7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, 0x0)
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140)='/dev/ptmx\x00', 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  364.771144] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  364.810509] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:00 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:01 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2800)

01:13:01 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:01 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x7, 0x0)

01:13:01 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  365.150747] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  365.202975] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:01 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2a00)

01:13:01 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r2, 0x0)

01:13:01 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  365.280022] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:01 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:01 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8, 0x0)

01:13:01 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2c00)

[  365.516342] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:01 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  365.586243] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:01 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:01 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  365.678156] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:01 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x9, 0x0)

01:13:01 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:01 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2e00)

[  365.854162] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:02 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  365.916952] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  366.003628] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(0x0, &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:02 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3000)

01:13:02 executing program 0:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xa, 0x0)

[  366.179443] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:02 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3200)

[  366.243671] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:02 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0)

[  366.339187] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb, 0x0)

01:13:02 executing program 0:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3400)

[  366.520597] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  366.628725] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 0:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0)

01:13:02 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3600)

[  366.710656] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:02 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x23, 0x0)

[  366.779746] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:02 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:02 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  366.981761] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:03 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3800)

01:13:03 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0)

01:13:03 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  367.106095] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:03 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0, 0x0)

01:13:03 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:03 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3a00)

[  367.313802] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  367.397224] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:03 executing program 0:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:03 executing program 2:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r2, 0x0)

01:13:03 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x300, 0x0)

01:13:03 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3c00)

01:13:03 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  367.801280] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  367.860094] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  367.860094] 
01:13:04 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:04 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:04 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3c8, 0x0)

01:13:04 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3e00)

01:13:04 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:04 executing program 2:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = getpid()
sched_setattr(r1, &(0x7f0000000040)={0x30, 0x2, 0x0, 0x0, 0x5}, 0x0)
r2 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r2)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r2, 0x0)

01:13:04 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:04 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  368.150933] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:04 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4000)

01:13:04 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x500, 0x0)

01:13:04 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:04 executing program 2 (fault-call:4 fault-nth:0):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  368.455486] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  368.530113] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  368.543573] FAULT_INJECTION: forcing a failure.
[  368.543573] name failslab, interval 1, probability 0, space 0, times 0
[  368.556754] CPU: 0 PID: 23779 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  368.564683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  368.574050] Call Trace:
[  368.576689]  dump_stack+0x1fc/0x2fe
[  368.580339]  should_fail.cold+0xa/0x14
[  368.584270]  ? setup_fault_attr+0x200/0x200
[  368.588620]  ? lock_acquire+0x170/0x3c0
[  368.592621]  __should_failslab+0x115/0x180
[  368.596869]  should_failslab+0x5/0xf
[  368.600590]  kmem_cache_alloc+0x277/0x370
[  368.604759]  getname_flags+0xce/0x590
[  368.608588]  user_path_at_empty+0x2a/0x50
[  368.612762]  path_setxattr+0x95/0x190
[  368.616579]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  368.621085]  ? ksys_write+0x1c8/0x2a0
[  368.624906]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  368.630326]  __x64_sys_lsetxattr+0xbd/0x150
[  368.634675]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  368.639373]  do_syscall_64+0xf9/0x620
[  368.643203]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  368.648408] RIP: 0033:0x45e219
[  368.651612] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  368.670552] RSP: 002b:00007f924f255c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  368.678281] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  368.685605] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  368.692941] RBP: 00007f924f255ca0 R08: 0000000000000000 R09: 0000000000000000
[  368.700238] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  368.707528] R13: 00007ffdface509f R14: 00007f924f2569c0 R15: 000000000119bf8c
[  368.899481] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  368.899481] 
01:13:05 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:05 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:05 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:05 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4300)

01:13:05 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x600, 0x0)

01:13:05 executing program 2 (fault-call:4 fault-nth:1):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:05 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

[  369.079422] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  369.136545] FAULT_INJECTION: forcing a failure.
[  369.136545] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  369.148411] CPU: 1 PID: 23819 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  369.156303] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.165671] Call Trace:
[  369.168292]  dump_stack+0x1fc/0x2fe
[  369.171931]  should_fail.cold+0xa/0x14
[  369.175822]  ? setup_fault_attr+0x200/0x200
[  369.180164]  ? __might_fault+0x11f/0x1d0
[  369.184240]  __alloc_pages_nodemask+0x239/0x2890
[  369.189020]  ? _kstrtoull+0x186/0x420
[  369.192827]  ? _parse_integer+0x180/0x180
[  369.196987]  ? __lock_acquire+0x6de/0x3ff0
[  369.201236]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  369.206090]  ? check_preemption_disabled+0x41/0x280
[  369.211144]  ? lock_downgrade+0x720/0x720
[  369.215313]  ? get_pid_task+0xf4/0x190
[  369.219207]  ? proc_fail_nth_write+0x95/0x1d0
[  369.223709]  ? proc_tgid_io_accounting+0x7f0/0x7f0
[  369.228645]  cache_grow_begin+0xa4/0x8a0
[  369.232728]  ? setup_fault_attr+0x200/0x200
[  369.237484]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  369.242244]  cache_alloc_refill+0x273/0x340
[  369.246572]  kmem_cache_alloc+0x346/0x370
[  369.250728]  getname_flags+0xce/0x590
[  369.255209]  user_path_at_empty+0x2a/0x50
[  369.259365]  path_setxattr+0x95/0x190
[  369.263176]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  369.267777]  ? ksys_write+0x1c8/0x2a0
[  369.271598]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  369.276972]  __x64_sys_lsetxattr+0xbd/0x150
[  369.281306]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  369.286004]  do_syscall_64+0xf9/0x620
[  369.289850]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  369.295061] RIP: 0033:0x45e219
[  369.298273] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  369.317181] RSP: 002b:00007f924f234c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  369.324895] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
[  369.332254] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  369.339537] RBP: 00007f924f234ca0 R08: 0000000000000000 R09: 0000000000000000
[  369.346816] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  369.354084] R13: 00007ffdface509f R14: 00007f924f2359c0 R15: 000000000119c034
[  369.372628] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:05 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x700, 0x0)

01:13:05 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:05 executing program 2 (fault-call:4 fault-nth:2):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:05 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:05 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4500)

[  369.639803] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  369.754817] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  369.776315] FAULT_INJECTION: forcing a failure.
[  369.776315] name failslab, interval 1, probability 0, space 0, times 0
[  369.790393] CPU: 1 PID: 23865 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  369.798312] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  369.808273] Call Trace:
[  369.810886]  dump_stack+0x1fc/0x2fe
[  369.814550]  should_fail.cold+0xa/0x14
[  369.820314]  ? setup_fault_attr+0x200/0x200
[  369.824663]  ? dqget+0x7c4/0xfc0
[  369.828689]  __should_failslab+0x115/0x180
[  369.832942]  should_failslab+0x5/0xf
[  369.836721]  kmem_cache_alloc+0x277/0x370
[  369.840976]  dqget+0x7fd/0xfc0
[  369.844323]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  369.849434]  ? mark_held_locks+0xa6/0xf0
[  369.853509]  __dquot_initialize+0x3bd/0xb70
[  369.857861]  ? dquot_initialize_needed+0x290/0x290
[  369.862827]  ? __schedule+0x88f/0x2040
[  369.866736]  ? mark_held_locks+0xa6/0xf0
[  369.870814]  ? io_schedule_timeout+0x140/0x140
[  369.878890]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  369.883673]  ? ext4_get_inode_usage.cold+0x19/0x19
[  369.888623]  ext4_xattr_set+0xbd/0x2a0
[  369.892530]  ? ext4_xattr_set_credits+0x200/0x200
[  369.897398]  ? xattr_resolve_name+0x26e/0x3d0
[  369.902982]  ? ext4_get_inode_usage.cold+0x19/0x19
[  369.908122]  __vfs_setxattr+0x10e/0x170
[  369.912168]  ? xattr_resolve_name+0x3d0/0x3d0
[  369.916940]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  369.922326]  __vfs_setxattr_noperm+0x11a/0x420
[  369.926933]  __vfs_setxattr_locked+0x176/0x250
[  369.931538]  vfs_setxattr+0xe5/0x270
[  369.935267]  ? __vfs_setxattr_locked+0x250/0x250
[  369.940164]  ? strncpy_from_user+0x2a2/0x350
[  369.944598]  setxattr+0x23d/0x330
[  369.948182]  ? vfs_setxattr+0x270/0x270
[  369.952864]  ? filename_lookup+0x3d5/0x5a0
[  369.957297]  ? __phys_addr_symbol+0x2c/0x70
[  369.961717]  ? __check_object_size+0x17b/0x3d1
[  369.966359]  ? check_preemption_disabled+0x41/0x280
[  369.971403]  ? preempt_count_add+0xaf/0x190
[  369.975830]  ? __mnt_want_write+0x22c/0x2c0
[  369.980259]  path_setxattr+0x170/0x190
[  369.984250]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  369.988757]  ? ksys_write+0x1c8/0x2a0
[  369.992584]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  369.997960]  __x64_sys_lsetxattr+0xbd/0x150
[  370.002321]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  370.006915]  do_syscall_64+0xf9/0x620
[  370.010734]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.016025] RIP: 0033:0x45e219
[  370.019246] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  370.039482] RSP: 002b:00007f924f234c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  370.047201] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
01:13:06 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:06 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:06 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:06 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x900, 0x0)

01:13:06 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4700)

01:13:06 executing program 2 (fault-call:4 fault-nth:3):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  370.054567] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  370.061976] RBP: 00007f924f234ca0 R08: 0000000000000000 R09: 0000000000000000
[  370.066950] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  370.066950] 
[  370.069695] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  370.069749] R13: 00007ffdface509f R14: 00007f924f2359c0 R15: 000000000119c034
01:13:06 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4900)

01:13:06 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  370.260791] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  370.319698] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  370.331627] FAULT_INJECTION: forcing a failure.
[  370.331627] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  370.343486] CPU: 1 PID: 23901 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  370.351386] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  370.360752] Call Trace:
[  370.363361]  dump_stack+0x1fc/0x2fe
[  370.367452]  should_fail.cold+0xa/0x14
[  370.371399]  ? __bpf_address_lookup+0x330/0x330
[  370.376100]  ? setup_fault_attr+0x200/0x200
[  370.380434]  ? unwind_next_frame+0x10a9/0x1c60
[  370.385025]  ? __save_stack_trace+0x72/0x190
[  370.389911]  __alloc_pages_nodemask+0x239/0x2890
[  370.394961]  ? is_bpf_text_address+0xd5/0x1b0
[  370.399494]  ? lock_downgrade+0x720/0x720
[  370.403649]  ? lock_acquire+0x170/0x3c0
[  370.407642]  ? __lock_acquire+0x6de/0x3ff0
[  370.411901]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  370.417550]  ? static_obj+0x50/0x50
[  370.421219]  ? mark_held_locks+0xf0/0xf0
[  370.425303]  ? userns_put+0xb0/0xb0
[  370.428964]  ? __lock_acquire+0x6de/0x3ff0
[  370.433219]  cache_grow_begin+0xa4/0x8a0
[  370.437287]  ? setup_fault_attr+0x200/0x200
[  370.442571]  ? cache_alloc_pfmemalloc+0x1e/0x140
[  370.447335]  cache_alloc_refill+0x273/0x340
[  370.451672]  kmem_cache_alloc+0x346/0x370
[  370.455829]  dqget+0x7fd/0xfc0
[  370.459031]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  370.463885]  __dquot_initialize+0x3bd/0xb70
[  370.468322]  ? dquot_initialize_needed+0x290/0x290
[  370.473264]  ? lock_downgrade+0x720/0x720
[  370.477438]  ? lock_acquire+0x170/0x3c0
[  370.481448]  ? ext4_get_inode_usage.cold+0x19/0x19
[  370.486471]  ext4_xattr_set+0xbd/0x2a0
[  370.490377]  ? ext4_xattr_set_credits+0x200/0x200
[  370.495238]  ? check_preemption_disabled+0x41/0x280
[  370.501324]  ? mark_held_locks+0xf0/0xf0
[  370.505751]  ? xattr_resolve_name+0x26e/0x3d0
[  370.510268]  ? ext4_get_inode_usage.cold+0x19/0x19
[  370.516155]  __vfs_setxattr+0x10e/0x170
[  370.520164]  ? xattr_resolve_name+0x3d0/0x3d0
[  370.524664]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  370.530039]  __vfs_setxattr_noperm+0x11a/0x420
[  370.534635]  __vfs_setxattr_locked+0x176/0x250
[  370.539237]  vfs_setxattr+0xe5/0x270
[  370.542955]  ? __vfs_setxattr_locked+0x250/0x250
[  370.547717]  ? strncpy_from_user+0x2a2/0x350
[  370.552130]  setxattr+0x23d/0x330
[  370.555589]  ? vfs_setxattr+0x270/0x270
[  370.559585]  ? filename_lookup+0x3d5/0x5a0
[  370.563860]  ? __phys_addr_symbol+0x2c/0x70
[  370.568189]  ? __check_object_size+0x17b/0x3d1
[  370.572797]  ? check_preemption_disabled+0x41/0x280
[  370.577832]  ? preempt_count_add+0xaf/0x190
[  370.582255]  ? __mnt_want_write+0x22c/0x2c0
[  370.586676]  path_setxattr+0x170/0x190
[  370.590608]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  370.595112]  ? ksys_write+0x1c8/0x2a0
[  370.599034]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  370.604437]  __x64_sys_lsetxattr+0xbd/0x150
[  370.608768]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  370.613360]  do_syscall_64+0xf9/0x620
[  370.617182]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  370.622395] RIP: 0033:0x45e219
[  370.625595] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  370.644602] RSP: 002b:00007f924f255c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  370.652344] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  370.659621] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
01:13:06 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xa00, 0x0)

01:13:06 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  370.666990] RBP: 00007f924f255ca0 R08: 0000000000000000 R09: 0000000000000000
[  370.674275] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000003
[  370.681565] R13: 00007ffdface509f R14: 00007f924f2569c0 R15: 000000000119bf8c
01:13:06 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:06 executing program 2 (fault-call:4 fault-nth:4):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  370.846576] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  370.961603] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  370.994906] FAULT_INJECTION: forcing a failure.
[  370.994906] name failslab, interval 1, probability 0, space 0, times 0
[  371.006563] CPU: 0 PID: 23939 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  371.014461] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.023911] Call Trace:
[  371.026542]  dump_stack+0x1fc/0x2fe
[  371.031059]  should_fail.cold+0xa/0x14
[  371.034968]  ? setup_fault_attr+0x200/0x200
[  371.039307]  ? mark_held_locks+0xf0/0xf0
[  371.043395]  __should_failslab+0x115/0x180
[  371.047646]  should_failslab+0x5/0xf
[  371.051646]  __kmalloc+0x2ab/0x3c0
[  371.055206]  ? getdqbuf+0x17/0x30
[  371.058677]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  371.063449]  getdqbuf+0x17/0x30
[  371.066918]  qtree_write_dquot+0x107/0x56d
[  371.071628]  ? do_insert_tree+0x1150/0x1150
[  371.075976]  v2_write_dquot+0x11c/0x250
[  371.079964]  ? v2_read_dquot+0xd9/0x120
[  371.085697]  dquot_acquire+0x25c/0x490
[  371.089825]  ext4_acquire_dquot+0x1e7/0x2d0
[  371.094163]  dqget+0x785/0xfc0
[  371.097377]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  371.102237]  __dquot_initialize+0x3bd/0xb70
[  371.106582]  ? dquot_initialize_needed+0x290/0x290
[  371.111526]  ? lock_downgrade+0x720/0x720
[  371.115688]  ? lock_acquire+0x170/0x3c0
[  371.119718]  ? ext4_get_inode_usage.cold+0x19/0x19
[  371.124686]  ext4_xattr_set+0xbd/0x2a0
[  371.128593]  ? ext4_xattr_set_credits+0x200/0x200
[  371.133448]  ? check_preemption_disabled+0x41/0x280
[  371.138483]  ? mark_held_locks+0xf0/0xf0
[  371.142555]  ? xattr_resolve_name+0x26e/0x3d0
[  371.147078]  ? ext4_get_inode_usage.cold+0x19/0x19
[  371.152018]  __vfs_setxattr+0x10e/0x170
[  371.156031]  ? xattr_resolve_name+0x3d0/0x3d0
[  371.160542]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  371.165928]  __vfs_setxattr_noperm+0x11a/0x420
[  371.170543]  __vfs_setxattr_locked+0x176/0x250
[  371.175147]  vfs_setxattr+0xe5/0x270
[  371.178877]  ? __vfs_setxattr_locked+0x250/0x250
[  371.183660]  ? strncpy_from_user+0x2a2/0x350
[  371.188110]  setxattr+0x23d/0x330
[  371.191591]  ? vfs_setxattr+0x270/0x270
[  371.195588]  ? filename_lookup+0x3d5/0x5a0
[  371.199855]  ? __phys_addr_symbol+0x2c/0x70
[  371.204226]  ? __check_object_size+0x17b/0x3d1
[  371.208858]  ? check_preemption_disabled+0x41/0x280
[  371.212039] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  371.212039] 
[  371.213894]  ? preempt_count_add+0xaf/0x190
[  371.213911]  ? __mnt_want_write+0x22c/0x2c0
[  371.213935]  path_setxattr+0x170/0x190
[  371.238416]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  371.242927]  ? ksys_write+0x1c8/0x2a0
[  371.246734]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  371.252108]  __x64_sys_lsetxattr+0xbd/0x150
[  371.256449]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  371.261040]  do_syscall_64+0xf9/0x620
[  371.264854]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  371.270065] RIP: 0033:0x45e219
[  371.273268] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  371.292179] RSP: 002b:00007f924f255c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  371.299907] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  371.307182] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  371.314458] RBP: 00007f924f255ca0 R08: 0000000000000000 R09: 0000000000000000
[  371.321730] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004
[  371.329004] R13: 00007ffdface509f R14: 00007f924f2569c0 R15: 000000000119bf8c
[  371.343060] VFS: Not enough memory for quota buffers.
01:13:07 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4b00)

01:13:07 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:07 executing program 4:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:07 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:07 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb00, 0x0)

01:13:07 executing program 2 (fault-call:4 fault-nth:5):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:07 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4d00)

[  371.587419] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:07 executing program 4:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:07 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:07 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2000, 0x0)

[  371.636399] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  371.669487] FAULT_INJECTION: forcing a failure.
[  371.669487] name failslab, interval 1, probability 0, space 0, times 0
[  371.717206] CPU: 1 PID: 23992 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  371.725145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  371.734771] Call Trace:
[  371.737380]  dump_stack+0x1fc/0x2fe
[  371.741071]  should_fail.cold+0xa/0x14
[  371.744966]  ? dquot_acquire+0x121/0x490
[  371.749129]  ? setup_fault_attr+0x200/0x200
[  371.753733]  ? blk_queue_enter+0x40b/0xb70
[  371.757991]  __should_failslab+0x115/0x180
[  371.764107]  should_failslab+0x5/0xf
[  371.767844]  kmem_cache_alloc_node+0x54/0x3b0
[  371.772645]  create_task_io_context+0x2c/0x430
[  371.777255]  generic_make_request_checks+0x1c4f/0x22e0
[  371.782558]  ? should_fail_bio.isra.0+0xa0/0xa0
[  371.787252]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  371.792552]  ? kmem_cache_alloc+0x315/0x370
[  371.796902]  generic_make_request+0x23f/0xdf0
[  371.801588]  ? blk_put_request+0x110/0x110
[  371.806800]  ? __find_get_block+0x314/0xde0
[  371.811152]  submit_bio+0xb1/0x430
[  371.814719]  ? generic_make_request+0xdf0/0xdf0
[  371.819402]  ? check_preemption_disabled+0x41/0x280
[  371.824876]  ? guard_bio_eod+0x2a0/0x640
[  371.828959]  submit_bh_wbc+0x5a7/0x760
[  371.832917]  ll_rw_block+0x1ed/0x220
[  371.836650]  ext4_bread+0x12a/0x210
[  371.840301]  ? ext4_getblk+0x4f0/0x4f0
[  371.844204]  ? check_preemption_disabled+0x41/0x280
[  371.849241]  ext4_quota_read+0x216/0x2e0
[  371.853320]  find_tree_dqentry+0x77/0x700
[  371.857477]  ? lock_acquire+0x170/0x3c0
[  371.861547]  qtree_read_dquot+0x107/0x700
[  371.865702]  v2_read_dquot+0xce/0x120
[  371.869525]  dquot_acquire+0x121/0x490
[  371.873412]  ? ext4_acquire_dquot+0x1bb/0x2d0
[  371.877914]  ext4_acquire_dquot+0x1e7/0x2d0
[  371.882242]  dqget+0x785/0xfc0
[  371.885616]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  371.890472]  __dquot_initialize+0x3bd/0xb70
[  371.895778]  ? dquot_initialize_needed+0x290/0x290
[  371.900719]  ? lock_downgrade+0x720/0x720
[  371.904893]  ? lock_acquire+0x170/0x3c0
[  371.908900]  ? ext4_get_inode_usage.cold+0x19/0x19
[  371.913839]  ext4_xattr_set+0xbd/0x2a0
[  371.917744]  ? ext4_xattr_set_credits+0x200/0x200
[  371.922588]  ? check_preemption_disabled+0x41/0x280
[  371.927640]  ? mark_held_locks+0xf0/0xf0
[  371.931716]  ? xattr_resolve_name+0x26e/0x3d0
[  371.936227]  ? ext4_get_inode_usage.cold+0x19/0x19
[  371.941165]  __vfs_setxattr+0x10e/0x170
[  371.945159]  ? xattr_resolve_name+0x3d0/0x3d0
[  371.949679]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  371.955089]  __vfs_setxattr_noperm+0x11a/0x420
[  371.959781]  __vfs_setxattr_locked+0x176/0x250
[  371.964408]  vfs_setxattr+0xe5/0x270
[  371.968150]  ? __vfs_setxattr_locked+0x250/0x250
[  371.973190]  ? strncpy_from_user+0x2a2/0x350
[  371.978068]  setxattr+0x23d/0x330
[  371.981640]  ? vfs_setxattr+0x270/0x270
[  371.985639]  ? filename_lookup+0x3d5/0x5a0
[  371.990003]  ? __phys_addr_symbol+0x2c/0x70
[  371.994350]  ? __check_object_size+0x17b/0x3d1
[  371.998984]  ? check_preemption_disabled+0x41/0x280
[  372.004035]  ? preempt_count_add+0xaf/0x190
[  372.009337]  ? __mnt_want_write+0x22c/0x2c0
[  372.013672]  path_setxattr+0x170/0x190
[  372.017571]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  372.022082]  ? ksys_write+0x1c8/0x2a0
[  372.026136]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  372.031534]  __x64_sys_lsetxattr+0xbd/0x150
[  372.035888]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  372.040483]  do_syscall_64+0xf9/0x620
[  372.044392]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  372.049601] RIP: 0033:0x45e219
[  372.052814] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  372.072675] RSP: 002b:00007f924f234c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  372.080447] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
[  372.087736] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  372.095033] RBP: 00007f924f234ca0 R08: 0000000000000000 R09: 0000000000000000
[  372.102486] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  372.113603] R13: 00007ffdface509f R14: 00007f924f2359c0 R15: 000000000119c034
01:13:08 executing program 4:
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:08 executing program 2 (fault-call:4 fault-nth:6):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  372.234461] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:08 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  372.394383] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  372.394383] 
01:13:08 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:08 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4f00)

