}, {0x0}, {0x0}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:20:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287c"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:20:57 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_GET_PIT2(r1, 0x8070ae9f, 0x0) 03:20:57 executing program 3: r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$NFNL_MSG_CTHELPER_GET(0xffffffffffffffff, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ttyS3\x00', 0x0, 0x0) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40008}, 0xc, &(0x7f0000000380)={&(0x7f00000009c0)=ANY=[@ANYBLOB="f8054e2e8100ad0d44355fa400000040", @ANYRES16=r2, @ANYBLOB="00022bbd7000fbdbdf2510000000940001800800030030e500002c0004001400010002004e20e000000100000000000000001400020002004e237f00000100000000000000000d00010003000080000008000300050000003c000280080002000900000008000200000000000800020000000000080003000600000008000400ff07000008000400060000000800040003000000100005800c000280080001000100009ab088020071c6f65d1255ec1dc764c85cc4626df6cff13233d8284f8cb9b43d516243307faa76948d0e162ca92238dced5a9cad51f3b6f4065044a162b48983940e7e6944013e730e00fa9ddf81a74600"/253], 0x3}, 0x1, 0x0, 0x0, 0x4800}, 0xc041) sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, &(0x7f0000000180)={&(0x7f0000000080)={0xe8, r2, 0x400, 0x70bd28, 0x25dfdbfd, {}, [@TIPC_NLA_NODE={0x44, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x5}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x801}, @TIPC_NLA_NODE_ADDR={0x8}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x2c}]}, @TIPC_NLA_BEARER={0x84, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xe}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x43}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7}]}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz1\x00'}, @TIPC_NLA_BEARER_NAME={0xe, 0x1, @l2={'eth', 0x3a, 'vlan0\x00'}}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e21, @multicast1}}, {0x14, 0x2, @in={0x2, 0x4e23, @multicast2}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @l2={'ib', 0x3a, 'vlan0\x00'}}]}, @TIPC_NLA_MEDIA={0xc, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'eth\x00'}]}]}, 0xe8}, 0x1, 0x0, 0x0, 0x400c0}, 0x40004) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) accept4(r0, &(0x7f0000000200), &(0x7f0000000280)=0x80, 0x80000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x20, &(0x7f0000000480)={@loopback, 0x400, 0x0, 0xff, 0x1}, 0x20) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40008}, 0xc, &(0x7f0000000380)={&(0x7f0000000280)={0xb8, r4, 0x200, 0x70bd2b, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x94, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xe530}, @TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x4e20, @multicast1}}, {0x14, 0x2, @in={0x2, 0x4e23, @loopback}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz0\x00'}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x8000}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x5}, @TIPC_NLA_BEARER_PROP={0x3c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x7ff}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x3}]}]}, @TIPC_NLA_MEDIA={0x10, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}]}]}]}, 0xb8}, 0x1, 0x0, 0x0, 0x4800}, 0xc041) sendmsg$TIPC_NL_BEARER_ADD(r0, &(0x7f0000000340)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000300)={&(0x7f0000000740)={0x25c, r4, 0x10, 0x70bd2c, 0x25dfdbfe, {}, [@TIPC_NLA_MON={0x14, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0xdd}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}, @TIPC_NLA_LINK={0xf4, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x2b55b56d}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1ff}]}, @TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x2}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80000001}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x9}]}, @TIPC_NLA_LINK_NAME={0x13, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x5}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x6}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}]}, @TIPC_NLA_LINK_PROP={0x54, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x12}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1a}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4a29}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x6}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x9}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x3f}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1e}]}, @TIPC_NLA_LINK_PROP={0x2c, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1000}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x9}]}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xc0}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x401}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x9}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x5}]}, @TIPC_NLA_NET={0x40, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_ID={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x101}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x8}, @TIPC_NLA_NET_ID={0x8, 0x1, 0xff}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x5}]}, @TIPC_NLA_MEDIA={0x58, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x7}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x7}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6dd8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}]}, @TIPC_NLA_MEDIA_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_TOL={0x8, 0x2, 0x438}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x16}]}]}, @TIPC_NLA_BEARER={0x28, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x9d1e}, @TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0x7fffffff}, @TIPC_NLA_BEARER_PROP={0x14, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1}]}]}, @TIPC_NLA_NODE={0x30, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_ADDR={0x8, 0x1, 0xfffffff7}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x8000}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x1}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x400}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_NODE={0x14, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_ADDR={0x8, 0x1, 0x401}]}]}, 0x25c}, 0x1, 0x0, 0x0, 0x4004080}, 0x8000) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(r3, 0x8982, &(0x7f0000000000)) ioctl$TIOCSETD(r1, 0x5437, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000540)={0x2, {{0x2, 0x4e24, @local}}}, 0x84) 03:20:57 executing program 1: r0 = syz_open_dev$vcsa(0x0, 0x0, 0x0) ftruncate(0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ttyS3\x00', 0x0, 0x0) sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40008}, 0xc, 0x0}, 0xc041) sendmsg$TIPC_NL_NAME_TABLE_GET(r0, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x2}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x400c0}, 0x40004) accept4(r0, 0x0, &(0x7f0000000280), 0x80000) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000480)={@loopback, 0x400, 0x0, 0xff, 0x1}, 0x20) syz_genetlink_get_family_id$tipc2(&(0x7f0000000180)='TIPCv2\x00') sendmsg$TIPC_NL_NAME_TABLE_GET(0xffffffffffffffff, &(0x7f00000003c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40008}, 0xc, &(0x7f0000000380)={0x0}, 0x1, 0x0, 0x0, 0x4800}, 0xc041) sendmsg$TIPC_NL_BEARER_ADD(r0, 0x0, 0x8000) ioctl$sock_SIOCGIFVLAN_GET_VLAN_EGRESS_PRIORITY_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000000)) ioctl$TIOCSETD(r1, 0x5437, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000540)={0x2, {{0x2, 0x0, @local}}}, 0x84) 03:20:57 executing program 5: openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000280)='/dev/vhost-vsock\x00', 0x2, 0x0) semget$private(0x0, 0x3, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f00000001c0), 0xfffffef3) r2 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$tun(r2, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) setresgid(0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_open(0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) statx(0xffffffffffffffff, 0x0, 0x4000, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200), 0x0) vmsplice(r0, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) setuid(0x0) 03:20:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287c"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:20:57 executing program 3: openat$urandom(0xffffffffffffff9c, &(0x7f0000000200)='/dev/urandom\x00', 0x1e7202, 0x0) 03:20:57 executing program 2: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setgroups(0x0, &(0x7f0000000200)) r0 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000140)="1ba0000016001d0d89fdc5cbdd045798707bed4dca141a780f0f8e", 0xff3b, 0x0, 0x0, 0x0) recvfrom$inet6(r0, &(0x7f0000000000)=""/98, 0x62, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="9000000019001f", 0x7, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f0000000000)="fd20000015", 0x5, 0x0, 0x0, 0x0) r1 = socket$inet6(0x10, 0x3, 0x0) sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) 03:20:57 executing program 1: r0 = open(&(0x7f0000000180)='./bus\x00', 0x141042, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f0000000080)={0x0, 0x0, 0x1, 0x0, 0x0, [{{r1}, 0x0, 0x0, 0x0, 0x2}]}) 03:20:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287c"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:20:57 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0}, &(0x7f0000000280)=0x5) setuid(r1) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000500)='/dev/ttyS3\x00', 0x0, 0x0) [ 731.684566][T24414] netlink: 8155 bytes leftover after parsing attributes in process `syz-executor.2'. 03:21:00 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:00 executing program 1: r0 = socket$netlink(0x10, 0x3, 0xc) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000080)="390000001000050368fe07002b0000000e43090014000b0045b300070300000319001a0012000200110001000600030000000000000000f769", 0x39}], 0x1) 03:21:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:00 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0xd00, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x3087}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) dup(0xffffffffffffffff) ioctl$sock_SIOCGIFVLAN_SET_VLAN_FLAG_CMD(0xffffffffffffffff, 0x8982, &(0x7f0000000200)={0x7, 'bridge0\x00', {}, 0x2}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000640)="83a15d3f300b93f0737fde29ed5ab6a63f07c8891c4cd3d41ffff7136b011fff477d56ddd308455ff218d7bfab83b8ef75d5065d03adb820d42e03b0cd5ee383835c49a6901211360409c6e612e28110b1b5ee515fccf8a1031d396ea7b27b787779d57a7e428cc441a8e3ef52f3b73e76b729f56cc4fc4ba98263817c50d83f7a174e7322512908dc04f0965019807f47716203dd7e4ed9cb7579fe30e47df7ec5b0d9bc3e0268c9d794c187b021aa6e8c3cff33bae2ba5a28bf09121649a3a6de389c710f95d7eed26dde32725c55c8034a270c74ab3c59074ce0e0e00e83349b1332f69ef1773bb4a95a6ee448de80216b80ad910546cb9d8cb26f5db729f9835ab1b3fbc5a8479f9161846a26c7b112a85d952b49ebeefde12bf14150d81f5c734c463b14fc0b6a739fe413fbbd79257fbee13405f6ce7892788f6b14f90c2ef788e73e54dcf049e835b7fc9db9bd7a424be964444531069e799d8032b3856bb3ef6f0d8e9c21ae48c58f4965817bf278ac948f4aae727e8241a2ab6781b8c5d58d7731cb13a264b82e84d811432c04d8c4f059fc7bf0bff0f10d6896ee714f76474787bf1c8704178320e7252d6f60a5839c92e782e08b1cf3c6d56a01e6cc70111385b408aecf4873d305a0754ed28440ebfce3d7bbd94bdebd6e945bd2b17dcf26379dfb2ec6bb2e1a61eeea342a987b91bb3ce560187013abc861463378caa6e4a2bee", 0x207}], 0x1) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860005cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x27) r1 = open(&(0x7f0000000000)='./bus\x00', 0x141042, 0x0) mmap(&(0x7f0000002000/0x4000)=nil, 0x4000, 0x0, 0x2812, r1, 0x0) 03:21:00 executing program 2: r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) semget$private(0x0, 0x3, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) write(r2, &(0x7f00000001c0), 0xfffffef3) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$tun(0xffffffffffffffff, 0x0, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mq_open(0x0, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_route(0x10, 0x3, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, &(0x7f0000000640)) clock_gettime(0x0, &(0x7f0000000240)={0x0, 0x0}) pselect6(0x40, &(0x7f00000000c0), 0x0, &(0x7f0000000140)={0x1ff}, &(0x7f0000000200)={0x0, r3+30000000}, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528ac06}], 0x1, 0x0) prctl$PR_GET_FPEXC(0xb, &(0x7f0000000000)) setuid(0x0) socket$nl_netfilter(0x10, 0x3, 0xc) fchown(r0, 0x0, 0x0) 03:21:00 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 734.477933][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 734.477945][ T27] audit: type=1800 audit(1584069660.549:94): pid=24436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=39 res=0 [ 734.548791][T24437] netlink: 'syz-executor.1': attribute type 1 has an invalid length. 03:21:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 734.679211][T24436] attempt to access beyond end of device [ 734.686460][T24436] loop5: rw=2049, want=130, limit=127 [ 734.693470][T24436] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 734.705727][T24436] attempt to access beyond end of device [ 734.716597][T24436] loop5: rw=2049, want=131, limit=127 [ 734.730653][T24436] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 734.747238][ T27] audit: type=1804 audit(1584069660.559:95): pid=24436 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/628/file0/file0" dev="loop5" ino=39 res=1 03:21:00 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x0, @local}, 0x10) setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000380)=0x1a, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x0, 0x0, 0x0) connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @broadcast}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) getsockname$packet(r3, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000140)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r4}, [@IFLA_AF_SPEC={0x8, 0x1a, 0x0, 0x1, [@AF_INET6={0x4, 0x2}]}]}, 0x28}}, 0x0) sendmmsg(r0, &(0x7f0000007fc0), 0x4000000000001a8, 0x0) [ 734.786611][T24436] attempt to access beyond end of device [ 734.827850][T24436] loop5: rw=2049, want=132, limit=127 [ 734.846880][T24436] Buffer I/O error on dev loop5, logical block 131, lost async page write 03:21:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 734.898468][T24436] attempt to access beyond end of device [ 734.969144][T24436] loop5: rw=2049, want=133, limit=127 [ 735.031644][T24436] Buffer I/O error on dev loop5, logical block 132, lost async page write 03:21:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 735.094842][T24436] attempt to access beyond end of device [ 735.123205][T24436] loop5: rw=2049, want=142, limit=127 [ 735.155544][T24436] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 735.201205][T24436] attempt to access beyond end of device [ 735.207160][T24436] loop5: rw=2049, want=143, limit=127 [ 735.229602][T24436] Buffer I/O error on dev loop5, logical block 142, lost async page write 03:21:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 735.271599][T24436] attempt to access beyond end of device [ 735.299574][T24436] loop5: rw=2049, want=144, limit=127 [ 735.329392][T24436] Buffer I/O error on dev loop5, logical block 143, lost async page write [ 735.414809][T24436] attempt to access beyond end of device [ 735.438685][T24436] loop5: rw=2049, want=145, limit=127 [ 735.479444][T24436] Buffer I/O error on dev loop5, logical block 144, lost async page write [ 735.515439][ T27] audit: type=1804 audit(1584069661.589:96): pid=24479 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/628/file0/file0" dev="loop5" ino=39 res=1 [ 735.605895][ T27] audit: type=1804 audit(1584069661.589:97): pid=24478 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/628/file0/file0" dev="loop5" ino=39 res=1 [ 737.079354][ T9600] tipc: TX() has been purged, node left! 03:21:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:03 executing program 2: syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x1, &(0x7f0000000100)=[{&(0x7f00000000c0)="800200203804000019000300e60100006c000000000000000100000003000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x3a, 0x400}], 0x0, 0x0) 03:21:03 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:03 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:03 executing program 1: perf_event_open(&(0x7f0000000880)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0xa, 0x6, 0x80000000000003, 0x3}, 0x40) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000004c0), &(0x7f0000000540), 0x800, r0}, 0x38) 03:21:03 executing program 3: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x6}, 0x0) r1 = add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0x0) add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r1) r2 = request_key(&(0x7f0000000180)='big_key\x00', 0x0, &(0x7f0000000a80)='q\x05\x00\x00\x00\xdd\x035I\xa6\xc0\x10$\xabb\x00\x00\x00\x00\x00\x00\x01\xcb/S\xdc\xdd\x0e\a\x00\x005+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x01\x0f\x00\x00\x00\x00\x00\x00\x8aC\x96\x8d\xd0\xe6\x83\xaaw\xaa\x93\xea\xa6\xcf \x8e\xa3]\xfe\x91u\x1d\x90\xa0W@Y\xbe]#\x1d\x8eo\xde\x9e\xa5\x93h\x84\x8a\xd0\xce\xff\x80\xf3/\x16u\x15\x03\xfb\xc1$\x0f\xa6[d\xd9EC\xd6~-\xcd\tey\xa0\xa8\xd7\x889{vf5\xeaX\r\xea\xb1\x1d(xb\xe80\xa5\x8e\x97Mc\x17\xb4f\xb2\xeej)\xb4\xb5\xa8\x05\\f9v\x9e\xd8\x9fT\xf4\xafD\xbb\x96\xfe\xd2\f\xb1\x12\xe6\xa5n\x1e\x90r1G\x110\x99\x18\xee@\xb1F&=\xadp\x95\xa8lc(B\x06J\xb4\r-\xe9d\tM\xe8\x04\xeeX\xb2\xc3>?\x94\x9e\xb8\x1e6r\x13t\x85iX\xc3\xe7^$\x94\x14\x85CB\x9d\xddo\a\x15Y\x81\x9b\xe9\xc3V\x176\xfd>\xf8b\xc8\x8a\x06EW\x00\x81\x00%\xe5\xe1\x89\xad\xd8\xc8\x1f\xbe\xbd%\rI8*\xc7\xafB8n\xb0]\x84\x87\xfeb\xc1\xfc\xe4\xa5\x1e\xfc$\xea\xd8b7\xbc\x87.m\xc0n\xe1\x11\".;\b\xe5\xaf\xb4\xb5\xf7\xed\xae,\x9ep:\x1f\xb6(B)\x0eo\x11 \x1e\x87\x16Ql\xab9\xe7\r\xe7C\x82\x13Q\x03w\xe8\x1e\x049\xc3\xbe\xdb\x98q\xaa\x8c\x9b&\xcb\x95\x16\xa4\xcf\x01\xad\xbe\xe4\r\x10K\x1c;\xd6W\\a\xea/\xb1\xe1', 0xfffffffffffffffc) keyctl$negate(0xd, r1, 0x6, r2) r3 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r3, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r5, 0x407, 0x0) creat(0x0, 0x0) syz_open_procfs(0x0, 0x0) write(r5, &(0x7f0000000340), 0x41395527) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x7}, 0x0) r6 = memfd_create(&(0x7f00000008c0)='q\x05\x00\x00\x00\xdd\x035I\xa6\xc0\x10$\xabb\x00\x00\x00\x00\x00\x00\x01\xcb/S\xdc\xdd\x0e\a\x00\x005+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x01\x0f\x00\x00\x00\x00\x00\x00\x8aC\x96\x8d\xd0\xe6\x83\xaaw\xaa\x93\xea\xa6\xcf \x8e\xa3]\xfe\x91u\x1d\x90\xa0W@Y\xbe]#\x1d\x8eo\xde\x9e\xa5\x93h\x84\x8a\xd0\xce\xff\x80\xf3/\x16u\x15\x03\xfb\xc1$\x0f\xa6[d\xd9EC\xd6~-\xcd\tey\xa0\xa8\xd7\x889{vf5\xeaX\r\xea\xb1\x1d(xb\xe80\xa5\x8e\x97Mc\x17\xb4f\xb2\xeej)\xb4\xb5\xa8\x05\\f9v\x9e\xd8\x9fT\xf4\xafD\xbb\x96\xfe\xd2\f\xb1\x12\xe6\xa5n\x1e\x90r1G\x110\x99\x18\xee@\xb1F&=\xadp\x95\xa8lc(B\x06J\xb4\r-\xe9d\tM\xe8\x04\xeeX\xb2\xc3>?\x94\x9e\xb8\x1e6r\x13t\x85iX\xc3\xe7^$\x94\x14\x85CB\x9d\xddo\a\x15Y\x81\x9b\xe9\xc3V\x176\xfd>\xf8b\xc8\x8a\x06EW\x00\x81\x00%\xe5\xe1\x89\xad\xd8\xc8\x1f\xbe\xbd%\rI8*\xc7\xafB8n\xb0]\x84\x87\xfeb\xc1\xfc\xe4\xa5\x1e\xfc$\xea\xd8b7\xbc\x87.m\xc0n\xe1\x11\".;\b\xe5\xaf\xb4\xb5\xf7\xed\xae,\x9ep:\x1f\xb6(B)\x0eo\x11 \x1e\x87\x16Ql\xab9\xe7\r\xe7C\x82\x13Q\x03w\xe8\x1e\x049\xc3\xbe\xdb\x98q\xaa\x8c\x9b&\xcb\x95\x16\xa4\xcf\x01\xad\xbe\xe4\r\x10K\x1c;\xd6W\\a\xea/\xb1\xe1', 0x7) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r6) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, r4, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x181, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000300)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240), 0x0) ioctl$TIOCGETD(0xffffffffffffffff, 0x5424, &(0x7f00000000c0)) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000740)={0xa0, 0xfffffffffffffff5, 0x2, {{0x6, 0x0, 0x101, 0x3fffffffc0000, 0x2000, 0x0, {0x1, 0x1f, 0x7f, 0x57b5aed3, 0x80000000, 0x9ad, 0x2000000, 0x0, 0x83, 0x7, 0xfffffffe}}, {0x0, 0x8}}}, 0xa0) clone(0xd48d24434713bd52, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20004000}, 0xc, &(0x7f00000003c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="770f97c1eb64bbdce4f8156eb89b76db0f806726498d7a7b190bc4f7c89aec0f44af5f510f8cb645d67d983eeba10eceb003cb36104bf8530c1f5bf9a82f8d7789e829499a1fa674b34abc72c9e1da486f6ae3539ce445f9519516c7ba8b2f201ce756d5778eae30f0408daddd4003c4a093d3ed8d4c99ec91fff89da1fda2d265960746cdb918110862607c4cc4a6b70d32bd606079c717e6984f96388e6cd0a7e9fe642dba521cba514b56f0489ccbdaaf6c15a8fff286d674397b94560099f5720ce27d3893aa04f10ec90dfefa33c1fee7cf6a80125449614b1ffeb2e49f19bd76811ffcc93c443788ca37b9cd3bb4f54c214909506f002cb153716b40", @ANYRES16=0x0, @ANYBLOB="000000000000000000000d040006"]}, 0x1, 0x0, 0x0, 0x80}, 0x20000880) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2282000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xb9216b6bd4ff359a}, 0x20040814) sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x2000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x80) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000200)) 03:21:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 737.698694][T24493] EXT4-fs (loop2): fragment/cluster size (8192) != block size (2048) [ 737.755463][ T27] audit: type=1800 audit(1584069663.829:98): pid=24497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=40 res=0 [ 737.836820][T24493] EXT4-fs (loop2): fragment/cluster size (8192) != block size (2048) [ 737.909757][ T27] audit: type=1804 audit(1584069663.879:99): pid=24497 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/629/file0/file0" dev="loop5" ino=40 res=1 [ 737.944443][T24497] attempt to access beyond end of device [ 737.951361][T24497] loop5: rw=2049, want=130, limit=127 [ 737.957256][T24497] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 737.967711][T24497] attempt to access beyond end of device [ 737.975207][T24497] loop5: rw=2049, want=131, limit=127 [ 737.981707][T24497] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 737.997320][T24497] attempt to access beyond end of device 03:21:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000080004103) bind(0xffffffffffffffff, 0x0, 0x0) [ 738.010768][T24497] loop5: rw=2049, want=132, limit=127 [ 738.023945][T24497] attempt to access beyond end of device [ 738.040293][T24497] loop5: rw=2049, want=133, limit=127 [ 738.051440][T24497] attempt to access beyond end of device 03:21:04 executing program 1: r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="380100001a00010800000000000000007487f654b36e414647e04d6a85aceeb0e3daef21b274a924bab3619673863f5d00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000006c0000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f5ffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020001000000000000000000480003006465666c61746500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f191fb8e4186808cd8f595308a2759e1cad2094263f21d216b09b26ba1995cd94186bcef7f5f4d1e6ef542773ca082aca843d5fa91837ed98f1c58ea91b8bc79968d3f71299d4a4608c7278bbbecceca9f190a5da8f9698998f160ed66b44858a883eadfa9c6d197"], 0x138}}, 0x0) [ 738.096284][T24497] loop5: rw=2049, want=142, limit=127 03:21:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 738.148114][T24497] attempt to access beyond end of device [ 738.165571][T24497] loop5: rw=2049, want=143, limit=127 [ 738.176525][T24497] attempt to access beyond end of device [ 738.229500][T24497] loop5: rw=2049, want=144, limit=127 [ 738.236456][T24497] attempt to access beyond end of device [ 738.262263][T24497] loop5: rw=2049, want=145, limit=127 03:21:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:04 executing program 1: openat(0xffffffffffffffff, 0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000200)='cpu.stat\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000280)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000101308006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:04 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000080004103) bind(0xffffffffffffffff, 0x0, 0x0) [ 738.306543][T24497] attempt to access beyond end of device [ 738.336300][T24497] loop5: rw=2049, want=146, limit=127 [ 738.712160][T24539] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 738.747237][T24539] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 738.772589][T24539] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 738.817278][T24539] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:06 executing program 3: r0 = getpgrp(0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x4, &(0x7f0000000180)=""/126) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(r1, 0x400, 0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x362, 0x0}}], 0x1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000340)='mounts\x00') fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xfec0) preadv(r2, &(0x7f00000017c0), 0x1a2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) fcntl$F_SET_FILE_RW_HINT(r4, 0x40e, &(0x7f0000000200)=0x4) sendto$inet6(r3, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) r5 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r5, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab580867bc1f54a989e9ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c39", 0xd1, 0xc001, 0x0, 0x0) setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet6_udp_int(r5, 0x11, 0x1, &(0x7f0000000000), 0x4) fsetxattr$trusted_overlay_nlink(r5, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U+', 0x9}, 0x16, 0x2) setsockopt$inet6_mtu(r3, 0x29, 0x17, 0x0, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000000), 0x4) fcntl$setstatus(r3, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) 03:21:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:06 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000080004103) bind(0xffffffffffffffff, 0x0, 0x0) 03:21:06 executing program 1: prlimit64(0x0, 0xe, &(0x7f0000000280)={0x9, 0x8d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x6}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000000100)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r3, 0x407, 0x0) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, 0x0) syz_open_procfs(0x0, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x38, 0x2, 0x1, 0x0, 0x3, 0x7}, 0x0) r4 = memfd_create(&(0x7f00000008c0)='q\x05\x00\x00\x00\xdd\x035I\xa6\xc0\x10$\xabb\x00\x00\x00\x00\x00\x00\x01\xcb/S\xdc\xdd\x0e\a\x00\x005+\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x01\x0f\x00\x00\x00\x00\x00\x00\x8aC\x96\x8d\xd0\xe6\x83\xaaw\xaa\x93\xea\xa6\xcf \x8e\xa3]\xfe\x91u\x1d\x90\xa0W@Y\xbe]#\x1d\x8eo\xde\x9e\xa5\x93h\x84\x8a\xd0\xce\xff\x80\xf3/\x16u\x15\x03\xfb\xc1$\x0f\xa6[d\xd9EC\xd6~-\xcd\tey\xa0\xa8\xd7\x889{vf5\xeaX\r\xea\xb1\x1d(xb\xe80\xa5\x8e\x97Mc\x17\xb4f\xb2\xeej)\xb4\xb5\xa8\x05\\f9v\x9e\xd8\x9fT\xf4\xafD\xbb\x96\xfe\xd2\f\xb1\x12\xe6\xa5n\x1e\x90r1G\x110\x99\x18\xee@\xb1F&=\xadp\x95\xa8lc(B\x06J\xb4\r-\xe9d\tM\xe8\x04\xeeX\xb2\xc3>?