20b237cfaf1316bc753f2175cbd2c67e2bf8c94bafb6192eaba1821c63cee6541e04b3d96442f9464a2db4cf809246f556351c2d75895dd297c27589fbf53c9c35834d81a62419d72dc31509e230bdb53bf1bbc822aae3cac7ca98ec24f527b4d0640c022ee6028a888f50d9de17268b5f8e5e57433a09289060540447cf7880833982cfc654e40f4c2175ca8854feb469b71ab8b68e5ee01abf2082ab35351e85e264cb1884e1bafc202a0183cb99d4f9a179da06474a0c29d4235b1c7b23cee6ff93a88371cf1b0f8b22a7eaa8e2769e5dd40ef70ad2716851e54622d9cd220e54b47cd2a603f7a75c63d297a16ca2b3c61868b54a52a12a80a47972da5b00b03d6a447180badcf3b0f335c9e5c9a32b6e1497d1ec3f141bc80405bda440e6505bf79b2786649835bcda9236f3d799d773191fdf5fdf40fe40dcbd1d8b667ab00c8c57273fd41b1d583540aca9ce798669d3238bdf1cb659debe2638d764a5187c3ba35bda0abab1af82097b151afeae716088e4bf04bb7f000c91486af28ff4c5e6e455ed520f56fcf15971513c13ae28405719898283cb17eef96fd3c49c01c912761b1487929a74aa3dd4e67c3264094ef854994e1bf03a7b09ba23dc46471070410d2d6d123b150192bea27c93efa2ba3f9ba30d7ac0cad13b92100bcc452dfa4337e00267fc502db7154858a5c9e4be6ab42c5d39b9259567abd478f8a7651bb02e1f21d6ab7785248a1e136c2ab5e4c2a90f425e59712180547605770b9fe8a0d4a8b8e233362555608b428f91e19a36f957516bf1128a603dad793af32f7a3e7aa05f45afa8cfd8f0f54e62aac47bf43662e0845d7d99518c50b5ff2bce298236929b91e58b448a090f55909de1c7db5964f8b66c33cbe5d8616928f3625ad4dbee055ed933cf9d238f6058b500e35c7da3bff9d1cc76ed4ebdfd61a6fba9f67b2350a056e021d12a1d98f08dcd813510fedf5f5d3350df32fc9b4c96600b7dee5713d69b51044910d0bf2bc4a577c38b1645fd829f29496227230fcd726270947fb2499c3685599090c465735fd6a0d196d01d272ce2d8fc5a56ee983ebfc6ff95e74959d327293345a962aa113f11f7781b4baaced2a1afbddcfa6bbe6e7834682a41d97c190c3946ec93c4dfaeefaba72a2134288c583f2dbd40d4465e6cdd0d4ef8c864f512119a403d011b883f88cd4189d6442232b35bf60e901508fd74f13fd43550b3633745f3d15d3055fb6e65a6b759f981022e49f5a5ec957cef51cdfd3e6336d5f2e9b00b30ac1c722a34ab2f03afb5e0ed2889fa105541681a8c41cecd42071d23871d2783cb8a1f25d587d9ba8f05065ab89eb2b17cb960ed1f2bb9810edf3ccbe44dfb49ce06f8f03cf30282d6a7e24cb41360a3e1bb89dda0ed25acea73f8aaaa9e4ad1281dc97c0a17037d518b3fe53d652cc63e85c5f1c569297a81d16ac7bf688ccae7e73704604db1e783c4dce14d0f8be0832a624c4f549a4660bc5181442c41bcad15fdfa2b31d2eb0cbab7bb2c350331c1bf22e6dfae0f167161dfa19087d3873592b102993a36f81e6dcca0f68a92f7922ccbb64eaa93fcf16b78bc40c6c820b484d7a1fcc74f995566d107d94cbcff6145e12aa42757e9ed8f4ee18d60d9879776cc7636a329fe50eda7039062eafe60165afcda93f0debc6f9ee1d266eca4d4d135ae7d7cd62c4aeb6899743d0c4341e50c45b86129cf35d38f1f6a0e2f50933484ca4207d215c4cac5153d5d76feac18ebc4de3241ebb6a64505dc147c25b4d508077160d6f77961613758a80fe1ccc204349f6ac75a5d736c69f2c655aa83cfcae6e094b886ade2a09dc44ab5132af355155b74145d38880dfdc1fc2b5085faeded6295422ce599f5c3b8773c0f2f0f969279dd7b7f219214484be0aa86819860047dafcb2643543acbfbf7666bb5e569a0a8808380db45870ff6afed4d08c13ec33e59f64ebbc40d286a1dc123ef22fd0c1a270929056e730a5ec5e071cf00259cc1ce489c0279d78e1f4ab1bddde5e3a97375abf253560fb8ade09ffc19e855e3ca2c1dd712dea2423dd8758cb9edceba9fbd511b8cfe4eafef780e698397e07abb6f1873c8c6d5ad595fb40be61023e6884f46355c9acdaec5389e131b1e3310600d45f191a7836d9fc634d1771cef9459402e28fe9694f854702bcb6bebf7d9cc7915466f63de14f8b587d253f4acea029a25c755eaae94ebbf84732a13e382086e06faf52ad4c21122a01d0c1fc89eca88323ca0de349061f358541ce87b90a97d5add0a517741ad78b6e91c578a256da72a5cf7ae1bea2488b25e42ecf9c9fe5a680745b826d40f729060676b1d7e17c8a066fb1d555144abda6e39dd1d283dfd1215d3bd199f4f61f7a230f1e7054ad0d4c9fdd22b7805e2c1e7409ef88ce3aa7dba502ff6f63340d82218d5ae949e6e190f329", 0x1000}, {&(0x7f0000001580)="8f6093a11819fcb71ef46a6725df627ecac677faf64c284920349060307b8631e32d74b82b2865a99b23d972303ae6e01b", 0x31}, {&(0x7f00000015c0)="9661b1da460dbf261208965d48c7b19a2bcbb6d112f7c79045720193560c36db07831a03ae6385b29ee73381318061b16e8befee1d4bfea822affdbf262ae308c05d8c1c45a49cd913a30a0d68d5854e2141749ffa17fbbae02159d3861e52526112d1afb70c7b84066bb6a1803133aa8e73e7aca262dc83fa84be034e99bed41a802453e02a7a09f53b5f8d03ad3165b5558701369e585f0f0d10dd870ab097dc07f96f5b96c33a7e805657ff9e8794a90f664a50607282e389e276f7c5e77dcaa4f910d772b590fd72fed96208de0f35798dcfe84bcc4d34fb3f510da19f85d1e9db", 