01:13:08 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2300, 0x0)

01:13:08 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:08 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  372.440169] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  372.461534] FAULT_INJECTION: forcing a failure.
[  372.461534] name failslab, interval 1, probability 0, space 0, times 0
[  372.502680] CPU: 1 PID: 24026 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  372.511332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  372.520702] Call Trace:
[  372.523310]  dump_stack+0x1fc/0x2fe
[  372.527099]  should_fail.cold+0xa/0x14
[  372.531006]  ? vfs_setxattr+0xe5/0x270
[  372.535001]  ? setup_fault_attr+0x200/0x200
[  372.539357]  ? do_syscall_64+0xf9/0x620
[  372.543368]  ? entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  372.549443]  __should_failslab+0x115/0x180
[  372.553683]  should_failslab+0x5/0xf
[  372.557400]  __kmalloc+0x2ab/0x3c0
[  372.560956]  ? getdqbuf+0x17/0x30
[  372.564411]  ? lock_downgrade+0x720/0x720
[  372.568579]  getdqbuf+0x17/0x30
[  372.571945]  do_insert_tree+0xa8/0x1150
[  372.575946]  ? check_preemption_disabled+0x41/0x280
[  372.580982]  ? qtree_release_dquot+0x1d0/0x1d0
[  372.585568]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  372.590609]  ? __kmalloc+0x38e/0x3c0
[  372.594324]  ? getdqbuf+0x17/0x30
[  372.597786]  qtree_write_dquot+0x1cb/0x56d
[  372.602028]  ? do_insert_tree+0x1150/0x1150
[  372.606361]  v2_write_dquot+0x11c/0x250
[  372.610338]  ? v2_read_dquot+0xd9/0x120
[  372.614331]  dquot_acquire+0x25c/0x490
[  372.618245]  ext4_acquire_dquot+0x1e7/0x2d0
[  372.622584]  dqget+0x785/0xfc0
[  372.625802]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  372.631720]  __dquot_initialize+0x3bd/0xb70
[  372.636069]  ? dquot_initialize_needed+0x290/0x290
[  372.641001]  ? lock_downgrade+0x720/0x720
[  372.645178]  ? lock_acquire+0x170/0x3c0
[  372.649179]  ? ext4_get_inode_usage.cold+0x19/0x19
[  372.654123]  ext4_xattr_set+0xbd/0x2a0
[  372.658046]  ? ext4_xattr_set_credits+0x200/0x200
[  372.662897]  ? check_preemption_disabled+0x41/0x280
[  372.668031]  ? mark_held_locks+0xf0/0xf0
[  372.672097]  ? xattr_resolve_name+0x26e/0x3d0
[  372.676602]  ? ext4_get_inode_usage.cold+0x19/0x19
[  372.681709]  __vfs_setxattr+0x10e/0x170
[  372.685707]  ? xattr_resolve_name+0x3d0/0x3d0
[  372.690222]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  372.695730]  __vfs_setxattr_noperm+0x11a/0x420
[  372.700330]  __vfs_setxattr_locked+0x176/0x250
[  372.705883]  vfs_setxattr+0xe5/0x270
[  372.709706]  ? __vfs_setxattr_locked+0x250/0x250
[  372.714479]  ? strncpy_from_user+0x2a2/0x350
[  372.718926]  setxattr+0x23d/0x330
[  372.723439]  ? vfs_setxattr+0x270/0x270
[  372.727512]  ? filename_lookup+0x3d5/0x5a0
[  372.731881]  ? __phys_addr_symbol+0x2c/0x70
[  372.736233]  ? __check_object_size+0x17b/0x3d1
[  372.741543]  ? check_preemption_disabled+0x41/0x280
[  372.746782]  ? preempt_count_add+0xaf/0x190
[  372.751235]  ? __mnt_want_write+0x22c/0x2c0
[  372.755601]  path_setxattr+0x170/0x190
[  372.759685]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  372.764486]  ? ksys_write+0x1c8/0x2a0
[  372.768306]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  372.773692]  __x64_sys_lsetxattr+0xbd/0x150
[  372.778025]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  372.782794]  do_syscall_64+0xf9/0x620
[  372.786879]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  372.792191] RIP: 0033:0x45e219
[  372.795394] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  372.814436] RSP: 002b:00007f924f255c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  372.822161] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  372.829528] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  372.836829] RBP: 00007f924f255ca0 R08: 0000000000000000 R09: 0000000000000000
[  372.844108] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006
[  372.851400] R13: 00007ffdface509f R14: 00007f924f2569c0 R15: 000000000119bf8c
01:13:08 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  372.933612] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:09 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3f00, 0x0)

01:13:09 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  373.026871] VFS: Not enough memory for quota buffers.
[  373.035636] __quota_error: 1 callbacks suppressed
[  373.035648] Quota error (device loop2): qtree_write_dquot: Error -12 occurred while creating quota
01:13:09 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:09 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5100)

01:13:09 executing program 2 (fault-call:4 fault-nth:7):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:09 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  373.253123] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  373.373083] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  373.405666] FAULT_INJECTION: forcing a failure.
[  373.405666] name failslab, interval 1, probability 0, space 0, times 0
[  373.417936] CPU: 0 PID: 24096 Comm: syz-executor.2 Not tainted 4.19.166-syzkaller #0
[  373.425868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  373.435253] Call Trace:
[  373.437860]  dump_stack+0x1fc/0x2fe
[  373.441505]  should_fail.cold+0xa/0x14
[  373.445419]  ? setup_fault_attr+0x200/0x200
[  373.449791]  __should_failslab+0x115/0x180
[  373.454044]  should_failslab+0x5/0xf
[  373.457770]  __kmalloc+0x2ab/0x3c0
[  373.461317]  ? getdqbuf+0x17/0x30
[  373.464809]  ? dquot_acquire+0x25c/0x490
[  373.468887]  getdqbuf+0x17/0x30
[  373.472187]  do_insert_tree+0xa8/0x1150
[  373.476187]  ? ext4_getblk+0x4f0/0x4f0
[  373.480094]  ? __sanitizer_cov_trace_switch+0x4b/0x80
[  373.485341]  ? qtree_release_dquot+0x1d0/0x1d0
[  373.490375]  ? qid_valid+0x130/0x130
[  373.494099]  ? ext4_quota_read+0x266/0x2e0
[  373.498454]  do_insert_tree+0xf5c/0x1150
[  373.502543]  ? qtree_release_dquot+0x1d0/0x1d0
[  373.507139]  ? __kmalloc+0x38e/0x3c0
[  373.510892]  ? getdqbuf+0x17/0x30
[  373.514383]  qtree_write_dquot+0x1cb/0x56d
[  373.518670]  ? do_insert_tree+0x1150/0x1150
[  373.523020]  v2_write_dquot+0x11c/0x250
[  373.527028]  ? v2_read_dquot+0xd9/0x120
[  373.531373]  dquot_acquire+0x25c/0x490
[  373.535275]  ext4_acquire_dquot+0x1e7/0x2d0
[  373.539610]  dqget+0x785/0xfc0
[  373.542820]  ? dquot_writeback_dquots+0x9e0/0x9e0
[  373.547684]  __dquot_initialize+0x3bd/0xb70
[  373.552047]  ? dquot_initialize_needed+0x290/0x290
[  373.557007]  ? lock_downgrade+0x720/0x720
[  373.561166]  ? lock_acquire+0x170/0x3c0
[  373.565186]  ? ext4_get_inode_usage.cold+0x19/0x19
[  373.570129]  ext4_xattr_set+0xbd/0x2a0
[  373.574049]  ? ext4_xattr_set_credits+0x200/0x200
[  373.578902]  ? check_preemption_disabled+0x41/0x280
[  373.583935]  ? mark_held_locks+0xf0/0xf0
[  373.588011]  ? xattr_resolve_name+0x26e/0x3d0
[  373.592525]  ? ext4_get_inode_usage.cold+0x19/0x19
[  373.597463]  __vfs_setxattr+0x10e/0x170
[  373.601449]  ? xattr_resolve_name+0x3d0/0x3d0
[  373.605955]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  373.611358]  __vfs_setxattr_noperm+0x11a/0x420
[  373.616820]  __vfs_setxattr_locked+0x176/0x250
[  373.621393]  vfs_setxattr+0xe5/0x270
[  373.625098]  ? __vfs_setxattr_locked+0x250/0x250
[  373.629848]  ? strncpy_from_user+0x2a2/0x350
[  373.634249]  setxattr+0x23d/0x330
[  373.637720]  ? vfs_setxattr+0x270/0x270
[  373.642122]  ? filename_lookup+0x3d5/0x5a0
[  373.646358]  ? __phys_addr_symbol+0x2c/0x70
[  373.650732]  ? __check_object_size+0x17b/0x3d1
[  373.655312]  ? check_preemption_disabled+0x41/0x280
[  373.660340]  ? preempt_count_add+0xaf/0x190
[  373.664663]  ? __mnt_want_write+0x22c/0x2c0
[  373.669000]  path_setxattr+0x170/0x190
[  373.672879]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  373.677472]  ? ksys_write+0x1c8/0x2a0
[  373.681276]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  373.686651]  __x64_sys_lsetxattr+0xbd/0x150
[  373.691439]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  373.696027]  do_syscall_64+0xf9/0x620
[  373.699840]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  373.705038] RIP: 0033:0x45e219
[  373.708237] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  373.727584] RSP: 002b:00007f924f255c68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  373.736002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000000045e219
[  373.746070] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  373.753339] RBP: 00007f924f255ca0 R08: 0000000000000000 R09: 0000000000000000
[  373.760611] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000007
[  373.767980] R13: 00007ffdface509f R14: 00007f924f2569c0 R15: 000000000119bf8c
[  373.785715] VFS: Not enough memory for quota buffers.
[  373.792244] Quota error (device loop2): qtree_write_dquot: Error -12 occurred while creating quota
[  373.817331] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  373.817331] 
01:13:09 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:09 executing program 4:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:09 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:09 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4000, 0x0)

01:13:09 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5300)

01:13:09 executing program 2 (fault-call:4 fault-nth:8):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  374.003667] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:10 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:10 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xc803, 0x0)

01:13:10 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5500)

[  374.072771] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:10 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:10 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:10 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  374.276211] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  374.347870] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  374.798187] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  374.798187] 
01:13:10 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0ff, 0x0)

01:13:10 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5700)

01:13:10 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:10 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:10 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:10 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2, 0x0)

01:13:11 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  374.996571] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:11 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5900)

[  375.046457] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:11 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff01, 0x0)

01:13:11 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:11 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3, 0x0)

01:13:11 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:11 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5b00)

01:13:11 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:11 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  375.293790] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  375.332339] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  375.747692] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  375.747692] 
01:13:11 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:11 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff0f, 0x0)

01:13:11 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4, 0x0)

01:13:11 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:11 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:11 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5d00)

01:13:12 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  375.898989] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  375.913884] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:12 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5f00)

01:13:12 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:12 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffe0, 0x0)

01:13:12 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x5, 0x0)

01:13:12 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

[  376.247535] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  376.257061] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:12 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:12 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:12 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x6400)

01:13:12 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:12 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x40000, 0x0)

01:13:12 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x6, 0x0)

[  376.823325] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  376.823325] 
01:13:13 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x6500)

01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  377.015617] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  377.031182] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:13 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x200000, 0x0)

01:13:13 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x7, 0x0)

[  377.096729] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:13 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:13 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:13 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x6600)

[  377.314205] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  377.326693] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

[  377.356411] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:13 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:13 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x400000, 0x0)

01:13:13 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8, 0x0)

01:13:13 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x300, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:13 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x6700)

01:13:13 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

[  377.621137] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  377.646739] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  377.692035] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:13 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

01:13:13 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x9, 0x0)

01:13:13 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:13 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x800000, 0x0)

01:13:13 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x8004)

01:13:13 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  377.930011] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  377.955966] EXT4-fs error (device loop5): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 8192 vs 206 free clusters
[  377.980576] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  378.014342] Quota error (device loop5): write_blk: dquota write failed
01:13:14 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb, 0x0)

[  378.044591] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  378.078012] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:14 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

01:13:14 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xe0fe)

01:13:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:14 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x1000000, 0x0)

01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  378.243828] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  378.266663] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:14 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x23, 0x0)

01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x0, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:14 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

[  378.367018] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:14 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xfeff)

01:13:14 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:14 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2000000, 0x0)

01:13:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  378.538986] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:14 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0, 0x0)

01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  378.644000] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:14 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:14 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xfffe)

01:13:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {0x0, 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:14 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  378.788168] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:14 executing program 0:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:14 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  378.880016] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  378.910116] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:15 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3000000, 0x0)

01:13:15 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x40000)

01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:15 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x300, 0x0)

01:13:15 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xc0000)

01:13:15 executing program 0:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2300, 0x0)

01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  379.109671] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  379.178445] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:15 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:15 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4000000, 0x0)

[  379.219662] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue
[  379.250298] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:15 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3c8, 0x0)

01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(0x0, 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:15 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xffff0)

01:13:15 executing program 0 (fault-call:4 fault-nth:0):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  379.344385] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:15 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600), 0x0, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:15 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x100000)

[  379.507562] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  379.538419] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  379.555526] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  379.599309] FAULT_INJECTION: forcing a failure.
[  379.599309] name failslab, interval 1, probability 0, space 0, times 0
[  379.655592] CPU: 0 PID: 24801 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  379.663600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  379.672967] Call Trace:
[  379.675674]  dump_stack+0x1fc/0x2fe
[  379.679313]  should_fail.cold+0xa/0x14
[  379.683209]  ? setup_fault_attr+0x200/0x200
[  379.687734]  ? lock_acquire+0x170/0x3c0
[  379.691728]  __should_failslab+0x115/0x180
[  379.695990]  should_failslab+0x5/0xf
[  379.699735]  kmem_cache_alloc+0x277/0x370
[  379.703902]  vm_area_dup+0x1c/0x170
[  379.707542]  __split_vma+0xa5/0x560
[  379.711184]  do_munmap+0x2f0/0xde0
[  379.714741]  mmap_region+0x2a3/0x16b0
[  379.718731]  ? vm_munmap+0x140/0x140
[  379.722452]  ? security_mmap_addr+0x73/0x90
[  379.726805]  ? get_unmapped_area+0x294/0x3c0
[  379.731233]  do_mmap+0x8e8/0x1080
[  379.734703]  vm_mmap_pgoff+0x197/0x200
[  379.738604]  ? vma_is_stack_for_current+0xc0/0xc0
[  379.743549]  ? do_dup2+0x450/0x450
[  379.747100]  ? wait_for_completion_io+0x10/0x10
[  379.751792]  ? vfs_write+0x393/0x540
[  379.755521]  ksys_mmap_pgoff+0x298/0x5a0
[  379.760385]  ? find_mergeable_anon_vma+0x260/0x260
[  379.765343]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  379.770731]  ? trace_hardirqs_off_caller+0x6e/0x210
[  379.776142]  ? do_syscall_64+0x21/0x620
[  379.780141]  do_syscall_64+0xf9/0x620
[  379.783980]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  379.789181] RIP: 0033:0x45e219
01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:15 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x500, 0x0)

[  379.792390] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  379.811857] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  379.819600] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  379.826908] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  379.834322] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  379.841608] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000000
[  379.848903] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:15 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x5000000, 0x0)

01:13:15 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:15 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r0 = memfd_create(&(0x7f0000000000), 0x0)
dup2(0xffffffffffffffff, r0)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r0, 0x0)

01:13:16 executing program 0 (fault-call:4 fault-nth:1):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:16 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x80ffff)

[  380.044563] FAULT_INJECTION: forcing a failure.
[  380.044563] name failslab, interval 1, probability 0, space 0, times 0
[  380.071397] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  380.071688] CPU: 0 PID: 24832 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  380.087786] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.097159] Call Trace:
[  380.099803]  dump_stack+0x1fc/0x2fe
[  380.103458]  should_fail.cold+0xa/0x14
[  380.107361]  ? setup_fault_attr+0x200/0x200
[  380.111702]  ? rcu_nmi_exit+0xb3/0x180
[  380.115613]  __should_failslab+0x115/0x180
[  380.119893]  should_failslab+0x5/0xf
[  380.123622]  kmem_cache_alloc+0x3f/0x370
[  380.127700]  anon_vma_clone+0xe0/0x5e0
[  380.131606]  __split_vma+0x179/0x560
[  380.135338]  do_munmap+0x2f0/0xde0
[  380.138894]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  380.143065] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  380.143659]  mmap_region+0x2a3/0x16b0
[  380.155652]  ? vm_munmap+0x140/0x140
[  380.159386]  ? do_mmap+0x2cb/0x1080
[  380.163032]  do_mmap+0x8e8/0x1080
[  380.166508]  vm_mmap_pgoff+0x197/0x200
[  380.170450]  ? vma_is_stack_for_current+0xc0/0xc0
[  380.175304]  ? do_dup2+0x450/0x450
[  380.178855]  ? wait_for_completion_io+0x10/0x10
[  380.183536]  ? vfs_write+0x393/0x540
[  380.187268]  ksys_mmap_pgoff+0x298/0x5a0
[  380.191345]  ? find_mergeable_anon_vma+0x260/0x260
[  380.196287]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  380.201673]  ? trace_hardirqs_off_caller+0x6e/0x210
[  380.206710]  ? do_syscall_64+0x21/0x620
[  380.210707]  do_syscall_64+0xf9/0x620
[  380.214525]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  380.219726] RIP: 0033:0x45e219
[  380.223031] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
01:13:16 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  380.242634] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  380.250351] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  380.257824] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  380.265099] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  380.272378] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000001
[  380.279742] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:16 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x6000000, 0x0)

01:13:16 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:16 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x600, 0x0)

01:13:16 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, 0xffffffffffffffff)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  380.511930] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:16 executing program 0 (fault-call:4 fault-nth:2):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:16 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x7000000, 0x0)

01:13:16 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1000000)

[  380.653155] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  380.673754] FAULT_INJECTION: forcing a failure.
[  380.673754] name failslab, interval 1, probability 0, space 0, times 0
[  380.706367] CPU: 1 PID: 24885 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  380.714660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  380.724031] Call Trace:
[  380.726640]  dump_stack+0x1fc/0x2fe
[  380.730300]  should_fail.cold+0xa/0x14
[  380.734216]  ? setup_fault_attr+0x200/0x200
[  380.738555]  ? lock_acquire+0x170/0x3c0
[  380.742563]  __should_failslab+0x115/0x180
[  380.746819]  should_failslab+0x5/0xf
[  380.750544]  kmem_cache_alloc+0x277/0x370
[  380.754795]  vm_area_dup+0x1c/0x170
[  380.759566]  __split_vma+0xa5/0x560
[  380.763303]  do_munmap+0x369/0xde0
[  380.766873]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  380.771653]  mmap_region+0x2a3/0x16b0
[  380.775474]  ? vm_munmap+0x140/0x140
[  380.779204]  do_mmap+0x8e8/0x1080
[  380.783021]  vm_mmap_pgoff+0x197/0x200
[  380.786944]  ? vma_is_stack_for_current+0xc0/0xc0
[  380.791899]  ? do_dup2+0x450/0x450
[  380.795457]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  380.801104]  ksys_mmap_pgoff+0x298/0x5a0
[  380.805214]  ? find_mergeable_anon_vma+0x260/0x260
[  380.810250]  ? do_syscall_64+0xbf/0x620
[  380.814239]  do_syscall_64+0xf9/0x620
[  380.818055]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  380.823268] RIP: 0033:0x45e219
[  380.826466] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  380.846481] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  380.854226] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  380.861509] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  380.870349] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  380.878703] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000002
[  380.885979] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  380.933853] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  380.933853] 
[  380.967930] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:17 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:17 executing program 0 (fault-call:4 fault-nth:3):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:17 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

01:13:17 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x700, 0x0)

01:13:17 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2000000)

01:13:17 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8000000, 0x0)

[  381.116038] FAULT_INJECTION: forcing a failure.
[  381.116038] name failslab, interval 1, probability 0, space 0, times 0
[  381.151363] CPU: 1 PID: 24915 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  381.160326] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.171180] Call Trace:
[  381.173793]  dump_stack+0x1fc/0x2fe
[  381.177459]  should_fail.cold+0xa/0x14
[  381.181355]  ? setup_fault_attr+0x200/0x200
[  381.185684]  ? should_fail+0x142/0x7b0
[  381.189604]  ? fs_reclaim_release+0xd0/0x110
[  381.194050]  __should_failslab+0x115/0x180
[  381.198296]  should_failslab+0x5/0xf
[  381.202028]  kmem_cache_alloc+0x3f/0x370
[  381.206106]  anon_vma_clone+0xe0/0x5e0
[  381.210022]  __split_vma+0x179/0x560
[  381.213761]  do_munmap+0x369/0xde0
[  381.217449]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  381.222390]  mmap_region+0x2a3/0x16b0
[  381.226229]  ? vm_munmap+0x140/0x140
[  381.230303]  ? do_mmap+0x44b/0x1080
[  381.233940]  do_mmap+0x8e8/0x1080
[  381.237405]  vm_mmap_pgoff+0x197/0x200
[  381.241302]  ? vma_is_stack_for_current+0xc0/0xc0
[  381.246166]  ? do_dup2+0x450/0x450
[  381.249714]  ? ksys_mmap_pgoff+0x9f/0x5a0
[  381.253899]  ksys_mmap_pgoff+0x298/0x5a0
[  381.257973]  ? find_mergeable_anon_vma+0x260/0x260
[  381.262952]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  381.268331]  ? trace_hardirqs_off_caller+0x6e/0x210
[  381.273358]  ? do_syscall_64+0x21/0x620
[  381.277344]  do_syscall_64+0xf9/0x620
[  381.281151]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.286347] RIP: 0033:0x45e219
[  381.289561] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  381.308471] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  381.316190] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  381.323464] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  381.330735] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  381.338015] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000003
[  381.345291] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  381.400920] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:17 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x900, 0x0)