\x94\x9e\xb8\x1e6r\x13t\x85iX\xc3\xe7^$\x94\x14\x85CB\x9d\xddo\a\x15Y\x81\x9b\xe9\xc3V\x176\xfd>\xf8b\xc8\x8a\x06EW\x00\x81\x00%\xe5\xe1\x89\xad\xd8\xc8\x1f\xbe\xbd%\rI8*\xc7\xafB8n\xb0]\x84\x87\xfeb\xc1\xfc\xe4\xa5\x1e\xfc$\xea\xd8b7\xbc\x87.m\xc0n\xe1\x11\".;\b\xe5\xaf\xb4\xb5\xf7\xed\xae,\x9ep:\x1f\xb6(B)\x0eo\x11 \x1e\x87\x16Ql\xab9\xe7\r\xe7C\x82\x13Q\x03w\xe8\x1e\x049\xc3\xbe\xdb\x98q\xaa\x8c\x9b&\xcb\x95\x16\xa4\xcf\x01\xad\xbe\xe4\r\x10K\x1c;\xd6W\\a\xea/\xb1\xe1', 0x7) syz_open_dev$sndseq(&(0x7f0000000100)='/dev/snd/seq\x00', 0x0, 0x0) dup2(0xffffffffffffffff, r4) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, r2, 0x8) perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x181, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) stat(&(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f0000000440)) sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000240)=0x8, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) dup(r5) sync_file_range(r5, 0x1, 0x10000, 0x4) write$FUSE_CREATE_OPEN(0xffffffffffffffff, &(0x7f0000000740)={0xa0, 0xfffffffffffffff5, 0x2, {{0x6, 0x2, 0x3cea, 0x3fffffffc0000, 0x2000, 0x0, {0x0, 0x1f, 0x7f, 0x57b5aed3, 0x80000000, 0x9ad, 0x0, 0x0, 0x81, 0x8000000, 0x0, 0x0, 0x0, 0x3}}, {0x0, 0x8}}}, 0xa0) clone(0xd48d24434713bd52, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_open_procfs(0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000100)='IPVS\x00') sendmsg$IPVS_CMD_GET_CONFIG(0xffffffffffffffff, &(0x7f00000002c0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20004000}, 0xc, &(0x7f0000000240)={&(0x7f0000000580)=ANY=[@ANYRES64, @ANYRES16, @ANYRESDEC], 0x3}, 0x1, 0x0, 0x0, 0x880}, 0x20000880) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000500)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x2282000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0xb9216b6bd4ff359a}, 0x20040814) r6 = openat$full(0xffffffffffffff9c, &(0x7f0000000380)='/dev/full\x00', 0x80000, 0x0) sendmsg$IPVS_CMD_GET_CONFIG(r6, &(0x7f00000003c0)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x4008030) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, 0x0, &(0x7f0000000200)) 03:21:06 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 740.826894][ T27] audit: type=1800 audit(1584069666.899:100): pid=24565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=41 res=0 03:21:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 740.930514][ T27] audit: type=1804 audit(1584069666.979:101): pid=24565 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/630/file0/file0" dev="loop5" ino=41 res=1 03:21:07 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000080004103) bind(0xffffffffffffffff, 0x0, 0x0) 03:21:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:07 executing program 3: r0 = getpgrp(0x0) waitid(0x2, r0, 0x0, 0x8, 0x0) ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x4, &(0x7f0000000180)=""/126) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x70, 0x6a, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) fcntl$setlease(r1, 0x400, 0x1) recvmmsg(0xffffffffffffffff, &(0x7f0000003140)=[{{&(0x7f0000000080)=@ipx, 0x362, 0x0}}], 0x1, 0x0, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000340)='mounts\x00') fcntl$setstatus(0xffffffffffffffff, 0x4, 0x0) munmap(&(0x7f0000ffb000/0x4000)=nil, 0x4000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x3) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000480), 0x2e9, 0xfec0) preadv(r2, &(0x7f00000017c0), 0x1a2, 0x0) r3 = socket$inet6(0xa, 0x80002, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) fcntl$F_SET_FILE_RW_HINT(r4, 0x40e, &(0x7f0000000200)=0x4) sendto$inet6(r3, 0x0, 0x0, 0x88880, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @dev}, 0x1c) sendto$inet6(0xffffffffffffffff, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab5809ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c398be3bbddb23a1e", 0xffd6, 0xc001, 0x0, 0xffffffffffffff0c) r5 = socket$inet6(0xa, 0x80002, 0x0) sendto$inet6(r5, &(0x7f00000009c0)="c7cfcaaa22e10542fca5c0195350f15147657e0bfc59d383a47190db88690e6fedc3040ab580867bc1f54a989e9ae02a54cd429cc3338c5afa0c9dce3f91950d1f567f358ac21154159130e88cbb6c43197813b2f23f3e442f80877490b393408142ebcfea6821f543e5ee9e27032e2b75d78f1b79f5a6bb6f0645e267770ef7e8f3a92148091217450ce8581e54223eeb6486205a209bf1fe854d211c03f8c3140fc3979d824082990d119473d20e94f253c9621fac339560ae46cb24b88bf2d01559bb658e343257b90f233b81bc5c39", 0xd1, 0xc001, 0x0, 0x0) setsockopt$inet6_mtu(r5, 0x29, 0x17, &(0x7f0000000040)=0x2, 0x4) setsockopt$inet6_udp_int(r5, 0x11, 0x1, &(0x7f0000000000), 0x4) fsetxattr$trusted_overlay_nlink(r5, &(0x7f0000000100)='trusted.overlay.nlink\x00', &(0x7f0000000140)={'U+', 0x9}, 0x16, 0x2) setsockopt$inet6_mtu(r3, 0x29, 0x17, 0x0, 0x0) setsockopt$inet6_udp_int(r3, 0x11, 0x1, &(0x7f0000000000), 0x4) fcntl$setstatus(r3, 0x4, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) [ 741.260282][T24565] attempt to access beyond end of device [ 741.269665][T24565] loop5: rw=2049, want=130, limit=127 [ 741.291597][T24565] buffer_io_error: 6 callbacks suppressed [ 741.291655][T24565] Buffer I/O error on dev loop5, logical block 129, lost async page write 03:21:07 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 741.391693][T24565] attempt to access beyond end of device [ 741.410443][T24565] loop5: rw=2049, want=131, limit=127 [ 741.439991][T24565] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 741.498494][T24565] attempt to access beyond end of device [ 741.548414][T24565] loop5: rw=2049, want=132, limit=127 [ 741.575021][T24565] Buffer I/O error on dev loop5, logical block 131, lost async page write [ 741.603950][T24565] attempt to access beyond end of device [ 741.611933][T24565] loop5: rw=2049, want=133, limit=127 [ 741.617465][T24565] Buffer I/O error on dev loop5, logical block 132, lost async page write [ 741.626553][T24565] attempt to access beyond end of device [ 741.632456][T24565] loop5: rw=2049, want=142, limit=127 [ 741.637932][T24565] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 741.647282][T24565] attempt to access beyond end of device [ 741.654107][T24565] loop5: rw=2049, want=143, limit=127 [ 741.659629][T24565] Buffer I/O error on dev loop5, logical block 142, lost async page write [ 741.668299][T24565] attempt to access beyond end of device [ 741.681004][T24565] loop5: rw=2049, want=144, limit=127 [ 741.698377][T24565] Buffer I/O error on dev loop5, logical block 143, lost async page write [ 741.712013][T24565] attempt to access beyond end of device [ 741.718794][T24565] loop5: rw=2049, want=145, limit=127 [ 741.724616][T24565] Buffer I/O error on dev loop5, logical block 144, lost async page write 03:21:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x800000080004103) 03:21:09 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:09 executing program 3: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x13) dup3(r1, r0, 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x5, &(0x7f0000000240)=0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 03:21:09 executing program 1: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) perf_event_open(&(0x7f0000000000)={0x5, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x200000436, 0x9}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) mount(0x0, &(0x7f00000006c0)='./file0\x00', &(0x7f0000000b00)='nfs\x00', 0x0, &(0x7f0000000000)) 03:21:09 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 743.829345][ T27] audit: type=1804 audit(1584069669.899:102): pid=24619 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/738/bus" dev="sda1" ino=17151 res=1 [ 743.887851][T24618] NFS: Device name not specified 03:21:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00'}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r1 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r1, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 743.968339][ T27] audit: type=1804 audit(1584069669.939:103): pid=24619 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/738/bus" dev="sda1" ino=17151 res=1 03:21:10 executing program 3: r0 = creat(&(0x7f0000000100)='./bus\x00', 0x0) r1 = open(&(0x7f0000000440)='./bus\x00', 0x0, 0x0) dup3(r1, r0, 0x0) fcntl$setstatus(r0, 0x4, 0x44000) io_setup(0x5, &(0x7f0000000240)=0x0) io_submit(r2, 0x8, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r0, &(0x7f0000000000), 0x200a00}]) 03:21:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 744.032583][T24618] NFS: Device name not specified 03:21:10 executing program 1: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x41, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) semctl$SETVAL(0x0, 0x0, 0x10, 0x0) [ 744.174212][ T27] audit: type=1800 audit(1584069669.939:104): pid=24622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=42 res=0 [ 744.210878][T24622] attempt to access beyond end of device 03:21:10 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) r38 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) flistxattr(r38, &(0x7f0000000100)=""/88, 0x58) [ 744.236208][T24622] loop5: rw=2049, want=130, limit=127 [ 744.243970][T24622] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 744.255676][T24622] attempt to access beyond end of device [ 744.262702][T24622] loop5: rw=2049, want=131, limit=127 [ 744.268464][T24622] Buffer I/O error on dev loop5, logical block 130, lost async page write 03:21:10 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 744.325494][T24622] attempt to access beyond end of device [ 744.335224][ T27] audit: type=1804 audit(1584069669.989:105): pid=24622 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/631/file0/file0" dev="loop5" ino=42 res=1 [ 744.366179][T24622] loop5: rw=2049, want=132, limit=127 [ 744.387067][T24622] attempt to access beyond end of device [ 744.399920][T24622] loop5: rw=2049, want=133, limit=127 [ 744.408170][T24622] attempt to access beyond end of device [ 744.422648][T24622] loop5: rw=2049, want=142, limit=127 [ 744.429102][T24622] attempt to access beyond end of device [ 744.436969][T24622] loop5: rw=2049, want=143, limit=127 [ 744.441792][ T27] audit: type=1804 audit(1584069670.349:106): pid=24648 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/739/bus" dev="sda1" ino=17197 res=1 [ 744.444648][T24622] attempt to access beyond end of device [ 744.475237][ T27] audit: type=1804 audit(1584069670.389:107): pid=24646 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/739/bus" dev="sda1" ino=17197 res=1 [ 744.501500][T24622] loop5: rw=2049, want=144, limit=127 03:21:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:12 executing program 3: perf_event_open(&(0x7f0000000200)={0x2, 0x70, 0x42, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000740)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180)='cgroup\x00', 0x0, 0x0) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000002c0)='mountinfo\x00') preadv(r0, &(0x7f0000000700)=[{&(0x7f0000000140)=""/191, 0xbf}], 0x1, 0xffffffd) 03:21:12 executing program 1: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "009900000000000000000000000800"}) r1 = syz_open_pts(r0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000080)=0x3) 03:21:12 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x2}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:12 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 03:21:12 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 03:21:13 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 747.002497][ T27] audit: type=1800 audit(1584069673.079:108): pid=24675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=43 res=0 03:21:13 executing program 1: [ 747.076965][ T27] audit: type=1804 audit(1584069673.109:109): pid=24675 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/632/file0/file0" dev="loop5" ino=43 res=1 03:21:13 executing program 3: 03:21:13 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 747.224576][T24675] attempt to access beyond end of device [ 747.236809][T24675] loop5: rw=2049, want=130, limit=127 [ 747.248785][T24675] buffer_io_error: 5 callbacks suppressed [ 747.248817][T24675] Buffer I/O error on dev loop5, logical block 129, lost async page write 03:21:13 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) [ 747.272227][T24675] attempt to access beyond end of device [ 747.278285][T24675] loop5: rw=2049, want=131, limit=127 [ 747.285137][T24675] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 747.296801][T24675] attempt to access beyond end of device [ 747.320382][T24675] loop5: rw=2049, want=132, limit=127 [ 747.336405][T24675] Buffer I/O error on dev loop5, logical block 131, lost async page write 03:21:13 executing program 1: [ 747.393252][T24675] attempt to access beyond end of device [ 747.417043][T24675] loop5: rw=2049, want=133, limit=127 [ 747.428793][T24675] Buffer I/O error on dev loop5, logical block 132, lost async page write [ 747.458605][T24675] attempt to access beyond end of device [ 747.474151][T24675] loop5: rw=2049, want=142, limit=127 [ 747.486355][T24675] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 747.498423][T24675] attempt to access beyond end of device [ 747.510867][T24675] loop5: rw=2049, want=143, limit=127 [ 747.555100][T24675] Buffer I/O error on dev loop5, logical block 142, lost async page write [ 747.597408][T24675] attempt to access beyond end of device [ 747.621599][T24675] loop5: rw=2049, want=144, limit=127 [ 747.667500][T24675] Buffer I/O error on dev loop5, logical block 143, lost async page write 03:21:16 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6a", 0x43}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:16 executing program 3: 03:21:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:16 executing program 1: 03:21:16 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) epoll_create1(0x0) epoll_create1(0x0) 03:21:16 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 03:21:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:16 executing program 3: 03:21:16 executing program 3: 03:21:16 executing program 1: 03:21:16 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) epoll_create1(0x0) [ 750.249297][ T27] audit: type=1800 audit(1584069676.319:110): pid=24722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=44 res=0 03:21:16 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 750.302755][ T27] audit: type=1804 audit(1584069676.319:111): pid=24722 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/633/file0/file0" dev="loop5" ino=44 res=1 [ 750.535065][T24722] attempt to access beyond end of device [ 750.571881][T24722] loop5: rw=2049, want=130, limit=127 [ 750.601371][T24722] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 750.622860][T24722] attempt to access beyond end of device [ 750.642276][T24722] loop5: rw=2049, want=131, limit=127 [ 750.648245][T24722] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 750.665295][T24722] attempt to access beyond end of device [ 750.673818][T24722] loop5: rw=2049, want=132, limit=127 [ 750.680270][T24722] Buffer I/O error on dev loop5, logical block 131, lost async page write [ 750.688914][T24722] attempt to access beyond end of device [ 750.696049][T24722] loop5: rw=2049, want=133, limit=127 [ 750.702801][T24722] attempt to access beyond end of device [ 750.708475][T24722] loop5: rw=2049, want=142, limit=127 [ 750.714949][T24722] attempt to access beyond end of device [ 750.720755][T24722] loop5: rw=2049, want=143, limit=127 [ 750.726269][T24722] attempt to access beyond end of device [ 750.732000][T24722] loop5: rw=2049, want=144, limit=127 03:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:19 executing program 1: 03:21:19 executing program 3: 03:21:19 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6a", 0x43}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:19 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) socketpair$unix(0x1, 0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) 03:21:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) syz_open_dev$tty1(0xc, 0x4, 0x1) 03:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:19 executing program 3: 03:21:19 executing program 1: [ 753.202077][ T27] audit: type=1800 audit(1584069679.279:112): pid=24766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=45 res=0 03:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 753.366526][ T27] audit: type=1804 audit(1584069679.299:113): pid=24766 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/634/file0/file0" dev="loop5" ino=45 res=1 03:21:19 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000940)='fuse\x00', 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0]) 03:21:19 executing program 3: 03:21:19 executing program 1: 03:21:19 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000000700", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 753.592215][T24766] attempt to access beyond end of device [ 753.631068][T24766] loop5: rw=2049, want=130, limit=127 [ 753.665133][T24766] buffer_io_error: 4 callbacks suppressed [ 753.665165][T24766] Buffer I/O error on dev loop5, logical block 129, lost async page write 03:21:19 executing program 3: [ 753.741574][T24766] attempt to access beyond end of device [ 753.758069][T24766] loop5: rw=2049, want=131, limit=127 [ 753.768792][T24766] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 753.780230][T24766] attempt to access beyond end of device [ 753.785977][T24766] loop5: rw=2049, want=132, limit=127 [ 753.800095][T24766] Buffer I/O error on dev loop5, logical block 131, lost async page write [ 753.830421][T24766] attempt to access beyond end of device [ 753.836128][T24766] loop5: rw=2049, want=133, limit=127 [ 753.905257][T24766] Buffer I/O error on dev loop5, logical block 132, lost async page write [ 753.924874][T24766] attempt to access beyond end of device [ 753.934244][T24766] loop5: rw=2049, want=142, limit=127 [ 753.943292][T24766] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 753.957466][T24766] attempt to access beyond end of device [ 753.967282][T24766] loop5: rw=2049, want=143, limit=127 [ 753.975601][T24766] Buffer I/O error on dev loop5, logical block 142, lost async page write [ 753.988510][T24766] attempt to access beyond end of device [ 753.997096][T24766] loop5: rw=2049, want=144, limit=127 [ 754.005345][T24766] Buffer I/O error on dev loop5, logical block 143, lost async page write [ 754.016961][T24766] attempt to access beyond end of device [ 754.024687][T24766] loop5: rw=2049, want=145, limit=127 [ 754.031839][T24766] Buffer I/O error on dev loop5, logical block 144, lost async page write [ 754.042766][T24766] attempt to access beyond end of device [ 754.048407][T24766] loop5: rw=2049, want=146, limit=127 03:21:22 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6a", 0x43}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000000700", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:22 executing program 1: 03:21:22 executing program 3: 03:21:22 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) 03:21:22 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:22 executing program 3: 03:21:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff0000000700", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:22 executing program 1: r0 = socket$inet_udp(0x2, 0x2, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000004e00)={&(0x7f0000ff2000/0xe000)=nil, &(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff3000/0x4000)=nil, &(0x7f0000ff2000/0x1000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x3000)=nil, &(0x7f0000ffb000/0x1000)=nil, &(0x7f0000ff7000/0x4000)=nil, 0x0, 0x0, r0}, 0x68) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2ac5000000012e0b3836005404b0e0301a060075f2e3ff5f163ee340b700000080000000000000fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c65400"}, 0x80) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score\x00') preadv(r2, &(0x7f00000017c0), 0x3a8, 0x0) [ 756.243780][ T27] audit: type=1800 audit(1584069682.319:114): pid=24821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=46 res=0 [ 756.364973][ T27] audit: type=1804 audit(1584069682.339:115): pid=24821 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/635/file0/file0" dev="loop5" ino=46 res=1 [ 756.375127][T24821] attempt to access beyond end of device [ 756.396092][T24821] loop5: rw=2049, want=130, limit=127 [ 756.410255][T24821] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 756.428099][T24821] attempt to access beyond end of device [ 756.441449][T24821] loop5: rw=2049, want=131, limit=127 [ 756.447347][T24821] Buffer I/O error on dev loop5, logical block 130, lost async page write 03:21:22 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e706174000204050002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000300)='\vem1\xc1\xf8\xa6\x8dN*\xff\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\xe6\xb2\xdbb\xaf\x1euOf\xb9\xd3\xe3\tw\xa7\xeb/\x0e7\"\xe5\xe0R\xf1\r\x19lR{\x92\xd4i\x98\xbd\xce\xdf\x13\xc7p\xb9\xa2H\xa0\xdd,\xc9\xb8\xcf\x8a\x91VQ\xf5\x1c7eN\xeb\xed\xb6\xda\xf3\xc4\xf8P\x8f\x16\x8f\x88Y\xc8S\xf3\xd3\xfa\x81\x14\x98pa\xda+c\x12\xefq~\x97\xd9J\xc6\x0fF{\xa2\ay\xa6\xf06]\xd6?\xf4\x9a\xd2w\x12\x14\xa2w\xbd\xa7!\xbf%h`i\xb6', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="6bdfc76f7a6cc57c"], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) [ 756.460756][T24821] attempt to access beyond end of device [ 756.484981][T24821] loop5: rw=2049, want=132, limit=127 03:21:22 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) pivot_root(0x0, 0x0) [ 756.535851][T24821] attempt to access beyond end of device [ 756.569416][T24821] loop5: rw=2049, want=133, limit=127 [ 756.580396][T24821] attempt to access beyond end of device 03:21:22 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff000000070080", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 756.605672][T24821] loop5: rw=2049, want=142, limit=127 [ 756.636235][T24821] attempt to access beyond end of device [ 756.656080][T24821] loop5: rw=2049, want=143, limit=127 [ 756.675796][T24821] attempt to access beyond end of device [ 756.689612][T24821] loop5: rw=2049, want=144, limit=127 03:21:25 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d0569", 0x64}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:25 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e706174000204050002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000300)='\vem1\xc1\xf8\xa6\x8dN*\xff\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\xe6\xb2\xdbb\xaf\x1euOf\xb9\xd3\xe3\tw\xa7\xeb/\x0e7\"\xe5\xe0R\xf1\r\x19lR{\x92\xd4i\x98\xbd\xce\xdf\x13\xc7p\xb9\xa2H\xa0\xdd,\xc9\xb8\xcf\x8a\x91VQ\xf5\x1c7eN\xeb\xed\xb6\xda\xf3\xc4\xf8P\x8f\x16\x8f\x88Y\xc8S\xf3\xd3\xfa\x81\x14\x98pa\xda+c\x12\xefq~\x97\xd9J\xc6\x0fF{\xa2\ay\xa6\xf06]\xd6?\xf4\x9a\xd2w\x12\x14\xa2w\xbd\xa7!