0xe3}], 0x6, &(0x7f0000001a00)=ANY=[@ANYBLOB="f00000000000000029000000360000002c1a000000000000000100050200020738000001010c02ff01050000000000000005000000000000003f000000000000000200000000000000f506000000000000040000000000000007100000000802d7010005000000000000000401070105000000000005021000815b94ecf2648df0a5beb6524a7c0771b5ecf71c1b9708a2dca6e4232fa6a1d642d51012dfae98410c7272c2e8ba41f9fe5773f55c14114efed83b2ee4d279fc95cb5f1352a1ab3450daccb6415c72b7057ef3623e422f845968654358050203ffc910fe8000000000000000000000000000bb000000005dfcc6be1159f66aecc25bafc6ffe44b315c4da7faeb2ca3f8a4df9e8cbda06fe750d02aee6fc04fc5473c539f35d6dd3c477f1449869d2c9a4e6560ae91f045c99dc08d6ed409941c5f1617bec0f4f708a39a782b7022a67ac3c0f1c39671ba23093160dd4b72f8b7a434cfc4ab480e91a8b14fca8b34679894be4c12"], 0xf0}, 0x24005045) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup3(r4, r3, 0x0) r6 = syz_open_dev$mouse(&(0x7f0000000040)='/dev/input/mouse#\x00', 0x9, 0x8000) ioctl$VIDIOC_DQBUF(r6, 0xc0585611, &(0x7f0000000100)={0x1, 0xc, 0x4, 0x1, {0x0, 0x7530}, {0x4, 0x2, 0x1, 0xb1, 0x6a, 0x4, "27fd4420"}, 0x6, 0x68e5c3d7a61c9367, @offset, 0x4}) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCDELRT(r9, 0x890c, &(0x7f0000001980)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0x4e23, @loopback}, {0x2, 0x4e21, @loopback}, 0x2a, 0x0, 0x0, 0x0, 0x4, 0x0, 0xc, 0xffffffff, 0x9}) r10 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001900)='/dev/dsp\x00', 0x80040, 0x0) write$P9_RXATTRWALK(r10, &(0x7f0000001940)={0xf, 0x1f, 0x1, 0x8001}, 0xf) ioctl$SNDRV_SEQ_IOCTL_GET_QUEUE_CLIENT(r2, 0xc04c5349, &(0x7f0000001880)={0x1, 0xffff, 0x9}) ioctl$sock_rose_SIOCDELRT(r8, 0x890c, &(0x7f0000000300)={@dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, 0x3, @default, @rose={'rose', 0x0}, 0x4, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]}) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1705.261153][T23407] btrfs_mount+0x34f/0x18e0 [ 1705.265669][T23407] ? check_preemption_disabled+0x47/0x2a0 [ 1705.271403][T23407] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1705.276686][T23407] ? cap_capable+0x250/0x290 [ 1705.281277][T23407] ? safesetid_security_capable+0x89/0xf0 [ 1705.287136][T23407] legacy_get_tree+0xf9/0x1a0 [ 1705.291831][T23407] ? btrfs_resize_thread_pool+0x260/0x260 [ 1705.297671][T23407] vfs_get_tree+0x8b/0x2a0 [ 1705.302089][T23407] do_mount+0x16c0/0x2510 [ 1705.306437][T23407] ? copy_mount_options+0x308/0x3c0 [ 1705.311646][T23407] ksys_mount+0xcc/0x100 [ 1705.315893][T23407] __x64_sys_mount+0xbf/0xd0 [ 1705.320508][T23407] do_syscall_64+0xf7/0x1c0 [ 1705.320524][T23407] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1705.320534][T23407] RIP: 0033:0x45d09a [ 1705.320545][T23407] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1705.320550][T23407] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1705.320560][T23407] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1705.320565][T23407] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1705.320571][T23407] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1705.320580][T23407] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1705.334837][T23407] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1705.365699][T23410] EXT4-fs (loop0): bad geometry: first data block 1543503872 is beyond end of filesystem (1080) 04:02:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_open_dev$media(&(0x7f00000004c0)='/dev/media#\x00', 0xfffffffffffffffe, 0x4daa1a437fd127c0) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:53 executing program 2 (fault-call:0 fault-nth:86): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:53 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890400068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = accept$netrom(r1, &(0x7f0000019b00)={{0x3, @bcast}, [@netrom, @default, @bcast, @bcast, @null, @bcast, @default, @netrom]}, &(0x7f0000000440)=0x48) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r2, 0x660c) r3 = gettid() r4 = syz_open_dev$admmidi(&(0x7f0000000040)='/dev/admmidi#\x00', 