01:13:17 executing program 0 (fault-call:4 fault-nth:4):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:17 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

01:13:17 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3000000)

[  381.477042] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:17 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x9000000, 0x0)

[  381.606136] FAULT_INJECTION: forcing a failure.
[  381.606136] name failslab, interval 1, probability 0, space 0, times 0
[  381.628182] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  381.660002] CPU: 0 PID: 24955 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  381.667935] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  381.677393] Call Trace:
[  381.679997]  dump_stack+0x1fc/0x2fe
[  381.683640]  should_fail.cold+0xa/0x14
[  381.687548]  ? setup_fault_attr+0x200/0x200
[  381.691887]  ? lock_acquire+0x170/0x3c0
[  381.695886]  __should_failslab+0x115/0x180
[  381.700253]  should_failslab+0x5/0xf
[  381.703982]  kmem_cache_alloc+0x277/0x370
[  381.708298]  vm_area_alloc+0x1c/0x110
[  381.712118]  mmap_region+0xa2a/0x16b0
[  381.715945]  ? vm_munmap+0x140/0x140
[  381.719670]  ? security_mmap_addr+0x73/0x90
[  381.724037]  ? get_unmapped_area+0x294/0x3c0
[  381.728462]  do_mmap+0x8e8/0x1080
[  381.731936]  vm_mmap_pgoff+0x197/0x200
[  381.735848]  ? vma_is_stack_for_current+0xc0/0xc0
[  381.740713]  ? do_dup2+0x450/0x450
[  381.744315]  ksys_mmap_pgoff+0x298/0x5a0
[  381.748399]  ? find_mergeable_anon_vma+0x260/0x260
[  381.753346]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  381.758743]  ? trace_hardirqs_off_caller+0x6e/0x210
[  381.763787]  ? do_syscall_64+0x21/0x620
[  381.767790]  do_syscall_64+0xf9/0x620
[  381.771617]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  381.776835] RIP: 0033:0x45e219
[  381.780044] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  381.798965] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:17 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb00, 0x0)

[  381.806696] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  381.813974] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  381.821251] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  381.828557] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000004
[  381.835859] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  381.903018] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:18 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00', 0x4, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:18 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x0, 0x2011, r1, 0x0)

01:13:18 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x4000000)

01:13:18 executing program 0 (fault-call:4 fault-nth:5):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:18 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xa000000, 0x0)

[  381.946680] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  381.946680] 
[  381.981717] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:18 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

[  382.126979] FAULT_INJECTION: forcing a failure.
[  382.126979] name failslab, interval 1, probability 0, space 0, times 0
01:13:18 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2000, 0x0)

[  382.173737] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  382.192439] CPU: 1 PID: 24990 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  382.200380] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.209752] Call Trace:
[  382.212378]  dump_stack+0x1fc/0x2fe
[  382.216027]  should_fail.cold+0xa/0x14
[  382.219928]  ? setup_fault_attr+0x200/0x200
[  382.224398]  __should_failslab+0x115/0x180
[  382.228641]  should_failslab+0x5/0xf
[  382.232361]  __kmalloc+0x2ab/0x3c0
[  382.235910]  ? rb_alloc+0x97/0x500
[  382.239495]  rb_alloc+0x97/0x500
[  382.242880]  perf_mmap+0xff9/0x1810
[  382.246533]  ? perf_release+0x40/0x40
[  382.250349]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  382.255410]  mmap_region+0xc94/0x16b0
[  382.259672]  ? vm_munmap+0x140/0x140
[  382.263528]  ? do_mmap+0xbbf/0x1080
[  382.267171]  ? do_mmap+0xbcd/0x1080
[  382.270820]  do_mmap+0x8e8/0x1080
[  382.274296]  vm_mmap_pgoff+0x197/0x200
[  382.278205]  ? vma_is_stack_for_current+0xc0/0xc0
[  382.283067]  ? do_dup2+0x450/0x450
[  382.286623]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  382.291399]  ksys_mmap_pgoff+0x298/0x5a0
[  382.295488]  ? find_mergeable_anon_vma+0x260/0x260
[  382.300436]  ? do_syscall_64+0xbf/0x620
[  382.304456]  do_syscall_64+0xf9/0x620
[  382.308277]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  382.313481] RIP: 0033:0x45e219
[  382.316700] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  382.335630] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  382.343381] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  382.350665] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  382.357956] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  382.365241] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000005
01:13:18 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb000000, 0x0)

01:13:18 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

01:13:18 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x5000000)

[  382.372523] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:18 executing program 0 (fault-call:4 fault-nth:6):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:18 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x10, r1, 0x0)

[  382.520741] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  382.538755] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  382.699786] FAULT_INJECTION: forcing a failure.
[  382.699786] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  382.744143] CPU: 1 PID: 25055 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  382.752063] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  382.761563] Call Trace:
[  382.764148]  dump_stack+0x1fc/0x2fe
[  382.767770]  should_fail.cold+0xa/0x14
[  382.771662]  ? lock_acquire+0x170/0x3c0
[  382.775625]  ? setup_fault_attr+0x200/0x200
[  382.780120]  __alloc_pages_nodemask+0x239/0x2890
[  382.784877]  ? mark_held_locks+0xa6/0xf0
[  382.788950]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  382.793701]  ? mark_held_locks+0xa6/0xf0
[  382.797765]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  382.802519]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  382.807110]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  382.811946]  ? rcu_nmi_exit+0xb3/0x180
[  382.815847]  ? check_preemption_disabled+0x41/0x280
[  382.820868]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  382.825881]  perf_mmap_alloc_page+0x58/0xd0
[  382.830229]  rb_alloc+0xac/0x500
[  382.833618]  perf_mmap+0xff9/0x1810
[  382.837272]  ? perf_release+0x40/0x40
[  382.841071]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  382.846099]  mmap_region+0xc94/0x16b0
[  382.849913]  ? vm_munmap+0x140/0x140
[  382.853616]  ? do_mmap+0xac3/0x1080
[  382.857257]  do_mmap+0x8e8/0x1080
[  382.860712]  vm_mmap_pgoff+0x197/0x200
[  382.864590]  ? vma_is_stack_for_current+0xc0/0xc0
[  382.869425]  ? ksys_mmap_pgoff+0x15c/0x5a0
[  382.873646]  ksys_mmap_pgoff+0x298/0x5a0
[  382.877712]  ? find_mergeable_anon_vma+0x260/0x260
[  382.882630]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  382.887997]  ? trace_hardirqs_off_caller+0x6e/0x210
[  382.893019]  ? do_syscall_64+0x21/0x620
[  382.896996]  do_syscall_64+0xf9/0x620
[  382.900784]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  382.905958] RIP: 0033:0x45e219
[  382.909134] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  382.928026] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  382.935755] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  382.943029] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  382.950302] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  382.957780] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000006
[  382.965060] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  383.021906] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  383.021906] 
01:13:19 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:19 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:19 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2300, 0x0)

01:13:19 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x20000000, 0x0)

01:13:19 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x6000000)

01:13:19 executing program 0 (fault-call:4 fault-nth:7):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  383.158940] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  383.184258] FAULT_INJECTION: forcing a failure.
[  383.184258] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:19 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

[  383.294443] CPU: 0 PID: 25074 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  383.302398] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.311796] Call Trace:
[  383.314448]  dump_stack+0x1fc/0x2fe
[  383.318113]  should_fail.cold+0xa/0x14
[  383.322033]  ? lock_acquire+0x170/0x3c0
[  383.326030]  ? setup_fault_attr+0x200/0x200
[  383.330375]  __alloc_pages_nodemask+0x239/0x2890
[  383.335154]  ? mark_held_locks+0xa6/0xf0
[  383.339232]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  383.344008]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  383.348632]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  383.353496]  ? rcu_nmi_exit+0xb3/0x180
[  383.357406]  ? check_preemption_disabled+0x41/0x280
[  383.362450]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  383.367493]  perf_mmap_alloc_page+0x58/0xd0
[  383.371831]  rb_alloc+0x138/0x500
[  383.375301]  perf_mmap+0xff9/0x1810
[  383.378946]  ? perf_release+0x40/0x40
[  383.382764]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  383.387890]  mmap_region+0xc94/0x16b0
[  383.391716]  ? vm_munmap+0x140/0x140
[  383.395441]  ? get_unmapped_area+0x294/0x3c0
[  383.399868]  do_mmap+0x8e8/0x1080
[  383.403340]  vm_mmap_pgoff+0x197/0x200
[  383.407248]  ? vma_is_stack_for_current+0xc0/0xc0
[  383.409313] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  383.412186]  ? do_dup2+0x450/0x450
[  383.423942]  ? wait_for_completion_io+0x10/0x10
[  383.428634]  ? vfs_write+0x393/0x540
[  383.432492]  ksys_mmap_pgoff+0x298/0x5a0
[  383.436592]  ? find_mergeable_anon_vma+0x260/0x260
[  383.441542]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  383.446943]  ? trace_hardirqs_off_caller+0x6e/0x210
[  383.451971]  ? do_syscall_64+0x21/0x620
[  383.455988]  do_syscall_64+0xf9/0x620
[  383.459812]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  383.465020] RIP: 0033:0x45e219
[  383.468225] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
01:13:19 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, 0xffffffffffffffff, 0x0)

01:13:19 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3f00, 0x0)

[  383.487774] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  383.495582] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  383.502869] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  383.510158] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  383.517440] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000007
[  383.524725] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:19 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x23000000, 0x0)

01:13:19 executing program 0 (fault-call:4 fault-nth:8):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:19 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x7000000)

[  383.684825] FAULT_INJECTION: forcing a failure.
[  383.684825] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  383.742048] CPU: 1 PID: 25108 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  383.750054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  383.759408] Call Trace:
[  383.762021]  dump_stack+0x1fc/0x2fe
[  383.765657]  should_fail.cold+0xa/0x14
[  383.769546]  ? lock_acquire+0x170/0x3c0
[  383.773521]  ? setup_fault_attr+0x200/0x200
[  383.777876]  __alloc_pages_nodemask+0x239/0x2890
[  383.782639]  ? __kernel_text_address+0x9/0x30
[  383.787135]  ? mark_held_locks+0xf0/0xf0
[  383.791296]  ? __save_stack_trace+0xaf/0x190
[  383.795724]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  383.800683]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  383.805447]  ? rcu_nmi_exit+0xb3/0x180
[  383.809344]  ? check_preemption_disabled+0x41/0x280
[  383.814370]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  383.819394]  perf_mmap_alloc_page+0x58/0xd0
[  383.823722]  rb_alloc+0x138/0x500
[  383.827218]  perf_mmap+0xff9/0x1810
[  383.830888]  ? perf_release+0x40/0x40
[  383.834706]  ? mmap_region+0xc09/0x16b0
[  383.838699]  mmap_region+0xc94/0x16b0
[  383.842513]  ? vm_munmap+0x140/0x140
[  383.846255]  ? do_mmap+0x44b/0x1080
[  383.849892]  do_mmap+0x8e8/0x1080
[  383.853360]  vm_mmap_pgoff+0x197/0x200
[  383.857256]  ? vma_is_stack_for_current+0xc0/0xc0
[  383.862108]  ? do_dup2+0x450/0x450
[  383.865663]  ? rcu_nmi_exit+0xb3/0x180
[  383.869566]  ksys_mmap_pgoff+0x298/0x5a0
[  383.873633]  ? find_mergeable_anon_vma+0x260/0x260
[  383.878569]  ? __x64_sys_mmap+0xd0/0x1b0
[  383.882645]  do_syscall_64+0xf9/0x620
[  383.886476]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  383.891671] RIP: 0033:0x45e219
[  383.894867] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  383.913800] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  383.921538] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  383.928815] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  383.936096] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  383.943378] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000008
[  383.950659] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  383.988110] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  383.988110] 
01:13:20 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:20 executing program 4:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8000000, 0x0)

01:13:20 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4000, 0x0)

01:13:20 executing program 0 (fault-call:4 fault-nth:9):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:20 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x8000000)

[  384.163696] FAULT_INJECTION: forcing a failure.
[  384.163696] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  384.229988] CPU: 1 PID: 25142 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  384.237916] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  384.247281] Call Trace:
[  384.249887]  dump_stack+0x1fc/0x2fe
[  384.253537]  should_fail.cold+0xa/0x14
[  384.257443]  ? setup_fault_attr+0x200/0x200
[  384.261811]  __alloc_pages_nodemask+0x239/0x2890
[  384.266595]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  384.271378]  ? rcu_nmi_exit+0xb3/0x180
[  384.275298]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  384.280158]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  384.284978]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  384.289581]  ? rcu_nmi_exit+0xb3/0x180
[  384.293485]  ? retint_kernel+0x2d/0x2d
[  384.297400]  perf_mmap_alloc_page+0x58/0xd0
[  384.301740]  rb_alloc+0x138/0x500
[  384.305385]  perf_mmap+0xff9/0x1810
[  384.309031]  ? perf_release+0x40/0x40
[  384.312848]  ? mmap_region+0xdf1/0x16b0
[  384.316838]  ? check_memory_region+0xcb/0x170
[  384.321351]  mmap_region+0xc94/0x16b0
[  384.325182]  ? vm_munmap+0x140/0x140
[  384.328952]  do_mmap+0x8e8/0x1080
[  384.332603]  vm_mmap_pgoff+0x197/0x200
[  384.336515]  ? vma_is_stack_for_current+0xc0/0xc0
[  384.341378]  ? do_dup2+0x450/0x450
[  384.344937]  ? ksys_mmap_pgoff+0x9f/0x5a0
[  384.349103]  ksys_mmap_pgoff+0x298/0x5a0
[  384.353188]  ? find_mergeable_anon_vma+0x260/0x260
[  384.358132]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  384.363521]  ? trace_hardirqs_off_caller+0x6e/0x210
[  384.368551]  ? do_syscall_64+0x21/0x620
[  384.372573]  do_syscall_64+0xf9/0x620
[  384.376391]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  384.381588] RIP: 0033:0x45e219
[  384.384788] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  384.403703] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  384.411424] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  384.418711] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
01:13:20 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3f000000, 0x0)

[  384.425994] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  384.433286] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000009
[  384.440568] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:20 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xc803, 0x0)

01:13:20 executing program 0 (fault-call:4 fault-nth:10):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:20 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x9000000)

01:13:20 executing program 4 (fault-call:4 fault-nth:0):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:20 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8bffffff, 0x0)

[  384.685417] FAULT_INJECTION: forcing a failure.
[  384.685417] name failslab, interval 1, probability 0, space 0, times 0
[  384.718538] FAULT_INJECTION: forcing a failure.
[  384.718538] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  384.747734] CPU: 1 PID: 25182 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  384.755794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  384.765167] Call Trace:
[  384.767777]  dump_stack+0x1fc/0x2fe
[  384.771434]  should_fail.cold+0xa/0x14
[  384.775336]  ? setup_fault_attr+0x200/0x200
[  384.779665]  ? lock_acquire+0x170/0x3c0
[  384.783656]  __should_failslab+0x115/0x180
[  384.787915]  should_failslab+0x5/0xf
[  384.791923]  kmem_cache_alloc+0x277/0x370
[  384.796107]  vm_area_dup+0x1c/0x170
[  384.799743]  __split_vma+0xa5/0x560
[  384.803394]  do_munmap+0x2f0/0xde0
[  384.806942]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  384.811714]  mmap_region+0x2a3/0x16b0
[  384.815531]  ? vm_munmap+0x140/0x140
[  384.819269]  ? do_mmap+0xbcd/0x1080
[  384.822917]  do_mmap+0x8e8/0x1080
[  384.826387]  vm_mmap_pgoff+0x197/0x200
[  384.830297]  ? vma_is_stack_for_current+0xc0/0xc0
[  384.835150]  ? do_dup2+0x450/0x450
[  384.838706]  ksys_mmap_pgoff+0x298/0x5a0
[  384.842800]  ? find_mergeable_anon_vma+0x260/0x260
[  384.847741]  ? do_syscall_64+0xbf/0x620
[  384.851754]  do_syscall_64+0xf9/0x620
[  384.855653]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  384.860850] RIP: 0033:0x45e219
[  384.864053] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  384.882979] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  384.890699] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  384.897976] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  384.905379] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  384.912658] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000000
[  384.919933] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  384.968789] CPU: 1 PID: 25188 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  384.976712] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  384.986074] Call Trace:
[  384.988680]  dump_stack+0x1fc/0x2fe
[  384.992324]  should_fail.cold+0xa/0x14
[  384.996218]  ? lock_acquire+0x170/0x3c0
[  385.000206]  ? setup_fault_attr+0x200/0x200
[  385.004546]  __alloc_pages_nodemask+0x239/0x2890
[  385.012965]  ? __kernel_text_address+0x9/0x30
[  385.017485]  ? mark_held_locks+0xf0/0xf0
[  385.021555]  ? __save_stack_trace+0xaf/0x190
[  385.025978]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  385.030667]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  385.035539]  ? rcu_nmi_exit+0xb3/0x180
[  385.039445]  ? check_preemption_disabled+0x41/0x280
[  385.044484]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  385.049542]  perf_mmap_alloc_page+0x58/0xd0
[  385.053876]  rb_alloc+0x138/0x500
[  385.057344]  perf_mmap+0xff9/0x1810
[  385.060987]  ? perf_release+0x40/0x40
[  385.064795]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  385.069828]  mmap_region+0xc94/0x16b0
[  385.073650]  ? vm_munmap+0x140/0x140
[  385.077374]  ? do_mmap+0xbcd/0x1080
[  385.081018]  do_mmap+0x8e8/0x1080
[  385.084484]  vm_mmap_pgoff+0x197/0x200
[  385.088386]  ? vma_is_stack_for_current+0xc0/0xc0
[  385.093250]  ? do_dup2+0x450/0x450
[  385.096801]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  385.101576]  ksys_mmap_pgoff+0x298/0x5a0
[  385.105647]  ? find_mergeable_anon_vma+0x260/0x260
[  385.110594]  do_syscall_64+0xf9/0x620
[  385.114405]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  385.119603] RIP: 0033:0x45e219
[  385.122811] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  385.141721] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  385.149442] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  385.156720] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  385.163999] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  385.171273] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000a
[  385.178545] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:21 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8cffffff, 0x0)

[  385.243075] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  385.243075] 
01:13:21 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PM', 0x6, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:21 executing program 0 (fault-call:4 fault-nth:11):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:21 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xa000000)

01:13:21 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0ff, 0x0)

01:13:21 executing program 4 (fault-call:4 fault-nth:1):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  385.461871] FAULT_INJECTION: forcing a failure.
[  385.461871] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  385.503190] CPU: 1 PID: 25218 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  385.511116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  385.520481] Call Trace:
[  385.523081]  dump_stack+0x1fc/0x2fe
[  385.526725]  should_fail.cold+0xa/0x14
[  385.530627]  ? lock_acquire+0x170/0x3c0
[  385.534615]  ? setup_fault_attr+0x200/0x200
[  385.538990]  __alloc_pages_nodemask+0x239/0x2890
[  385.544199]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  385.547618] FAULT_INJECTION: forcing a failure.
[  385.547618] name failslab, interval 1, probability 0, space 0, times 0
[  385.548966]  ? mark_held_locks+0xf0/0xf0
[  385.548982]  ? rcu_nmi_exit+0xb3/0x180
[  385.549007]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  385.549026]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  385.549042]  ? rcu_nmi_exit+0xb3/0x180
[  385.549067]  ? check_preemption_disabled+0x41/0x280
[  385.586534]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  385.591563]  perf_mmap_alloc_page+0x58/0xd0
[  385.595887]  rb_alloc+0x138/0x500
[  385.599355]  perf_mmap+0xff9/0x1810
[  385.602988]  ? perf_release+0x40/0x40
[  385.606796]  ? mmap_region+0xa3b/0x16b0
[  385.610778]  mmap_region+0xc94/0x16b0
[  385.614592]  ? vm_munmap+0x140/0x140
[  385.618317]  ? do_mmap+0xac3/0x1080
[  385.621957]  do_mmap+0x8e8/0x1080
[  385.625427]  vm_mmap_pgoff+0x197/0x200
[  385.629352]  ? vma_is_stack_for_current+0xc0/0xc0
[  385.634221]  ? ksys_mmap_pgoff+0x12e/0x5a0
[  385.638470]  ksys_mmap_pgoff+0x298/0x5a0
[  385.642553]  ? find_mergeable_anon_vma+0x260/0x260
[  385.647492]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  385.652864]  ? trace_hardirqs_off_caller+0x6e/0x210
[  385.657889]  ? do_syscall_64+0x21/0x620
[  385.661880]  do_syscall_64+0xf9/0x620
[  385.665708]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  385.670906] RIP: 0033:0x45e219
[  385.674109] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  385.693178] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:21 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xb000000)

[  385.702386] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  385.709670] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  385.716952] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  385.724229] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000b
[  385.731510] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  385.743364] CPU: 0 PID: 25241 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  385.751280] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  385.760649] Call Trace:
[  385.763293]  dump_stack+0x1fc/0x2fe
[  385.766951]  should_fail.cold+0xa/0x14
[  385.770872]  ? setup_fault_attr+0x200/0x200
[  385.775216]  ? rcu_nmi_exit+0xb3/0x180
[  385.779127]  ? retint_kernel+0x2d/0x2d
[  385.783319]  ? should_fail+0x142/0x7b0
[  385.787247]  __should_failslab+0x115/0x180
[  385.791505]  should_failslab+0x5/0xf
[  385.795233]  kmem_cache_alloc+0x3f/0x370
[  385.799319]  anon_vma_clone+0xe0/0x5e0
[  385.803243]  __split_vma+0x179/0x560
[  385.806994]  do_munmap+0x2f0/0xde0
[  385.810579]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  385.815185]  mmap_region+0x2a3/0x16b0
[  385.819030]  ? vm_munmap+0x140/0x140
[  385.822767]  ? path_noexec+0xc/0xf0
[  385.826412]  ? path_noexec+0x4e/0xf0
[  385.830323]  do_mmap+0x8e8/0x1080
[  385.833799]  vm_mmap_pgoff+0x197/0x200
[  385.837719]  ? vma_is_stack_for_current+0xc0/0xc0
[  385.842582]  ? do_dup2+0x450/0x450
[  385.846152]  ? wait_for_completion_io+0x10/0x10
[  385.850844]  ? vfs_write+0x393/0x540
01:13:21 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xc8030000, 0x0)