\xbf%h`i\xb6', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="6bdfc76f7a6cc57c"], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) 03:21:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff000000070080", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:25 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:25 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) r11 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = epoll_create1(0x0) epoll_create1(0x0) r14 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r13, 0x1, r14, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r13, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r15 = epoll_create1(0x0) r16 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) r21 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r20, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r21, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, r21, 0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, r18, 0x0) r22 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r22, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) r25 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r23, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r23, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r25, 0x1, r24, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r26) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r27 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r27, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) r31 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r31, 0x1, r30, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r32 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r32, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r33, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r33]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = epoll_create1(0x0) r37 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r36, 0x1, r37, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r35, 0x0) sendmmsg$unix(r11, &(0x7f0000003240), 0x0, 0x40) 03:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff000000070080", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x3}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x0, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 759.501765][T24886] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 759.526457][T24886] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:21:25 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 759.548806][T24886] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 759.588957][T24886] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x0, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:25 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e706174000204050002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000300)='\vem1\xc1\xf8\xa6\x8dN*\xff\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\xe6\xb2\xdbb\xaf\x1euOf\xb9\xd3\xe3\tw\xa7\xeb/\x0e7\"\xe5\xe0R\xf1\r\x19lR{\x92\xd4i\x98\xbd\xce\xdf\x13\xc7p\xb9\xa2H\xa0\xdd,\xc9\xb8\xcf\x8a\x91VQ\xf5\x1c7eN\xeb\xed\xb6\xda\xf3\xc4\xf8P\x8f\x16\x8f\x88Y\xc8S\xf3\xd3\xfa\x81\x14\x98pa\xda+c\x12\xefq~\x97\xd9J\xc6\x0fF{\xa2\ay\xa6\xf06]\xd6?\xf4\x9a\xd2w\x12\x14\xa2w\xbd\xa7!\xbf%h`i\xb6', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="6bdfc76f7a6cc57c"], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) 03:21:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x0, 0x8000000000000003, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 760.024689][ T27] audit: type=1800 audit(1584069686.099:116): pid=24925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17298 res=0 [ 760.086040][ T27] audit: type=1804 audit(1584069686.109:117): pid=24925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/637/file0/file0" dev="sda1" ino=17298 res=1 03:21:28 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d0569", 0x64}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:28 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:28 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) r35 = epoll_create1(0x0) r36 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r35, 0x1, r36, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r34, 0x0) 03:21:28 executing program 3: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x7fff, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e706174000204050002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000240)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = memfd_create(&(0x7f0000000300)='\vem1\xc1\xf8\xa6\x8dN*\xff\x93\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 \x00\xe6\xb2\xdbb\xaf\x1euOf\xb9\xd3\xe3\tw\xa7\xeb/\x0e7\"\xe5\xe0R\xf1\r\x19lR{\x92\xd4i\x98\xbd\xce\xdf\x13\xc7p\xb9\xa2H\xa0\xdd,\xc9\xb8\xcf\x8a\x91VQ\xf5\x1c7eN\xeb\xed\xb6\xda\xf3\xc4\xf8P\x8f\x16\x8f\x88Y\xc8S\xf3\xd3\xfa\x81\x14\x98pa\xda+c\x12\xefq~\x97\xd9J\xc6\x0fF{\xa2\ay\xa6\xf06]\xd6?\xf4\x9a\xd2w\x12\x14\xa2w\xbd\xa7!\xbf%h`i\xb6', 0x0) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="6bdfc76f7a6cc57c"], 0x8) mmap(&(0x7f0000000000/0x7000)=nil, 0x7000, 0x80000000004, 0x11, r1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.controllers\x00', 0x275a, 0x0) 03:21:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x0, 0x0) sendmmsg(r2, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) socket(0x10, 0x8000000000000003, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 762.619887][T24940] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 762.640570][T24940] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:21:28 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) socket(0x10, 0x8000000000000003, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000024a, 0x0) [ 762.692642][T24940] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:21:28 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:28 executing program 3: openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/consoles\x00', 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') socket(0xa, 0x802, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) getsockname$packet(r4, &(0x7f00000000c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r5}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, [], 0x0, 0x0}}]}]}]}, 0x3c}}, 0x0) [ 762.776139][T24940] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 763.085993][ T27] audit: type=1800 audit(1584069689.159:118): pid=24983 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17297 res=0 [ 763.137611][ T27] audit: type=1804 audit(1584069689.179:119): pid=24975 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/639/file0/file0" dev="sda1" ino=17297 res=1 03:21:31 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d0569", 0x64}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:31 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) socket(0x10, 0x8000000000000003, 0x0) sendmmsg(0xffffffffffffffff, &(0x7f0000000000), 0x40000000000024a, 0x0) 03:21:31 executing program 3: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000002000)='/', 0x1) sendfile(r0, r0, &(0x7f0000000200), 0x87) sendfile(r0, r0, &(0x7f00000001c0), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/vsock\x00', 0x0, 0x0) 03:21:31 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) r35 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, r35, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) 03:21:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) [ 765.496243][ T27] audit: type=1800 audit(1584069691.569:120): pid=24995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=47 res=0 03:21:31 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 765.533478][ T27] audit: type=1804 audit(1584069691.579:121): pid=24995 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/640/file0/file0" dev="loop5" ino=47 res=1 [ 765.541328][T24995] attempt to access beyond end of device [ 765.579393][T24995] loop5: rw=2049, want=130, limit=127 [ 765.597702][T24995] buffer_io_error: 5 callbacks suppressed [ 765.597713][T24995] Buffer I/O error on dev loop5, logical block 129, lost async page write [ 765.686164][T24995] attempt to access beyond end of device [ 765.692415][T24995] loop5: rw=2049, want=131, limit=127 [ 765.697971][T24995] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 765.707498][T24995] attempt to access beyond end of device [ 765.714093][T24995] loop5: rw=2049, want=132, limit=127 03:21:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) [ 765.732749][T25002] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 765.733396][T24995] Buffer I/O error on dev loop5, logical block 131, lost async page write [ 765.774019][T24995] attempt to access beyond end of device 03:21:31 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={&(0x7f0000000280)={0x10, 0xf003, 0x6c00000000000000}, 0x334, &(0x7f0000000200)={&(0x7f0000000880)=ANY=[@ANYBLOB="280000001c004346d5ff0f00ff00000007008000", @ANYRES32=r1, @ANYBLOB="701b6e000a000200aaaaaaaaaa0c001f010000004f1c2b52760000000048aa91c105e6c9de7b24c97c65648b72c6e18f373e45991720b65fefedd7e6a4bf136854a948b38b4bd646faef1fc55f82398f282f690e8b00fd7bee1be60365f3a623f2699f833ffd221b7d020000004206550c308c723cd601869b7a736d001000000000000056dd32cd1ee9a41210fdb278b50e7328efd316c523c74ec8bb5c0b35ec9f32a847341e7488cbce5dcccc4ccd99af45b548b7d697d4eb4bc77df6a67375751627e602f988768108dd163c01d0bc31dcdef9d509000000a110386036db1a2b22d7d39317060000003f0000000000000000000000000000000000be63c4b7ad03008d2aa97d0f8db03e6bfe694eb43dbfdd26c82d463f5ab79ca0eabc57d37528a33296cd334ceb6d18a9abf901edd299756099ff781a95d779c1bfefe9f4d9bbdfa9dac0c696cfda193554c9361e2ad446dac46db90651df1f53c39b1a282f50e08bc29f7ee35f702917545d0300000000000000bd887f4998defa7c20fe8e27f319e3fdbfd4fd8912843abf22f687175f1d616c27fdb1624f8966eff6ca242b4577062290c77f0de51e19547a343617293a71de2913f3acf3c39dd919d104727aca3989882af81b6b301678b2adf7d92922ef2fe755311e641030f6d778a565f1f607e1ff7ff4730f5f6fa0cce35f15fdd4cf30a60700000000000000f48a5d2461abeed733723ed22182fdcb2f834e4e31886f00000000000000000060373f15be2f65b605d96c7347b5bf30a830922c66ff7f000000000000ba1249f9d8617160cab5e10dbd4019f50a8eebdd0360301bde5975e4eec7908482af1389bc1733f6816e9ed9e8e400000000076f094131b6a1ae5fcfa767559e8be54438d6cf50e275d581bfa3bbf855a555d67b99f53a2c6884bd4f394b0cbaa2408d5ff4fe43ef504dc2fbfefe287caff3eb6dea20f412b37bb1129da181e919ac6190f1fb"], 0x42e}}, 0x0) r2 = socket(0x10, 0x8000000000000003, 0x0) sendmmsg(r2, 0x0, 0x0, 0x0) 03:21:31 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 765.778209][T25002] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 765.788842][T24995] loop5: rw=2049, want=133, limit=127 [ 765.821392][T24995] Buffer I/O error on dev loop5, logical block 132, lost async page write [ 765.844142][T24995] attempt to access beyond end of device [ 765.859342][T24995] loop5: rw=2049, want=142, limit=127 [ 765.864944][T24995] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 765.880901][T25002] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:21:31 executing program 4: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000700)={{0x14}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x3bc2cf25b7c7cdd, 0x0, 0x0, {}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ID={0x8}, @NFTA_SET_OBJ_TYPE={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2a}]}], {0x14}}, 0x6c}}, 0x0) [ 765.887866][T24995] attempt to access beyond end of device [ 765.896983][T24995] loop5: rw=2049, want=143, limit=127 [ 765.917110][T24995] Buffer I/O error on dev loop5, logical block 142, lost async page write [ 765.926090][T24995] attempt to access beyond end of device [ 765.943434][T24995] loop5: rw=2049, want=144, limit=127 [ 765.960176][T24995] Buffer I/O error on dev loop5, logical block 143, lost async page write [ 765.975677][T25002] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 765.981992][T24995] attempt to access beyond end of device [ 765.990784][T24995] loop5: rw=2049, want=145, limit=127 [ 765.996297][T24995] Buffer I/O error on dev loop5, logical block 144, lost async page write 03:21:34 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb2", 0x75}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:34 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:34 executing program 4: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000140)={0x18, 0x0, {0x7, @dev={[], 0x34}, 'macvlan1\x00'}}, 0x1e) getdents64(0xffffffffffffffff, 0x0, 0x0) open(&(0x7f000054eff8)='./file0\x00', 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, 0x0) sendmmsg(r0, &(0x7f000000d180), 0x4000000000000eb, 0x0) 03:21:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) r35 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, r35, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:21:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 768.661947][ T27] audit: type=1800 audit(1584069694.739:122): pid=25045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16643 res=0 03:21:34 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:34 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:34 executing program 4: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800004000e004, 0x1, &(0x7f0000000140)=[{&(0x7f0000010000)="eb3c906d6b66732e666174000204010002000270fff8", 0x162}], 0x808480, 0x0) r0 = open(&(0x7f0000000300)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x17e, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_NEXT_DEVICE(0xffffffffffffffff, 0x80045530, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$binfmt_aout(r1, &(0x7f0000000440)=ANY=[@ANYBLOB="000637620003555e5689d91b59672a8a298a7dd8a167aadc8348c14dadc3cab5ed450fe2f2ea21e6a23e4eaf295764d3c9f91d5fe01d83d1347d06a30b65ef3b9726b72d3999f59b85afa20c6e8e6bc42bc9f9fce6123d6cbc43aaa9cbb67edadb419f13295ca580d9ba0329e6a514cb6eff98cea400746158b8b875637445c04db68699169ae8a81077d1fd0fa4"], 0x9c) unlink(&(0x7f0000001e00)='./bus\x00') sendfile(r1, r1, &(0x7f00000001c0), 0x8080fffffffe) creat(&(0x7f0000000280)='./file0\x00', 0x0) [ 768.804385][ T27] audit: type=1804 audit(1584069694.739:123): pid=25045 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/641/file0/file0" dev="sda1" ino=16643 res=1 [ 768.883168][T25052] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 768.909640][T25052] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 768.944975][T25052] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:21:35 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 768.990958][ T27] audit: type=1800 audit(1584069695.069:124): pid=25073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=48 res=0 03:21:35 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 769.050032][ T27] audit: type=1804 audit(1584069695.069:125): pid=25073 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/642/file0/file0" dev="loop5" ino=48 res=1 [ 769.080268][T25052] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 769.213802][ T27] audit: type=1800 audit(1584069695.289:126): pid=25087 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=49 res=0 [ 769.259411][ T27] audit: type=1804 audit(1584069695.309:127): pid=25087 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/643/file0/file0" dev="loop5" ino=49 res=1 03:21:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb2", 0x75}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:37 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:37 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000080)='tasks\x00', 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) r35 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, r35, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) 03:21:37 executing program 4: r0 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r1) clock_nanosleep(0x8, 0x0, &(0x7f0000000280), 0x0) 03:21:37 executing program 4: dup(0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newsa={0x230, 0x10, 0x713, 0x0, 0x0, {{@in6=@ipv4={[], [], @empty}, @in=@empty}, {@in6=@remote, 0x0, 0x32}, @in=@local, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x13e, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0x790, 0x80, "e0b45cf9df69af167510432af44cd51c699d5b92a4b654b937260a7ec269c23f37e72d64508b1b181ae730d31c234ddf688e6c3faa9558e84960258572659f6dcd2e576c3030ba2570c981ef76e066070150e93d60f7fce6ab70d454d0c933ab01ce5c48397f48bf86fba5d79f279917f0c018259b6bc8f948e7ea355bf420924d0d1eb7c2f9d77f8e447b500dea6bb4f35193ae598481a6f6809beaa4e5193248a5770c7f9ef9cd033b1c00cb590585b41351d34cedd2b862dd4c2cf76ce237aa5859642ededb13e5924a02cd49dc5330eecaa089084c3b743eb7d98d7888efa10c05b188ae346c8366078ce0bf9e71986c"}}]}, 0x230}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmmsg(r3, &(0x7f0000000180), 0xf1, 0x0) 03:21:37 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 771.791950][ T27] audit: type=1800 audit(1584069697.869:128): pid=25122 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17105 res=0 03:21:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb2", 0x75}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 771.838659][ T27] audit: type=1804 audit(1584069697.869:129): pid=25122 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/644/file0/file0" dev="sda1" ino=17105 res=1 03:21:38 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 771.977050][T25108] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 772.014967][T25108] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:21:38 executing program 4: r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x3, 0x7) recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, &(0x7f00000008c0)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x20, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(r2, &(0x7f0000000340), 0x41395527) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0xd4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000000c0), 0x0, 0xfffffffffffffffe) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x3, 0x2}}, 0x0, 0xb, 0xffffffffffffffff, 0x0) socket$key(0xf, 0x3, 0x2) add_key(0x0, 0x0, 0x0, 0x0, 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) openat$audio(0xffffffffffffff9c, &(0x7f0000000180)='/dev/audio\x00', 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000100)='/dev/ppp\x00', 0x20000, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000080)='stat\x00') preadv(r3, &(0x7f0000000500), 0x37d, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) syz_open_procfs(0xffffffffffffffff, &(0x7f0000dec000)='smaps\x00') [ 772.028866][T25108] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:21:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 772.126980][T25108] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 772.245965][ T27] audit: type=1800 audit(1584069698.319:130): pid=25147 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=50 res=0 03:21:38 executing program 4: [ 772.321828][ T27] audit: type=1804 audit(1584069698.349:131): pid=25156 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/645/file0/file0" dev="loop5" ino=50 res=1 03:21:38 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:38 executing program 4: 03:21:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:38 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r34 = epoll_create1(0x0) r35 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r34, 0x1, r35, &(0x7f0000000000)) 03:21:38 executing program 4: [ 772.693502][T25170] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 772.695526][T25147] attempt to access beyond end of device [ 772.723387][T25170] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 772.735887][T25147] loop5: rw=2049, want=130, limit=127 03:21:38 executing program 4: [ 772.756917][T25147] Buffer I/O error on dev loop5, logical block 129, lost async page write 03:21:38 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 772.846700][T25147] attempt to access beyond end of device [ 772.861648][T25170] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 772.883110][T25147] loop5: rw=2049, want=131, limit=127 [ 772.920984][T25147] Buffer I/O error on dev loop5, logical block 130, lost async page write [ 772.952177][T25170] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 772.968927][T25147] attempt to access beyond end of device [ 772.976203][T25147] loop5: rw=2049, want=132, limit=127 [ 773.015034][T25147] Buffer I/O error on dev loop5, logical block 131, lost async page write [ 773.031559][T25147] attempt to access beyond end of device [ 773.037263][T25147] loop5: rw=2049, want=133, limit=127 [ 773.046207][T25147] Buffer I/O error on dev loop5, logical block 132, lost async page write [ 773.058000][T25147] attempt to access beyond end of device [ 773.065594][T25147] loop5: rw=2049, want=142, limit=127 [ 773.073903][T25147] Buffer I/O error on dev loop5, logical block 141, lost async page write [ 773.082990][T25147] attempt to access beyond end of device [ 773.088918][T25147] loop5: rw=2049, want=143, limit=127 [ 773.094724][T25147] Buffer I/O error on dev loop5, logical block 142, lost async page write [ 773.103515][T25147] attempt to access beyond end of device [ 773.109167][T25147] loop5: rw=2049, want=144, limit=127 [ 773.114641][T25147] Buffer I/O error on dev loop5, logical block 143, lost async page write [ 773.124330][T25147] attempt to access beyond end of device [ 773.130086][T25147] loop5: rw=2049, want=145, limit=127 [ 773.135468][T25147] Buffer I/O error on dev loop5, logical block 144, lost async page write [ 773.144324][T25147] attempt to access beyond end of device [ 773.155070][T25147] loop5: rw=2049, want=146, limit=127 03:21:41 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421", 0x7d}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:41 executing program 4: 03:21:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:41 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:41 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:41 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) 03:21:41 executing program 4: 03:21:41 executing program 4: 03:21:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 775.248577][ T27] audit: type=1800 audit(1584069701.319:132): pid=25214 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17366 res=0 03:21:41 executing program 4: 03:21:41 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 775.417533][ T27] audit: type=1804 audit(1584069701.369:133): pid=25201 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/646/file0/file0" dev="sda1" ino=17366 res=1 03:21:41 executing program 4: [ 775.507794][T25199] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 775.583277][T25199] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 775.601747][T25199] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 775.642168][T25199] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:44 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421", 0x7d}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:44 executing program 4: 03:21:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:44 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:44 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) 03:21:44 executing program 4: 03:21:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 778.331472][ T27] audit: type=1800 audit(1584069704.409:134): pid=25252 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16993 res=0 03:21:44 executing program 4: 03:21:44 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:44 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 778.489346][T25254] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:21:44 executing program 4: clone(0x2000000024000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1c103e, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000d000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b700000000000000950000000000000056ce36b68b0f334d6c37d03057c9ecee866f55e3376e4a82071d7827afc20e45c52d55b34c821bb59c00c159533324f871d94768e25851d3162c1bde8590446ed69b673e5b8d861ff207c0eb4b60a82fc3c0e2085d6a5893b223989bb454af0805f231eb8474953f640e3d490cdc0448205768e34ab95b6ef820397f1ba4b81cee61a98d7df3768db9bd084623ca56c82b205eca4d90628aeacbd4654eb4371861a98bb8fc0fb89f8abf8e94d4429449cd858976d9929b318c989bead2f9921120246508b0ab814b38f9cac8fea1a8c4712b53306cdca649a62720cd661d21ab5d7a8b9f974b4f5da4862c01b4cbe5f279fe779d75d3548a0fd05f9f366ec0aee3344d712d35edc17c209296c3db7ff279c9bc5ab356c3471399f860fef75f37888d0b0968f55b2b74f24fa8fcdf57cc5c62f45fcaccb1a340005a7cbd9b5d7d1f18e96ca8829541f89952c8def76a6cce5129eeda9e40b3d4ca6253e03976491eac97d74606847aaff78fa084eed20662d2bf5681ad7fee485c2e61fc824b8beac0cfbb54472f8d1536ddbacd27621b7b7f90f071ad71c3648066f131216b7e025e2308d0449e0300285e6dbc6fa7c0ace68ff410112329dffd3feac9035e438f5d058ddc3d4b9c95cd73ea6802f54186540f5008665c6a8e9fa3b652cf88b1ecaf0098ce5fbac707672d02aeca75587e766802f74a4249484108645e8d1dc84cc3b401c79f48e290ac301f190e922380dd"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x18000000000002e0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x11, r2, 0x0) setsockopt$packet_buf(r1, 0x107, 0x2, &(0x7f0000000140)="57be891e1ecab19d77b7e1a17620ba7b1daa147ecb04503576cc91ae06bfd86d1b8bfe1bb8963e555e981781d34368db0e8862449a4b30e194", 0x39) setsockopt$sock_timeval(0xffffffffffffffff, 0x1, 0x14, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = openat$full(0xffffffffffffff9c, 0x0, 0x400000, 0x0) r5 = open(&(0x7f0000000040)='./bus\x00', 0x1c103e, 0x0) mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffffe, 0x10, r5, 0x0) ioctl$TIOCGPGRP(r5, 0x540f, &(0x7f00000001c0)) ioctl$TIOCCONS(r4, 0x541d) r6 = fcntl$dupfd(r3, 0x0, r3) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f000001a000)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r7, 0x1, 0x1a, &(0x7f000002eff0)={0x264, &(0x7f0000000000)=[{}]}, 0x10) accept$inet(r0, 0x0, 0x0) r8 = memfd_create(&(0x7f0000000080)='$\xbbeth0nodev*\x00', 0x0) mmap(&(0x7f0000000000/0xaa2000)=nil, 0xaa2000, 0x5, 0x11, r8, 0x0) syz_open_procfs(0x0, &(0x7f00000002c0)='net/tcp6\x00') prctl$PR_SET_DUMPABLE(0x4, 0x0) syz_open_procfs(0x0, 0x0) r9 = getpid() sched_setattr(0x0, 0x0, 0x0) process_vm_readv(r9, &(0x7f0000000700)=[{&(0x7f0000000640)=""/162, 0xa2}], 0x1, &(0x7f0000000800)=[{&(0x7f00000007c0)=""/36, 0x24}], 0x1, 0x0) [ 778.569507][T25254] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 778.585858][T25254] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 778.641459][T25254] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 778.687140][ T27] audit: type=1800 audit(1584069704.759:135): pid=25276 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="loop5" ino=51 res=0 03:21:47 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421", 0x7d}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:47 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:47 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:47 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) 03:21:47 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) [ 781.225424][T25298] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 781.240953][T25301] netlink: 'syz-executor.4': attribute type 6 has an invalid length. 