0x6, 0x24000) sendmsg$rds(r4, &(0x7f0000000ac0)={&(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x37}, 0x10, &(0x7f00000003c0)=[{&(0x7f0000000100)=""/132, 0x84}, {&(0x7f0000000300)=""/175, 0xfdbb}], 0x2, &(0x7f0000000880)=ANY=[@ANYBLOB="480000000000000014010000010000002000000000020000", @ANYPTR=&(0x7f0000000400)=ANY=[@ANYBLOB='\x00'/11], @ANYBLOB='\v\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000480)=ANY=[@ANYPTR=&(0x7f0000000b00)=ANY=[@ANYBLOB='\x00'/102400], @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="010000000000000064000000000000007116000000000000580000000000000014010000080000000400000000000000", @ANYPTR=&(0x7f00000004c0)=ANY=[@ANYBLOB="0400000000000000"], @ANYPTR=&(0x7f0000000500)=ANY=[@ANYBLOB="ff01000000000000"], @ANYBLOB="00fcffffffffffff0004000000000000070000000000000040000000000000001000000000000000953b000000000000580000000000000014010000060000000500000001040000", @ANYPTR=&(0x7f0000019b80)=ANY=[@ANYBLOB="0600000000000000ecbddeb36d8ab0c1bf00711fef15dcccf7ecca994bd654722eea1557b81257bfe0"], @ANYPTR=&(0x7f0000000580)=ANY=[@ANYBLOB='\b\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="00800000000000000400000000000000040000000000000004000000000000000000000000000000000000000000000018000000000000001401000002000000ff7f00000300000030000000000000001401000003000000", @ANYPTR=&(0x7f00000005c0)=ANY=[@ANYBLOB='\x00'/137], @ANYBLOB="8900000000000000", @ANYPTR=&(0x7f0000000680)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="450000000000000030000000000000001401000003000000", @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYBLOB='\x00'/113], @ANYBLOB='q\x00\x00\x00\x00\x00\x00\x00', @ANYPTR=&(0x7f0000000740)=ANY=[@ANYBLOB='\x00'], @ANYBLOB="0200000000000000580000000000000014010000080000000600000001000100", @ANYPTR=&(0x7f0000000780)=ANY=[@ANYBLOB="0100000000000000"], @ANYPTR=&(0x7f00000007c0)=ANY=[@ANYBLOB='\a\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="fffffeffffffffff01000000000000000600000000000000050000000000000000000000000000000500000000000000580000000000000014010000080000000000000000040000", @ANYPTR=&(0x7f0000000800)=ANY=[@ANYBLOB="0600000000000000"], @ANYPTR=&(0x7f0000000840)=ANY=[@ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], @ANYBLOB="0400000000000000000800000000000011ffffffffffffff910e000000000000460000000000000050ce000000000000"], 0x220, 0x8000}, 0x80) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x3c) ptrace$cont(0x18, r3, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) [ 1705.562488][T23636] FAULT_INJECTION: forcing a failure. [ 1705.562488][T23636] name failslab, interval 1, probability 0, space 0, times 0 [ 1705.575146][T23636] CPU: 0 PID: 23636 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1705.575154][T23636] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1705.575158][T23636] Call Trace: [ 1705.575181][T23636] dump_stack+0x1fb/0x318 [ 1705.593559][T23636] should_fail+0x555/0x770 [ 1705.605593][T23636] __should_failslab+0x11a/0x160 [ 1705.610548][T23636] ? xas_create+0x1197/0x1910 [ 1705.615226][T23636] should_failslab+0x9/0x20 [ 1705.619734][T23636] kmem_cache_alloc+0x56/0x2e0 [ 1705.624505][T23636] xas_create+0x1197/0x1910 [ 1705.629049][T23636] ? rcu_lock_release+0x4/0x20 [ 1705.633829][T23636] xas_store+0x95/0x1440 [ 1705.638077][T23636] ? xas_load+0x434/0x450 [ 1705.642404][T23636] __add_to_page_cache_locked+0x5f0/0xbf0 [ 1705.648162][T23636] ? workingset_activation+0x2b0/0x2b0 [ 1705.653626][T23636] add_to_page_cache_lru+0x156/0x4a0 [ 1705.658912][T23636] do_read_cache_page+0x216/0xcb0 [ 1705.658929][T23636] read_cache_page_gfp+0x29/0x30 [ 1705.658941][T23636] btrfs_scan_one_device+0x16a/0x450 [ 1705.658955][T23636] ? trace_hardirqs_on+0x74/0x80 [ 1705.668889][T23636] btrfs_mount_root+0x4af/0x1030 [ 1705.668912][T23636] ? trace_kfree+0xb2/0x110 [ 1705.668927][T23636] legacy_get_tree+0xf9/0x1a0 [ 1705.693181][T23636] ? btrfs_control_open+0x40/0x40 [ 1705.698206][T23636] vfs_get_tree+0x8b/0x2a0 [ 1705.702624][T23636] vfs_kern_mount+0xc2/0x160 [ 1705.707212][T23636] btrfs_mount+0x34f/0x18e0 [ 1705.711725][T23636] ? check_preemption_disabled+0x47/0x2a0 [ 1705.717447][T23636] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1705.722735][T23636] ? cap_capable+0x250/0x290 [ 1705.727323][T23636] ? safesetid_security_capable+0x89/0xf0 [ 1705.733042][T23636] legacy_get_tree+0xf9/0x1a0 [ 1705.737719][T23636] ? btrfs_resize_thread_pool+0x260/0x260 [ 1705.743437][T23636] vfs_get_tree+0x8b/0x2a0 [ 1705.747857][T23636] do_mount+0x16c0/0x2510 [ 1705.752192][T23636] ? copy_mount_options+0x308/0x3c0 [ 1705.757392][T23636] ksys_mount+0xcc/0x100 [ 1705.761632][T23636] __x64_sys_mount+0xbf/0xd0 [ 1705.766224][T23636] do_syscall_64+0xf7/0x1c0 [ 1705.770729][T23636] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1705.776615][T23636] RIP: 0033:0x45d09a [ 1705.780506][T23636] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1705.800106][T23636] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 04:02:53 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000600100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) [ 1705.808518][T23636] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1705.816507][T23636] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1705.824475][T23636] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1705.832444][T23636] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1705.840410][T23636] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1705.856511][T23636] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (23636) [ 1705.948729][T23645] EXT4-fs (loop0): bad geometry: first data block 1610612736 is beyond end of filesystem (1080) [ 1706.050290][T23747] EXT4-fs (loop0): bad geometry: first data block 1610612736 is beyond end of filesystem (1080) 04:02:55 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890500068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:55 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x400000000000000) 04:02:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) ioctl$PIO_FONTRESET(r3, 0x4b6d, 0x0) 04:02:55 executing program 2 (fault-call:0 fault-nth:87): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:55 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000680100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:55 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = accept4$llc(0xffffffffffffffff, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random}, &(0x7f0000000040)=0x10, 0x80000) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000080)={'vxcan1\x00'}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1708.162246][T23753] FAULT_INJECTION: forcing a failure. [ 1708.162246][T23753] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1708.175481][T23753] CPU: 1 PID: 23753 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1708.175489][T23753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1708.175492][T23753] Call Trace: [ 1708.175511][T23753] dump_stack+0x1fb/0x318 [ 1708.175526][T23753] should_fail+0x555/0x770 [ 1708.175544][T23753] should_fail_alloc_page+0x55/0x60 [ 1708.175555][T23753] prepare_alloc_pages+0x283/0x460 [ 1708.175568][T23753] __alloc_pages_nodemask+0xb2/0x5d0 [ 1708.175586][T23753] kmem_getpages+0x4d/0xa00 [ 1708.175600][T23753] cache_grow_begin+0x7e/0x2c0 [ 1708.230991][T23753] ? cache_alloc_pfmemalloc+0x1e/0x1a0 [ 1708.236459][T23753] cache_alloc_refill+0x311/0x3f0 [ 1708.241489][T23753] ? check_preemption_disabled+0xb7/0x2a0 [ 1708.247218][T23753] kmem_cache_alloc+0x2b9/0x2e0 [ 1708.252072][T23753] ? getname_kernel+0x59/0x2f0 [ 1708.256921][T23753] getname_kernel+0x59/0x2f0 [ 1708.256932][T23753] kern_path+0x1f/0x40 [ 1708.256942][T23753] blkdev_get_by_path+0x71/0x270 [ 1708.256957][T23753] btrfs_scan_one_device+0xbd/0x450 [ 1708.256966][T23753] ? btrfs_mount_root+0x477/0x1030 [ 1708.256977][T23753] ? trace_hardirqs_on+0x74/0x80 [ 1708.256990][T23753] btrfs_mount_root+0x4af/0x1030 [ 1708.257009][T23753] ? trace_kfree+0xb2/0x110 [ 1708.257024][T23753] legacy_get_tree+0xf9/0x1a0 [ 1708.257031][T23753] ? btrfs_control_open+0x40/0x40 [ 