[  385.854584]  ksys_mmap_pgoff+0x298/0x5a0
[  385.858670]  ? find_mergeable_anon_vma+0x260/0x260
[  385.863621]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  385.869009]  ? trace_hardirqs_off_caller+0x6e/0x210
[  385.874064]  ? do_syscall_64+0x21/0x620
[  385.878050]  do_syscall_64+0xf9/0x620
[  385.881871]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  385.887076] RIP: 0033:0x45e219
[  385.890280] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  385.909282] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  385.917049] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  385.924333] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  385.931616] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  385.939506] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000001
[  385.946801] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:22 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff01, 0x0)

01:13:22 executing program 0 (fault-call:4 fault-nth:12):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:22 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xc000000)

01:13:22 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0ffffff, 0x0)

01:13:22 executing program 4 (fault-call:4 fault-nth:2):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  386.240018] FAULT_INJECTION: forcing a failure.
[  386.240018] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  386.291880] CPU: 1 PID: 25277 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  386.299810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  386.309178] Call Trace:
[  386.311782]  dump_stack+0x1fc/0x2fe
[  386.315436]  should_fail.cold+0xa/0x14
[  386.315732] FAULT_INJECTION: forcing a failure.
[  386.315732] name failslab, interval 1, probability 0, space 0, times 0
[  386.319330]  ? lock_acquire+0x170/0x3c0
[  386.319346]  ? setup_fault_attr+0x200/0x200
[  386.319374]  __alloc_pages_nodemask+0x239/0x2890
[  386.319393]  ? mark_held_locks+0xa6/0xf0
[  386.319406]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  386.319419]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  386.319436]  ? mark_held_locks+0xa6/0xf0
[  386.319450]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  386.319468]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  386.319492]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  386.375815]  ? retint_kernel+0x2d/0x2d
[  386.379726]  ? __cpu_to_node+0x7b/0xa0
[  386.383981]  ? __sanitizer_cov_trace_pc+0x37/0x50
[  386.388863]  perf_mmap_alloc_page+0x58/0xd0
[  386.393193]  rb_alloc+0x138/0x500
[  386.396886]  perf_mmap+0xff9/0x1810
[  386.400536]  ? perf_release+0x40/0x40
[  386.404372]  ? mmap_region+0xa3b/0x16b0
[  386.408393]  mmap_region+0xc94/0x16b0
[  386.412211]  ? vm_munmap+0x140/0x140
[  386.415937]  ? get_unmapped_area+0x294/0x3c0
[  386.420362]  do_mmap+0x8e8/0x1080
[  386.423853]  vm_mmap_pgoff+0x197/0x200
[  386.427756]  ? vma_is_stack_for_current+0xc0/0xc0
[  386.432629]  ? do_dup2+0x450/0x450
[  386.436187]  ksys_mmap_pgoff+0x298/0x5a0
[  386.440306]  ? find_mergeable_anon_vma+0x260/0x260
[  386.445331]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  386.450733]  ? trace_hardirqs_off_caller+0x6e/0x210
[  386.455763]  ? do_syscall_64+0x21/0x620
[  386.459755]  do_syscall_64+0xf9/0x620
[  386.463579]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  386.468777] RIP: 0033:0x45e219
[  386.471979] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  386.491001] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  386.498732] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  386.506022] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  386.513655] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  386.520955] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000c
[  386.528236] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  386.576847] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  386.576847] 
[  386.578519] CPU: 0 PID: 25289 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  386.596604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  386.605962] Call Trace:
[  386.608581]  dump_stack+0x1fc/0x2fe
[  386.612247]  should_fail.cold+0xa/0x14
[  386.616159]  ? setup_fault_attr+0x200/0x200
[  386.620495]  ? lock_acquire+0x170/0x3c0
[  386.624488]  __should_failslab+0x115/0x180
[  386.628734]  should_failslab+0x5/0xf
[  386.632453]  kmem_cache_alloc+0x277/0x370
[  386.636626]  vm_area_dup+0x1c/0x170
[  386.640267]  __split_vma+0xa5/0x560
[  386.643934]  do_munmap+0x369/0xde0
[  386.647500]  ? mmap_region+0x28d/0x16b0
[  386.651511]  mmap_region+0x2a3/0x16b0
[  386.655326]  ? vm_munmap+0x140/0x140
[  386.659043]  ? security_mmap_addr+0x73/0x90
[  386.663390]  ? get_unmapped_area+0x294/0x3c0
[  386.667807]  do_mmap+0x8e8/0x1080
[  386.671272]  vm_mmap_pgoff+0x197/0x200
[  386.675175]  ? vma_is_stack_for_current+0xc0/0xc0
[  386.680082]  ksys_mmap_pgoff+0x298/0x5a0
[  386.684171]  ? find_mergeable_anon_vma+0x260/0x260
[  386.689894]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  386.695277]  ? trace_hardirqs_off_caller+0x6e/0x210
[  386.700328]  ? do_syscall_64+0x21/0x620
[  386.704318]  do_syscall_64+0xf9/0x620
[  386.708136]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  386.713334] RIP: 0033:0x45e219
[  386.716530] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  386.735527] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  386.743250] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  386.750963] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  386.758263] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  386.765577] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000002
[  386.772857] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:22 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:22 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff0f, 0x0)

01:13:22 executing program 0 (fault-call:4 fault-nth:13):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:22 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xd000000)

01:13:22 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe4ffffff, 0x0)

01:13:22 executing program 4 (fault-call:4 fault-nth:3):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  386.919536] FAULT_INJECTION: forcing a failure.
[  386.919536] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  386.957239] CPU: 0 PID: 25308 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  386.962384] FAULT_INJECTION: forcing a failure.
[  386.962384] name failslab, interval 1, probability 0, space 0, times 0
[  386.965200] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  386.965206] Call Trace:
[  386.965232]  dump_stack+0x1fc/0x2fe
[  386.965256]  should_fail.cold+0xa/0x14
[  386.965292]  ? lock_acquire+0x170/0x3c0
[  386.999910]  ? setup_fault_attr+0x200/0x200
[  387.004264]  __alloc_pages_nodemask+0x239/0x2890
[  387.009040]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  387.013831]  ? mark_held_locks+0xf0/0xf0
[  387.017906]  ? rcu_nmi_exit+0xb3/0x180
[  387.021819]  ? mark_held_locks+0xa6/0xf0
[  387.025896]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  387.030752]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  387.035349]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  387.040126]  ? rcu_nmi_exit+0xb3/0x180
[  387.044030]  ? retint_kernel+0x2d/0x2d
[  387.047941]  ? perf_mmap_alloc_page+0x17/0xd0
[  387.052451]  ? perf_mmap_alloc_page+0x97/0xd0
[  387.056971]  perf_mmap_alloc_page+0x58/0xd0
[  387.061309]  rb_alloc+0x138/0x500
[  387.064781]  perf_mmap+0xff9/0x1810
[  387.068444]  ? perf_release+0x40/0x40
[  387.072270]  ? mmap_region+0xba4/0x16b0
[  387.076263]  mmap_region+0xc94/0x16b0
[  387.080090]  ? vm_munmap+0x140/0x140
[  387.083851]  do_mmap+0x8e8/0x1080
[  387.087327]  vm_mmap_pgoff+0x197/0x200
[  387.091242]  ? vma_is_stack_for_current+0xc0/0xc0
[  387.096107]  ksys_mmap_pgoff+0x298/0x5a0
[  387.100187]  ? find_mergeable_anon_vma+0x260/0x260
[  387.105225]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  387.110610]  ? trace_hardirqs_off_caller+0x6e/0x210
[  387.115638]  ? do_syscall_64+0x21/0x620
[  387.119724]  do_syscall_64+0xf9/0x620
[  387.123661]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  387.128944] RIP: 0033:0x45e219
[  387.132144] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  387.151057] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  387.158784] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  387.166065] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  387.173348] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  387.180632] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000d
[  387.187915] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  387.195245] CPU: 1 PID: 25317 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  387.203149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  387.212520] Call Trace:
[  387.215127]  dump_stack+0x1fc/0x2fe
[  387.218775]  should_fail.cold+0xa/0x14
[  387.222674]  ? setup_fault_attr+0x200/0x200
[  387.227009]  ? should_fail+0x142/0x7b0
[  387.230900]  ? fs_reclaim_release+0xd0/0x110
[  387.235341]  __should_failslab+0x115/0x180
[  387.239584]  should_failslab+0x5/0xf
[  387.243302]  kmem_cache_alloc+0x3f/0x370
[  387.247392]  anon_vma_clone+0xe0/0x5e0
[  387.251317]  __split_vma+0x179/0x560
[  387.255044]  do_munmap+0x369/0xde0
[  387.258596]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  387.263371]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  387.268208]  mmap_region+0x2a3/0x16b0
[  387.272048]  ? vm_munmap+0x140/0x140
[  387.275772]  ? do_mmap+0x350/0x1080
[  387.279419]  do_mmap+0x8e8/0x1080
[  387.282909]  vm_mmap_pgoff+0x197/0x200
[  387.286817]  ? vma_is_stack_for_current+0xc0/0xc0
[  387.291678]  ? do_dup2+0x450/0x450
[  387.295231]  ? check_memory_region+0xb1/0x170
[  387.299750]  ksys_mmap_pgoff+0x298/0x5a0
[  387.303834]  ? find_mergeable_anon_vma+0x260/0x260
[  387.308784]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  387.314172]  ? trace_hardirqs_off_caller+0x6e/0x210
[  387.319229]  ? do_syscall_64+0x21/0x620
[  387.323659]  do_syscall_64+0xf9/0x620
[  387.327481]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  387.332713] RIP: 0033:0x45e219
[  387.335915] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  387.354826] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  387.362552] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  387.369855] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  387.377227] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  387.384508] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000003
[  387.391797] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:23 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xe000000)

01:13:23 executing program 0 (fault-call:4 fault-nth:14):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:23 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffe0, 0x0)

01:13:23 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0xf000000)

[  387.628147] FAULT_INJECTION: forcing a failure.
[  387.628147] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  387.654585] CPU: 0 PID: 25346 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  387.663122] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  387.672496] Call Trace:
[  387.675112]  dump_stack+0x1fc/0x2fe
[  387.678770]  should_fail.cold+0xa/0x14
[  387.682680]  ? lock_acquire+0x170/0x3c0
[  387.686678]  ? setup_fault_attr+0x200/0x200
[  387.691052]  __alloc_pages_nodemask+0x239/0x2890
[  387.695835]  ? mark_held_locks+0xa6/0xf0
[  387.699918]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  387.704710]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  387.709320]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  387.714213]  ? rcu_nmi_exit+0xb3/0x180
[  387.718122]  ? check_preemption_disabled+0x41/0x280
[  387.723168]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  387.728295]  perf_mmap_alloc_page+0x58/0xd0
[  387.732634]  rb_alloc+0x138/0x500
[  387.736118]  perf_mmap+0xff9/0x1810
[  387.739802]  ? perf_release+0x40/0x40
[  387.743622]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  387.748708]  mmap_region+0xc94/0x16b0
[  387.752538]  ? vm_munmap+0x140/0x140
[  387.756278]  do_mmap+0x8e8/0x1080
[  387.759758]  vm_mmap_pgoff+0x197/0x200
[  387.763679]  ? vma_is_stack_for_current+0xc0/0xc0
[  387.768547]  ? do_dup2+0x450/0x450
[  387.772102]  ? wait_for_completion_io+0x10/0x10
[  387.776788]  ? vfs_write+0x393/0x540
[  387.780522]  ksys_mmap_pgoff+0x298/0x5a0
[  387.784616]  ? find_mergeable_anon_vma+0x260/0x260
[  387.789562]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  387.794944]  ? trace_hardirqs_off_caller+0x6e/0x210
[  387.800002]  ? do_syscall_64+0x21/0x620
[  387.803997]  do_syscall_64+0xf9/0x620
[  387.807819]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  387.813023] RIP: 0033:0x45e219
[  387.816227] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  387.835366] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  387.843093] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  387.850376] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  387.857658] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  387.865384] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000e
01:13:23 executing program 4 (fault-call:4 fault-nth:4):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  387.872671] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:24 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x40000, 0x0)

[  387.991482] FAULT_INJECTION: forcing a failure.
[  387.991482] name failslab, interval 1, probability 0, space 0, times 0
[  388.008344] CPU: 1 PID: 25370 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  388.016259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  388.025619] Call Trace:
[  388.028223]  dump_stack+0x1fc/0x2fe
[  388.031860]  should_fail.cold+0xa/0x14
[  388.035757]  ? setup_fault_attr+0x200/0x200
[  388.040088]  ? lock_acquire+0x170/0x3c0
[  388.044079]  __should_failslab+0x115/0x180
[  388.048339]  should_failslab+0x5/0xf
[  388.052057]  kmem_cache_alloc+0x277/0x370
[  388.056216]  vm_area_alloc+0x1c/0x110
[  388.060018]  mmap_region+0xa2a/0x16b0
[  388.063829]  ? vm_munmap+0x140/0x140
[  388.067565]  ? security_mmap_addr+0x73/0x90
[  388.071899]  ? get_unmapped_area+0x294/0x3c0
[  388.076320]  do_mmap+0x8e8/0x1080
[  388.079784]  vm_mmap_pgoff+0x197/0x200
[  388.083693]  ? vma_is_stack_for_current+0xc0/0xc0
[  388.088538]  ? do_dup2+0x450/0x450
[  388.092090]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  388.096873]  ksys_mmap_pgoff+0x298/0x5a0
[  388.100940]  ? find_mergeable_anon_vma+0x260/0x260
[  388.105883]  ? do_syscall_64+0xbf/0x620
[  388.109885]  do_syscall_64+0xf9/0x620
[  388.113694]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  388.118886] RIP: 0033:0x45e219
[  388.122090] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  388.141018] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  388.148744] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  388.156017] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  388.163291] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  388.170562] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000004
[  388.177856] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  388.412619] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  388.412619] 
01:13:24 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:24 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf4ffffff, 0x0)

01:13:24 executing program 0 (fault-call:4 fault-nth:15):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:24 executing program 4 (fault-call:4 fault-nth:5):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:24 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x10000000)

01:13:24 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x200000, 0x0)

[  388.545332] FAULT_INJECTION: forcing a failure.
[  388.545332] name failslab, interval 1, probability 0, space 0, times 0
[  388.559857] CPU: 1 PID: 25399 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  388.568045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  388.578907] Call Trace:
[  388.581528]  dump_stack+0x1fc/0x2fe
[  388.585170]  should_fail.cold+0xa/0x14
[  388.589071]  ? setup_fault_attr+0x200/0x200
[  388.593416]  ? lock_acquire+0x170/0x3c0
[  388.597411]  __should_failslab+0x115/0x180
[  388.601677]  should_failslab+0x5/0xf
[  388.605416]  __kmalloc+0x2ab/0x3c0
[  388.608957]  ? rb_alloc+0x97/0x500
[  388.612503]  rb_alloc+0x97/0x500
[  388.615881]  perf_mmap+0xff9/0x1810
[  388.619652]  ? perf_release+0x40/0x40
[  388.623489]  mmap_region+0xc94/0x16b0
[  388.627447]  ? vm_munmap+0x140/0x140
[  388.631179]  ? path_noexec+0xc/0xf0
[  388.634832]  ? path_noexec+0x4e/0xf0
[  388.638571]  do_mmap+0x8e8/0x1080
[  388.642121]  vm_mmap_pgoff+0x197/0x200
[  388.646035]  ? vma_is_stack_for_current+0xc0/0xc0
[  388.650896]  ? do_dup2+0x450/0x450
[  388.654450]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  388.659227]  ksys_mmap_pgoff+0x298/0x5a0
[  388.663316]  ? find_mergeable_anon_vma+0x260/0x260
[  388.668275]  ? do_syscall_64+0xbf/0x620
[  388.672263]  do_syscall_64+0xf9/0x620
[  388.676073]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  388.681466] RIP: 0033:0x45e219
[  388.684666] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  388.703931] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  388.711661] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  388.718942] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  388.726257] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  388.733671] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000005
[  388.740965] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  388.762397] FAULT_INJECTION: forcing a failure.
[  388.762397] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:24 executing program 4 (fault-call:4 fault-nth:6):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  388.871763] CPU: 0 PID: 25400 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  388.879795] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  388.889198] Call Trace:
[  388.891809]  dump_stack+0x1fc/0x2fe
[  388.895560]  should_fail.cold+0xa/0x14
[  388.900017]  ? lock_acquire+0x170/0x3c0
[  388.904006]  ? setup_fault_attr+0x200/0x200
[  388.908346]  __alloc_pages_nodemask+0x239/0x2890
[  388.913110]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  388.917879]  ? mark_held_locks+0xf0/0xf0
[  388.922054]  ? rcu_nmi_exit+0xb3/0x180
[  388.925958]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  388.930549]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  388.935411]  ? rcu_nmi_exit+0xb3/0x180
[  388.939317]  ? check_preemption_disabled+0x41/0x280
[  388.948800]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  388.953838]  perf_mmap_alloc_page+0x58/0xd0
[  388.958172]  rb_alloc+0x138/0x500
[  388.961634]  perf_mmap+0xff9/0x1810
[  388.965381]  ? perf_release+0x40/0x40
[  388.969188]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  388.974310]  mmap_region+0xc94/0x16b0
[  388.978140]  ? vm_munmap+0x140/0x140
[  388.982043]  ? do_mmap+0xb17/0x1080
[  388.985692]  do_mmap+0x8e8/0x1080
[  388.989158]  vm_mmap_pgoff+0x197/0x200
[  388.994016]  ? vma_is_stack_for_current+0xc0/0xc0
[  388.998869]  ? do_dup2+0x450/0x450
[  389.002419]  ? check_memory_region+0x9/0x170
[  389.006924]  ksys_mmap_pgoff+0x298/0x5a0
[  389.011010]  ? find_mergeable_anon_vma+0x260/0x260
[  389.015969]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  389.021460]  ? trace_hardirqs_off_caller+0x6e/0x210
[  389.026498]  ? do_syscall_64+0x21/0x620
[  389.030515]  do_syscall_64+0xf9/0x620
[  389.034352]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  389.039553] RIP: 0033:0x45e219
[  389.042761] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  389.061687] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:25 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf5ffffff, 0x0)

[  389.070535] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  389.078942] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  389.086714] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  389.094442] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000f
[  389.101736] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:25 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x400000, 0x0)

01:13:25 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x11000000)

[  389.196515] FAULT_INJECTION: forcing a failure.
[  389.196515] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  389.225063] CPU: 0 PID: 25430 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  389.233957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.243435] Call Trace:
[  389.246042]  dump_stack+0x1fc/0x2fe
[  389.249691]  should_fail.cold+0xa/0x14
[  389.253712]  ? lock_acquire+0x170/0x3c0
[  389.257796]  ? setup_fault_attr+0x200/0x200
[  389.262252]  __alloc_pages_nodemask+0x239/0x2890
[  389.267052]  ? retint_kernel+0x2d/0x2d
[  389.270958]  ? mark_held_locks+0xf0/0xf0
[  389.275052]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  389.279931]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  389.284720]  ? rcu_nmi_exit+0xb3/0x180
[  389.288633]  ? check_preemption_disabled+0x41/0x280
01:13:25 executing program 0 (fault-call:4 fault-nth:16):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  389.293708]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  389.298750]  perf_mmap_alloc_page+0x58/0xd0
[  389.303089]  rb_alloc+0xac/0x500
[  389.306482]  perf_mmap+0xff9/0x1810
[  389.310118]  ? perf_release+0x40/0x40
[  389.313925]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  389.318956]  mmap_region+0xc94/0x16b0
[  389.322770]  ? vm_munmap+0x140/0x140
[  389.326506]  ? do_mmap+0xac3/0x1080
[  389.330135]  do_mmap+0x8e8/0x1080
[  389.333598]  vm_mmap_pgoff+0x197/0x200
[  389.337620]  ? vma_is_stack_for_current+0xc0/0xc0
[  389.342468]  ? do_dup2+0x450/0x450
[  389.346013]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  389.350786]  ksys_mmap_pgoff+0x298/0x5a0
[  389.354860]  ? find_mergeable_anon_vma+0x260/0x260
[  389.359804]  do_syscall_64+0xf9/0x620
[  389.363610]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  389.368802] RIP: 0033:0x45e219
[  389.371999] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  389.390908] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  389.398626] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  389.405902] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  389.413196] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  389.420474] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000006
[  389.427749] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:25 executing program 4 (fault-call:4 fault-nth:7):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  389.586420] FAULT_INJECTION: forcing a failure.
[  389.586420] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  389.587614] FAULT_INJECTION: forcing a failure.
[  389.587614] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  389.605156] CPU: 1 PID: 25464 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  389.618444] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.628396] Call Trace:
[  389.631004]  dump_stack+0x1fc/0x2fe
[  389.634648]  should_fail.cold+0xa/0x14
[  389.638551]  ? setup_fault_attr+0x200/0x200
[  389.642895]  __alloc_pages_nodemask+0x239/0x2890
[  389.647693]  ? __kernel_text_address+0x9/0x30
[  389.652207]  ? mark_held_locks+0xf0/0xf0
[  389.656291]  ? __save_stack_trace+0xaf/0x190
[  389.660722]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  389.665320]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  389.670179]  ? rcu_nmi_exit+0xb3/0x180
[  389.674089]  ? check_preemption_disabled+0x41/0x280
[  389.679129]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  389.684161]  perf_mmap_alloc_page+0x58/0xd0
[  389.688635]  rb_alloc+0x138/0x500
[  389.692161]  ? perf_mmap+0xbac/0x1810
[  389.695987]  perf_mmap+0xff9/0x1810
[  389.699647]  ? perf_release+0x40/0x40
[  389.703473]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  389.708517]  mmap_region+0xc94/0x16b0
[  389.712341]  ? vm_munmap+0x140/0x140
[  389.716068]  ? do_mmap+0xc88/0x1080
[  389.719997]  do_mmap+0x8e8/0x1080
[  389.723487]  vm_mmap_pgoff+0x197/0x200
[  389.727388]  ? vma_is_stack_for_current+0xc0/0xc0
[  389.732238]  ? do_dup2+0x450/0x450
[  389.735811]  ? wait_for_completion_io+0x10/0x10
[  389.740492]  ? ksys_write+0x241/0x2a0
[  389.744483]  ksys_mmap_pgoff+0x298/0x5a0
[  389.748557]  ? find_mergeable_anon_vma+0x260/0x260
[  389.753497]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  389.758876]  ? trace_hardirqs_off_caller+0x6e/0x210
[  389.763912]  ? do_syscall_64+0x21/0x620
[  389.767922]  do_syscall_64+0xf9/0x620
[  389.771738]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  389.776954] RIP: 0033:0x45e219
[  389.780177] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  389.799093] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  389.806853] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  389.814162] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  389.821608] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  389.828891] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000007
[  389.836175] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  389.843488] CPU: 0 PID: 25463 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  389.851394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  389.860758] Call Trace:
[  389.863372]  dump_stack+0x1fc/0x2fe
[  389.867016]  should_fail.cold+0xa/0x14
[  389.870933]  ? lock_acquire+0x170/0x3c0
[  389.874918]  ? setup_fault_attr+0x200/0x200
[  389.879281]  __alloc_pages_nodemask+0x239/0x2890
[  389.884058]  ? mark_held_locks+0xa6/0xf0
[  389.888134]  ? __save_stack_trace+0xaf/0x190
[  389.892552]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  389.897421]  ? mark_held_locks+0xa6/0xf0
[  389.901505]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  389.906365]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  389.910958]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  389.915739]  ? rcu_nmi_exit+0xb3/0x180
[  389.919642]  ? retint_kernel+0x2d/0x2d
[  389.923571]  ? perf_mmap_alloc_page+0x47/0xd0
[  389.928084]  perf_mmap_alloc_page+0x58/0xd0
[  389.932431]  rb_alloc+0x138/0x500
[  389.935941]  perf_mmap+0xff9/0x1810
[  389.939593]  ? perf_release+0x40/0x40
[  389.943408]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  389.948447]  mmap_region+0xc94/0x16b0
[  389.952278]  ? vm_munmap+0x140/0x140
[  389.956021]  do_mmap+0x8e8/0x1080
[  389.959502]  vm_mmap_pgoff+0x197/0x200
[  389.963411]  ? vma_is_stack_for_current+0xc0/0xc0
[  389.968274]  ? do_dup2+0x450/0x450
[  389.971835]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  389.976862]  ksys_mmap_pgoff+0x298/0x5a0
[  389.980931]  ? find_mergeable_anon_vma+0x260/0x260
[  389.985962]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  389.991328]  ? trace_hardirqs_off_caller+0x6e/0x210
[  389.996355]  ? do_syscall_64+0x21/0x620
[  390.000360]  do_syscall_64+0xf9/0x620
[  390.004163]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  390.009364] RIP: 0033:0x45e219
[  390.012543] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  390.031452] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  390.039162] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  390.046440] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  390.054482] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  390.061748] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000010
[  390.069386] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  390.115395] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  390.115395] 
01:13:26 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)='PMM\x00PMM', 0x7, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:26 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x800000, 0x0)