03:21:47 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:47 executing program 3: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x365f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 781.372966][T25313] netlink: 'syz-executor.4': attribute type 6 has an invalid length. [ 781.475994][ T27] audit: type=1800 audit(1584069707.509:136): pid=25314 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17405 res=0 [ 781.487866][T25322] netlink: 'syz-executor.4': attribute type 6 has an invalid length. 03:21:47 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) [ 781.555879][T25299] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:21:47 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 781.611482][T25299] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:21:47 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 781.657730][T25299] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 781.688845][T25299] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 781.710010][T25335] netlink: 'syz-executor.4': attribute type 6 has an invalid length. 03:21:50 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7a", 0x81}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:50 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:50 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:50 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) 03:21:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:50 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:50 executing program 3: r0 = socket$inet(0x2, 0x0, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 784.746819][T25361] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:21:50 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) [ 784.808107][T25361] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:21:50 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 784.895246][T25361] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 784.935537][T25361] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7a", 0x81}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:53 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:53 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:53 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) accept$alg(0xffffffffffffffff, 0x0, 0x0) 03:21:53 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:53 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 787.648689][T25425] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 787.659898][T25425] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 787.674404][T25425] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 787.696242][T25425] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:53 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:53 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:53 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 788.235049][T25459] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 788.245496][T25459] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 788.265859][T25459] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 788.295915][T25459] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 788.515080][ T0] NOHZ: local_softirq_pending 08 03:21:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7a", 0x81}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:56 executing program 4: r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:56 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) r33 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r33, 0x1, 0xffffffffffffffff, 0x0) 03:21:56 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:56 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:56 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:56 executing program 5: syz_mount_image$vfat(&(0x7f0000000540)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x0, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0xffdf}], 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 790.768724][T25486] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 790.786254][T25486] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 790.796550][T25486] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:21:56 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, 0x0, 0x0) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 790.813438][T25486] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:21:57 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:57 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200), 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac755", 0x83}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:21:59 executing program 5: r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:21:59 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:21:59 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200), 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:59 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(0x0) sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:21:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) [ 793.634711][ T27] audit: type=1800 audit(1584069719.709:137): pid=25533 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17491 res=0 03:21:59 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200), 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:21:59 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) [ 793.781639][ T27] audit: type=1804 audit(1584069719.739:138): pid=25533 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/659/file0" dev="sda1" ino=17491 res=1 03:21:59 executing program 5: r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:00 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) [ 793.931750][T25539] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:00 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 793.992820][ T27] audit: type=1800 audit(1584069720.069:139): pid=25560 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17497 res=0 03:22:00 executing program 5: r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 794.090505][T25539] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 794.106896][T25539] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 794.136433][T25539] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 794.153587][ T27] audit: type=1804 audit(1584069720.069:140): pid=25560 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/660/file0" dev="sda1" ino=17497 res=1 [ 794.278782][ T27] audit: type=1800 audit(1584069720.229:141): pid=25567 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17480 res=0 [ 794.358345][ T27] audit: type=1804 audit(1584069720.259:142): pid=25567 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/661/file0" dev="sda1" ino=17480 res=1 03:22:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac755", 0x83}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:02 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:02 executing program 4: socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:02 executing program 5: r0 = open(0x0, 0x0, 0x0) fchdir(r0) r1 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r2 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r3, r2, 0x0) sendfile(r1, r2, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:02 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) [ 796.716008][ T27] audit: type=1800 audit(1584069722.789:143): pid=25584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17516 res=0 03:22:02 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0x0) [ 796.757656][ T27] audit: type=1804 audit(1584069722.799:144): pid=25584 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/662/file0" dev="sda1" ino=17516 res=1 03:22:02 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:03 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:03 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0x0) [ 796.981739][T25589] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:03 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 797.067388][T25589] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 797.108645][ T27] audit: type=1800 audit(1584069723.179:145): pid=25612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17496 res=0 [ 797.131013][T25589] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:03 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 797.167231][T25589] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 797.199680][ T27] audit: type=1804 audit(1584069723.219:146): pid=25612 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/663/file0" dev="sda1" ino=17496 res=1 03:22:05 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac755", 0x83}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:05 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:05 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, 0x0, 0x0) 03:22:05 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x0, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:05 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) [ 799.789437][ T27] audit: type=1800 audit(1584069725.859:147): pid=25639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16769 res=0 03:22:05 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 03:22:05 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 799.861683][ T27] audit: type=1804 audit(1584069725.869:148): pid=25639 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/664/file0" dev="sda1" ino=16769 res=1 03:22:06 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(0x0, 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 799.995830][T25644] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 03:22:06 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(0x0, 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:06 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) [ 800.119472][T25644] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 800.129759][T25644] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 800.143028][T25644] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:22:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f", 0x84}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:09 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:09 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:09 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 03:22:09 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(0x0, 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) 03:22:09 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, 0x0, 0x0) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:09 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) 03:22:09 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:09 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:09 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0) [ 803.203197][T25683] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) 03:22:09 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f", 0x84}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:12 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:12 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:12 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000), 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:12 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) 03:22:12 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:12 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x0, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:12 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 806.303828][T25730] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) 03:22:12 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, 0x0, 0x405, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:12 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 806.698731][T25765] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) 03:22:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f", 0x84}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:15 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(0x0, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:15 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(0xffffffffffffffff, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:15 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x0, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:15 executing program 1: openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) epoll_create1(0x0) [ 809.280710][ T27] audit: type=1800 audit(1584069735.359:149): pid=25779 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17169 res=0 03:22:15 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(0x0, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:15 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x0, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:15 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 809.438441][T25784] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 809.455176][ T27] audit: type=1800 audit(1584069735.529:150): pid=25792 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16618 res=0 [ 809.479558][T25784] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:22:15 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 809.528149][T25784] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:15 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(0x0, 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:15 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, 0x0, 0x0) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 809.575695][T25784] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 809.603098][T25784] EXT4-fs (loop1): get root inode failed [ 809.615741][T25784] EXT4-fs (loop1): mount failed [ 809.745238][ T27] audit: type=1800 audit(1584069735.819:151): pid=25807 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16618 res=0 [ 810.270148][ T0] NOHZ: local_softirq_pending 08 03:22:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x1c, r1, 0x0, 0x0, 0x0, {0x7e}, [@NL80211_ATTR_IFTYPE={0x8, 0x6}]}, 0x1c}}, 0x0) 03:22:18 executing program 1: openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:18 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:18 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:18 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) accept$unix(0xffffffffffffffff, 0x0, 0x0) 03:22:18 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0) [ 812.404822][ T27] audit: type=1800 audit(1584069738.479:152): pid=25823 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16702 res=0 [ 812.526667][ T27] audit: type=1804 audit(1584069738.539:153): pid=25831 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/674/file0" dev="sda1" ino=16702 res=1 [ 812.561333][T25827] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:18 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x0, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:18 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 812.585932][T25843] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 812.587129][T25827] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 812.622026][T25827] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:18 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0) [ 812.653177][T25827] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:18 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 812.731755][ T27] audit: type=1800 audit(1584069738.809:154): pid=25849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17249 res=0 [ 812.791095][T25853] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 812.833024][ T27] audit: type=1804 audit(1584069738.809:155): pid=25849 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/675/file0" dev="sda1" ino=17249 res=1 [ 812.871360][T25827] EXT4-fs (loop1): get root inode failed [ 812.917324][ T27] audit: type=1800 audit(1584069738.939:156): pid=25856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17425 res=0 [ 812.929326][T25827] EXT4-fs (loop1): mount failed [ 812.976666][ T27] audit: type=1804 audit(1584069738.949:157): pid=25856 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/676/file0" dev="sda1" ino=17425 res=1 03:22:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:21 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:21 executing program 4: r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040)='nl80211\x00') sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, r1, 0x405, 0x0, 0x0, {0x7e}}, 0x14}}, 0x0) 03:22:21 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:21 executing program 1: openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:21 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) setresgid(0x0, 0x0, 0x0) [ 815.512730][T25870] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2 [ 815.530511][ T27] audit: type=1800 audit(1584069741.609:158): pid=25871 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17522 res=0 03:22:21 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 815.598405][ T27] audit: type=1804 audit(1584069741.639:159): pid=25875 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/677/file0" dev="sda1" ino=17522 res=1 [ 815.633217][T25869] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:21 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 815.653972][T25869] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 815.666131][T25869] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:21 executing program 4: r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000000)='TIPC\x00') r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_CMD_SET_NODE_ADDR(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x24, r0, 0x31, 0x0, 0x0, {{}, {}, {0x8, 0x11, 0x4}}}, 0x24}}, 0x0) [ 815.704317][T25869] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 815.750578][T25869] EXT4-fs (loop1): get root inode failed [ 815.763120][T25869] EXT4-fs (loop1): mount failed 03:22:21 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 815.822033][ T27] audit: type=1800 audit(1584069741.899:160): pid=25891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17492 res=0 [ 815.859165][T25893] tipc: Started in network mode 03:22:22 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 815.872449][T25893] tipc: Own node identity 4, cluster identity 4711 [ 815.897086][ T27] audit: type=1804 audit(1584069741.929:161): pid=25891 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/678/file0" dev="sda1" ino=17492 res=1 03:22:22 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 815.924723][T25893] tipc: 32-bit node address hash set to 4 [ 816.112543][ T27] audit: type=1800 audit(1584069742.189:162): pid=25906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17525 res=0 [ 816.239428][T25895] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 816.261068][ T27] audit: type=1804 audit(1584069742.199:163): pid=25906 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/679/file0" dev="sda1" ino=17525 res=1 [ 816.293517][T25895] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 816.305755][T25895] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 816.316233][T25895] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 816.329185][T25895] EXT4-fs (loop1): get root inode failed [ 816.335743][T25895] EXT4-fs (loop1): mount failed 03:22:24 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:24 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:24 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) 03:22:24 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:24 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) getresuid(0x0, &(0x7f0000002d40), 0x0) [ 818.636910][T25923] NFS: mount program didn't pass any mount data [ 818.663829][ T27] audit: type=1800 audit(1584069744.739:164): pid=25925 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17545 res=0 03:22:24 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 818.746662][T25923] NFS: mount program didn't pass any mount data [ 818.760550][ T27] audit: type=1804 audit(1584069744.769:165): pid=25932 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/680/file0" dev="sda1" ino=17545 res=1 03:22:24 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:25 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 818.908879][T25924] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 818.961997][T25924] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 818.988670][ T27] audit: type=1800 audit(1584069745.059:166): pid=25949 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17551 res=0 03:22:25 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 819.009132][T25924] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 819.036718][T25924] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:25 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000003c80), 0x57, 0x62, 0x0) [ 819.090184][T25924] EXT4-fs (loop1): get root inode failed [ 819.124724][T25924] EXT4-fs (loop1): mount failed 03:22:25 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 819.157274][T25957] NFS: mount program didn't pass any mount data [ 819.158833][ T27] audit: type=1804 audit(1584069745.059:167): pid=25949 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/681/file0" dev="sda1" ino=17551 res=1 03:22:25 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:25 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 819.438991][T25966] NFS: mount program didn't pass any mount data [ 819.693703][T25973] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 819.714829][T25973] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 819.732939][T25973] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 819.806549][T25973] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 819.838126][T25973] EXT4-fs (loop1): get root inode failed [ 819.844037][T25973] EXT4-fs (loop1): mount failed 03:22:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:27 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) 03:22:27 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) sched_setattr(0x0, &(0x7f0000000040)={0x30, 0x0, 0x0, 0x0, 0x9}, 0x0) 03:22:27 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:27 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:27 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 821.777238][ T27] kauditd_printk_skb: 4 callbacks suppressed [ 821.777250][ T27] audit: type=1800 audit(1584069747.839:172): pid=25992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17572 res=0 [ 821.778045][T25995] NFS: mount program didn't pass any mount data 03:22:27 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) 03:22:27 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 821.804467][ T27] audit: type=1804 audit(1584069747.859:173): pid=25992 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/684/file0" dev="sda1" ino=17572 res=1 [ 821.835480][T25993] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 821.845658][T25993] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 821.859487][T25993] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 821.897545][T25993] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:28 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:28 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 821.987515][T25993] EXT4-fs (loop1): get root inode failed 03:22:28 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, 0x0, 0x0, 0x62, 0x0) [ 822.069012][T25993] EXT4-fs (loop1): mount failed [ 822.110308][ T27] audit: type=1800 audit(1584069748.189:174): pid=26020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17560 res=0 [ 822.233270][ T27] audit: type=1804 audit(1584069748.249:175): pid=26020 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/685/file0" dev="sda1" ino=17560 res=1 03:22:28 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 822.492659][T26033] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 822.520254][T26033] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 822.540406][T26033] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 822.587484][T26033] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 822.615991][T26033] EXT4-fs (loop1): get root inode failed [ 822.622431][T26033] EXT4-fs (loop1): mount failed 03:22:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:30 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x0, 0x0) 03:22:30 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:30 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) getgroups(0x1, &(0x7f0000002cc0)=[r32]) 03:22:30 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:30 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 824.816407][ T27] audit: type=1800 audit(1584069750.889:176): pid=26048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17596 res=0 [ 824.885506][ T27] audit: type=1804 audit(1584069750.889:177): pid=26048 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/686/file0" dev="sda1" ino=17596 res=1 [ 825.028967][T26069] NFS: mount program didn't pass any mount data [ 825.050397][T26062] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:31 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 825.079355][T26062] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 