1708.257044][T23753] vfs_get_tree+0x8b/0x2a0 [ 1708.257057][T23753] vfs_kern_mount+0xc2/0x160 [ 1708.257068][T23753] btrfs_mount+0x34f/0x18e0 [ 1708.257084][T23753] ? check_preemption_disabled+0x47/0x2a0 [ 1708.257098][T23753] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1708.257106][T23753] ? cap_capable+0x250/0x290 [ 1708.257120][T23753] ? safesetid_security_capable+0x89/0xf0 [ 1708.313958][T23753] legacy_get_tree+0xf9/0x1a0 [ 1708.313972][T23753] ? btrfs_resize_thread_pool+0x260/0x260 [ 1708.313986][T23753] vfs_get_tree+0x8b/0x2a0 [ 1708.313999][T23753] do_mount+0x16c0/0x2510 04:02:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = dup(r5) r7 = socket$inet_icmp_raw(0x2, 0x3, 0x1) mmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xa59cdb891f7865cb, 0x80010, r3, 0x9d047000) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) mmap$usbmon(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x1000000, 0x2811, r8, 0x3) ioctl$VIDIOC_ENUM_DV_TIMINGS(r6, 0xc0945662, &(0x7f0000000300)={0x1, 0x0, [], {0x0, @reserved}}) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$capi20_data(r8, &(0x7f0000000480)=ANY=[@ANYBLOB="1000051bff849cff00f8ffff000000fb004300d9070000000000000094e182a93b8005339285a3835b46869864186adeb68d6d1cb913fcdd7dbd76d1218f5ee4d64cf33a3973a22408cbb933151fa34e6acdf1962bcd45dab7a6050000000000000054b7d5df6c33e2bb40dbe3b271da96ca385aae4dcb8c6e653fbd6ca5f93e7fef1e892097678d32987bf9d975fe264301ae0270fb0a3d2fe640b5321d84d1becc5a470b2be42fd9"], 0x55) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x3, &(0x7f0000000080)='-{\x00', 0x0}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r4, r6, 0x0, 0x13, &(0x7f0000000040)='.vboxnet0selinux^%\x00', r9}, 0x30) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1708.314015][T23753] ? copy_mount_options+0x308/0x3c0 [ 1708.314026][T23753] ksys_mount+0xcc/0x100 [ 1708.314037][T23753] __x64_sys_mount+0xbf/0xd0 [ 1708.314052][T23753] do_syscall_64+0xf7/0x1c0 [ 1708.314068][T23753] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1708.314077][T23753] RIP: 0033:0x45d09a [ 1708.314089][T23753] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 04:02:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) setsockopt$SO_J1939_FILTER(r5, 0x6b, 0x1, &(0x7f0000000040)=[{0x3, 0x1, {0x0, 0xff, 0x2}, {0x0, 0xf0, 0x206aa1368430027e}, 0xfe, 0xff}, {0x3, 0x1, {0x1, 0xff, 0x6}, {0x2, 0x1, 0x3}, 0x2, 0xfe}, {0x1, 0x0, {0x6, 0x1}, {0x2, 0xf0}, 0xfe, 0x2}, {0x1, 0x1, {0x3, 0x0, 0x4}, {0x2, 0x0, 0x1}, 0xff}], 0x80) [ 1708.339832][T23753] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1708.383260][T23753] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1708.383267][T23753] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1708.383273][T23753] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1708.383279][T23753] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1708.383285][T23753] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1708.386622][T23753] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (23753) [ 1708.457831][T23763] EXT4-fs (loop0): bad geometry: first data block 1744830464 is beyond end of filesystem (1080) 04:02:56 executing program 2 (fault-call:0 fault-nth:88): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:56 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890600068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:56 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0000000000006c0100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) clone3(&(0x7f0000000400)={0x10000, &(0x7f0000000040), &(0x7f0000000080)=0x0, &(0x7f0000000100), 0x4, 0x0, &(0x7f0000000140)=""/23, 0x17, &(0x7f0000000300)=""/235, &(0x7f0000000180)=[0xffffffffffffffff, 0x0, r0], 0x3}, 0x50) ptrace$setopts(0x4200, r1, 0xfffffffffffffffe, 0x80000) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000480)='/dev/udmabuf\x00', 0x2) r4 = dup3(r2, r3, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(r5) r6 = socket(0x40000000015, 0x5, 