01:13:26 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x12000000)

01:13:26 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf6ffffff, 0x0)

01:13:26 executing program 4 (fault-call:4 fault-nth:8):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:26 executing program 0 (fault-call:4 fault-nth:17):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  390.256927] FAULT_INJECTION: forcing a failure.
[  390.256927] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  390.267173] FAULT_INJECTION: forcing a failure.
[  390.267173] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  390.335789] CPU: 1 PID: 25480 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  390.343716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  390.353111] Call Trace:
[  390.355716]  dump_stack+0x1fc/0x2fe
[  390.359360]  should_fail.cold+0xa/0x14
[  390.363298]  ? lock_acquire+0x170/0x3c0
[  390.367288]  ? setup_fault_attr+0x200/0x200
[  390.371657]  __alloc_pages_nodemask+0x239/0x2890
[  390.376448]  ? __kernel_text_address+0x9/0x30
[  390.380965]  ? mark_held_locks+0xf0/0xf0
[  390.385055]  ? __save_stack_trace+0xaf/0x190
[  390.389518]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  390.394380]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  390.399155]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  390.403791]  ? rcu_nmi_exit+0xb3/0x180
[  390.407730]  ? retint_kernel+0x2d/0x2d
[  390.411645]  perf_mmap_alloc_page+0x58/0xd0
[  390.415978]  rb_alloc+0x138/0x500
[  390.419443]  perf_mmap+0xff9/0x1810
[  390.423171]  ? perf_release+0x40/0x40
[  390.426982]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  390.432025]  mmap_region+0xc94/0x16b0
[  390.435857]  ? vm_munmap+0x140/0x140
[  390.439604]  ? get_unmapped_area+0x294/0x3c0
[  390.444032]  do_mmap+0x8e8/0x1080
[  390.447505]  vm_mmap_pgoff+0x197/0x200
[  390.451415]  ? vma_is_stack_for_current+0xc0/0xc0
[  390.456281]  ? ksys_mmap_pgoff+0x12e/0x5a0
[  390.460530]  ksys_mmap_pgoff+0x298/0x5a0
[  390.464634]  ? find_mergeable_anon_vma+0x260/0x260
[  390.469581]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  390.474963]  ? trace_hardirqs_off_caller+0x6e/0x210
[  390.480000]  ? do_syscall_64+0x21/0x620
[  390.483995]  do_syscall_64+0xf9/0x620
[  390.487822]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  390.493024] RIP: 0033:0x45e219
[  390.496227] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  390.515141] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  390.522868] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  390.530153] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  390.537443] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  390.544728] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000008
[  390.552139] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  390.559481] CPU: 0 PID: 25481 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  390.567382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  390.576744] Call Trace:
[  390.579349]  dump_stack+0x1fc/0x2fe
[  390.582994]  should_fail.cold+0xa/0x14
01:13:26 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x13000000)

[  390.586892]  ? lock_acquire+0x170/0x3c0
[  390.590883]  ? setup_fault_attr+0x200/0x200
[  390.595235]  __alloc_pages_nodemask+0x239/0x2890
[  390.600032]  ? mark_held_locks+0xa6/0xf0
[  390.604149]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  390.608929]  ? mark_held_locks+0xa6/0xf0
[  390.613001]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  390.617768]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  390.622623]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  390.628060]  ? retint_kernel+0x2d/0x2d
[  390.631973]  ? __cpu_to_node+0x1f/0xa0
[  390.635894]  ? __sanitizer_cov_trace_pc+0x3b/0x50
[  390.640756]  perf_mmap_alloc_page+0x58/0xd0
[  390.645086]  rb_alloc+0x138/0x500
[  390.648553]  perf_mmap+0xff9/0x1810
[  390.652211]  ? perf_release+0x40/0x40
[  390.656030]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  390.661067]  mmap_region+0xc94/0x16b0
[  390.664890]  ? vm_munmap+0x140/0x140
[  390.668619]  ? do_mmap+0x56d/0x1080
[  390.672261]  do_mmap+0x8e8/0x1080
[  390.675736]  vm_mmap_pgoff+0x197/0x200
[  390.679648]  ? vma_is_stack_for_current+0xc0/0xc0
01:13:26 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x1000000, 0x0)

[  390.684501]  ? do_dup2+0x450/0x450
[  390.688051]  ? wait_for_completion_io+0x10/0x10
[  390.692740]  ? vfs_write+0x393/0x540
[  390.696474]  ksys_mmap_pgoff+0x298/0x5a0
[  390.700551]  ? find_mergeable_anon_vma+0x260/0x260
[  390.705505]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  390.710886]  ? trace_hardirqs_off_caller+0x6e/0x210
[  390.715918]  ? do_syscall_64+0x21/0x620
[  390.719915]  do_syscall_64+0xf9/0x620
[  390.723729]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  390.728925] RIP: 0033:0x45e219
[  390.732126] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  390.754949] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  390.762667] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  390.769955] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  390.777245] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
01:13:26 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfeffffff, 0x0)

[  390.784524] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000011
[  390.791810] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:26 executing program 4 (fault-call:4 fault-nth:9):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:26 executing program 0 (fault-call:4 fault-nth:18):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:27 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x14000000)

[  390.996153] FAULT_INJECTION: forcing a failure.
[  390.996153] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  391.051608] FAULT_INJECTION: forcing a failure.
[  391.051608] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  391.071355] CPU: 1 PID: 25529 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  391.079269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  391.088653] Call Trace:
[  391.091267]  dump_stack+0x1fc/0x2fe
[  391.094945]  should_fail.cold+0xa/0x14
[  391.098860]  ? setup_fault_attr+0x200/0x200
[  391.103236]  __alloc_pages_nodemask+0x239/0x2890
[  391.108018]  ? retint_kernel+0x2d/0x2d
[  391.111936]  ? mark_held_locks+0xa6/0xf0
[  391.116015]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  391.120875]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  391.125473]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  391.130248]  ? rcu_nmi_exit+0xb3/0x180
[  391.134161]  ? retint_kernel+0x2d/0x2d
[  391.138073]  ? perf_mmap_alloc_page+0x8c/0xd0
[  391.142585]  perf_mmap_alloc_page+0x58/0xd0
[  391.146919]  rb_alloc+0x138/0x500
[  391.150394]  perf_mmap+0xff9/0x1810
[  391.154038]  ? perf_release+0x40/0x40
[  391.157852]  ? check_memory_region+0x108/0x170
[  391.162574]  mmap_region+0xc94/0x16b0
[  391.166402]  ? vm_munmap+0x140/0x140
[  391.170133]  ? do_mmap+0xc72/0x1080
[  391.173769]  do_mmap+0x8e8/0x1080
[  391.177234]  vm_mmap_pgoff+0x197/0x200
[  391.181135]  ? vma_is_stack_for_current+0xc0/0xc0
[  391.185977]  ? do_dup2+0x450/0x450
[  391.189526]  ? ksys_mmap_pgoff+0x114/0x5a0
[  391.193766]  ksys_mmap_pgoff+0x298/0x5a0
[  391.197833]  ? find_mergeable_anon_vma+0x260/0x260
[  391.202764]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  391.208133]  ? trace_hardirqs_off_caller+0x6e/0x210
[  391.213170]  ? do_syscall_64+0x21/0x620
[  391.217152]  do_syscall_64+0xf9/0x620
[  391.220957]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  391.226148] RIP: 0033:0x45e219
[  391.229343] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  391.248266] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  391.255981] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  391.263255] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  391.270569] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  391.277842] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000009
[  391.285116] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  391.298543] EXT4-fs warning (device loop5): ext4_multi_mount_protect:325: MMP startup interrupted, failing mount
[  391.298543] 
[  391.337817] CPU: 1 PID: 25539 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  391.345740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  391.355100] Call Trace:
[  391.357710]  dump_stack+0x1fc/0x2fe
[  391.361353]  should_fail.cold+0xa/0x14
[  391.365257]  ? lock_acquire+0x170/0x3c0
[  391.369246]  ? setup_fault_attr+0x200/0x200
[  391.373593]  __alloc_pages_nodemask+0x239/0x2890
[  391.378366]  ? mark_held_locks+0xa6/0xf0
[  391.382472]  ? rcu_nmi_exit+0xb3/0x180
[  391.386370]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  391.391152]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  391.396000]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  391.400767]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  391.405359]  ? rcu_nmi_exit+0xb3/0x180
[  391.409276]  ? retint_kernel+0x2d/0x2d
[  391.413179]  perf_mmap_alloc_page+0x58/0xd0
[  391.417510]  rb_alloc+0x138/0x500
[  391.420965]  perf_mmap+0xff9/0x1810
[  391.424602]  ? perf_release+0x40/0x40
[  391.428456]  ? mmap_region+0xda8/0x16b0
[  391.432433]  mmap_region+0xc94/0x16b0
[  391.436246]  ? vm_munmap+0x140/0x140
[  391.439968]  ? write_comp_data+0x16/0x70
[  391.444058]  do_mmap+0x8e8/0x1080
[  391.447525]  vm_mmap_pgoff+0x197/0x200
[  391.451424]  ? vma_is_stack_for_current+0xc0/0xc0
[  391.456282]  ? do_dup2+0x450/0x450
[  391.459827]  ? wait_for_completion_io+0x10/0x10
[  391.464510]  ? vfs_write+0x393/0x540
[  391.468240]  ksys_mmap_pgoff+0x298/0x5a0
[  391.472308]  ? find_mergeable_anon_vma+0x260/0x260
[  391.477244]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  391.482640]  ? trace_hardirqs_off_caller+0x6e/0x210
[  391.487663]  ? do_syscall_64+0x21/0x620
[  391.491644]  do_syscall_64+0xf9/0x620
[  391.495476]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  391.500672] RIP: 0033:0x45e219
[  391.503874] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  391.522789] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  391.530508] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  391.537784] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  391.545059] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  391.552334] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000012
[  391.559632] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:27 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:27 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x2000000, 0x0)

01:13:27 executing program 4 (fault-call:4 fault-nth:10):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:27 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff010000, 0x0)

01:13:27 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x15000000)

01:13:27 executing program 0 (fault-call:4 fault-nth:19):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  391.702698] FAULT_INJECTION: forcing a failure.
[  391.702698] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  391.723292] CPU: 1 PID: 25558 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  391.731223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  391.740681] Call Trace:
[  391.741935] FAULT_INJECTION: forcing a failure.
[  391.741935] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  391.743289]  dump_stack+0x1fc/0x2fe
[  391.743311]  should_fail.cold+0xa/0x14
[  391.743328]  ? lock_acquire+0x170/0x3c0
[  391.743343]  ? setup_fault_attr+0x200/0x200
[  391.743370]  __alloc_pages_nodemask+0x239/0x2890
[  391.743388]  ? mark_held_locks+0xa6/0xf0
[  391.743404]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  391.743428]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  391.789310]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  391.794188]  ? rcu_nmi_exit+0xb3/0x180
[  391.798101]  ? check_preemption_disabled+0x41/0x280
[  391.803145]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  391.808189]  perf_mmap_alloc_page+0x58/0xd0
[  391.812534]  rb_alloc+0x138/0x500
[  391.816004]  perf_mmap+0xff9/0x1810
[  391.819649]  ? perf_release+0x40/0x40
[  391.823503]  ? mmap_region+0xc09/0x16b0
[  391.827506]  mmap_region+0xc94/0x16b0
[  391.831335]  ? vm_munmap+0x140/0x140
[  391.835076]  ? do_mmap+0x53e/0x1080
[  391.838725]  do_mmap+0x8e8/0x1080
[  391.842196]  vm_mmap_pgoff+0x197/0x200
[  391.846120]  ? vma_is_stack_for_current+0xc0/0xc0
[  391.850977]  ? do_dup2+0x450/0x450
[  391.854534]  ? wait_for_completion_io+0x10/0x10
[  391.859216]  ? vfs_write+0x393/0x540
[  391.862951]  ksys_mmap_pgoff+0x298/0x5a0
[  391.867032]  ? find_mergeable_anon_vma+0x260/0x260
[  391.871981]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  391.877363]  ? trace_hardirqs_off_caller+0x6e/0x210
[  391.882395]  ? do_syscall_64+0x21/0x620
[  391.886387]  do_syscall_64+0xf9/0x620
[  391.890209]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  391.895435] RIP: 0033:0x45e219
[  391.898664] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  391.917578] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  391.925301] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  391.932586] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  391.939866] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  391.947153] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000a
[  391.954526] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  391.961857] CPU: 0 PID: 25564 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  391.969765] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  391.979130] Call Trace:
[  391.981736]  dump_stack+0x1fc/0x2fe
[  391.985384]  should_fail.cold+0xa/0x14
[  391.989277]  ? lock_acquire+0x170/0x3c0
[  391.993276]  ? setup_fault_attr+0x200/0x200
[  391.997619]  __alloc_pages_nodemask+0x239/0x2890
[  392.002390]  ? __kernel_text_address+0x9/0x30
[  392.006905]  ? mark_held_locks+0xf0/0xf0
[  392.010967]  ? __save_stack_trace+0xaf/0x190
[  392.015395]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  392.020242]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  392.025005]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  392.029596]  ? rcu_nmi_exit+0xb3/0x180
[  392.033507]  ? retint_kernel+0x2d/0x2d
[  392.037409]  perf_mmap_alloc_page+0x58/0xd0
[  392.041737]  rb_alloc+0x138/0x500
[  392.045202]  perf_mmap+0xff9/0x1810
[  392.048866]  ? perf_release+0x40/0x40
[  392.052701]  ? mmap_region+0xbe8/0x16b0
[  392.056703]  mmap_region+0xc94/0x16b0
[  392.060530]  ? vm_munmap+0x140/0x140
[  392.064263]  ? do_mmap+0x2da/0x1080
[  392.067900]  do_mmap+0x8e8/0x1080
[  392.071368]  vm_mmap_pgoff+0x197/0x200
[  392.075271]  ? vma_is_stack_for_current+0xc0/0xc0
[  392.080121]  ? do_dup2+0x450/0x450
[  392.083671]  ? wait_for_completion_io+0x10/0x10
[  392.088359]  ? vfs_write+0x393/0x540
[  392.092097]  ksys_mmap_pgoff+0x298/0x5a0
[  392.096176]  ? find_mergeable_anon_vma+0x260/0x260
[  392.101113]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  392.106492]  ? trace_hardirqs_off_caller+0x6e/0x210
[  392.111536]  ? do_syscall_64+0x21/0x620
[  392.115524]  do_syscall_64+0xf9/0x620
[  392.119343]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.124545] RIP: 0033:0x45e219
[  392.127744] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  392.147092] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  392.154815] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  392.162265] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  392.169549] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  392.176835] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000013
[  392.184115] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  392.238868] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
01:13:28 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff0f0000, 0x0)

01:13:28 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x16000000)

01:13:28 executing program 0 (fault-call:4 fault-nth:20):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:28 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:28 executing program 4 (fault-call:4 fault-nth:11):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:28 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3000000, 0x0)

[  392.500357] FAULT_INJECTION: forcing a failure.
[  392.500357] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  392.503782] FAULT_INJECTION: forcing a failure.
[  392.503782] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:28 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffffff8b, 0x0)

01:13:28 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x17000000)

[  392.549394] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  392.587925] CPU: 1 PID: 25610 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  392.595841] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.605200] Call Trace:
[  392.607801]  dump_stack+0x1fc/0x2fe
[  392.611445]  should_fail.cold+0xa/0x14
[  392.615343]  ? lock_acquire+0x170/0x3c0
[  392.619328]  ? setup_fault_attr+0x200/0x200
[  392.623673]  __alloc_pages_nodemask+0x239/0x2890
[  392.628472]  ? __kernel_text_address+0x9/0x30
[  392.632976]  ? mark_held_locks+0xf0/0xf0
[  392.637046]  ? __save_stack_trace+0xaf/0x190
[  392.641469]  ? mark_held_locks+0xa6/0xf0
[  392.645543]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  392.650400]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  392.654991]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  392.659764]  ? rcu_nmi_exit+0xb3/0x180
[  392.663661]  ? retint_kernel+0x2d/0x2d
[  392.667593]  ? perf_mmap_alloc_page+0x17/0xd0
[  392.672103]  perf_mmap_alloc_page+0x58/0xd0
[  392.676431]  rb_alloc+0x138/0x500
[  392.679916]  perf_mmap+0xff9/0x1810
[  392.683562]  ? perf_release+0x40/0x40
[  392.687376]  ? mmap_region+0xe7d/0x16b0
[  392.691378]  ? check_memory_region+0xcb/0x170
[  392.695896]  mmap_region+0xc94/0x16b0
[  392.699746]  ? vm_munmap+0x140/0x140
[  392.703494]  ? mmap_region+0xc/0x16b0
[  392.707422]  do_mmap+0x8e8/0x1080
[  392.710891]  vm_mmap_pgoff+0x197/0x200
[  392.714795]  ? vma_is_stack_for_current+0xc0/0xc0
[  392.719684]  ? do_dup2+0x450/0x450
[  392.723234]  ? wait_for_completion_io+0x10/0x10
[  392.727947]  ? vfs_write+0x393/0x540
[  392.731682]  ksys_mmap_pgoff+0x298/0x5a0
[  392.735771]  ? find_mergeable_anon_vma+0x260/0x260
[  392.740715]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  392.746096]  ? trace_hardirqs_off_caller+0x6e/0x210
[  392.751126]  ? do_syscall_64+0x21/0x620
[  392.755134]  do_syscall_64+0xf9/0x620
[  392.758956]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.764174] RIP: 0033:0x45e219
[  392.767376] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  392.786742] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  392.794469] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  392.801762] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  392.809041] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  392.816320] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000014
[  392.823599] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  392.830915] CPU: 0 PID: 25612 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  392.838842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  392.848324] Call Trace:
[  392.850930]  dump_stack+0x1fc/0x2fe
[  392.854583]  should_fail.cold+0xa/0x14
[  392.858486]  ? lock_acquire+0x170/0x3c0
[  392.862465]  ? setup_fault_attr+0x200/0x200
[  392.866882]  __alloc_pages_nodemask+0x239/0x2890
[  392.871629]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  392.876374]  ? rcu_nmi_exit+0xb3/0x180
[  392.880289]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  392.884967]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  392.889801]  ? rcu_nmi_exit+0xb3/0x180
[  392.893770]  ? check_preemption_disabled+0x41/0x280
[  392.898843]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.903902]  perf_mmap_alloc_page+0x58/0xd0
[  392.908241]  rb_alloc+0x138/0x500
[  392.911691]  perf_mmap+0xff9/0x1810
[  392.915377]  ? perf_release+0x40/0x40
[  392.919178]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  392.924192]  mmap_region+0xc94/0x16b0
[  392.927990]  ? vm_munmap+0x140/0x140
[  392.931748]  ? get_unmapped_area+0x294/0x3c0
[  392.936149]  do_mmap+0x8e8/0x1080
[  392.939609]  vm_mmap_pgoff+0x197/0x200
[  392.943489]  ? vma_is_stack_for_current+0xc0/0xc0
[  392.948331]  ? do_dup2+0x450/0x450
[  392.951863]  ? wait_for_completion_io+0x10/0x10
[  392.956806]  ? vfs_write+0x393/0x540
[  392.960530]  ksys_mmap_pgoff+0x298/0x5a0
[  392.964595]  ? find_mergeable_anon_vma+0x260/0x260
[  392.969520]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  392.974891]  ? trace_hardirqs_off_caller+0x6e/0x210
[  392.979918]  ? do_syscall_64+0x21/0x620
[  392.983899]  do_syscall_64+0xf9/0x620
[  392.987698]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  392.992913] RIP: 0033:0x45e219
[  392.996106] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  393.015007] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  393.022726] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  393.029997] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  393.037280] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  393.044551] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000b
[  393.051924] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:29 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:29 executing program 0 (fault-call:4 fault-nth:21):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:29 executing program 4 (fault-call:4 fault-nth:12):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:29 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4000000, 0x0)