825.096350][T26062] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 825.107155][T26062] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 825.156127][T26062] EXT4-fs (loop1): get root inode failed [ 825.162200][T26062] EXT4-fs (loop1): mount failed 03:22:31 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 825.209029][ T27] audit: type=1800 audit(1584069751.279:178): pid=26074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17596 res=0 03:22:31 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 825.256110][ T27] audit: type=1804 audit(1584069751.289:179): pid=26074 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/687/file0" dev="sda1" ino=17596 res=1 03:22:31 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 825.398791][ T27] audit: type=1800 audit(1584069751.469:180): pid=26081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17596 res=0 [ 825.421192][ T27] audit: type=1804 audit(1584069751.479:181): pid=26081 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/688/file0" dev="sda1" ino=17596 res=1 03:22:31 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) setresgid(0x0, r32, 0x0) [ 825.625800][T26082] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 825.640495][T26082] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 825.654740][T26082] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 825.673099][T26082] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 825.710722][T26082] EXT4-fs (loop1): get root inode failed [ 825.735479][T26082] EXT4-fs (loop1): mount failed 03:22:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:33 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x0, 0x0) 03:22:33 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:33 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:33 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) stat(0x0, &(0x7f0000000780)) [ 827.887019][T26111] NFS: mount program didn't pass any mount data [ 827.897472][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 827.897485][ T27] audit: type=1800 audit(1584069753.969:184): pid=26112 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17613 res=0 [ 827.928802][ T27] audit: type=1804 audit(1584069753.999:185): pid=26121 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/690/file0" dev="sda1" ino=17613 res=1 03:22:34 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(0xffffffffffffffff, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 828.095911][ T27] audit: type=1800 audit(1584069754.169:186): pid=26129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17618 res=0 [ 828.135668][T26114] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:34 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 828.159931][T26114] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 828.172261][ T27] audit: type=1804 audit(1584069754.199:187): pid=26129 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/691/file0" dev="sda1" ino=17618 res=1 [ 828.199852][T26114] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 828.224148][T26114] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:34 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 828.264181][ T27] audit: type=1800 audit(1584069754.339:188): pid=26134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17618 res=0 [ 828.301035][T26114] EXT4-fs (loop1): get root inode failed [ 828.308302][T26114] EXT4-fs (loop1): mount failed [ 828.312629][ T27] audit: type=1804 audit(1584069754.339:189): pid=26134 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/692/file0" dev="sda1" ino=17618 res=1 03:22:34 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 828.533150][ T27] audit: type=1800 audit(1584069754.609:190): pid=26140 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17606 res=0 03:22:34 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, 0xffffffffffffffff, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:34 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) setuid(0x0) [ 828.616081][ T27] audit: type=1804 audit(1584069754.639:191): pid=26140 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/693/file0" dev="sda1" ino=17606 res=1 [ 828.745242][ T27] audit: type=1800 audit(1584069754.819:192): pid=26150 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17606 res=0 [ 828.841893][ T27] audit: type=1804 audit(1584069754.849:193): pid=26150 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/694/file0" dev="sda1" ino=17606 res=1 [ 828.947403][T26144] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 828.966479][T26144] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 828.987927][T26144] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 829.009081][T26144] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 829.026240][T26144] EXT4-fs (loop1): get root inode failed [ 829.033046][T26144] EXT4-fs (loop1): mount failed [ 829.473172][ T0] NOHZ: local_softirq_pending 08 [ 830.750730][ T0] NOHZ: local_softirq_pending 08 03:22:36 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:36 executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000200)={0x2, 0x1004e20}, 0x10) setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x294, 0x4) connect$inet(r0, &(0x7f00000002c0)={0x2, 0x4e20, @empty}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c80), 0x57, 0x0, 0x0) 03:22:36 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:36 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:36 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:36 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) r31 = socket(0x0, 0x2, 0x0) getsockopt$sock_cred(r31, 0x1, 0x11, 0x0, 0x0) 03:22:37 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 830.992987][T26170] NFS: mount program didn't pass any mount data 03:22:37 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r0 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r1, r0, 0x0) sendfile(0xffffffffffffffff, r0, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 831.155345][T26172] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 831.192473][T26172] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 831.239596][T26172] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 831.275693][T26172] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:37 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 831.309925][T26172] EXT4-fs (loop1): get root inode failed [ 831.320152][T26172] EXT4-fs (loop1): mount failed 03:22:37 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:37 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) 03:22:37 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x7fffffa7) open(0x0, 0x8400, 0x0) [ 831.793031][T26204] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 831.822076][T26204] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 831.872531][T26204] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 831.894934][T26204] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 831.915158][T26204] EXT4-fs (loop1): get root inode failed [ 831.921238][T26204] EXT4-fs (loop1): mount failed 03:22:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) socket(0x0, 0x2, 0x0) 03:22:40 executing program 3: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:40 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x0) open(0x0, 0x8400, 0x0) 03:22:40 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:40 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x0) open(0x0, 0x8400, 0x0) 03:22:40 executing program 3: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 834.032986][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 834.032999][ T27] audit: type=1800 audit(1584069760.099:206): pid=26236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16626 res=0 03:22:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:40 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x0) open(0x0, 0x8400, 0x0) [ 834.237810][T26232] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 834.241766][ T27] audit: type=1804 audit(1584069760.099:207): pid=26236 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/701/file0" dev="sda1" ino=16626 res=1 [ 834.300011][T26232] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 834.311014][T26254] NFS: mount program didn't pass any mount data [ 834.353383][T26232] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:40 executing program 3: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 834.415286][ T27] audit: type=1800 audit(1584069760.259:208): pid=26248 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16817 res=0 [ 834.451799][T26232] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 834.485294][T26232] EXT4-fs (loop1): get root inode failed [ 834.502028][T26232] EXT4-fs (loop1): mount failed [ 834.521891][T26267] NFS: mount program didn't pass any mount data [ 834.615766][ T27] audit: type=1804 audit(1584069760.269:209): pid=26248 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/702/file0" dev="sda1" ino=16817 res=1 [ 834.647443][ T27] audit: type=1800 audit(1584069760.469:210): pid=26263 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=16897 res=0 [ 834.675991][ T27] audit: type=1804 audit(1584069760.479:211): pid=26263 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/703/file0" dev="sda1" ino=16897 res=1 03:22:43 executing program 3: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_procfs(0x0, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setresgid(0xee00, 0x0, 0x0) r2 = perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x32, &(0x7f00000007c0)=ANY=[@ANYBLOB="850000000700000025000000000000009500000000000000a579753dec29fe276240f076750753bc7b952ab5ad939c403054d8465c13a24800a26b3c68ce084994e702d609331ab3c70aa6b030ed69efddccd23e793e6e8287051d1229b94574e7825441222e81748b4ee09c0180b89f552c75b3b144f5fc545ab790ef72fd2ca305f386142d783531ac34d0c99d62456cc766be4825548e08580000d70b991d746067c73f47457a8713e7b70a85bbdb07832000000000000000000000e680e667212bc3b0c353ebbffbc0b35e84e3db18dec7aa1862259d511d3f57d6a2737027d7f816ef8ac68ea2827824dbfaffea071b777a6f941ba359c46bf277811a07748aa6147edda46525e536d056847d9c00724ccfa99221c9b10f530749ff179657570a19d74527643e2e2b632fffbbb337eeeceb7fd1e5dd2e32e673ccc8b30c040000004dbd9542e6c49e87df5380f1b578ba101b88651e6663d1626b2d05c9c9dcb0987af01ae2fe4da20c79fa8a0bd7348e4ec6747c58a9bb2479590df27190c1aee60272677e3c0000003fa64bc93c027b41"], &(0x7f0000000000)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x0, 0x0, &(0x7f0000000000)='GPL\x00', 0x5, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) perf_event_open(&(0x7f0000000100)={0x2, 0x70, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x59000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @perf_config_ext={0x80, 0xb}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x36}, 0x0, 0x0, 0xffffffffffffffff, 0x0) 03:22:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x3, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:43 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:43 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x0, 0x0) 03:22:43 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) syz_open_dev$rtc(0x0, 0xfffffffffffff801, 0x0) [ 837.098766][ T27] audit: type=1800 audit(1584069763.169:212): pid=26283 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17105 res=0 [ 837.137090][ T27] audit: type=1804 audit(1584069763.209:213): pid=26283 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/704/file0" dev="sda1" ino=17105 res=1 [ 837.137367][T26284] NFS: mount program didn't pass any mount data 03:22:43 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x0, 0x0) 03:22:43 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:43 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) perf_event_open(&(0x7f0000000100)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)={0x5, 0x5, 0x40, 0x3d}, 0x3c) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r2, &(0x7f0000000200), &(0x7f0000000300), 0x4}, 0x20) [ 837.336148][ T27] audit: type=1800 audit(1584069763.409:214): pid=26299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.5" name="file0" dev="sda1" ino=17009 res=0 03:22:43 executing program 4: mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 837.391725][T26285] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:22:43 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_int(r0, &(0x7f0000000200), 0x43400) [ 837.467952][T26285] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 837.485484][ T27] audit: type=1804 audit(1584069763.409:215): pid=26299 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.5" name="/root/syzkaller-testdir280544411/syzkaller.YbkVvR/705/file0" dev="sda1" ino=17009 res=1 [ 837.517234][T26285] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:43 executing program 5: open(0x0, 0x0, 0x0) fchdir(0xffffffffffffffff) r0 = open(&(0x7f0000000100)='./file0\x00', 0x40c2, 0x0) r1 = open$dir(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/timer_list\x00', 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) dup3(r2, r1, 0x0) sendfile(r0, r1, 0x0, 0x7fffffa7) open(0x0, 0x0, 0x0) [ 837.588831][T26285] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 837.613795][T26317] NFS: mount program didn't pass any mount data 03:22:43 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 837.634195][T26285] EXT4-fs (loop1): get root inode failed [ 837.677388][T26285] EXT4-fs (loop1): mount failed [ 837.810266][T26327] NFS: mount program didn't pass any mount data 03:22:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_sys\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x40106614, 0x0) 03:22:46 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:46 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:46 executing program 5: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086607, 0x400000) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000), 0x3c) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f0000000080)={0x2}, 0xc) 03:22:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) r30 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r30, 0x1, r29, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r27, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) [ 840.175975][T26339] NFS: mount program didn't pass any mount data 03:22:46 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, 0x0, 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:46 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuacct.usage_sys\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r0, 0x5460, 0x0) 03:22:46 executing program 5: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b70200000d000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b700000000000000950000000000000056ce36b68b0f334d6c37d03057c9ecee866f55e3376e4a82071d7827afd2d144b81e55b3f31672797fc00300533324f871d94768e25851d3162c1bde856ed69b673e5b8d861ff207c0eb4b60a82fc3c0e2085d6add5893b223989bb454af0805f231eb8474953f640e3d490cdc0448ecf21b205768e34ab95b6ef820398c1ba4b81cee61a98d7df3768db9bd084623ca56482b205eca4d90628aeacbd4654eb4371861a98bb8fc0fb89f8abf8e94d4429449cd85af76d9929b318c989bead2f9921120246508b0ab814b38f9cac8fea1a8c4712b53306cdca649a62720cd6e1d21ab5d7a8b9f974b4f5da4862c01b4cbe5f279fe779d5f9f366ec0aee3344d712d35edc17c209296c3db7ff279c9bc5ab356c3471399f860fef75f37888d0b0968f5a8fcdf57cc5c62f45fcaccb1a340"], &(0x7f0000000340)='syzkaller\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x18000000000002e0, 0xe, 0x0, &(0x7f0000000040)="b9d303b700030000009e40f086dd", 0x0, 0xfd, 0x6000000000000000, 0x0, 0x0, 0x0, 0x0}, 0x40) [ 840.358685][T26340] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 840.369661][T26340] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:22:46 executing program 3: recvmsg$kcm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, 0x0}, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x29, 0x2, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) r1 = socket$kcm(0x2b, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpu.stat\x00', 0x26e1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) r3 = socket$kcm(0xa, 0x5, 0x0) sendmsg$kcm(r3, 0x0, 0x24002076) close(r3) setsockopt$sock_attach_bpf(r3, 0x6, 0x17, &(0x7f0000001b40)=r2, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x6, 0x17, 0x0, 0x0) perf_event_open$cgroup(0x0, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) ioctl$TUNSETLINK(0xffffffffffffffff, 0x400454cd, 0x118) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x8914, &(0x7f0000000200)='wlan1\x00\x1b\x1a\xec\xb5\x12\x03F\xd9\x1f\xb9\xf2-\xda,C\xfdj\xe3\x8d\xe3\xd6\xe0|6l\xe9\xd9;\xea\x84\x13\xdf\xf7\xber\'\x8a\xd5W\xbb\xac%j\x9d\xeb\xba\xe6\xc4\xc4\xa9\xf5\xd5\xa1\xf5\\\x9b\xb2\a\xde\xbb\xc18\x84\xb5:f\xcb\xe8oOArYZ\xe1\xc9\x86\xfe\x88\x9d\xfa\xacJ\x1f\xebp\x00\xfb\xaad\x1a\xa0') sendmsg$tipc(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000740)}, {0x0}, {&(0x7f00000003c0)}, {0x0}, {&(0x7f00000019c0)}], 0x5, 0x0, 0x0, 0x40}, 0x4000000) perf_event_open(&(0x7f0000000640)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xfffffff7ffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x9, 0xffffffffffffffff, 0x0) gettid() bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000004c0)={0xffffffffffffffff, 0xc0, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x4}, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0) socket$kcm(0x29, 0x2, 0x0) r4 = socket$kcm(0x29, 0x5, 0x0) r5 = socket$kcm(0x10, 0x0, 0x0) sendmsg$sock(r5, &(0x7f00000007c0)={&(0x7f0000000180)=@x25={0x9, @remote={[], 0x1}}, 0x80, &(0x7f0000000740)=[{&(0x7f0000000300)="b0756c9a93672e6461c311e2212563f0205c0b4a3dd4f85e06ae1ad2879016a5c4dbf840acab16d628aed490fcf76ba5bcf7af71723f815a69087ed5b2ca0ae898635050757503ab0a70c2f806197fb7d4cebfb9ffef69e932d9ec6fc3ec6cb9d91d50a5f3d1e4921829abe078e008b8993fa6cd2b0a1f3fd534f677ec1f82b9201e3cde233966bd6ce4dfdab58e2d0714fe809f5fc20d6b2dc83ac1c557116a6e3e22bcec765b0ab0399eb5656b4533c6c2b176fc42bedee5ce3bab445dacbe547fc4bcd358c35b5b30b33d5169447b5fefd6a584de5834917b8b3766139634df030c893a0eee5922e5d1ff63a4b6c088", 0xf1}, {&(0x7f0000000200)="17287f2298d4e6a64949e738851ab268180386f59468a94e117b307d3abc8fddb4753778d2d4fa217da223744d6b949de26e67455b1245107b660df3204e39ad64b429fee20fed3aa387ce44d84a8d4597c81034f2e3547cb0931955afb97ce260d152a9fc45d54864e0", 0x6a}, {&(0x7f0000000280)="59271b269f675c671226085e", 0xc}, {&(0x7f0000000400)="306a4419a8a140d2cb3870b22ff83fb3632db7d8", 0x14}, {&(0x7f0000000440)}, {0x0}], 0x6}, 0x800) ioctl$sock_kcm_SIOCKCMCLONE(r1, 0x89e2, &(0x7f0000000100)={r5}) ioctl$sock_kcm_SIOCKCMCLONE(r4, 0x89e2, &(0x7f0000000140)) [ 840.420674][T26340] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:46 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 840.530427][T26340] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 840.602995][T26340] EXT4-fs (loop1): get root inode failed [ 840.648142][T26340] EXT4-fs (loop1): mount failed 03:22:46 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d07000c7f793f000000ff030000", @ANYRES32=r2, @ANYBLOB="00000000e600000f1c0012000c000100626f6e64000000000c000200080001000600000007e43fdb8afe3c5573f88516ce790da511991f06a229ee173b45f13fbb3ee66f31fa2daea7074835bf39c1f1d2093f198e25c6d3f363c781155dee1f6f4055624092394442e7c920d79da069f4cb3a22c983ba5ceb0000b1cd3c807a"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d07000c7f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e600000f1c0012000c000100626f6e64000000000c000200080001000600000007e43fdb8afe3c5573f88516ce790da511991f06a229ee173b45f13fbb3ee66f31fa2daea7074835bf39c1f1d2093f198e25c6d3f363c781155dee1f6f4055624092394442e7c920d79da069f4cb3a22c983ba5ceb0000b1cd3c807a"], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5dcffea5707b9250}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) [ 840.720472][T26380] NFS: mount program didn't pass any mount data [ 840.869911][T26386] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 840.944528][T26388] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 841.000186][T26386] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 841.011472][T26386] bond2: (slave macvlan2): Enslaving as an active interface with a down link [ 841.033902][T26388] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 841.048096][T26388] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 841.083712][T26388] bond3 (uninitialized): Released all slaves 03:22:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:49 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:49 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:49 executing program 5: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) sendmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x5, 0x0, 0x0, {0x77359400}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "65a0178f2fde4db3"}}, 0x48}}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)={0x7, 0x0, 0x0, {0x77359400}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "65a0178f2fde4db3"}}, 0x48}}, 0x0) recvfrom(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 03:22:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, r27, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:22:49 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d07000c7f793f000000ff030000", @ANYRES32=r2, @ANYBLOB="00000000e600000f1c0012000c000100626f6e64000000000c000200080001000600000007e43fdb8afe3c5573f88516ce790da511991f06a229ee173b45f13fbb3ee66f31fa2daea7074835bf39c1f1d2093f198e25c6d3f363c781155dee1f6f4055624092394442e7c920d79da069f4cb3a22c983ba5ceb0000b1cd3c807a"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) r6 = socket$netlink(0x10, 0x3, 0x0) r7 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d07000c7f793f000000ff030000", @ANYRES32=r8, @ANYBLOB="00000000e600000f1c0012000c000100626f6e64000000000c000200080001000600000007e43fdb8afe3c5573f88516ce790da511991f06a229ee173b45f13fbb3ee66f31fa2daea7074835bf39c1f1d2093f198e25c6d3f363c781155dee1f6f4055624092394442e7c920d79da069f4cb3a22c983ba5ceb0000b1cd3c807a"], 0x3c}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5dcffea5707b9250}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}, @IFLA_MASTER={0x8, 0xa, r8}]}, 0x44}}, 0x0) 03:22:49 executing program 5: r0 = inotify_init() close(r0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0xc) listen(r1, 0x0) setreuid(0x0, 0x0) lchown(0x0, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGPGRP(0xffffffffffffffff, 0x8904, 0x0) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) accept4$inet(r0, 0x0, 0x0, 0x0) [ 843.367356][T26411] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 843.402929][T26412] NFS: mount program didn't pass any mount data [ 843.439871][T26404] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 843.473410][T26404] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 843.483305][T26404] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:49 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x0, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 843.512773][T26404] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 843.532414][T26404] EXT4-fs (loop1): get root inode failed [ 843.538152][T26404] EXT4-fs (loop1): mount failed [ 843.561592][T26418] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:22:49 executing program 5: ioctl$PERF_EVENT_IOC_SET_BPF(0xffffffffffffffff, 0x40042408, 0xffffffffffffffff) syz_open_procfs$namespace(0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='memory.events\x00', 0x26e1, 0x0) socket$kcm(0x2, 0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_int(r0, &(0x7f0000000200), 0x400c00) 03:22:49 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 843.747879][T26435] NFS: mount program didn't pass any mount data 03:22:49 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(0x0, 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:49 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) [ 843.905091][T26439] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 843.915583][T26439] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 843.926218][T26439] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 843.951951][T26439] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 843.969932][T26439] EXT4-fs (loop1): get root inode failed [ 843.980053][T26439] EXT4-fs (loop1): mount failed 03:22:52 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) r29 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, r27, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r29, 0x1, r28, &(0x7f0000019000)) 03:22:52 executing program 5: ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(0xffffffffffffffff, 0x40086607, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) mkdirat$cgroup(0xffffffffffffffff, 0x0, 0x1ff) r0 = gettid() r1 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = perf_event_open(&(0x7f0000000180)={0x2, 0x70, 0xe6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x5, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="850000000f00000025000000000000009500000000000000c7905faaaca74ae5bd71f5b27df7b091c97554bb007c101e46008000000000075900001943449fc1dcf86e0000b1b5af027400005822e8f98b234077445b2fef3efdd4547d08d3f4215a73e8d9ffcd33b84c22d397a1ac6d36fc1107b9cf2a89a797cd5c578f0000000000000000000000000000009b28a2bbd93c5d476ecc2fcb8e6ce945292938585e0e39650a079283bfa7f761657eb5945c049d3690f62392c0595f75cc87fbebe6686a9f77e3950e17868405c1980de93ac341f44a0436900c6c3bce7f6d0da0ffe994f5ddb56b9fbf24de6967111c9ab6d884a965346b1eb306eb47f2458f769d5b2577aa5a89f4c0af61872c7c1ab888231656a9"], &(0x7f0000000000)='GPL\x00', 0x5, 