0x0) close(r6) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) connect$inet6(r7, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f0000000180)=0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000000)={r8}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_RTOINFO(r5, 0x84, 0x18, &(0x7f0000000140)={r8}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDR_INFO(r4, 0x84, 0xf, &(0x7f00000004c0)={r8, @in6={{0xa, 0x4e22, 0x0, @remote, 0x80000000}}, 0x96, 0x80000000, 0x1f, 0x8, 0x7}, &(0x7f0000000580)=0x98) setsockopt$inet_sctp_SCTP_RESET_ASSOC(r4, 0x84, 0x78, &(0x7f00000005c0)=r9, 0x4) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 1708.703490][T23982] FAULT_INJECTION: forcing a failure. [ 1708.703490][T23982] name failslab, interval 1, probability 0, space 0, times 0 [ 1708.728461][T23982] CPU: 1 PID: 23982 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1708.736832][T23982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1708.746893][T23982] Call Trace: [ 1708.750195][T23982] dump_stack+0x1fb/0x318 [ 1708.754536][T23982] should_fail+0x555/0x770 [ 1708.758963][T23982] __should_failslab+0x11a/0x160 [ 1708.763914][T23982] ? kzalloc+0x26/0x40 [ 1708.767988][T23982] should_failslab+0x9/0x20 [ 1708.772488][T23982] __kmalloc+0x7a/0x340 [ 1708.776642][T23982] kzalloc+0x26/0x40 [ 1708.780532][T23982] device_list_add+0xd69/0x1980 [ 1708.785390][T23982] btrfs_scan_one_device+0x2f7/0x450 [ 1708.790677][T23982] btrfs_mount_root+0x4af/0x1030 [ 1708.795619][T23982] ? trace_kfree+0xb2/0x110 [ 1708.800126][T23982] legacy_get_tree+0xf9/0x1a0 [ 1708.804797][T23982] ? btrfs_control_open+0x40/0x40 [ 1708.809816][T23982] vfs_get_tree+0x8b/0x2a0 [ 1708.814235][T23982] vfs_kern_mount+0xc2/0x160 [ 1708.818821][T23982] btrfs_mount+0x34f/0x18e0 [ 1708.823331][T23982] ? check_preemption_disabled+0x47/0x2a0 [ 1708.829060][T23982] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1708.834343][T23982] ? cap_capable+0x250/0x290 [ 1708.838933][T23982] ? safesetid_security_capable+0x89/0xf0 [ 1708.844653][T23982] legacy_get_tree+0xf9/0x1a0 [ 1708.849329][T23982] ? btrfs_resize_thread_pool+0x260/0x260 [ 1708.855048][T23982] vfs_get_tree+0x8b/0x2a0 [ 1708.859458][T23982] do_mount+0x16c0/0x2510 [ 1708.863792][T23982] ? copy_mount_options+0x308/0x3c0 [ 1708.868988][T23982] ksys_mount+0xcc/0x100 [ 1708.873229][T23982] __x64_sys_mount+0xbf/0xd0 [ 1708.877840][T23982] do_syscall_64+0xf7/0x1c0 [ 1708.882349][T23982] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1708.888235][T23982] RIP: 0033:0x45d09a [ 1708.892139][T23982] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1708.911748][T23982] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1708.911759][T23982] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1708.911765][T23982] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1708.911771][T23982] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1708.911777][T23982] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 04:02:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$fou(&(0x7f00000006c0)='fou\x00') sendmsg$FOU_CMD_ADD(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)={0x1c, r2, 0x3, 0x0, 0x0, {}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x2}]}, 0x1c}}, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) bind$can_raw(r3, &(0x7f0000000140)={0x1d, r5}, 0x10) sendmsg$FOU_CMD_GET(r0, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80002000}, 0xc, &(0x7f0000000180)={&(0x7f0000000340)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="00032abd7000000000a538000008000b0000000000000000000057ba2c8e3900007f5c65257ff1cb68545c05d9b5089d4b50719e459b960c7ef8fe60de33b2ef2e31031ffd8352c2f8b43c9e4fe1b8b775e8d935cf92c69ea52e9ba965bdf9e979d23b9cb768b7b011425aa568ec25c9ca2a87095c", @ANYRES32=r5], 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x6004859) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r6 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r7 = gettid() ptrace$setopts(0x4206, r7, 0x0, 0x0) tkill(r7, 0x3c) ptrace$setregs(0xd, r7, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r7, 0x0, 0x0) sched_getparam(r7, &(0x7f0000000040)) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x21}, {0x0, 