[  393.282739] FAULT_INJECTION: forcing a failure.
[  393.282739] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  393.285436] FAULT_INJECTION: forcing a failure.
[  393.285436] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  393.302882] CPU: 0 PID: 25641 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  393.315670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.325035] Call Trace:
[  393.327663]  dump_stack+0x1fc/0x2fe
[  393.331317]  should_fail.cold+0xa/0x14
[  393.335683]  ? lock_acquire+0x170/0x3c0
[  393.339692]  ? setup_fault_attr+0x200/0x200
[  393.344039]  __alloc_pages_nodemask+0x239/0x2890
[  393.348811]  ? finish_task_switch+0x1db/0x760
[  393.353320]  ? switch_mm_irqs_off+0x764/0x1340
[  393.357936]  ? rcu_nmi_exit+0xb3/0x180
[  393.361859]  ? mark_held_locks+0xa6/0xf0
[  393.365935]  ? io_schedule_timeout+0x140/0x140
[  393.370529]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  393.375385]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  393.379978]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  393.385188]  ? retint_kernel+0x2d/0x2d
[  393.389098]  ? perf_mmap_alloc_page+0x65/0xd0
[  393.393607]  perf_mmap_alloc_page+0x58/0xd0
[  393.397946]  rb_alloc+0x138/0x500
[  393.401421]  perf_mmap+0xff9/0x1810
[  393.405082]  ? perf_release+0x40/0x40
[  393.408885]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  393.413909]  mmap_region+0xc94/0x16b0
[  393.417724]  ? vm_munmap+0x140/0x140
[  393.421475]  ? get_unmapped_area+0x294/0x3c0
[  393.425904]  do_mmap+0x8e8/0x1080
[  393.429402]  vm_mmap_pgoff+0x197/0x200
[  393.433312]  ? vma_is_stack_for_current+0xc0/0xc0
[  393.438160]  ? do_dup2+0x450/0x450
[  393.441728]  ? wait_for_completion_io+0x10/0x10
[  393.446402]  ? vfs_write+0x393/0x540
[  393.450139]  ksys_mmap_pgoff+0x298/0x5a0
[  393.454224]  ? find_mergeable_anon_vma+0x260/0x260
[  393.459223]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  393.464601]  ? trace_hardirqs_off_caller+0x6e/0x210
[  393.469625]  ? do_syscall_64+0x21/0x620
[  393.473607]  do_syscall_64+0xf9/0x620
[  393.477435]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  393.482728] RIP: 0033:0x45e219
[  393.485927] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  393.504838] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  393.512557] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  393.519947] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  393.527228] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  393.534505] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000015
[  393.541783] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  393.551293] EXT4-fs warning (device loop5): read_mmp_block:110: Error -117 while reading MMP block 17
[  393.563582] CPU: 0 PID: 25645 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  393.571489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  393.580855] Call Trace:
[  393.583549]  dump_stack+0x1fc/0x2fe
[  393.587245]  should_fail.cold+0xa/0x14
[  393.591152]  ? lock_acquire+0x170/0x3c0
[  393.595148]  ? setup_fault_attr+0x200/0x200
[  393.599516]  __alloc_pages_nodemask+0x239/0x2890
[  393.604283]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  393.609046]  ? rcu_nmi_exit+0xb3/0x180
[  393.612942]  ? mark_held_locks+0xa6/0xf0
[  393.617025]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  393.621892]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  393.626479]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  393.631244]  ? rcu_nmi_exit+0xb3/0x180
[  393.635139]  ? retint_kernel+0x2d/0x2d
[  393.639040]  ? perf_mmap_alloc_page+0x2f/0xd0
[  393.643551]  perf_mmap_alloc_page+0x58/0xd0
[  393.647903]  rb_alloc+0x138/0x500
[  393.651365]  perf_mmap+0xff9/0x1810
[  393.655005]  ? perf_release+0x40/0x40
[  393.658809]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  393.663842]  mmap_region+0xc94/0x16b0
[  393.667662]  ? vm_munmap+0x140/0x140
[  393.671404]  ? path_noexec+0x69/0xf0
[  393.675126]  ? __sanitizer_cov_trace_pc+0x37/0x50
[  393.679981]  do_mmap+0x8e8/0x1080
[  393.683449]  vm_mmap_pgoff+0x197/0x200
[  393.687350]  ? vma_is_stack_for_current+0xc0/0xc0
[  393.692205]  ? do_dup2+0x450/0x450
[  393.695769]  ? wait_for_completion_io+0x10/0x10
[  393.700457]  ? ksys_write+0x138/0x2a0
[  393.704293]  ksys_mmap_pgoff+0x298/0x5a0
[  393.708448]  ? find_mergeable_anon_vma+0x260/0x260
[  393.713384]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  393.718779]  ? trace_hardirqs_off_caller+0x6e/0x210
[  393.723805]  ? do_syscall_64+0x21/0x620
[  393.727802]  do_syscall_64+0xf9/0x620
[  393.731610]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  393.736806] RIP: 0033:0x45e219
[  393.740016] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  393.758924] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  393.766682] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  393.773984] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  393.781258] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  393.788978] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000c
[  393.796279] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:29 executing program 0 (fault-call:4 fault-nth:22):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:29 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffffff8c, 0x0)

01:13:30 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:30 executing program 4 (fault-call:4 fault-nth:13):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:30 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x18000000)

[  394.065283] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  394.067073] FAULT_INJECTION: forcing a failure.
[  394.067073] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  394.076871] FAULT_INJECTION: forcing a failure.
[  394.076871] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  394.102379] CPU: 0 PID: 25677 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  394.110307] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  394.112888] EXT4-fs (loop5): group descriptors corrupted!
[  394.119665] Call Trace:
[  394.119689]  dump_stack+0x1fc/0x2fe
[  394.119711]  should_fail.cold+0xa/0x14
[  394.119726]  ? setup_fault_attr+0x200/0x200
[  394.119758]  __alloc_pages_nodemask+0x239/0x2890
[  394.119772]  ? retint_kernel+0x2d/0x2d
[  394.119786]  ? mark_held_locks+0xf0/0xf0
[  394.119809]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  394.119825]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  394.119841]  ? rcu_nmi_exit+0xb3/0x180
[  394.119859]  ? check_preemption_disabled+0x41/0x280
[  394.171578]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  394.176658]  perf_mmap_alloc_page+0x58/0xd0
[  394.180994]  rb_alloc+0x138/0x500
[  394.184481]  perf_mmap+0xff9/0x1810
[  394.188116]  ? perf_release+0x40/0x40
[  394.191923]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  394.196966]  mmap_region+0xc94/0x16b0
[  394.200787]  ? vm_munmap+0x140/0x140
[  394.204510]  ? get_unmapped_area+0x294/0x3c0
[  394.208928]  do_mmap+0x8e8/0x1080
[  394.212389]  vm_mmap_pgoff+0x197/0x200
[  394.216285]  ? vma_is_stack_for_current+0xc0/0xc0
[  394.221130]  ? do_dup2+0x450/0x450
[  394.224674]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  394.229437]  ksys_mmap_pgoff+0x298/0x5a0
[  394.233514]  ? find_mergeable_anon_vma+0x260/0x260
[  394.238447]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  394.243819]  ? trace_hardirqs_off_caller+0x6e/0x210
[  394.248860]  ? do_syscall_64+0x21/0x620
[  394.252841]  do_syscall_64+0xf9/0x620
[  394.256663]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  394.261859] RIP: 0033:0x45e219
[  394.265070] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  394.283979] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  394.292492] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  394.299767] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  394.307068] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  394.314344] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000016
[  394.321623] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  394.340289] CPU: 1 PID: 25680 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  394.348204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  394.357577] Call Trace:
[  394.360188]  dump_stack+0x1fc/0x2fe
[  394.363923]  should_fail.cold+0xa/0x14
[  394.367844]  ? setup_fault_attr+0x200/0x200
[  394.372195]  __alloc_pages_nodemask+0x239/0x2890
[  394.376980]  ? mark_held_locks+0xa6/0xf0
[  394.381082]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  394.385887]  ? mark_held_locks+0xa6/0xf0
[  394.389972]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  394.394844]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  394.399448]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  394.404662]  ? rcu_nmi_exit+0xb3/0x180
[  394.408556]  ? retint_kernel+0x2d/0x2d
[  394.412444]  perf_mmap_alloc_page+0x58/0xd0
01:13:30 executing program 0 (fault-call:4 fault-nth:23):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  394.416803]  rb_alloc+0x138/0x500
[  394.420373]  perf_mmap+0xff9/0x1810
[  394.424011]  ? perf_release+0x40/0x40
[  394.427938]  ? vm_area_alloc+0xd9/0x110
[  394.431925]  mmap_region+0xc94/0x16b0
[  394.436126]  ? vm_munmap+0x140/0x140
[  394.439855]  ? do_mmap+0xbad/0x1080
[  394.443490]  do_mmap+0x8e8/0x1080
[  394.447130]  vm_mmap_pgoff+0x197/0x200
[  394.451221]  ? vma_is_stack_for_current+0xc0/0xc0
[  394.456147]  ? do_dup2+0x450/0x450
[  394.459695]  ksys_mmap_pgoff+0x298/0x5a0
[  394.463850]  ? find_mergeable_anon_vma+0x260/0x260
[  394.468774]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  394.474168]  ? trace_hardirqs_off_caller+0x6e/0x210
[  394.479196]  ? do_syscall_64+0x21/0x620
[  394.483179]  do_syscall_64+0xf9/0x620
[  394.486982]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  394.492203] RIP: 0033:0x45e219
[  394.495385] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
01:13:30 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffffffe0, 0x0)

[  394.514277] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  394.521987] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  394.529272] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  394.536550] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  394.543819] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000d
[  394.551257] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:30 executing program 4 (fault-call:4 fault-nth:14):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:30 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x19000000)

[  394.577107] EXT4-fs warning (device loop2): ext4_multi_mount_protect:386: Unable to create kmmpd thread for loop2.
[  394.650137] FAULT_INJECTION: forcing a failure.
[  394.650137] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  394.662496] CPU: 1 PID: 25704 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  394.670392] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  394.679758] Call Trace:
[  394.682358]  dump_stack+0x1fc/0x2fe
[  394.685994]  should_fail.cold+0xa/0x14
[  394.689890]  ? setup_fault_attr+0x200/0x200
[  394.694209]  __alloc_pages_nodemask+0x239/0x2890
[  394.698965]  ? retint_kernel+0x2d/0x2d
[  394.702849]  ? mark_held_locks+0xa6/0xf0
[  394.706945]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  394.711778]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  394.716356]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  394.721142]  ? rcu_nmi_exit+0xb3/0x180
[  394.725049]  ? retint_kernel+0x2d/0x2d
[  394.729628]  ? perf_mmap_alloc_page+0x17/0xd0
[  394.734151]  ? perf_mmap_alloc_page+0x97/0xd0
[  394.738675]  perf_mmap_alloc_page+0x58/0xd0
[  394.743013]  rb_alloc+0x138/0x500
[  394.746505]  perf_mmap+0xff9/0x1810
[  394.750132]  ? perf_release+0x40/0x40
[  394.753950]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  394.758961]  mmap_region+0xc94/0x16b0
[  394.762889]  ? vm_munmap+0x140/0x140
[  394.766593]  ? mmap_region+0xc/0x16b0
[  394.770386]  do_mmap+0x8e8/0x1080
[  394.773839]  vm_mmap_pgoff+0x197/0x200
[  394.777733]  ? vma_is_stack_for_current+0xc0/0xc0
[  394.782734]  ? ksys_mmap_pgoff+0x12e/0x5a0
[  394.786990]  ksys_mmap_pgoff+0x298/0x5a0
[  394.791156]  ? find_mergeable_anon_vma+0x260/0x260
[  394.796098]  ? do_syscall_64+0xbf/0x620
[  394.800070]  do_syscall_64+0xf9/0x620
[  394.803862]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  394.809196] RIP: 0033:0x45e219
[  394.812396] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  394.831642] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  394.840389] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  394.848083] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  394.855344] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  394.862606] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000017
[  394.869865] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:31 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:31 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x5000000, 0x0)

01:13:31 executing program 0 (fault-call:4 fault-nth:24):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  395.010215] FAULT_INJECTION: forcing a failure.
[  395.010215] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  395.038199] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  395.057628] EXT4-fs (loop5): group descriptors corrupted!
[  395.069100] CPU: 0 PID: 25713 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  395.077289] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  395.087523] Call Trace:
[  395.090121]  dump_stack+0x1fc/0x2fe
[  395.093754]  should_fail.cold+0xa/0x14
[  395.097645]  ? lock_acquire+0x170/0x3c0
[  395.101619]  ? setup_fault_attr+0x200/0x200
[  395.105952]  __alloc_pages_nodemask+0x239/0x2890
[  395.110712]  ? rcu_nmi_exit+0xb3/0x180
[  395.114613]  ? mark_held_locks+0xa6/0xf0
[  395.118680]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  395.123526]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  395.128111]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  395.132875]  ? rcu_nmi_exit+0xb3/0x180
[  395.137007]  ? retint_kernel+0x2d/0x2d
[  395.140909]  ? perf_mmap_alloc_page+0x17/0xd0
[  395.145440]  ? perf_mmap_alloc_page+0x97/0xd0
[  395.149938]  perf_mmap_alloc_page+0x58/0xd0
[  395.154273]  rb_alloc+0x138/0x500
[  395.158439]  perf_mmap+0xff9/0x1810
[  395.162074]  ? perf_release+0x40/0x40
[  395.165875]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  395.170902]  mmap_region+0xc94/0x16b0
[  395.174726]  ? vm_munmap+0x140/0x140
[  395.178440]  ? do_mmap+0x350/0x1080
[  395.182100]  do_mmap+0x8e8/0x1080
[  395.185569]  vm_mmap_pgoff+0x197/0x200
[  395.189491]  ? vma_is_stack_for_current+0xc0/0xc0
[  395.194343]  ? do_dup2+0x450/0x450
[  395.198164]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  395.202941]  ksys_mmap_pgoff+0x298/0x5a0
[  395.207021]  ? find_mergeable_anon_vma+0x260/0x260
[  395.212084]  do_syscall_64+0xf9/0x620
[  395.215994]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  395.221186] RIP: 0033:0x45e219
[  395.224378] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  395.243391] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  395.251126] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  395.258486] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  395.266480] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  395.273775] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000e
[  395.282008] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:31 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1a000000)

01:13:31 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xffffffe4, 0x0)

01:13:31 executing program 4 (fault-call:4 fault-nth:15):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:31 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x6000000, 0x0)

01:13:31 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  395.412459] FAULT_INJECTION: forcing a failure.
[  395.412459] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  395.477892] CPU: 0 PID: 25738 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  395.485899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  395.495258] Call Trace:
[  395.497865]  dump_stack+0x1fc/0x2fe
[  395.501679]  should_fail.cold+0xa/0x14
[  395.505665]  ? lock_acquire+0x170/0x3c0
[  395.509643]  ? setup_fault_attr+0x200/0x200
[  395.514065]  __alloc_pages_nodemask+0x239/0x2890
[  395.518919]  ? __schedule+0x88f/0x2040
[  395.522852]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  395.527697]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  395.532485]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  395.537256]  ? rcu_nmi_exit+0xb3/0x180
[  395.541151]  ? retint_kernel+0x2d/0x2d
[  395.545047]  ? rb_alloc+0x122/0x500
[  395.549118]  perf_mmap_alloc_page+0x58/0xd0
[  395.553445]  rb_alloc+0x138/0x500
[  395.557079]  perf_mmap+0xff9/0x1810
[  395.560718]  ? perf_release+0x40/0x40
[  395.564592]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  395.569624]  mmap_region+0xc94/0x16b0
[  395.573447]  ? vm_munmap+0x140/0x140
[  395.577177]  ? do_mmap+0xa0f/0x1080
[  395.580812]  do_mmap+0x8e8/0x1080
[  395.584281]  vm_mmap_pgoff+0x197/0x200
[  395.588182]  ? vma_is_stack_for_current+0xc0/0xc0
[  395.593036]  ? do_dup2+0x450/0x450
[  395.596582]  ? wait_for_completion_io+0x10/0x10
[  395.601272]  ? vfs_write+0x393/0x540
[  395.604996]  ksys_mmap_pgoff+0x298/0x5a0
[  395.609159]  ? find_mergeable_anon_vma+0x260/0x260
[  395.614124]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  395.620082]  ? trace_hardirqs_off_caller+0x6e/0x210
[  395.625492]  ? do_syscall_64+0x21/0x620
[  395.629562]  do_syscall_64+0xf9/0x620
[  395.633389]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  395.638601] RIP: 0033:0x45e219
[  395.641816] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  395.661756] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  395.669766] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  395.677049] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  395.684341] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  395.691618] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000018
[  395.699683] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:31 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {0x0, 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  395.764962] FAULT_INJECTION: forcing a failure.
[  395.764962] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  395.789944] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  395.799995] EXT4-fs (loop5): group descriptors corrupted!
01:13:31 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1b000000)

[  395.833180] CPU: 0 PID: 25754 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  395.843193] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  395.852669] Call Trace:
[  395.855279]  dump_stack+0x1fc/0x2fe
[  395.858936]  should_fail.cold+0xa/0x14
[  395.862843]  ? lock_acquire+0x170/0x3c0
[  395.866933]  ? setup_fault_attr+0x200/0x200
[  395.871271]  __alloc_pages_nodemask+0x239/0x2890
[  395.876049]  ? __kernel_text_address+0x9/0x30
[  395.880621]  ? mark_held_locks+0xf0/0xf0
[  395.884696]  ? __save_stack_trace+0xaf/0x190
[  395.889134]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  395.893740]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  395.898600]  ? rcu_nmi_exit+0xb3/0x180
[  395.902582]  ? check_preemption_disabled+0x41/0x280
[  395.907610]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  395.912673]  perf_mmap_alloc_page+0x58/0xd0
[  395.917069]  rb_alloc+0x138/0x500
[  395.920510]  ? perf_mmap+0xb0b/0x1810
[  395.924302]  perf_mmap+0xff9/0x1810
[  395.927938]  ? perf_release+0x40/0x40
[  395.931752]  ? mmap_region+0xeb2/0x16b0
[  395.935740]  mmap_region+0xc94/0x16b0
[  395.939549]  ? vm_munmap+0x140/0x140
[  395.943290]  do_mmap+0x8e8/0x1080
[  395.946749]  vm_mmap_pgoff+0x197/0x200
[  395.950771]  ? vma_is_stack_for_current+0xc0/0xc0
[  395.955622]  ? do_dup2+0x450/0x450
[  395.959288]  ? wait_for_completion_io+0x10/0x10
[  395.963950]  ? vfs_write+0x393/0x540
[  395.967762]  ksys_mmap_pgoff+0x298/0x5a0
[  395.971843]  ? find_mergeable_anon_vma+0x260/0x260
[  395.976775]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  395.982575]  ? trace_hardirqs_off_caller+0x6e/0x210
[  395.987596]  ? do_syscall_64+0x21/0x620
[  395.991580]  do_syscall_64+0xf9/0x620
[  395.995381]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  396.000594] RIP: 0033:0x45e219
[  396.003778] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  396.022681] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:32 executing program 0 (fault-call:4 fault-nth:25):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  396.030392] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  396.037666] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  396.044928] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  396.052205] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000000f
[  396.059479] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:32 executing program 4 (fault-call:4 fault-nth:16):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  396.162392] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
01:13:32 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x7000000, 0x0)

01:13:32 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1c000000)

01:13:32 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfffffff4, 0x0)

[  396.205132] EXT4-fs (loop5): group descriptors corrupted!
01:13:32 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {0x0, 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  396.271138] FAULT_INJECTION: forcing a failure.
[  396.271138] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  396.285984] CPU: 0 PID: 25793 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  396.293890] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  396.303252] Call Trace:
[  396.305861]  dump_stack+0x1fc/0x2fe
[  396.309501]  should_fail.cold+0xa/0x14
[  396.313395]  ? lock_acquire+0x170/0x3c0
[  396.317643]  ? setup_fault_attr+0x200/0x200
[  396.321989]  __alloc_pages_nodemask+0x239/0x2890
[  396.326768]  ? mark_held_locks+0xa6/0xf0
[  396.330844]  ? __save_stack_trace+0xaf/0x190
[  396.335264]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  396.340048]  ? mark_held_locks+0xa6/0xf0
[  396.344124]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  396.348981]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  396.353570]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  396.358345]  ? rcu_nmi_exit+0xb3/0x180
[  396.362242]  ? retint_kernel+0x2d/0x2d
[  396.366152]  perf_mmap_alloc_page+0x58/0xd0
[  396.370485]  rb_alloc+0x138/0x500
[  396.373983]  perf_mmap+0xff9/0x1810
[  396.377641]  ? perf_release+0x40/0x40
[  396.381559]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  396.386602]  mmap_region+0xc94/0x16b0
[  396.390424]  ? vm_munmap+0x140/0x140
[  396.394173]  ? get_unmapped_area+0x294/0x3c0
[  396.398603]  do_mmap+0x8e8/0x1080
[  396.402068]  vm_mmap_pgoff+0x197/0x200
[  396.405976]  ? vma_is_stack_for_current+0xc0/0xc0
[  396.410831]  ? do_dup2+0x450/0x450
[  396.414377]  ? wait_for_completion_io+0x10/0x10
[  396.419062]  ? vfs_write+0x393/0x540
[  396.422810]  ksys_mmap_pgoff+0x298/0x5a0
[  396.426884]  ? find_mergeable_anon_vma+0x260/0x260
[  396.427080] FAULT_INJECTION: forcing a failure.
[  396.427080] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  396.431851]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  396.431869]  ? trace_hardirqs_off_caller+0x6e/0x210
[  396.431885]  ? do_syscall_64+0x21/0x620
[  396.431902]  do_syscall_64+0xf9/0x620
[  396.431919]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  396.431932] RIP: 0033:0x45e219
[  396.431960] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  396.489189] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  396.497348] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  396.504650] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  396.511932] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  396.519218] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000019
[  396.526495] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  396.534291] CPU: 1 PID: 25798 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  396.542226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  396.551582] Call Trace:
[  396.554190]  dump_stack+0x1fc/0x2fe
[  396.557825]  should_fail.cold+0xa/0x14
[  396.561724]  ? lock_acquire+0x170/0x3c0
[  396.565726]  ? setup_fault_attr+0x200/0x200
[  396.570089]  __alloc_pages_nodemask+0x239/0x2890
[  396.574852]  ? retint_kernel+0x2d/0x2d
[  396.578844]  ? mark_held_locks+0xf0/0xf0
[  396.582948]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  396.587809]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  396.592576]  ? rcu_nmi_exit+0xb3/0x180
[  396.596490]  ? check_preemption_disabled+0x41/0x280
[  396.601521]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  396.606582]  perf_mmap_alloc_page+0x58/0xd0
[  396.610910]  rb_alloc+0x138/0x500
[  396.615069]  perf_mmap+0xff9/0x1810
[  396.618710]  ? perf_release+0x40/0x40
[  396.622517]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  396.627549]  mmap_region+0xc94/0x16b0
[  396.631372]  ? vm_munmap+0x140/0x140
[  396.635123]  ? get_unmapped_area+0x294/0x3c0
[  396.639562]  do_mmap+0x8e8/0x1080
[  396.643024]  vm_mmap_pgoff+0x197/0x200
[  396.646924]  ? vma_is_stack_for_current+0xc0/0xc0
[  396.651773]  ? do_dup2+0x450/0x450
[  396.655336]  ? wait_for_completion_io+0x10/0x10
[  396.660027]  ? vfs_write+0x393/0x540
[  396.663746]  ksys_mmap_pgoff+0x298/0x5a0
[  396.667836]  ? find_mergeable_anon_vma+0x260/0x260
[  396.672795]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  396.678178]  ? trace_hardirqs_off_caller+0x6e/0x210
[  396.683206]  ? do_syscall_64+0x21/0x620
[  396.687195]  do_syscall_64+0xf9/0x620
[  396.691008]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  396.696212] RIP: 0033:0x45e219
[  396.699431] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  396.718355] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  396.726211] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  396.733493] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  396.741042] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  396.748322] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000010
[  396.755620] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:32 executing program 0 (fault-call:4 fault-nth:26):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:32 executing program 4 (fault-call:4 fault-nth:17):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:32 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1d000000)