0x252, &(0x7f000000cf3d)=""/195}, 0x48) ioctl$PERF_EVENT_IOC_SET_BPF(r2, 0x40042408, r3) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a40)={r0, r2, 0x0, 0x0, 0x0}, 0x30) 03:22:52 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:52 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:52 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:52 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(0x0, 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:52 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(0x0, 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:52 executing program 5: r0 = socket$inet6(0xa, 0x80803, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000400)={{{@in6=@remote, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in6=@empty, 0x0, 0x2b}, 0x0, @in=@broadcast, 0x0, 0x0, 0x0, 0x90}}, 0xe8) connect$inet6(r0, &(0x7f00000000c0), 0x1c) 03:22:52 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) [ 846.634987][T26471] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 846.652530][T26471] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 846.669568][T26471] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 846.704624][T26471] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 846.729799][T26471] EXT4-fs (loop1): get root inode failed [ 846.743940][T26471] EXT4-fs (loop1): mount failed 03:22:52 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:52 executing program 5: bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f00000001c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@volatile={0x0, 0x0, 0x0, 0x9, 0x3}]}}, &(0x7f0000000200)=""/214, 0x26, 0xd6, 0x1}, 0x20) 03:22:52 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) [ 847.018003][T26509] NFS: mount program didn't pass any mount data 03:22:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) r27 = epoll_create1(0x0) r28 = epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r28, 0x1, r27, &(0x7f0000000080)) 03:22:53 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 847.425240][T26519] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 847.447452][T26519] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 847.469002][T26519] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 847.489962][T26519] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 847.503033][T26519] EXT4-fs (loop1): get root inode failed [ 847.508915][T26519] EXT4-fs (loop1): mount failed 03:22:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:55 executing program 5: r0 = socket$inet6(0xa, 0x80003, 0x6b) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8982, &(0x7f00000000c0)={'vlan1\x00'}) 03:22:55 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) 03:22:55 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:55 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:55 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:22:55 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) 03:22:55 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'syz_tun\x00'}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xfd11) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x0) 03:22:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 849.668431][T26545] NFS: mount program didn't pass any mount data [ 849.738251][T26539] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 849.777305][T26539] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:22:55 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 849.794376][T26564] device bridge_slave_0 left promiscuous mode [ 849.800755][T26564] bridge0: port 1(bridge_slave_0) entered disabled state [ 849.817737][T26539] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:22:55 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) 03:22:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 849.917078][T26539] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:22:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:56 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:56 executing program 5: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000300)={'syz_tun\x00'}) socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0, 0x3d2}}, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0xfd11) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_MASTER={0x8, 0xa, r5}]}, 0x28}}, 0x0) [ 850.062417][T26539] EXT4-fs (loop1): get root inode failed [ 850.088930][T26539] EXT4-fs (loop1): mount failed 03:22:56 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:56 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:56 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:56 executing program 5: syz_emit_ethernet(0x46, &(0x7f00000000c0)={@broadcast, @random="a0d35b1004bb", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x29, 0x0, @loopback, @loopback}, "14006371a69b1c01"}}}}}, 0x0) 03:22:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) 03:22:56 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:22:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:56 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) [ 850.659175][T26613] NFS: mount program didn't pass any mount data 03:22:57 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 850.871260][T26608] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 850.895809][T26608] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:22:57 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) [ 850.945114][T26608] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 850.999917][T26608] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 851.100149][T26608] EXT4-fs (loop1): get root inode failed [ 851.109372][T26608] EXT4-fs (loop1): mount failed 03:22:57 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:22:57 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:57 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:57 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:57 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:22:57 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:57 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) 03:22:57 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) [ 851.653567][T26653] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 851.762212][T26653] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 851.804513][T26653] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 851.838648][T26653] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 851.876243][T26653] EXT4-fs (loop1): get root inode failed [ 851.887972][T26653] EXT4-fs (loop1): mount failed 03:22:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:22:59 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:22:59 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:22:59 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, 0x0, &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:22:59 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:22:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) 03:22:59 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:23:00 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:23:00 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 853.953429][T26689] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 853.963384][T26689] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 853.974488][T26689] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 854.011208][T26689] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 854.036078][T26689] EXT4-fs (loop1): get root inode failed [ 854.042327][T26689] EXT4-fs (loop1): mount failed 03:23:00 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, &(0x7f0000000040)) 03:23:00 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:00 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 854.563715][T26727] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 854.581219][T26727] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 854.594200][T26727] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 854.637562][T26727] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 854.672931][T26727] EXT4-fs (loop1): get root inode failed [ 854.678737][T26727] EXT4-fs (loop1): mount failed 03:23:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(0x0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:02 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:23:02 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:02 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) 03:23:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) epoll_create1(0x0) 03:23:02 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:03 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) 03:23:03 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:03 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0xfffffffffffffe3a, 0x1}], 0x100488, 0x0) 03:23:03 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(0xffffffffffffffff, 0x80086601, &(0x7f0000000040)) [ 857.178749][T26751] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 857.216426][T26751] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 857.262883][T26751] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:03 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:03 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, 0x0) [ 857.356249][T26751] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 857.480801][T26751] EXT4-fs (loop1): get root inode failed [ 857.486639][T26751] EXT4-fs (loop1): mount failed 03:23:06 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:06 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100488, 0x0) 03:23:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:06 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:06 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, 0x0) 03:23:06 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) epoll_create1(0x0) 03:23:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:06 executing program 3: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000340)='memory.events\x00', 0x7a05, 0x1700) ioctl$PERF_EVENT_IOC_PERIOD(r0, 0x80086601, 0x0) 03:23:06 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100488, 0x0) [ 860.099500][T26795] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 860.119878][T26795] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 860.123048][T26805] NFS: mount program didn't pass any mount data 03:23:06 executing program 5: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 860.234464][T26795] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 860.321442][T26795] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 860.349023][T26821] NFS: mount program didn't pass any mount data [ 860.356379][T26795] EXT4-fs (loop1): get root inode failed 03:23:06 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="3c00000010000d07000c7f793f000000ff030000", @ANYRES32=r2, @ANYBLOB="00000000e600000f1c0012000c000100626f6e64000000000c000200080001000600000007e43fdb8afe3c5573f88516ce790da511991f06a229ee173b45f13fbb3ee66f31fa2daea7074835bf39c1f1d2093f198e25c6d3f363c781155dee1f6f4055624092394442e7c920d79da069f4cb3a22c983ba5ceb0000b1cd3c807a"], 0x3c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket(0x1, 0x803, 0x0) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x5dcffea5707b9250}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macvlan={{0xc, 0x1, 'macvlan\x00'}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r5}]}, 0x3c}}, 0x0) 03:23:06 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, 0x0, 0x100488, 0x0) [ 860.373407][T26795] EXT4-fs (loop1): mount failed [ 860.509803][T26831] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 860.587438][T26835] NFS: mount program didn't pass any mount data [ 860.638740][T26840] netlink: 'syz-executor.3': attribute type 1 has an invalid length. 03:23:09 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:09 executing program 5: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:09 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:09 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x100488, 0x0) 03:23:09 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x40031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000002000/0x1000)=nil, 0x1000, 0xbcda34450b800b7a, 0x40000000000a132, 0xffffffffffffffff, 0x0) r1 = socket$inet6(0xa, 0x1, 0x84) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r3, &(0x7f0000000040)=ANY=[], 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) getsockopt$bt_hci(r1, 0x84, 0x21, &(0x7f0000000080)=""/4100, &(0x7f00000010c0)=0x1004) 03:23:09 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) r26 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r26, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) 03:23:09 executing program 5: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:09 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x100488, 0x0) [ 863.123741][T26853] NFS: mount program didn't pass any mount data 03:23:09 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0), 0x100488, 0x0) 03:23:09 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect(r0, &(0x7f0000002000)=@ethernet, 0x10) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0500"/16, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="00a0174db300"/21], 0x48}}, 0x0) [ 863.226634][T26868] NFS: mount program didn't pass any mount data 03:23:09 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x1}], 0x100488, 0x0) [ 863.357092][T26877] NFS: mount program didn't pass any mount data [ 863.417826][T26855] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 863.449337][T26855] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:23:09 executing program 5: r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 863.464561][T26855] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 863.502941][T26855] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 863.526230][T26887] NFS: mount program didn't pass any mount data [ 863.548746][T26855] EXT4-fs (loop1): get root inode failed [ 863.575752][T26855] EXT4-fs (loop1): mount failed 03:23:12 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:12 executing program 3: r0 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_LOOPBACK(r0, 0x65, 0x5, &(0x7f0000000040), 0x4) 03:23:12 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x1}], 0x100488, 0x0) 03:23:12 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:12 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:12 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x0, 0x0) 03:23:12 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:12 executing program 3: syz_emit_ethernet(0xd2, &(0x7f0000000240)={@local, @remote, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "831a46", 0x2, 0x11, 0x0, @local, @mcast2, {[], {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "dc108cbb39f606ce209eec7c5e2605027357356a28fd03666170060616d98e53", "cd266cc4a8dc08f78a34d266d27b0a8b40b19d21718aaf69c5fa846bdf84eeddca202ce117d25174a916773f49c39040", "20346a1186c8cbc7e7098a6c8ae82237788cc6d052768976ddfc1bfd", {"2fb61f288cae72163ac243a50010ef5d", "882aae83f5440bc0ba204de08dd1894f"}}}}}}}}, 0x0) 03:23:12 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{0x0, 0x0, 0x1}], 0x100488, 0x0) [ 866.359378][T26908] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:12 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 866.433150][T26932] NFS: mount program didn't pass any mount data [ 866.446664][T26908] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:23:12 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x1}], 0x100488, 0x0) [ 866.510778][T26908] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:12 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) ioctl(r0, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") r1 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000500)={r1, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) [ 866.553077][T26942] NFS: mount program didn't pass any mount data [ 866.616585][T26908] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 866.690001][T26908] EXT4-fs (loop1): get root inode failed [ 866.695685][T26908] EXT4-fs (loop1): mount failed 03:23:15 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:15 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x1}], 0x100488, 0x0) 03:23:15 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:15 executing program 3: clone(0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$null(0xffffffffffffff9c, 0x0, 0x44102, 0x0) mkdir(&(0x7f0000000300)='./file0\x00', 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) mount$fuse(0x20000000, &(0x7f0000000040)='./file0\x00', 0x0, 0x807284, 0x0) r0 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000640)='tasks\x00', 0x2, 0x0) r2 = openat$cgroup_int(r0, &(0x7f00000005c0)='cpuset.memory_spread_page\x00', 0x2, 0x0) sendfile(r2, r1, 0x0, 0x100000700) openat$autofs(0xffffffffffffff9c, 0x0, 0x50000, 0x0) 03:23:15 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:15 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) 03:23:15 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 869.262123][T26967] NFS: mount program didn't pass any mount data 03:23:15 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580), 0x0, 0x1}], 0x100488, 0x0) 03:23:15 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, 0x0, &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 869.442082][T26963] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:15 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:15 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x1}], 0x100488, 0x0) [ 869.512601][T26963] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 869.547716][T26988] NFS: mount program didn't pass any mount data 03:23:15 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800000012000507000000f4240a6fa9c3000000", @ANYRES32=0x0, @ANYBLOB="2f02000000000000140012800c0001006d6163766c616e00040002800a000500040000000000000008000a00", @ANYRES32, @ANYBLOB="f3b280ce0bfee415a689755d3fd3a0ef05ff8a5cae61d6a9d444ce69c2ecdd9c7feeb55b2453a9438ff6903dbf3c7d39d4a23ae451f9d0e50c688ed355437b03b2645cd287e195c1909d8f12e825ef35b8250b22920a8728b04a6e899498378d1668795351a1111ead34ac429e92f5ce2a6acfb0"], 0x48}}, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) [ 869.579388][T26963] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 869.608639][T26963] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 869.649592][T26963] EXT4-fs (loop1): mount failed [ 869.845293][T27004] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 869.857006][T27004] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 869.896765][T27004] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 869.907624][T27004] netlink: 'syz-executor.3': attribute type 5 has an invalid length. 03:23:18 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:18 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:18 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:18 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x1}], 0x100488, 0x0) 03:23:18 executing program 3: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000440)=ANY=[@ANYBLOB="4800000012000507000000f4240a6fa9c3000000", @ANYRES32=0x0, @ANYBLOB="2f02000000000000140012800c0001006d6163766c616e00040002800a000500040000000000000008000a00", @ANYRES32, @ANYBLOB="f3b280ce0bfee415a689755d3fd3a0ef05ff8a5cae61d6a9d444ce69c2ecdd9c7feeb55b2453a9438ff6903dbf3c7d39d4a23ae451f9d0e50c688ed355437b03b2645cd287e195c1909d8f12e825ef35b8250b22920a8728b04a6e899498378d1668795351a1111ead34ac429e92f5ce2a6acfb0"], 0x48}}, 0x0) ioctl$TCSETA(0xffffffffffffffff, 0x5406, 0x0) openat$vcsa(0xffffffffffffff9c, 0x0, 0x0, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) 03:23:18 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) stat(0x0, 0x0) 03:23:18 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 872.305475][T27018] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 872.322976][T27018] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 872.344679][T27023] NFS: mount program didn't pass any mount data 03:23:18 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3", 0x4a, 0x1}], 0x100488, 0x0) 03:23:18 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) getpid() write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0xffffff1f) [ 872.503636][T27020] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:18 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x1}], 0x100488, 0x0) [ 872.558112][T27020] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 872.574739][T27020] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 872.581865][T27044] NFS: mount program didn't pass any mount data 03:23:18 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x1}], 0x100488, 0x0) 03:23:18 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 872.645311][T27048] NFS: mount program didn't pass any mount data [ 872.663777][T27020] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 872.687856][T27020] EXT4-fs (loop1): mount failed [ 872.712771][T27055] NFS: mount program didn't pass any mount data 03:23:21 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:21 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a3", 0x6f, 0x1}], 0x100488, 0x0) 03:23:21 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:21 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:21 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setuid(r25) 03:23:21 executing program 3: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000040)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x248000009, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='cpuacct.usage_percpu\x00', 0x26e1, 0x0) perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000400)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x7a05, 0x1700) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x32600) getpid() write$cgroup_type(r0, &(0x7f0000000140)='threaded\x00', 0xffffff1f) 03:23:21 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 875.455217][T27082] NFS: mount program didn't pass any mount data 03:23:21 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x1}], 0x100488, 0x0) 03:23:21 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x2c, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea790"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 875.659945][T27078] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 875.777950][T27097] NFS: mount program didn't pass any mount data 03:23:21 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x1}], 0x100488, 0x0) [ 875.822794][T27078] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:23:22 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x2c, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea790"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 875.931647][T27078] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 876.058541][T27078] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 876.070064][T27078] EXT4-fs (loop1): mount failed 03:23:22 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x2c, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea790"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 876.190404][T27110] NFS: mount program didn't pass any mount data 03:23:24 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:24 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:24 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x42, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:24 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda4", 0x82, 0x1}], 0x100488, 0x0) 03:23:24 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), &(0x7f0000cab000)=0xc) 03:23:24 executing program 3: r0 = memfd_create(&(0x7f0000000100)='#\'%nodev\x00', 0x0) write(r0, &(0x7f0000000000)='\f', 0x1) sendfile(r0, r0, &(0x7f0000000200), 0x87) sendfile(r0, r0, &(0x7f00000001c0), 0xfec) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x4, 0x11, r0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040)='/dev/zero\x00', 0x0, 0x0) 03:23:24 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x1}], 0x100488, 0x0) 03:23:24 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000340)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) msgsnd(0x0, 0x0, 0x0, 0x0) msgctl$IPC_SET(0x0, 0x1, 0x0) msgrcv(0x0, &(0x7f0000000180)={0x0, ""/208}, 0xd8, 0x2, 0x1000) [ 878.518382][T27129] NFS: mount program didn't pass any mount data 03:23:24 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x42, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 878.702516][T27128] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 878.712560][T27128] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:23:24 executing program 3: socket$netlink(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x14) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000240)={@local, @ipv4={[0x0, 0x0, 0x8], [], @loopback}, @ipv4={[], [], @empty}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20c200a2, r3}) [ 878.746669][T27128] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 878.777667][T27128] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 878.789087][T27128] EXT4-fs (loop1): mount failed 03:23:24 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x42, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394e"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:24 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x1}], 0x100488, 0x0) [ 878.822088][T27150] NFS: mount program didn't pass any mount data [ 879.051475][T27168] NFS: mount program didn't pass any mount data 03:23:27 