0xfffffffffffffec3}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r6, 0x0, 0x0) tkill(r6, 0x3c) ptrace$cont(0x18, r6, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup3(r9, r8, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ptrace$setregs(0xd, r6, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r6, 0x0, 0x0) [ 1708.911782][T23982] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1709.039770][T24016] EXT4-fs (loop0): bad geometry: first data block 1811939328 is beyond end of filesystem (1080) [ 1709.058718][T24091] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 1709.143166][T24093] EXT4-fs (loop0): bad geometry: first data block 1811939328 is beyond end of filesystem (1080) 04:02:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x3f00000000000000) 04:02:58 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890700068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) 04:02:58 executing program 2 (fault-call:0 fault-nth:89): syz_mount_image$btrfs(&(0x7f0000000000)='btrfs\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x1, &(0x7f0000000040)=[{&(0x7f00000002c0)="8da4363ac0ed0200000000000001004d010000000000000000007a0000000000fff6f2a2259748aeb81e1b00b10efd9a000001000000000001fffffff60000005f42485266535f4da72aca94d883e2ff29e1f446b573d4d53cf93079a48da1a1c5567b7ada164cdaee35e2625a386cddb707f54ffefc19be68b6331da2aeb208e521a3dde5939ab25a932fae347233a6d5b7e4c2965ef5590b75b2a4e57b36ef708f7d12a835823727054b250cb14bf6575a000000000000007e7525e557", 0xbe, 0x10000}], 0x0, 0x0) 04:02:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = socket$inet(0x10, 0x2, 0xc) sendmsg(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e28000000110affffba010000000009b356da5a80d18be34c8546c8243929db2406b20cd3", 0x48}], 0x1, 0x0, 0x194}, 0x0) ioctl$sock_SIOCGPGRP(r4, 0x8904, &(0x7f0000000040)=0x0) ptrace$cont(0x20, r5, 0x1, 0x0) 04:02:58 executing program 0: sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@newsa={0xf0, 0x10, 0x0, 0x0, 0x0, {{}, {}, @in6=@empty}}, 0xf0}}, 0x0) sendmsg(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000009ff0)=[{&(0x7f0000000080)="24000000010407051dfffd946fa283000c200a0009000100041d85680c1baba20400ff7e", 0x24}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xaaaaaaaaaaaab8c, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000740100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x2c3, 0x400}], 0x1, 0x0) 04:02:58 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getpeername$inet6(r2, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev}, &(0x7f0000000040)=0x1c) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x1a2}], 0x4, 0x0) r1 = gettid() ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x3c) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r1, 0x0, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup3(r3, r2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 04:02:59 executing program 1: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() ioperm(0x55, 0x1ff, 0xffffffff) wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce7", 0xe5}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) semctl$GETZCNT(0x0, 0x2, 0xf, &(0x7f0000000000)) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x30, 0x2) [ 1711.268585][T24106] BTRFS: device fsid fff6f2a2-2597-48ae-b81e-1b00b10efd9a devid 0 transid 18438444790640683687 /dev/loop2 scanned by syz-executor.2 (24106) 04:02:59 executing program 4: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={&(0x7f0000000040)=@l2={0x1f, 0xffffdd86}, 0x80, 0x0, 0x0, 0x0, 0xfffffffffffffd50}, 0x0) r0 = socket$kcm(0x11, 0x3, 0x0) r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$kcm(r0, &(0x7f0000000100)={&(0x7f0000000040)=@nfc={0x27, 0x3}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000300)="050004ffffff890800068900ac141410e00000013c31b47d0510c147885b6e765e34637ec921f605", 0x5c4}], 0x1, 0x0, 0x0, 0x50}, 0x0) [ 1711.366032][T24104] EXT4-fs (loop0): bad geometry: first data block 1946157056 is beyond end of filesystem (1080) [ 