[  396.960718] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  396.966850] FAULT_INJECTION: forcing a failure.
[  396.966850] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  397.003977] EXT4-fs (loop5): group descriptors corrupted!
[  397.018485] FAULT_INJECTION: forcing a failure.
[  397.018485] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  397.023896] CPU: 1 PID: 25824 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  397.038258] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  397.047620] Call Trace:
[  397.050242]  dump_stack+0x1fc/0x2fe
[  397.053874]  should_fail.cold+0xa/0x14
[  397.057769]  ? setup_fault_attr+0x200/0x200
[  397.062112]  ? ___might_sleep+0x1de/0x2b0
[  397.066272]  __alloc_pages_nodemask+0x239/0x2890
[  397.071294]  ? mark_held_locks+0xa6/0xf0
[  397.075363]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  397.079964]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  397.084825]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  397.089610]  ? rcu_nmi_exit+0xb3/0x180
[  397.093503]  ? check_preemption_disabled+0x41/0x280
[  397.098566]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  397.103600]  perf_mmap_alloc_page+0x58/0xd0
[  397.107922]  rb_alloc+0x138/0x500
[  397.111383]  perf_mmap+0xff9/0x1810
[  397.115017]  ? perf_release+0x40/0x40
[  397.118822]  ? check_memory_region+0x67/0x170
[  397.123333]  mmap_region+0xc94/0x16b0
[  397.127171]  ? vm_munmap+0x140/0x140
[  397.130890]  ? get_unmapped_area+0x294/0x3c0
[  397.135301]  do_mmap+0x8e8/0x1080
[  397.138770]  vm_mmap_pgoff+0x197/0x200
[  397.142691]  ? vma_is_stack_for_current+0xc0/0xc0
[  397.147565]  ksys_mmap_pgoff+0x298/0x5a0
[  397.151634]  ? find_mergeable_anon_vma+0x260/0x260
[  397.156593]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  397.161985]  ? trace_hardirqs_off_caller+0x6e/0x210
[  397.167025]  ? do_syscall_64+0x21/0x620
[  397.171032]  do_syscall_64+0xf9/0x620
[  397.174840]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  397.180050] RIP: 0033:0x45e219
[  397.183246] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  397.202153] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  397.209869] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  397.217157] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  397.224435] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  397.231721] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000011
[  397.239003] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  397.262178] CPU: 0 PID: 25823 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  397.270107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  397.279472] Call Trace:
[  397.282100]  dump_stack+0x1fc/0x2fe
[  397.285753]  should_fail.cold+0xa/0x14
[  397.289658]  ? lock_acquire+0x170/0x3c0
[  397.293652]  ? setup_fault_attr+0x200/0x200
[  397.298021]  __alloc_pages_nodemask+0x239/0x2890
[  397.302801]  ? __kernel_text_address+0x9/0x30
[  397.307323]  ? mark_held_locks+0xf0/0xf0
[  397.311426]  ? __save_stack_trace+0xaf/0x190
[  397.315860]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  397.320464]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  397.325357]  ? rcu_nmi_exit+0xb3/0x180
[  397.329269]  ? check_preemption_disabled+0x41/0x280
[  397.334323]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  397.339391]  perf_mmap_alloc_page+0x58/0xd0
[  397.343850]  rb_alloc+0x138/0x500
[  397.347313]  ? perf_mmap+0xbac/0x1810
[  397.351120]  perf_mmap+0xff9/0x1810
[  397.354761]  ? perf_release+0x40/0x40
[  397.358591]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  397.363638]  mmap_region+0xc94/0x16b0
[  397.367463]  ? vm_munmap+0x140/0x140
[  397.371185]  ? get_unmapped_area+0x294/0x3c0
[  397.375603]  do_mmap+0x8e8/0x1080
[  397.379086]  vm_mmap_pgoff+0x197/0x200
[  397.383077]  ? vma_is_stack_for_current+0xc0/0xc0
[  397.387932]  ? do_dup2+0x450/0x450
[  397.391578]  ? wait_for_completion_io+0x10/0x10
[  397.396259]  ? vfs_write+0x393/0x540
[  397.399985]  ksys_mmap_pgoff+0x298/0x5a0
[  397.404061]  ? find_mergeable_anon_vma+0x260/0x260
[  397.409020]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  397.414399]  ? trace_hardirqs_off_caller+0x6e/0x210
[  397.419446]  ? do_syscall_64+0x21/0x620
[  397.423430]  do_syscall_64+0xf9/0x620
[  397.427241]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  397.432467] RIP: 0033:0x45e219
[  397.435674] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  397.454587] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:33 executing program 0 (fault-call:4 fault-nth:27):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  397.462569] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  397.469852] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  397.477129] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  397.484404] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001a
[  397.491940] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:33 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {0x0, 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:33 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfffffff5, 0x0)

01:13:33 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x1e000000)

01:13:33 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8000000, 0x0)

01:13:33 executing program 4 (fault-call:4 fault-nth:18):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  397.696179] FAULT_INJECTION: forcing a failure.
[  397.696179] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  397.719590] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  397.730654] CPU: 0 PID: 25849 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  397.738564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  397.744756] EXT4-fs (loop5): group descriptors corrupted!
[  397.747930] Call Trace:
[  397.747953]  dump_stack+0x1fc/0x2fe
[  397.747972]  should_fail.cold+0xa/0x14
[  397.747986]  ? lock_acquire+0x170/0x3c0
[  397.748000]  ? setup_fault_attr+0x200/0x200
[  397.748024]  __alloc_pages_nodemask+0x239/0x2890
[  397.748040]  ? __schedule+0x88f/0x2040
[  397.748055]  ? rcu_nmi_exit+0xb3/0x180
[  397.748081]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  397.748101]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  397.795247]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  397.799862]  ? rcu_nmi_exit+0xb3/0x180
[  397.803767]  ? retint_kernel+0x2d/0x2d
[  397.807680]  perf_mmap_alloc_page+0x58/0xd0
[  397.812017]  rb_alloc+0x138/0x500
[  397.815492]  ? perf_mmap+0xbac/0x1810
[  397.819326]  perf_mmap+0xff9/0x1810
[  397.823080]  ? perf_release+0x40/0x40
[  397.826896]  ? mmap_region+0xbe8/0x16b0
[  397.830886]  mmap_region+0xc94/0x16b0
[  397.835246]  ? vm_munmap+0x140/0x140
[  397.838985]  ? can_do_mlock+0x8/0xa0
[  397.842720]  do_mmap+0x8e8/0x1080
[  397.846202]  vm_mmap_pgoff+0x197/0x200
[  397.850109]  ? vma_is_stack_for_current+0xc0/0xc0
[  397.854974]  ? do_dup2+0x450/0x450
[  397.858523]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  397.863289]  ksys_mmap_pgoff+0x298/0x5a0
[  397.867395]  ? find_mergeable_anon_vma+0x260/0x260
[  397.873511]  ? do_syscall_64+0x4f/0x620
[  397.877498]  do_syscall_64+0xf9/0x620
[  397.881308]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  397.886502] RIP: 0033:0x45e219
[  397.889699] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  397.908625] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  397.916364] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  397.923642] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  397.930924] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  397.938201] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001b
[  397.945479] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  398.002865] FAULT_INJECTION: forcing a failure.
[  398.002865] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.089135] CPU: 0 PID: 25861 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  398.097060] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  398.106430] Call Trace:
[  398.109043]  dump_stack+0x1fc/0x2fe
[  398.112697]  should_fail.cold+0xa/0x14
[  398.116619]  ? lock_acquire+0x170/0x3c0
[  398.120609]  ? setup_fault_attr+0x200/0x200
[  398.124956]  __alloc_pages_nodemask+0x239/0x2890
[  398.129750]  ? retint_kernel+0x2d/0x2d
[  398.133653]  ? mark_held_locks+0xf0/0xf0
[  398.137742]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  398.142347]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  398.147204]  ? rcu_nmi_exit+0xb3/0x180
[  398.151110]  ? check_preemption_disabled+0x41/0x280
[  398.156176]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  398.161227]  perf_mmap_alloc_page+0x58/0xd0
[  398.165559]  rb_alloc+0x138/0x500
[  398.169032]  perf_mmap+0xff9/0x1810
[  398.172689]  ? perf_release+0x40/0x40
[  398.176502]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  398.181544]  mmap_region+0xc94/0x16b0
[  398.185369]  ? vm_munmap+0x140/0x140
[  398.189132]  ? get_unmapped_area+0x294/0x3c0
[  398.193553]  do_mmap+0x8e8/0x1080
[  398.197026]  vm_mmap_pgoff+0x197/0x200
[  398.200932]  ? vma_is_stack_for_current+0xc0/0xc0
[  398.205789]  ? do_dup2+0x450/0x450
[  398.209347]  ? wait_for_completion_io+0x10/0x10
[  398.214064]  ? vfs_write+0x393/0x540
[  398.217795]  ksys_mmap_pgoff+0x298/0x5a0
[  398.221910]  ? find_mergeable_anon_vma+0x260/0x260
[  398.226862]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  398.232273]  ? trace_hardirqs_off_caller+0x6e/0x210
[  398.237410]  ? do_syscall_64+0x21/0x620
[  398.241424]  do_syscall_64+0xf9/0x620
[  398.245243]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  398.250616] RIP: 0033:0x45e219
[  398.253821] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  398.273780] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:34 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:34 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x9000000, 0x0)

01:13:34 executing program 0 (fault-call:4 fault-nth:28):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:34 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfffffff6, 0x0)

01:13:34 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x20000000)

[  398.282926] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  398.291015] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  398.299256] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  398.306540] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000012
[  398.314261] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  398.444286] FAULT_INJECTION: forcing a failure.
[  398.444286] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.461855] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  398.471653] CPU: 0 PID: 25886 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  398.479568] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  398.485029] EXT4-fs (loop5): group descriptors corrupted!
[  398.489276] Call Trace:
[  398.489300]  dump_stack+0x1fc/0x2fe
[  398.489321]  should_fail.cold+0xa/0x14
[  398.489334]  ? lock_acquire+0x170/0x3c0
[  398.489347]  ? setup_fault_attr+0x200/0x200
[  398.489372]  __alloc_pages_nodemask+0x239/0x2890
[  398.489384]  ? _raw_spin_unlock_irq+0x50/0x80
[  398.489400]  ? finish_task_switch+0x1db/0x760
[  398.489412]  ? switch_mm_irqs_off+0x764/0x1340
[  398.489437]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  398.489457]  ? io_schedule_timeout+0x140/0x140
[  398.541228]  ? ___preempt_schedule_notrace+0x16/0x2f
[  398.546338]  ? preempt_schedule_notrace+0x92/0x110
[  398.551271]  ? ___preempt_schedule_notrace+0x16/0x2f
[  398.556402]  perf_mmap_alloc_page+0x58/0xd0
[  398.560726]  rb_alloc+0x138/0x500
[  398.564188]  perf_mmap+0xff9/0x1810
[  398.567828]  ? perf_release+0x40/0x40
[  398.571628]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  398.576653]  mmap_region+0xc94/0x16b0
[  398.580467]  ? vm_munmap+0x140/0x140
[  398.584204]  ? do_mmap+0xac3/0x1080
[  398.587865]  do_mmap+0x8e8/0x1080
[  398.591441]  vm_mmap_pgoff+0x197/0x200
[  398.595366]  ? vma_is_stack_for_current+0xc0/0xc0
[  398.600230]  ? do_dup2+0x450/0x450
[  398.604208]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  398.608978]  ksys_mmap_pgoff+0x298/0x5a0
[  398.613048]  ? find_mergeable_anon_vma+0x260/0x260
[  398.617985]  ? do_syscall_64+0xbf/0x620
[  398.621983]  do_syscall_64+0xf9/0x620
[  398.625790]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  398.630983] RIP: 0033:0x45e219
[  398.634179] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  398.653083] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  398.661319] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  398.668591] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  398.675911] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  398.683282] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001c
[  398.690567] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:34 executing program 0 (fault-call:4 fault-nth:29):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:34 executing program 4 (fault-call:4 fault-nth:19):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:34 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  398.750444] EXT4-fs mount: 37 callbacks suppressed
[  398.750460] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  398.768680] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:34 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xb000000, 0x0)

01:13:34 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfffffffe, 0x0)

01:13:34 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x22000000)

[  398.896652] FAULT_INJECTION: forcing a failure.
[  398.896652] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.900847] FAULT_INJECTION: forcing a failure.
[  398.900847] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  398.913982] CPU: 1 PID: 25926 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  398.928887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  398.938251] Call Trace:
[  398.940861]  dump_stack+0x1fc/0x2fe
[  398.944536]  should_fail.cold+0xa/0x14
[  398.948466]  ? lock_acquire+0x170/0x3c0
[  398.952456]  ? setup_fault_attr+0x200/0x200
[  398.956829]  __alloc_pages_nodemask+0x239/0x2890
[  398.962574]  ? retint_kernel+0x2d/0x2d
[  398.966502]  ? mark_held_locks+0xf0/0xf0
[  398.971132]  ? mark_held_locks+0xa6/0xf0
[  398.975221]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  398.980189]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  398.985305]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  398.989895]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  398.994662]  ? rcu_nmi_exit+0xb3/0x180
[  398.998561]  ? retint_kernel+0x2d/0x2d
[  399.003427]  perf_mmap_alloc_page+0x58/0xd0
[  399.007755]  rb_alloc+0x138/0x500
[  399.011222]  perf_mmap+0xff9/0x1810
[  399.014866]  ? perf_release+0x40/0x40
[  399.018704]  ? check_memory_region+0x139/0x170
[  399.023322]  mmap_region+0xc94/0x16b0
[  399.027157]  ? vm_munmap+0x140/0x140
[  399.030894]  ? get_unmapped_area+0x294/0x3c0
[  399.035332]  do_mmap+0x8e8/0x1080
[  399.038895]  vm_mmap_pgoff+0x197/0x200
[  399.042795]  ? vma_is_stack_for_current+0xc0/0xc0
[  399.047666]  ? do_dup2+0x450/0x450
[  399.051249]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.056037]  ksys_mmap_pgoff+0x298/0x5a0
[  399.060109]  ? find_mergeable_anon_vma+0x260/0x260
[  399.065052]  ? do_syscall_64+0xbf/0x620
[  399.069039]  do_syscall_64+0xf9/0x620
[  399.072952]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.078149] RIP: 0033:0x45e219
[  399.081353] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.100364] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  399.108610] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  399.115893] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  399.123175] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  399.130467] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000013
[  399.137746] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  399.145072] CPU: 0 PID: 25928 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  399.152977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  399.163816] Call Trace:
[  399.166431]  dump_stack+0x1fc/0x2fe
[  399.172250]  should_fail.cold+0xa/0x14
[  399.176188]  ? lock_acquire+0x170/0x3c0
[  399.180190]  ? setup_fault_attr+0x200/0x200
[  399.184638]  __alloc_pages_nodemask+0x239/0x2890
[  399.189410]  ? retint_kernel+0x2d/0x2d
[  399.193315]  ? mark_held_locks+0xf0/0xf0
01:13:35 executing program 4 (fault-call:4 fault-nth:20):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  399.197407]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  399.203923]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.208734]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  399.213339]  ? rcu_nmi_exit+0xb3/0x180
[  399.217245]  ? retint_kernel+0x2d/0x2d
[  399.221164]  ? rb_alloc+0x122/0x500
[  399.224903]  perf_mmap_alloc_page+0x58/0xd0
[  399.229325]  rb_alloc+0x138/0x500
[  399.232797]  perf_mmap+0xff9/0x1810
[  399.236464]  ? perf_release+0x40/0x40
[  399.240295]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  399.245335]  mmap_region+0xc94/0x16b0
[  399.249177]  ? vm_munmap+0x140/0x140
[  399.253002]  do_mmap+0x8e8/0x1080
[  399.256466]  vm_mmap_pgoff+0x197/0x200
[  399.260369]  ? vma_is_stack_for_current+0xc0/0xc0
[  399.261103] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  399.265312]  ? do_dup2+0x450/0x450
[  399.265330]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.265356]  ksys_mmap_pgoff+0x298/0x5a0
[  399.287694]  ? find_mergeable_anon_vma+0x260/0x260
[  399.292821]  do_syscall_64+0xf9/0x620
[  399.296624]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.301821] RIP: 0033:0x45e219
[  399.305035] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.324357] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  399.332145] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  399.339429] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
01:13:35 executing program 0 (fault-call:4 fault-nth:30):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  399.347730] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  399.355092] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001d
[  399.362889] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:35 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x20000000, 0x0)

[  399.433652] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  399.454552] FAULT_INJECTION: forcing a failure.
[  399.454552] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  399.475258] EXT4-fs (loop5): group descriptors corrupted!
[  399.496240] CPU: 0 PID: 25942 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  399.504156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  399.507217] FAULT_INJECTION: forcing a failure.
[  399.507217] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  399.526372] Call Trace:
[  399.526399]  dump_stack+0x1fc/0x2fe
[  399.526418]  should_fail.cold+0xa/0x14
[  399.526432]  ? lock_acquire+0x170/0x3c0
[  399.526446]  ? setup_fault_attr+0x200/0x200
[  399.526470]  __alloc_pages_nodemask+0x239/0x2890
[  399.526486]  ? __kernel_text_address+0x9/0x30
[  399.526517]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  399.526531]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.526548]  ? rcu_nmi_exit+0xb3/0x180
[  399.526565]  ? check_preemption_disabled+0x41/0x280
[  399.526586]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  399.526604]  perf_mmap_alloc_page+0x58/0xd0
[  399.526617]  rb_alloc+0x138/0x500
[  399.526635]  perf_mmap+0xff9/0x1810
[  399.526658]  ? perf_release+0x40/0x40
[  399.594099]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  399.599173]  mmap_region+0xc94/0x16b0
[  399.603007]  ? vm_munmap+0x140/0x140
[  399.606739]  ? get_unmapped_area+0x294/0x3c0
[  399.611171]  do_mmap+0x8e8/0x1080
[  399.614750]  vm_mmap_pgoff+0x197/0x200
[  399.618944]  ? vma_is_stack_for_current+0xc0/0xc0
[  399.623803]  ? do_dup2+0x450/0x450
[  399.627364]  ? wait_for_completion_io+0x10/0x10
[  399.632255]  ? vfs_write+0x393/0x540
[  399.636105]  ksys_mmap_pgoff+0x298/0x5a0
[  399.640186]  ? find_mergeable_anon_vma+0x260/0x260
[  399.645130]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  399.650527]  ? trace_hardirqs_off_caller+0x6e/0x210
[  399.655567]  ? do_syscall_64+0x21/0x620
[  399.659564]  do_syscall_64+0xf9/0x620
[  399.663402]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.668785] RIP: 0033:0x45e219
[  399.671986] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.690991] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  399.698737] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  399.706019] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  399.713296] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  399.720593] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001e
[  399.727878] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  399.735185] CPU: 1 PID: 25949 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  399.743104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  399.752468] Call Trace:
[  399.755072]  dump_stack+0x1fc/0x2fe
[  399.758765]  should_fail.cold+0xa/0x14
[  399.762665]  ? lock_acquire+0x170/0x3c0
[  399.766668]  ? setup_fault_attr+0x200/0x200
[  399.771018]  __alloc_pages_nodemask+0x239/0x2890
[  399.775808]  ? retint_kernel+0x2d/0x2d
[  399.779955]  ? mark_held_locks+0xf0/0xf0
[  399.784252]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  399.789117]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  399.793908]  ? rcu_nmi_exit+0xb3/0x180
[  399.797812]  ? check_preemption_disabled+0x41/0x280
[  399.803110]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  399.808159]  perf_mmap_alloc_page+0x58/0xd0
[  399.812493]  rb_alloc+0x138/0x500
[  399.815962]  perf_mmap+0xff9/0x1810
[  399.819606]  ? perf_release+0x40/0x40
[  399.823501]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  399.828538]  mmap_region+0xc94/0x16b0
[  399.832370]  ? vm_munmap+0x140/0x140
[  399.836108]  ? get_unmapped_area+0x294/0x3c0
[  399.840553]  do_mmap+0x8e8/0x1080
[  399.844047]  vm_mmap_pgoff+0x197/0x200
[  399.847952]  ? vma_is_stack_for_current+0xc0/0xc0
[  399.852805]  ? do_dup2+0x450/0x450
[  399.856354]  ? wait_for_completion_io+0x10/0x10
[  399.861032]  ? vfs_write+0x393/0x540
[  399.864756]  ksys_mmap_pgoff+0x298/0x5a0
[  399.868832]  ? find_mergeable_anon_vma+0x260/0x260
[  399.873768]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  399.879228]  ? trace_hardirqs_off_caller+0x6e/0x210
[  399.884265]  ? do_syscall_64+0x21/0x620
[  399.888252]  do_syscall_64+0xf9/0x620
[  399.892078]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  399.897271] RIP: 0033:0x45e219
[  399.900469] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  399.919401] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  399.927122] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  399.934416] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  399.941712] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  399.948995] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000014
[  399.956279] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
01:13:36 executing program 4 (fault-call:4 fault-nth:21):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:36 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400), 0x0, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:36 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x24000000)