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:27 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:27 executing program 3: r0 = socket$inet6(0xa, 0x800000000000002, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0x9}, 0x1c) sendmmsg(r0, &(0x7f0000006d00)=[{{0x0, 0x1002000, 0x0}}], 0xc6, 0x80fe) 03:23:27 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x4d, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:27 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddf", 0x8b, 0x1}], 0x100488, 0x0) 03:23:27 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) 03:23:27 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x1}], 0x100488, 0x0) [ 881.677392][T27179] NFS: mount program didn't pass any mount data 03:23:27 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x4d, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:28 executing program 3: r0 = socket$inet6(0xa, 0x802, 0x73) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c, 0x0}}], 0x1, 0x0) 03:23:28 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r0, 0x0, 0x0, 0x200408d4, &(0x7f0000000380)={0xa, 0x0, 0x0, @loopback}, 0x1c) [ 882.018157][T27187] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 882.033003][T27203] NFS: mount program didn't pass any mount data [ 882.037000][T27187] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 882.049853][T27187] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:28 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x1}], 0x100488, 0x0) [ 882.070786][T27187] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 882.078752][T27187] EXT4-fs (loop1): mount failed 03:23:28 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 882.318704][T27221] NFS: mount program didn't pass any mount data [ 882.480268][T27218] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 882.498850][T27218] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 882.529318][T27218] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 882.558820][T27218] EXT4-fs (loop1): corrupt root inode, run e2fsck [ 882.574289][T27218] EXT4-fs (loop1): mount failed 03:23:30 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, 0x0) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:30 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x4d, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:30 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, &(0x7f00000003c0)=ANY=[@ANYRES32=0x0, @ANYBLOB="e70000001f1f145d639b5f1076"], 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000500)={0x0, 0x1, 0x0, [{0x0, 0x0, 0x9}]}) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)) socket$inet(0x2b, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000002c0)) ioctl$KVM_RUN(r2, 0xae80, 0x0) 03:23:30 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb5874427", 0x90, 0x1}], 0x100488, 0x0) 03:23:30 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) 03:23:30 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:30 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x53, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 884.850359][T27242] NFS: mount program didn't pass any mount data 03:23:31 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x1}], 0x100488, 0x0) [ 884.996325][T27245] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 885.015026][T27245] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 885.059531][T27245] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:31 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x1}], 0x100488, 0x0) 03:23:31 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x53, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 885.102329][T27261] NFS: mount program didn't pass any mount data [ 885.131747][T27245] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated 03:23:31 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(0xffffffffffffffff, 0x84, 0x6c, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$BLKREPORTZONE(0xffffffffffffffff, 0xc0101282, &(0x7f0000000500)={0x0, 0x1, 0x0, [{0x0, 0x0, 0x9}]}) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f00000002c0)) [ 885.251669][T27245] EXT4-fs (loop1): get root inode failed [ 885.257999][T27245] EXT4-fs (loop1): mount failed 03:23:31 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x53, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 885.339834][T27273] NFS: mount program didn't pass any mount data 03:23:33 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:33 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6", 0x92, 0x1}], 0x100488, 0x0) 03:23:33 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:33 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x55, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec92"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:33 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000002c000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, &(0x7f0000000040)="baa000ec3e3e3e0f2b75ee65f30f008f6300a6aff4660f3a62227d0f20e06635000040000f22e0260f0350000f01cf", 0x2f}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_genetlink_get_family_id$nbd(&(0x7f0000000080)='nbd\x00') r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$full(0xffffffffffffff9c, &(0x7f0000000000)='/dev/full\x00', 0x0, 0x0) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x0, 0x0, 0x0, 0x200000200, 0x0, 0x4c8]}) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$NBD_CMD_RECONFIGURE(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x400000}, 0xc, &(0x7f00000001c0)={&(0x7f0000000140)={0x14, 0x0, 0x0, 0x70bd28, 0x25dfdbff}, 0x14}, 0x1, 0x0, 0x0, 0xbccd023a9855b763}, 0x0) ioctl$KVM_IRQ_LINE_STATUS(r1, 0xc008ae67, &(0x7f0000000280)={0xc, 0x8001}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 03:23:33 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) stat(0x0, 0x0) 03:23:34 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x55, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec92"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 887.993378][T27304] NFS: mount program didn't pass any mount data 03:23:34 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x1}], 0x100488, 0x0) 03:23:34 executing program 3: 03:23:34 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x55, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec92"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 888.160328][T27299] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:34 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x1}], 0x100488, 0x0) [ 888.235539][T27299] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 888.248763][T27326] NFS: mount program didn't pass any mount data 03:23:34 executing program 3: [ 888.356623][T27299] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 888.437066][T27299] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 888.499020][T27299] EXT4-fs (loop1): get root inode failed [ 888.505199][T27299] EXT4-fs (loop1): mount failed [ 888.506391][T27341] NFS: mount program didn't pass any mount data 03:23:37 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:37 executing program 3: 03:23:37 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x57, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:37 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c8", 0x93, 0x1}], 0x100488, 0x0) 03:23:37 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:37 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:23:37 executing program 3: 03:23:37 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x100488, 0x0) [ 890.991154][T27354] NFS: mount program didn't pass any mount data 03:23:37 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x57, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:37 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x100488, 0x0) [ 891.130543][T27369] NFS: mount program didn't pass any mount data 03:23:37 executing program 3: [ 891.175938][T27353] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:37 executing program 3: [ 891.240261][T27353] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 891.313838][T27353] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 891.330324][T27381] NFS: mount program didn't pass any mount data [ 891.347032][T27353] EXT4-fs error (device loop1): ext4_fill_super:4560: inode #2: comm syz-executor.1: iget: root inode unallocated [ 891.367595][T27353] EXT4-fs (loop1): get root inode failed [ 891.382373][T27353] EXT4-fs (loop1): mount failed 03:23:40 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)) r1 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94}], 0x100488, 0x0) 03:23:40 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x57, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:40 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:40 executing program 3: unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'nat\x00'}, &(0x7f0000000200)=0x54) 03:23:40 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) r23 = epoll_create1(0x0) r24 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r24, 0x1, r23, &(0x7f0000019000)) 03:23:40 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x1}], 0x0, 0x0) [ 894.159049][T27407] NFS: mount program didn't pass any mount data [ 894.176256][T27404] IPVS: ftp: loaded support on port[0] = 21 03:23:40 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:40 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x1}], 0x0, 0x0) [ 894.357248][T27421] NFS: mount program didn't pass any mount data [ 894.377088][T27402] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) 03:23:40 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 894.474627][T27404] IPVS: ftp: loaded support on port[0] = 21 03:23:40 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 894.566483][T27435] NFS: mount program didn't pass any mount data [ 894.949451][ T154] tipc: TX() has been purged, node left! 03:23:43 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:43 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:43 executing program 4: openat$thread_pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self\x00', 0x242580, 0x0) mknod(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) clone(0x180000105, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000fb5ffc)='nfs\x00', 0x0, 0x0) syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x1}], 0x0, 0x0) 03:23:43 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:43 executing program 3: unshare(0x40000000) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) getsockopt$IPT_SO_GET_INFO(r0, 0x0, 0x40, &(0x7f0000000280)={'nat\x00'}, &(0x7f0000000200)=0x54) 03:23:43 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r22, &(0x7f0000000080)) 03:23:43 executing program 4: clone(0x1100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x80003, 0x6b) setsockopt$IP6T_SO_SET_REPLACE(r2, 0x29, 0x40, &(0x7f0000000080)=@raw={'raw\x00', 0x2000, 0x3, 0x3c8, 0x0, 0x280, 0x0, 0x0, 0x0, 0x350, 0x350, 0x350, 0x350, 0x350, 0x3, 0x0, {[{{@ipv6={@remote, @mcast2, [], [], 'veth1_to_bond\x00', 'netpci0\x00'}, 0x0, 0x1f8, 0x228, 0x0, {}, [@common=@inet=@hashlimit2={{0x150, 'hashlimit\x00'}, {'team_slave_1\x00', {0x0, 0x0, 0x0, 0x0, 0x0, 0x1ab618fe, 0x800}}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00'}}, {{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@CLASSIFY={0x28, 'CLASSIFY\x00'}}], {{[], 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x428) 03:23:43 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376b"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 897.240041][T27454] NFS: mount program didn't pass any mount data [ 897.292564][T27452] IPVS: ftp: loaded support on port[0] = 21 03:23:43 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 897.442641][T27455] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) [ 897.488800][T27476] xt_hashlimit: overflow, try lower: 0/0 03:23:43 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:43 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) r1 = socket$inet6(0x10, 0x0, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="1c0000001200050f0c1000000049b23e9b20", 0x12, 0x0, 0x0, 0x0) 03:23:43 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 897.751792][T27490] dns_resolver: Unsupported server list version (0) [ 897.825678][T27493] dns_resolver: Unsupported server list version (0) [ 897.894310][T27487] EXT4-fs (loop1): bad geometry: block count 1080 exceeds size of device (1 blocks) [ 899.159367][ T154] tipc: TX() has been purged, node left! [ 899.319418][ T154] tipc: TX() has been purged, node left! 03:23:46 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:46 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x8a, &(0x7f00000001c0)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x54, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x15, 0xc2, 0x0, 0x0, 0x0, {[@timestamp={0x8, 0xa}, @window={0x3, 0x3}, @window={0x3, 0x3}, @window={0x3, 0x3}, @mptcp=@ack={0x1e, 0x14, 0x0, 0x4, "6a9ae2b00ba62a1dc6cb2dd50000c083"}, @exp_fastopen={0xfe, 0x4}, @md5sig={0x13, 0x12, "9d614fae2d70909682489220fd62cc5f"}]}}}}}}}}, 0x0) 03:23:46 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc7"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:46 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) r1 = socket$inet6(0x10, 0x0, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="1c0000001200050f0c1000000049b23e9b20", 0x12, 0x0, 0x0, 0x0) 03:23:46 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) r22 = epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r22, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) 03:23:46 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 900.314192][T27512] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. 03:23:46 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:46 executing program 3: write$vhci(0xffffffffffffffff, 0x0, 0x0) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448ca, 0x0) [ 900.366666][T27512] syz-executor.3 (27512) used greatest stack depth: 22720 bytes left [ 900.402218][T27516] dns_resolver: Unsupported server list version (0) 03:23:46 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) r1 = socket$inet6(0x10, 0x0, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="1c0000001200050f0c1000000049b23e9b20", 0x12, 0x0, 0x0, 0x0) 03:23:46 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 900.607190][T27520] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 900.626689][T27535] dns_resolver: Unsupported server list version (0) 03:23:46 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x0, 0x100}}, 0x0, 0xffffbfffffffffff, 0xffffffffffffffff, 0x0) r0 = perf_event_open(&(0x7f00004e7000)={0x2, 0x70, 0xdf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x1) ioctl$PERF_EVENT_IOC_SET_FILTER(r0, 0x40082406, &(0x7f0000000400)='cpu&0xa||!\x00\x03\x00\x01\x9c\xd3\x0e5\xa0\x1d=\x04\n\x1c`fo\x8d\xccm\\v\xfd.\x9e\tbk1\xde\xea\x1b\r;\x81\x84\x87-X\xb6,\xc5\xb4\"7&\xb5yt\x82\xfb\x1d\x83\xf8.- \x00\x00\x00(\xe9`D\x01i\\\x8dl\x86lh\xa8\xfc\x80\xde,Kt\xf4#\xc5]Y;\xc16v\xf9\x89\t\x06\xbe*\xaa&\xbd\x16xQ\x8e\xf3\xd6\x1a\xfd\xd0\x04\'y\x9b|\xe4\xb7\bE\xed\x97\x80s\x19W\xb7[\xf0%>MM\xf5\x98\xbe^=q!\xa6\x0fp\x012\x00\xbb\xbe\x9dX5\xafep\x10R\v&\xaf\xa8$\x7f7V\xedLJ4\xcf\a\x01\xd5T\n\xca\xc2\x86_\xc1\xce\x8d\xedbS\x8d\xe9t\x82\xf41zwr\xe6o\x88\xe5\xe3\xe7Gcx\xc0\x91I\x01\x00\x00\x00\x01\x00\x00\x00K\x9e\xe5[\xa0\n\x0f\x04\xa6\xb0sE)\x8a\xd0R\xc3\xc1,b \x1c#IRz6\xfeJ~\xda\xd7_\xfe\x1f\xe5\x86\xb1xu&\xfb\xf2\xbf\xe8\x7f\x91\x93\xab\x05\x004\x85\x86l\x8d\x00'/289) ioctl$LOOP_CLR_FD(0xffffffffffffffff, 0x4c01) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x0, 0x3}) r1 = socket(0x4, 0x803, 0x2) sendto(r1, 0x0, 0x0, 0x0, 0x0, 0x0) r2 = creat(&(0x7f0000000140)='./bus\x00', 0x0) r3 = open(&(0x7f00000001c0)='./bus\x00', 0x8c540, 0x0) ioctl$DRM_IOCTL_AGP_INFO(0xffffffffffffffff, 0x80386433, 0x0) lseek(r2, 0x0, 0x2) sendfile(0xffffffffffffffff, r3, 0x0, 0x20008) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)="1c000000120005", 0x7, 0x0, 0x0, 0x0) bpf$BPF_MAP_GET_FD_BY_ID(0xe, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, &(0x7f0000000100), 0x4) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$EVIOCGID(0xffffffffffffffff, 0x80084502, &(0x7f0000000040)=""/117) 03:23:46 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) r1 = socket$inet6(0x10, 0x0, 0x0) sendto$inet6(r1, &(0x7f00000001c0)="1c0000001200050f0c1000000049b23e9b20", 0x12, 0x0, 0x0, 0x0) [ 900.650073][T27520] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 900.697238][T27520] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 900.709611][T27520] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 900.812715][T27543] dns_resolver: Unsupported server list version (0) [ 900.998395][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 900.998409][ T27] audit: type=1804 audit(1584069827.069:218): pid=27547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/885/bus" dev="sda1" ino=16693 res=1 [ 901.035116][ T27] audit: type=1800 audit(1584069827.069:219): pid=27547 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16693 res=0 [ 901.090498][ T27] audit: type=1804 audit(1584069827.159:220): pid=27552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir157241976/syzkaller.Chd2d8/885/bus" dev="sda1" ino=16693 res=1 [ 901.115228][ T27] audit: type=1800 audit(1584069827.159:221): pid=27552 uid=0 auid=4294967295 ses=4294967295 subj==unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="bus" dev="sda1" ino=16693 res=0 03:23:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:49 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:49 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:49 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) socket$inet6(0x10, 0x0, 0x0) 03:23:49 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) timerfd_create(0x0, 0x0) 03:23:49 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xc, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="61124c00000000006113500000000000bf2000000000000007000000080000002d0301000000000095000000000000006926000000000000bf67000000000000570600000fff07ad6706000002000000070600000ee60000bf2500000000000063350000000000006507000002000000070700004c0000001f75000000000000bf54000000000000070400000400f9ffad300100000000008400000000000000050000000000000095000000000000006e8ad524a56601a5fc9a76d1fd2735636b3e7523984e4dc87ca658e5f2e9407e5c2501d119febf3a1b93db85604036883647b1fb3f1403b816f511c8c56e56e40b00095505f8a89dae4293b1263631b25fc9f189084c7fddcc"], &(0x7f0000000100)='GPL\x00'}, 0x48) 03:23:49 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:49 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) request_key(&(0x7f0000000100)='rxrpc_s\x00', 0x0, &(0x7f00000002c0)='team0\x00', r0) [ 903.450794][T27566] dns_resolver: Unsupported server list version (0) 03:23:49 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfd53) socket$inet6(0xa, 0x3, 0xa) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r5 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSW(r5, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(r5, &(0x7f00000001c0)=""/182, 0xb6) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r6, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r7, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r7, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0) ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r8, 0x0) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r9, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r9, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r9, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r10, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r10, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r10, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r11 = syz_open_pts(r10, 0x0) ioctl$TCSETSW(r11, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(0xffffffffffffffff, &(0x7f00000001c0)=""/182, 0xb6) r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r12, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r12, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r12, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r12, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(0xffffffffffffffff, 0x0) r13 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r13, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r13, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r13, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r13, 0x0) r14 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) write$binfmt_aout(r14, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r14, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r15 = syz_open_pts(r14, 0x0) ioctl$TCSETSW(r15, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(r15, &(0x7f00000001c0)=""/182, 0xb6) r16 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r16, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r16, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r16, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r16, 0x0) r17 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r17, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) ioctl$TCSETS(r17, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r18 = syz_open_pts(r17, 0x0) ioctl$TCSETSW(r18, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES32=r5], @ANYRES16, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRESOCT=r6, @ANYPTR64, @ANYRESOCT=0x0, @ANYRES16, @ANYPTR=&(0x7f0000000340)=ANY=[@ANYRESHEX], @ANYRESDEC], @ANYRES16, @ANYRES32=r7, @ANYRESOCT=r8, @ANYRES64=r9, @ANYRES32=r11], @ANYRES16, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES32=r13, @ANYRES16], @ANYRESHEX=r15, @ANYRES64=r3], 0x24) syz_open_pts(r2, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000380)) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000540)) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1f, 0x0, "b5d9fc2a00"}) [ 903.598812][T27568] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 903.610614][T27568] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 903.627415][T27568] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 903.671094][T27568] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:49 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:49 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:49 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) [ 903.823376][T27588] dns_resolver: Unsupported server list version (0) 03:23:50 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) keyctl$read(0xb, r0, &(0x7f0000000000)=""/4, 0x31852a384220a633) 03:23:50 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 904.147007][T27607] dns_resolver: Unsupported server list version (0) [ 904.182409][T27599] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:50 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 904.259053][T27599] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 03:23:50 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) 03:23:50 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) [ 904.414589][T27599] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 904.454847][T27599] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:50 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) ioctl$sock_SIOCGIFCONF(0xffffffffffffffff, 0x8912, 0x0) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) [ 904.535988][T27624] dns_resolver: Unsupported server list version (0) 03:23:50 executing program 4: ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000300)={0x6, 'team0\x00', {0x4}}) add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) 03:23:50 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 904.596748][T27629] dns_resolver: Unsupported server list version (0) [ 904.705030][T27635] dns_resolver: Unsupported server list version (0) 03:23:50 executing program 3: perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) close(r0) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000140)=ANY=[], 0xfd53) socket$inet6(0xa, 0x3, 0xa) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r1, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r2, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) write$binfmt_aout(r3, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r3, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r4, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r4, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r4, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r5 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSW(r5, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(r5, &(0x7f00000001c0)=""/182, 0xb6) r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r6, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r6, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r6, 0x0) r7 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r7, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r7, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r7, 0x0) r8 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x80000000000a01, 0x0) ioctl$TCSETSW(r8, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r8, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r8, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r8, 0x0) r9 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r9, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r9, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r9, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r10 