1711.386422][T24106] FAULT_INJECTION: forcing a failure. [ 1711.386422][T24106] name failslab, interval 1, probability 0, space 0, times 0 [ 1711.414545][T24106] CPU: 1 PID: 24106 Comm: syz-executor.2 Not tainted 5.4.0-syzkaller #0 [ 1711.422905][T24106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1711.422910][T24106] Call Trace: [ 1711.422931][T24106] dump_stack+0x1fb/0x318 [ 1711.422958][T24106] should_fail+0x555/0x770 [ 1711.436306][T24106] __should_failslab+0x11a/0x160 [ 1711.436319][T24106] should_failslab+0x9/0x20 [ 1711.436327][T24106] kmem_cache_alloc_trace+0x5d/0x2f0 [ 1711.436337][T24106] ? btrfs_alloc_device+0x78/0x540 [ 1711.436349][T24106] btrfs_alloc_device+0x78/0x540 [ 1711.436360][T24106] ? blkdev_put+0x2c8/0x3b0 [ 1711.436374][T24106] close_fs_devices+0x485/0x8a0 [ 1711.436394][T24106] btrfs_close_devices+0x33/0x130 [ 1711.436406][T24106] btrfs_mount_root+0xb03/0x1030 [ 1711.436423][T24106] ? trace_kfree+0xb2/0x110 [ 1711.436435][T24106] legacy_get_tree+0xf9/0x1a0 [ 1711.436442][T24106] ? btrfs_control_open+0x40/0x40 [ 1711.436455][T24106] vfs_get_tree+0x8b/0x2a0 [ 1711.436467][T24106] vfs_kern_mount+0xc2/0x160 [ 1711.436476][T24106] btrfs_mount+0x34f/0x18e0 [ 1711.436494][T24106] ? check_preemption_disabled+0x47/0x2a0 [ 1711.522477][T24106] ? vfs_parse_fs_string+0x13b/0x1a0 [ 1711.527771][T24106] ? cap_capable+0x250/0x290 [ 1711.532364][T24106] ? safesetid_security_capable+0x89/0xf0 [ 1711.538095][T24106] legacy_get_tree+0xf9/0x1a0 [ 1711.542768][T24106] ? btrfs_resize_thread_pool+0x260/0x260 [ 1711.548487][T24106] vfs_get_tree+0x8b/0x2a0 [ 1711.552901][T24106] do_mount+0x16c0/0x2510 [ 1711.557225][T24106] ? copy_mount_options+0x278/0x3c0 [ 1711.562421][T24106] ? copy_mount_options+0x25e/0x3c0 [ 1711.567626][T24106] ? __sanitizer_cov_trace_pc+0x45/0x50 [ 1711.573167][T24106] ? copy_mount_options+0x308/0x3c0 [ 1711.578366][T24106] ksys_mount+0xcc/0x100 [ 1711.582610][T24106] __x64_sys_mount+0xbf/0xd0 [ 1711.587203][T24106] do_syscall_64+0xf7/0x1c0 [ 1711.591708][T24106] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 1711.597599][T24106] RIP: 0033:0x45d09a [ 1711.601501][T24106] Code: b8 a6 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 4d 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 2a 8c fb ff c3 66 0f 1f 84 00 00 00 00 00 [ 1711.621137][T24106] RSP: 002b:00007f7c15d84a88 EFLAGS: 00000206 ORIG_RAX: 00000000000000a5 [ 1711.629559][T24106] RAX: ffffffffffffffda RBX: 00007f7c15d84b40 RCX: 000000000045d09a [ 1711.637531][T24106] RDX: 00007f7c15d84ae0 RSI: 0000000020000100 RDI: 00007f7c15d84b00 [ 1711.645503][T24106] RBP: 0000000000000001 R08: 00007f7c15d84b40 R09: 00007f7c15d84ae0 [ 1711.646726][T24216] cgroup: fork rejected by pids controller in /syz1 04:02:59 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f00000001c0)="6653070000053c07bc3376003639405cb4aed12f0000000000ae47a825d86800278dcff47d010000805ae64f8f36460234432479aed75d492b41fd983f79e65199615607672c59957ab364bf68e6faa53367f05f4ad61421349f2f11e931e7d62ead5e7cd2157df6b2bcb47fb53455560c8ef00fca4fafa924edfe92175aaa1c4ecc7aeeb72e0d050feace34b52d9e5f755563698c7e24ab61f0866f15da7f48295eb100000000000000075d2dd15b6210d53eed19bc0080000033270c6a98d91c22def1125d7b1e821039a85ad8b91cea336a1b57f45a0788e3aba04551e4a522e15c7ce71553059a5ef83c2ab06a52fcfce7c467c7e6260464a4770e41f0fa8a", 0x101}], 0x4, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) ptrace$cont(0x18, r0, 0x0, 0x0) getsockopt$bt_l2cap_L2CAP_CONNINFO(0xffffffffffffffff, 0x6, 0x2, &(0x7f0000000040), &(0x7f0000000080)=0x6) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup3(r2, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) r4 = gettid() ptrace$setopts(0x4206, r4, 0x0, 0x0) tkill(r4, 0x3c) ptrace$setregs(0xd, r4, 0x0, &(0x7f0000000080)) ptrace$cont(0x9, r4, 0x0, 0x0) ptrace$cont(0x20, r4, 0x0, 0x0) [ 1711.653467][T24106] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000004 [ 1711.653474][T24106] R13: 00000000004ca033 R14: 00000000004e1fb8 R15: 0000000000000003 [ 1711.660597][T24106] ------------[ cut here ]------------