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r10, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r10, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r10, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r11 = syz_open_pts(r10, 0x0) ioctl$TCSETSW(r11, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(0xffffffffffffffff, &(0x7f00000001c0)=""/182, 0xb6) r12 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETSW(r12, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r12, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r12, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r12, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, 0x0) write$binfmt_aout(0xffffffffffffffff, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(0xffffffffffffffff, 0x0) r13 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r13, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r13, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r13, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r13, 0x0) r14 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) write$binfmt_aout(r14, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r14, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r15 = syz_open_pts(r14, 0x0) ioctl$TCSETSW(r15, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) read(r15, &(0x7f00000001c0)=""/182, 0xb6) r16 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r16, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) write$binfmt_aout(r16, &(0x7f00000000c0)=ANY=[], 0xffffff78) ioctl$TCSETS(r16, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) syz_open_pts(r16, 0x0) r17 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x80000000000a01, 0x0) ioctl$TCSETSW(r17, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) ioctl$TCSETS(r17, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "0000000000000000000000000000000e00"}) r18 = syz_open_pts(r17, 0x0) ioctl$TCSETSW(r18, 0x5403, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x7, 0x0, '\x00\x00\x00@\x00'}) write$binfmt_aout(r2, &(0x7f00000003c0)=ANY=[@ANYPTR=&(0x7f0000000100)=ANY=[@ANYPTR=&(0x7f00000000c0)=ANY=[@ANYRES32=r5], @ANYRES16, @ANYPTR=&(0x7f0000000200)=ANY=[@ANYRESOCT=r6, @ANYPTR64, @ANYRESOCT=0x0, @ANYRES16, @ANYPTR=&(0x7f0000000340)=ANY=[@ANYRESHEX], @ANYRESDEC], @ANYRES16, @ANYRES32=r7, @ANYRESOCT=r8, @ANYRES64=r9, @ANYRES32=r11], @ANYRES16, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES32=r13, @ANYRES16], @ANYRESHEX=r15, @ANYRES64=r3], 0x24) syz_open_pts(r2, 0x0) ioctl$TCSETSW(0xffffffffffffffff, 0x5403, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, "0006000000100000009de700"}) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x0, 0x0, &(0x7f0000000380)) ioctl$FUSE_DEV_IOC_CLONE(0xffffffffffffffff, 0x8004e500, &(0x7f0000000540)) ioctl$TCSETA(0xffffffffffffffff, 0x5406, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x1f, 0x0, "b5d9fc2a00"}) 03:23:50 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:50 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0xfe28, 0xfffffffffffffffb) [ 904.849768][T27641] dns_resolver: Unsupported server list version (0) [ 905.080371][T27642] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 905.099357][T27642] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 905.137505][T27642] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 905.178675][T27642] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:53 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:53 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0x58, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, 0x0}, 0x78) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:53 executing program 4: add_key(0x0, &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) 03:23:53 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:53 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) epoll_create1(0x0) 03:23:53 executing program 3: prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x0, 0x0}) r0 = socket$unix(0x1, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@empty, @in=@multicast2}}, {{}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xe4) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000100)=0x3f) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrusage(0xfffffffffffffffe, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b000000bc000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c458410700000000000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b89bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e2704653f6207a5ce13419b2272c3c7fea60493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892728807982d90e116bba29bb744af70a4cd8f3ad2d958bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd2464cb130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143edfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02d0a114f75e1ffd5c2912b506bfb93122fc776aadec51a36765d1a3555329c828c4b148a900"/620], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) write(r1, &(0x7f00000001c0), 0xfffffef3) accept4(r0, &(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f0000000000)=0x80, 0x81800) 03:23:53 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:53 executing program 4: add_key(0x0, &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) [ 907.034678][ T27] audit: type=1326 audit(1584069833.109:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=27666 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f4ba code=0x0 03:23:53 executing program 4: add_key(0x0, &(0x7f00000000c0)={'syz'}, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) [ 907.255476][T27670] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:53 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 907.308738][T27670] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 907.406001][T27670] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:53 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) [ 907.520536][T27670] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:53 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000]}, 0x40) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 907.844934][T27706] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 907.855190][T27706] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 907.882529][T27706] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 907.916173][T27706] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:56 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) ptrace$cont(0x18, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:56 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) socket$netlink(0x10, 0x3, 0x0) ioctl(0xffffffffffffffff, 0x1000008912, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:56 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) 03:23:56 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) epoll_create1(0x0) 03:23:56 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x0, 0x0}) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@empty, @in=@multicast2}}, {{}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xe4) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@dev={0xac, 0x14, 0x14, 0x5}, @multicast1}, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3f) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrusage(0xfffffffffffffffe, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b000000bc000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c458410700000000000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b89bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e2704653f6207a5ce13419b2272c3c7fea60493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892728807982d90e116bba29bb744af70a4cd8f3ad2d958bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd2464cb130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143edfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02d0a114f75e1ffd5c2912b506bfb93122fc776aadec51a36765d1a3555329c828c4b148a900"/620], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) write(r2, &(0x7f00000001c0), 0xfffffef3) accept4(r1, &(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f0000000000)=0x80, 0x81800) 03:23:56 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:56 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', 0x0, &(0x7f0000000080), 0x0, 0xfffffffffffffffb) 03:23:56 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x0, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 910.173903][ T27] audit: type=1326 audit(1584069836.249:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=27717 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f4ba code=0x0 03:23:56 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x0, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 910.391103][T27725] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:56 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) [ 910.459933][T27725] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 910.483425][T27725] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:23:56 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x0, &(0x7f00000001c0)="080db5055e0bcfe847a071") bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:56 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) [ 910.528308][T27725] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 911.392984][ T0] NOHZ: local_softirq_pending 08 03:23:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:23:59 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:23:59 executing program 4: add_key(&(0x7f0000000000)='dns_resolver\x00', &(0x7f00000000c0)={'syz'}, 0x0, 0x0, 0xfffffffffffffffb) 03:23:59 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:59 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) epoll_create1(0x0) 03:23:59 executing program 3: r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet(0x2, 0x2, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000040)={0x0, 0x0}) r1 = socket$unix(0x1, 0x1, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000200)={{{@in6=@empty, @in=@multicast2}}, {{}, 0x0, @in=@initdev}}, &(0x7f0000000300)=0xe4) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x23, &(0x7f0000000340)={@dev={0xac, 0x14, 0x14, 0x5}, @multicast1}, 0xc) ioctl$int_in(r0, 0x5452, &(0x7f0000000100)=0x3f) connect$unix(0xffffffffffffffff, &(0x7f0000000080)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xbb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) getrusage(0xfffffffffffffffe, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xe, 0xe, &(0x7f0000000740)=ANY=[@ANYBLOB="b702000003440200bfa30000000000001702000000feffff7a0af0ff01ffffff79a4f0ff00000000b7060000ffffffff3d640200000000005502faff037202000404000001007d60b6030000001000006a0a00fe39000000850000002b000000bc000000000000009500000000000000a81bbfa3982de7b0efc5733ed236e4add6de094e0832aaa6912a8b2ce571c458410700000000000000e3a94b574d2eb38a548355f0b886bd001362df1d4fdd860db5808922433e3e0f242a46b3009a54f4077db0d4968a384b0559c7919b89bd9d5fdb68832e986440ff0a7edfa0cb231ccd00000000000000000000007777e2704653f6207a5ce13419b2272c3c7fea60493073807c4b7bbaed91f33fb382d91ae8e18c9b6c9f0322ec5f1c7cc5869ff455896712198c4e2ddf8b86e714229527ca40b24cfd6a02fa0892728807982d90e116bba29bb744af70a4cd8f3ad2d958bdd0b424ac416e66af9ebcfea905d37cf226312cb81ec8439cea06e7fa5e5b3596301460142f83b465d9e57dfdb06dcf91fd2464cb130033d649d2110cf2e1f4682c24a314447c5e0807f0b1766ec7ecbd061772daa52a38539295d3fea7a7e669441e1ff041143edfa904fb43897f8d9c3c287acba716973eadf1bf9cd0a38edc345415c42d3d2dd3339d32a5796cd7ce18b68bc37e061d33357d6a39d33c702576cc2a8881663e3776c7a37c5c962e12102f237bbf60c0a3bf07d55b3888418de2b2ad23d25395dd4ccddf247dd2c712e2e2eaf7d432e968122cc5dcaa7ba330963b7093a58a02d0a114f75e1ffd5c2912b506bfb93122fc776aadec51a36765d1a3555329c828c4b148a900"/620], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000040)}, 0x24) pipe(&(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) socket(0x10, 0x0, 0x0) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) write(r2, &(0x7f00000001c0), 0xfffffef3) accept4(r1, &(0x7f0000000080)=@in6={0xa, 0x0, 0x0, @local}, &(0x7f0000000000)=0x80, 0x81800) 03:23:59 executing program 4: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000100)='/dev/fuse\x00', 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f0000000080)='fuse\x00', 0x0, &(0x7f0000000400)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}, 0x2c, {'user_id'}, 0x2c, {'group_id'}}) chmod(&(0x7f0000000140)='./file0\x00', 0x0) [ 913.305244][ T27] audit: type=1326 audit(1584069839.379:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=27771 comm="syz-executor.3" exe="/root/syz-executor.3" sig=9 arch=c000003e syscall=228 compat=0 ip=0x45f4ba code=0x0 [ 913.417235][T27776] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 03:23:59 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 913.493757][T27776] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 913.587519][T27776] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 913.682205][T27776] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:23:59 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:23:59 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 03:24:00 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) [ 914.029897][T27803] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 914.047551][T27803] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 914.065791][T27803] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock 03:24:00 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 914.094065][T27803] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue [ 914.362552][T27815] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 914.372854][T27815] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 914.383534][T27815] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 914.413982][T27815] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue 03:24:02 executing program 2: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) sched_setattr(0x0, 0x0, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) ioctl$UI_GET_SYSNAME(0xffffffffffffffff, 0x8040552c, 0x0) recvmmsg(r0, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$setpipe(r2, 0x407, 0x0) write(0xffffffffffffffff, 0x0, 0x0) vmsplice(r1, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x9, 0xffffffff}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(0x0, 0x0) io_submit(0x0, 0x0, &(0x7f00000006c0)) r3 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(r3, 0x400c6615, 0x0) r4 = epoll_create1(0x0) r5 = epoll_create1(0x0) r6 = epoll_create1(0x0) r7 = epoll_create1(0x0) r8 = epoll_create1(0x0) r9 = epoll_create1(0x0) r10 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r10, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r8, 0x1, r7, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r9, 0x1, r8, &(0x7f0000019000)) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r9, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r5, &(0x7f0000019000)={0xa0020000}) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) r11 = epoll_create1(0x0) epoll_create1(0x0) r12 = epoll_create1(0x0) epoll_create1(0x0) r13 = timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r12, 0x1, r13, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r12, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r11, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_create1(0x0) r14 = epoll_create1(0x0) r15 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000000)) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r15, 0x1, 0xffffffffffffffff, 0x0) accept4(0xffffffffffffffff, 0x0, &(0x7f0000000400), 0x80000) r16 = epoll_create1(0x0) r17 = epoll_create1(0x0) r18 = epoll_create1(0x0) r19 = epoll_create1(0x0) r20 = epoll_create1(0x0) timerfd_create(0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r19, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r19, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r20, 0x1, 0xffffffffffffffff, 0x0) epoll_ctl$EPOLL_CTL_ADD(r16, 0x1, r20, 0x0) epoll_ctl$EPOLL_CTL_ADD(r17, 0x1, 0xffffffffffffffff, &(0x7f0000000080)) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r17, 0x0) r21 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='oom_score_adj\x00') preadv(r21, &(0x7f0000000380), 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000440), 0x0) stat(0x0, 0x0) setresgid(0x0, 0x0, 0x0) 03:24:02 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000000)="6653070000053c2a6adce3aed12f060000000000000025d86800278dcff47d010000c5337e9e8f36460234432479aed75d492b415bcee00a06dc9d8e99adaf81dcfc6afd983f79e65199615607676f8f9fc0ebf8b0b16d6f2c59957ab364884b3c5d05692e664ebf68e6faa533465beb292aefabb23967f05f4ad61421349f2f7ac7558f11", 0x85}], 0x4, 0x0) sendmsg$inet6(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x3c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ptrace$cont(0xffffffffffffffff, r0, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r0, 0x0, 0x0) 03:24:02 executing program 5: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000800)=ANY=[@ANYBLOB="b702000005000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000000009500000000000000e3a333a0daf2f73451c0e17a606fec68cb7d18ad181867514fe60077d4dd90123d27e7cf43548ee85857ad4a77cb56e0fcb3dfd4e70ebec677d6ac14c2c794f72cbf5fe31789e70227bfd8115efd90c8c48258f8dbe82e16cf0000000000000000000000000000000000000000000000000000790ae2fd45d54b107c8c247f195e32f13799d6707432ff48bc085760314166443ce72c74f3db890e1ff15a10d91f27ad2a986e0e244bd117252e47ffda1a869db7e632df4de8572344b419c45c2170fe873692d8255170c16822bdffd3135480dae93c7e33bdef00000000d8fd8c79a5d0967ab7e43686b4d1e03e326beea7905ef7de375ef8bc8143df20d13c37db269971210fab7471cc3094078a044777aab9d86cf50afefd7b72a0950d389bc9cb43aa607b7269561dd50b22bd2491331818a10f2ac8c3249582a20d4e04fd1ab7883f656b84137d5f7a6edba86a7b9a4c2f3b3a8abf93b280765c7dacb9e6ea53ce01dcc2d30f4310e8281b0cdc017f9759060ea88a2f6597e966a85c9a74ca196700218f919746bb4b84c16fd56ee452e411d75ab7613b644ba7580b2a0942394ed1737517eed1c892422f54d5a2e1cf1a60fe2dcc1a465aa8d54cb4000053c3f01ea714a7bd644b4a44b807c9765cc7ef43c3cc0a6ad3d3976656d475dd2ed789004be03884e042acb104431333b50ff695516c1dd2e35f09c7a1f97f9561f62837e1d38eab98e6a7285bb0c6c190b9abc4b5705eb1073fe63e88f6ff7e510c2795288a69aa52ff32a89c9bd496d5d61d02cd952aa6226b3098ec9215fcf5becbfd7b53b4c65b74873ae66ba6d7376bc735"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x24f}, 0x48) r1 = socket$netlink(0x10, 0x3, 0x0) ioctl(r1, 0x1000008912, &(0x7f00000001c0)) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000b00)="f2", 0x0}, 0x40) 03:24:02 executing program 3: perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x1}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB], 0x1}}, 0x0) r0 = socket$inet6(0xa, 0x3, 0xa) splice(r0, 0x0, 0xffffffffffffffff, 0x0, 0x40003d, 0x1) r1 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, [], 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0xbd00}, 0x6d) syz_open_dev$vcsu(&(0x7f0000000400)='/dev/vcsu#\x00', 0x7, 0x0) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000), 0x4) ioctl$FS_IOC_SETVERSION(0xffffffffffffffff, 0x40047602, &(0x7f0000000340)=0x7ff) ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000000)=0x7fffffff) ioctl$TCSETS(0xffffffffffffffff, 0x40045431, &(0x7f0000000280)) r2 = syz_open_pts(0xffffffffffffffff, 0x0) ioctl$TCSETSF(r2, 0x5412, &(0x7f0000000100)={0xffffffb5, 0x0, 0x0, 0x0, 0x0, "8100"}) 03:24:02 executing program 4: r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) write$binfmt_elf64(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="1b5d9b074b"], 0x5) 03:24:02 executing program 1: syz_mount_image$ext4(0x0, 0x0, 0x0, 0x1, &(0x7f00000007c0)=[{&(0x7f0000000580)="62f23e748cdfecc0d3bcb88248f9f8f8e87edc5637656d6e511dcdc6041c8d8a0957939950c15c7ac6360c7820e1d5957ba4167f17600b58767db91e29eb92a20f86dddfb0f8dda322d3ddeadba924051c7894f228f090746b1a55e851e7dcaae4d8411f6806d216b4f2e7eca231a301cc0c9bb4bb5598a94336a99790d3b77dcda45483c1fb1194c56ddfddb587442754e6c815", 0x94, 0x9}], 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000140)='/dev/zero\x00', 0x0, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, [0x0, 0x0, 0x0, 0x0, 0x2000000], 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x3}, 0x40) socketpair$unix(0x1, 0x1, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0xabb, &(0x7f0000000100)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 916.420074][T27832] BUG: unable to handle page fault for address: 000000010000000e [ 916.420085][T27832] #PF: supervisor write access in kernel mode [ 916.420092][T27832] #PF: error_code(0x0002) - not-present page [ 916.420097][T27832] PGD a69b5067 P4D a69b5067 PUD 0 [ 916.420124][T27832] Oops: 0002 [#1] PREEMPT SMP KASAN [ 916.420140][T27832] CPU: 1 PID: 27832 Comm: syz-executor.4 Not tainted 5.6.0-rc5-syzkaller #0 [ 916.420148][T27832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 916.420221][T27832] RIP: 0010:do_con_trol+0x4457/0x5d10 [ 916.420235][T27832] Code: 04 02 84 c0 74 08 2c 01 0f 8e a9 00 00 00 4c 8b 3c 24 48 63 db 44 89 e9 48 01 db 0f b7 85 c8 03 00 00 d1 e9 49 01 df 4c 89 ff 66 ab 48 8d bd 78 04 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a [ 916.420243][T27832] RSP: 0018:ffffc90001877930 EFLAGS: 00010202 [ 916.420253][T27832] RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001 [ 916.420262][T27832] RDX: 1ffff11011e0e279 RSI: ffffffff83dd7cc0 RDI: 000000010000000e [ 916.420272][T27832] RBP: ffff88808f071000 R08: ffff88804f2f6100 R09: fffffbfff14cba41 [ 916.420280][T27832] R10: fffffbfff14cba40 R11: ffffffff8a65d207 R12: 1ffff9200030ef2c [ 916.420288][T27832] R13: 0000000000000002 R14: 0000000000000001 R15: 000000010000000e [ 916.420299][T27832] FS: 00007f43822dd700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 916.420307][T27832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 916.420315][T27832] CR2: 000000010000000e CR3: 0000000092833000 CR4: 00000000001406e0 [ 916.420325][T27832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 916.420333][T27832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 916.420336][T27832] Call Trace: [ 916.420355][T27832] ? reset_palette+0x180/0x180 [ 916.420368][T27832] ? lock_downgrade+0x7f0/0x7f0 [ 916.420383][T27832] ? lock_acquire+0x197/0x420 [ 916.420405][T27832] ? raw_notifier_call_chain+0x30/0x30 [ 916.420419][T27832] ? notifier_call_chain+0x1d8/0x230 [ 916.420445][T27832] do_con_write.part.0+0xf41/0x1dd0 [ 916.420510][T27832] ? n_tty_write+0x1de/0xf90 [ 916.420525][T27832] ? do_con_trol+0x5d10/0x5d10 [ 916.420540][T27832] ? mark_lock+0xbc/0x1220 [ 916.420559][T27832] ? mark_held_locks+0x9f/0xe0 [ 916.420576][T27832] con_write+0x41/0xe0 [ 916.420599][T27832] n_tty_write+0x3f0/0xf90 [ 916.420627][T27832] ? n_tty_read+0x1b30/0x1b30 [ 916.420644][T27832] ? prepare_to_wait_exclusive+0x2c0/0x2c0 [ 916.420663][T27832] ? __might_fault+0x190/0x1d0 [ 916.420682][T27832] tty_write+0x48f/0x7f0 [ 916.420696][T27832] ? n_tty_read+0x1b30/0x1b30 [ 916.420714][T27832] ? put_tty_driver+0x20/0x20 [ 916.420758][T27832] __vfs_write+0x76/0x100 [ 916.420776][T27832] vfs_write+0x262/0x5c0 [ 916.420795][T27832] ksys_write+0x127/0x250 [ 916.420811][T27832] ? __ia32_sys_read+0xb0/0xb0 [ 916.420824][T27832] ? __ia32_sys_clock_settime+0x260/0x260 [ 916.420842][T27832] ? trace_hardirqs_off_caller+0x55/0x230 [ 916.420864][T27832] do_syscall_64+0xf6/0x7d0 [ 916.420884][T27832] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 916.420893][T27832] RIP: 0033:0x45c679 [ 916.420946][T27832] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 916.420957][T27832] RSP: 002b:00007f43822dcc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 916.420969][T27832] RAX: ffffffffffffffda RBX: 00007f43822dd6d4 RCX: 000000000045c679 [ 916.420977][T27832] RDX: 0000000000000005 RSI: 0000000020000000 RDI: 0000000000000003 [ 916.420985][T27832] RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 [ 916.420992][T27832] R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff [ 916.421001][T27832] R13: 0000000000000cda R14: 00000000004cee05 R15: 000000000076bf0c [ 916.421021][T27832] Modules linked in: [ 916.421031][T27832] CR2: 000000010000000e [ 916.421071][T27832] ---[ end trace d854f0c4a7e1a7a4 ]--- [ 916.421089][T27832] RIP: 0010:do_con_trol+0x4457/0x5d10 [ 916.421104][T27832] Code: 04 02 84 c0 74 08 2c 01 0f 8e a9 00 00 00 4c 8b 3c 24 48 63 db 44 89 e9 48 01 db 0f b7 85 c8 03 00 00 d1 e9 49 01 df 4c 89 ff 66 ab 48 8d bd 78 04 00 00 b8 ff ff 37 00 48 89 fa 48 c1 e0 2a [ 916.421111][T27832] RSP: 0018:ffffc90001877930 EFLAGS: 00010202 [ 916.421121][T27832] RAX: 0000000000000720 RBX: 0000000000000000 RCX: 0000000000000001 [ 916.421129][T27832] RDX: 1ffff11011e0e279 RSI: ffffffff83dd7cc0 RDI: 000000010000000e [ 916.421136][T27832] RBP: ffff88808f071000 R08: ffff88804f2f6100 R09: fffffbfff14cba41 [ 916.421144][T27832] R10: fffffbfff14cba40 R11: ffffffff8a65d207 R12: 1ffff9200030ef2c [ 916.421151][T27832] R13: 0000000000000002 R14: 0000000000000001 R15: 000000010000000e [ 916.421161][T27832] FS: 00007f43822dd700(0000) GS:ffff8880ae700000(0000) knlGS:0000000000000000 [ 916.421169][T27832] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 916.421176][T27832] CR2: 000000010000000e CR3: 0000000092833000 CR4: 00000000001406e0 [ 916.421186][T27832] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 916.421192][T27832] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 916.421198][T27832] Kernel panic - not syncing: Fatal exception [ 916.422722][T27832] Kernel Offset: disabled [ 916.914918][T27832] Rebooting in 86400 seconds..