01:13:36 executing program 0 (fault-call:4 fault-nth:31):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  400.098168] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  400.098453] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:36 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x23000000, 0x0)

01:13:36 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x1000000000000, 0x0)

[  400.203439] FAULT_INJECTION: forcing a failure.
[  400.203439] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  400.235646] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  400.240303] FAULT_INJECTION: forcing a failure.
[  400.240303] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  400.269017] CPU: 1 PID: 25980 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  400.276939] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  400.286484] Call Trace:
[  400.289092]  dump_stack+0x1fc/0x2fe
[  400.292751]  should_fail.cold+0xa/0x14
[  400.296654]  ? lock_acquire+0x170/0x3c0
[  400.300731]  ? setup_fault_attr+0x200/0x200
[  400.305432]  __alloc_pages_nodemask+0x239/0x2890
[  400.310200]  ? mark_held_locks+0xa6/0xf0
[  400.314284]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  400.318881]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  400.323745]  ? rcu_nmi_exit+0xb3/0x180
[  400.327651]  ? check_preemption_disabled+0x41/0x280
[  400.332685]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  400.337718]  perf_mmap_alloc_page+0x58/0xd0
[  400.342075]  rb_alloc+0x138/0x500
[  400.345555]  perf_mmap+0xff9/0x1810
[  400.349202]  ? perf_release+0x40/0x40
[  400.353011]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  400.358045]  mmap_region+0xc94/0x16b0
[  400.361866]  ? vm_munmap+0x140/0x140
[  400.365609]  ? do_mmap+0x56d/0x1080
[  400.369248]  ? do_mmap+0x97b/0x1080
[  400.372891]  do_mmap+0x8e8/0x1080
[  400.376360]  vm_mmap_pgoff+0x197/0x200
[  400.380262]  ? vma_is_stack_for_current+0xc0/0xc0
[  400.385117]  ? do_dup2+0x450/0x450
[  400.388693]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  400.393485]  ksys_mmap_pgoff+0x298/0x5a0
[  400.397569]  ? find_mergeable_anon_vma+0x260/0x260
[  400.402514]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  400.407895]  ? trace_hardirqs_off_caller+0x6e/0x210
[  400.412924]  ? do_syscall_64+0x21/0x620
[  400.416915]  do_syscall_64+0xf9/0x620
[  400.420729]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  400.425924] RIP: 0033:0x45e219
[  400.429141] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  400.448058] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  400.455789] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  400.463098] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  400.470380] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  400.477666] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000015
[  400.484950] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  400.492294] CPU: 0 PID: 25986 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  400.500222] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  400.502965] EXT4-fs (loop5): group descriptors corrupted!
[  400.509673] Call Trace:
[  400.509698]  dump_stack+0x1fc/0x2fe
[  400.509718]  should_fail.cold+0xa/0x14
[  400.509731]  ? lock_acquire+0x170/0x3c0
[  400.509744]  ? setup_fault_attr+0x200/0x200
[  400.509777]  __alloc_pages_nodemask+0x239/0x2890
[  400.509793]  ? __kernel_text_address+0x9/0x30
[  400.509819]  ? mark_held_locks+0xa6/0xf0
[  400.547011]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  400.551872]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  400.556473]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  400.561247]  ? rcu_nmi_exit+0xb3/0x180
[  400.565149]  ? retint_kernel+0x2d/0x2d
[  400.569085]  ? perf_mmap_alloc_page+0x2f/0xd0
[  400.573598]  perf_mmap_alloc_page+0x58/0xd0
[  400.577954]  rb_alloc+0x138/0x500
[  400.581438]  perf_mmap+0xff9/0x1810
[  400.585096]  ? perf_release+0x40/0x40
[  400.588902]  ? mmap_region+0xe7d/0x16b0
[  400.592890]  ? check_memory_region+0xba/0x170
[  400.597404]  mmap_region+0xc94/0x16b0
[  400.601229]  ? vm_munmap+0x140/0x140
[  400.604960]  ? get_unmapped_area+0x294/0x3c0
[  400.609386]  do_mmap+0x8e8/0x1080
[  400.612859]  vm_mmap_pgoff+0x197/0x200
[  400.616790]  ? vma_is_stack_for_current+0xc0/0xc0
[  400.621649]  ? do_dup2+0x450/0x450
[  400.625198]  ? __schedule+0x15a9/0x2040
[  400.629188]  ksys_mmap_pgoff+0x298/0x5a0
[  400.633288]  ? find_mergeable_anon_vma+0x260/0x260
[  400.638234]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  400.643612]  ? trace_hardirqs_off_caller+0x6e/0x210
[  400.648645]  ? do_syscall_64+0x21/0x620
[  400.652816]  do_syscall_64+0xf9/0x620
[  400.656637]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  400.661852] RIP: 0033:0x45e219
[  400.665054] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  400.683996] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  400.691728] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  400.699025] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
01:13:36 executing program 4 (fault-call:4 fault-nth:22):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  400.706308] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  400.713586] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000001f
[  400.720892] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:36 executing program 0 (fault-call:4 fault-nth:32):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:36 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x26000000)

01:13:36 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000", 0x7, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  400.912591] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:37 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x3f000000, 0x0)

[  400.973905] FAULT_INJECTION: forcing a failure.
[  400.973905] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  400.976822] FAULT_INJECTION: forcing a failure.
[  400.976822] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  401.012986] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  401.023859] CPU: 0 PID: 26015 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  401.031774] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  401.041148] Call Trace:
[  401.043752]  dump_stack+0x1fc/0x2fe
[  401.047394]  should_fail.cold+0xa/0x14
[  401.051295]  ? setup_fault_attr+0x200/0x200
[  401.055638]  __alloc_pages_nodemask+0x239/0x2890
[  401.060424]  ? mark_held_locks+0xa6/0xf0
[  401.064504]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.069283]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.074059]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  401.078650]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.083538]  ? mark_held_locks+0xa6/0xf0
[  401.087611]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  401.092482]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  401.097069]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.101845]  ? rcu_nmi_exit+0xb3/0x180
[  401.105739]  ? retint_kernel+0x2d/0x2d
[  401.109653]  ? perf_mmap_alloc_page+0xa/0xd0
[  401.114166]  perf_mmap_alloc_page+0x58/0xd0
[  401.118494]  rb_alloc+0x138/0x500
[  401.121960]  perf_mmap+0xff9/0x1810
[  401.125613]  ? perf_release+0x40/0x40
[  401.129439]  ? mmap_region+0xa3b/0x16b0
[  401.133424]  mmap_region+0xc94/0x16b0
[  401.137362]  ? vm_munmap+0x140/0x140
[  401.141101]  ? get_unmapped_area+0x294/0x3c0
[  401.145516]  do_mmap+0x8e8/0x1080
[  401.148999]  vm_mmap_pgoff+0x197/0x200
[  401.152921]  ? vma_is_stack_for_current+0xc0/0xc0
[  401.157764]  ? do_dup2+0x450/0x450
[  401.161309]  ? wait_for_completion_io+0x10/0x10
[  401.165983]  ? vfs_write+0x393/0x540
[  401.169709]  ksys_mmap_pgoff+0x298/0x5a0
[  401.173780]  ? find_mergeable_anon_vma+0x260/0x260
[  401.178716]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  401.184173]  ? trace_hardirqs_off_caller+0x6e/0x210
[  401.189196]  ? do_syscall_64+0x21/0x620
[  401.193180]  do_syscall_64+0xf9/0x620
[  401.197007]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  401.202210] RIP: 0033:0x45e219
[  401.205407] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  401.224334] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  401.232088] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  401.239364] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  401.246642] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
[  401.253925] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000016
[  401.261212] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  401.309948] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 0)!
[  401.332395] EXT4-fs (loop5): group descriptors corrupted!
[  401.339507] CPU: 0 PID: 26016 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  401.347434] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  401.356794] Call Trace:
[  401.359417]  dump_stack+0x1fc/0x2fe
[  401.363085]  should_fail.cold+0xa/0x14
[  401.366987]  ? lock_acquire+0x170/0x3c0
[  401.370984]  ? setup_fault_attr+0x200/0x200
[  401.377073]  __alloc_pages_nodemask+0x239/0x2890
[  401.381838]  ? __kernel_text_address+0x9/0x30
[  401.386337]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  401.391180]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.395939]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  401.400573]  ? rcu_nmi_exit+0xb3/0x180
[  401.404462]  ? retint_kernel+0x2d/0x2d
[  401.408479]  perf_mmap_alloc_page+0x58/0xd0
[  401.412814]  rb_alloc+0x138/0x500
[  401.416401]  perf_mmap+0xff9/0x1810
[  401.420043]  ? perf_release+0x40/0x40
[  401.423908]  ? mmap_region+0xdf1/0x16b0
[  401.427983]  ? check_memory_region+0xcb/0x170
[  401.432495]  mmap_region+0xc94/0x16b0
[  401.436304]  ? vm_munmap+0x140/0x140
[  401.440026]  ? get_unmapped_area+0x294/0x3c0
[  401.444468]  do_mmap+0x8e8/0x1080
[  401.447965]  vm_mmap_pgoff+0x197/0x200
[  401.451865]  ? vma_is_stack_for_current+0xc0/0xc0
[  401.456712]  ksys_mmap_pgoff+0x298/0x5a0
[  401.460792]  ? find_mergeable_anon_vma+0x260/0x260
[  401.465737]  ? do_syscall_64+0xb1/0x620
[  401.469764]  do_syscall_64+0xf9/0x620
[  401.473599]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  401.478836] RIP: 0033:0x45e219
[  401.482032] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  401.501234] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:37 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x28000000)

01:13:37 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x4000000000000, 0x0)

[  401.508957] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  401.516281] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  401.523545] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  401.530812] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000020
[  401.538095] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:37 executing program 4 (fault-call:4 fault-nth:23):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:37 executing program 0 (fault-call:4 fault-nth:33):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:37 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000", 0x7, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:37 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2a000000)

[  401.753550] FAULT_INJECTION: forcing a failure.
[  401.753550] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  401.776836] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 0)!
[  401.783186] FAULT_INJECTION: forcing a failure.
[  401.783186] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  401.807929] CPU: 0 PID: 26061 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  401.814345] EXT4-fs (loop5): group descriptors corrupted!
[  401.816101] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  401.816108] Call Trace:
[  401.816132]  dump_stack+0x1fc/0x2fe
[  401.816157]  should_fail.cold+0xa/0x14
[  401.816179]  ? lock_acquire+0x170/0x3c0
[  401.845324]  ? setup_fault_attr+0x200/0x200
[  401.849698]  __alloc_pages_nodemask+0x239/0x2890
[  401.854486]  ? __kernel_text_address+0x9/0x30
[  401.859001]  ? mark_held_locks+0xa6/0xf0
[  401.863109]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  401.867973]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  401.872741]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  401.877471]  ? rcu_nmi_exit+0xb3/0x180
[  401.881375]  ? retint_kernel+0x2d/0x2d
[  401.885290]  perf_mmap_alloc_page+0x58/0xd0
[  401.889623]  rb_alloc+0x138/0x500
[  401.893089]  perf_mmap+0xff9/0x1810
[  401.897345]  ? perf_release+0x40/0x40
[  401.901201]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  401.906345]  mmap_region+0xc94/0x16b0
[  401.908005] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  401.910188]  ? vm_munmap+0x140/0x140
[  401.910207]  ? do_mmap+0x298/0x1080
[  401.910225]  do_mmap+0x8e8/0x1080
[  401.910247]  vm_mmap_pgoff+0x197/0x200
[  401.910266]  ? vma_is_stack_for_current+0xc0/0xc0
[  401.938146]  ? do_dup2+0x450/0x450
[  401.943366]  ksys_mmap_pgoff+0x298/0x5a0
[  401.947486]  ? find_mergeable_anon_vma+0x260/0x260
[  401.952654]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  401.958911]  ? trace_hardirqs_off_caller+0x6e/0x210
[  401.963968]  ? do_syscall_64+0x21/0x620
[  401.967966]  do_syscall_64+0xf9/0x620
[  401.971797]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  401.977019] RIP: 0033:0x45e219
[  401.980220] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  401.999665] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  402.007505] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  402.014799] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  402.023042] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  402.030327] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000021
[  402.037634] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  402.053667] CPU: 1 PID: 26066 Comm: syz-executor.4 Not tainted 4.19.166-syzkaller #0
[  402.061751] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.071116] Call Trace:
[  402.073719]  dump_stack+0x1fc/0x2fe
[  402.077363]  should_fail.cold+0xa/0x14
[  402.081257]  ? setup_fault_attr+0x200/0x200
[  402.085596]  __alloc_pages_nodemask+0x239/0x2890
[  402.090655]  ? __kernel_text_address+0x9/0x30
[  402.095157]  ? mark_held_locks+0xf0/0xf0
[  402.099231]  ? __save_stack_trace+0xaf/0x190
[  402.103662]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  402.109117]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  402.113973]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  402.118576]  ? rcu_nmi_exit+0xb3/0x180
[  402.122466]  ? retint_kernel+0x2d/0x2d
[  402.126380]  ? rb_alloc+0x122/0x500
[  402.130015]  perf_mmap_alloc_page+0x58/0xd0
[  402.134340]  rb_alloc+0x138/0x500
[  402.138068]  perf_mmap+0xff9/0x1810
[  402.141703]  ? perf_release+0x40/0x40
[  402.145601]  ? mmap_region+0xa3b/0x16b0
[  402.149584]  mmap_region+0xc94/0x16b0
[  402.153399]  ? vm_munmap+0x140/0x140
[  402.157117]  ? get_unmapped_area+0x294/0x3c0
[  402.161549]  do_mmap+0x8e8/0x1080
[  402.165033]  vm_mmap_pgoff+0x197/0x200
[  402.168931]  ? vma_is_stack_for_current+0xc0/0xc0
[  402.173785]  ? do_dup2+0x450/0x450
[  402.177438]  ? rcu_nmi_exit+0xb3/0x180
[  402.181378]  ksys_mmap_pgoff+0x298/0x5a0
[  402.185458]  ? find_mergeable_anon_vma+0x260/0x260
[  402.190569]  ? do_syscall_64+0xbf/0x620
[  402.194549]  ? __x64_sys_mmap+0x69/0x1b0
[  402.198625]  do_syscall_64+0xf9/0x620
[  402.202440]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  402.207635] RIP: 0033:0x45e219
[  402.211267] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  402.230173] RSP: 002b:00007f7f77544c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  402.237899] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  402.245186] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  402.252474] RBP: 00007f7f77544ca0 R08: 0000000000000005 R09: 0000000000000000
01:13:38 executing program 0 (fault-call:4 fault-nth:34):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  402.260200] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000017
[  402.267484] R13: 00007ffd4d3aabcf R14: 00007f7f775459c0 R15: 000000000119bf8c
[  402.290866] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:38 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000", 0x7, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:38 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x20000000000000, 0x0)

[  402.393287] FAULT_INJECTION: forcing a failure.
[  402.393287] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  402.429599] CPU: 0 PID: 26089 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  402.437530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  402.446902] Call Trace:
[  402.449506]  dump_stack+0x1fc/0x2fe
[  402.453146]  should_fail.cold+0xa/0x14
[  402.457057]  ? lock_acquire+0x170/0x3c0
[  402.461042]  ? setup_fault_attr+0x200/0x200
[  402.465403]  __alloc_pages_nodemask+0x239/0x2890
[  402.470173]  ? mark_held_locks+0xa6/0xf0
[  402.474267]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  402.479043]  ? mark_held_locks+0xa6/0xf0
[  402.483142]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  402.487996]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  402.492591]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  402.497359]  ? rcu_nmi_exit+0xb3/0x180
[  402.501277]  ? retint_kernel+0x2d/0x2d
[  402.505186]  ? perf_mmap_alloc_page+0x47/0xd0
[  402.509705]  perf_mmap_alloc_page+0x58/0xd0
[  402.514047]  rb_alloc+0x138/0x500
[  402.517600]  perf_mmap+0xff9/0x1810
[  402.521245]  ? perf_release+0x40/0x40
[  402.525055]  ? mmap_region+0xa3b/0x16b0
[  402.529042]  mmap_region+0xc94/0x16b0
[  402.532860]  ? vm_munmap+0x140/0x140
[  402.536584]  ? do_mmap+0xac3/0x1080
[  402.540236]  do_mmap+0x8e8/0x1080
[  402.543714]  vm_mmap_pgoff+0x197/0x200
[  402.547613]  ? vma_is_stack_for_current+0xc0/0xc0
[  402.552459]  ? do_dup2+0x450/0x450
[  402.556011]  ksys_mmap_pgoff+0x298/0x5a0
[  402.560081]  ? find_mergeable_anon_vma+0x260/0x260
[  402.565023]  do_syscall_64+0xf9/0x620
[  402.568838]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  402.574037] RIP: 0033:0x45e219
01:13:38 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8bffffff, 0x0)

[  402.577233] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  402.596162] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  402.603890] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  402.611193] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  402.618559] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  402.625855] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000022
[  402.633133] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:38 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  402.700921] EXT4-fs (loop5): ext4_check_descriptors: Inode table for group 0 not in group (block 0)!
[  402.715445] EXT4-fs (loop5): group descriptors corrupted!
01:13:38 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2c000000)

01:13:38 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000002300", 0xa, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:38 executing program 0 (fault-call:4 fault-nth:35):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  402.788990] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:38 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x40000000000000, 0x0)

[  402.889341] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  402.964217] FAULT_INJECTION: forcing a failure.
[  402.964217] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:39 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x8cffffff, 0x0)

[  403.025479] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  403.046755] CPU: 1 PID: 26132 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  403.054694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  403.064067] Call Trace:
[  403.066675]  dump_stack+0x1fc/0x2fe
[  403.070328]  should_fail.cold+0xa/0x14
[  403.074235]  ? lock_acquire+0x170/0x3c0
[  403.078235]  ? setup_fault_attr+0x200/0x200
[  403.082592]  __alloc_pages_nodemask+0x239/0x2890
[  403.087364]  ? rcu_nmi_exit+0xb3/0x180
[  403.087545] Quota error (device loop5): write_blk: dquota write failed
[  403.091281]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  403.091297]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  403.091314]  ? rcu_nmi_exit+0xb3/0x180
[  403.091340]  ? __alloc_pages_nodemask+0x29a/0x2890
[  403.116484]  perf_mmap_alloc_page+0x58/0xd0
[  403.120820]  rb_alloc+0x138/0x500
[  403.124331]  perf_mmap+0xff9/0x1810
[  403.127978]  ? perf_release+0x40/0x40
[  403.129410] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  403.131970]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  403.131994]  mmap_region+0xc94/0x16b0
[  403.132018]  ? vm_munmap+0x140/0x140
[  403.132034]  ? do_mmap+0xac3/0x1080
[  403.157279]  do_mmap+0x8e8/0x1080
[  403.161019]  vm_mmap_pgoff+0x197/0x200
[  403.164929]  ? vma_is_stack_for_current+0xc0/0xc0
[  403.169793]  ? do_dup2+0x450/0x450
[  403.173804]  ? wait_for_completion_io+0x10/0x10
[  403.178489]  ? vfs_write+0x393/0x540
[  403.182257]  ksys_mmap_pgoff+0x298/0x5a0
[  403.186339]  ? find_mergeable_anon_vma+0x260/0x260
[  403.191548]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  403.196954]  ? trace_hardirqs_off_caller+0x6e/0x210
[  403.201994]  ? do_syscall_64+0x21/0x620
[  403.206078]  do_syscall_64+0xf9/0x620
[  403.209907]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  403.215117] RIP: 0033:0x45e219
[  403.218312] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  403.237323] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  403.245043] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  403.253381] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  403.261633] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  403.268928] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000023
01:13:39 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x2e000000)

[  403.276221] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:39 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000002300", 0xa, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:39 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400004, 0x1, 0x2011, r1, 0x0)

[  403.329831] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:39 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x30000000)

01:13:39 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x80000000000000, 0x0)

01:13:39 executing program 0 (fault-call:4 fault-nth:36):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

[  403.525894] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  403.539838] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  403.655124] FAULT_INJECTION: forcing a failure.
[  403.655124] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:39 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="03000000130000002300", 0xa, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  403.696826] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  403.714504] CPU: 0 PID: 26196 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  403.722512] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  403.731878] Call Trace:
[  403.734507]  dump_stack+0x1fc/0x2fe
[  403.738958]  should_fail.cold+0xa/0x14
[  403.743218]  ? lock_acquire+0x170/0x3c0
[  403.747210]  ? setup_fault_attr+0x200/0x200
[  403.751552]  __alloc_pages_nodemask+0x239/0x2890
[  403.756333]  ? __kernel_text_address+0x9/0x30
[  403.761190]  ? mark_held_locks+0xf0/0xf0
[  403.766255]  ? __save_stack_trace+0xaf/0x190
[  403.770695]  ? mark_held_locks+0xa6/0xf0
[  403.774764]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  403.779729]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  403.784582]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  403.789428]  ? retint_kernel+0x2d/0x2d
[  403.793456]  ? __cpu_to_node+0x1f/0xa0
[  403.797364]  ? __sanitizer_cov_trace_pc+0x44/0x50
[  403.802428]  perf_mmap_alloc_page+0x58/0xd0
[  403.806848]  rb_alloc+0x138/0x500
[  403.810334]  perf_mmap+0xff9/0x1810
[  403.813984]  ? perf_release+0x40/0x40
[  403.817803]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  403.823104]  mmap_region+0xc94/0x16b0
[  403.826959]  ? vm_munmap+0x140/0x140
[  403.830700]  ? do_mmap+0x44b/0x1080
[  403.834442]  do_mmap+0x8e8/0x1080
[  403.842023]  vm_mmap_pgoff+0x197/0x200
[  403.846038]  ? vma_is_stack_for_current+0xc0/0xc0
[  403.850900]  ? do_dup2+0x450/0x450
[  403.854475]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  403.859265]  ksys_mmap_pgoff+0x298/0x5a0
[  403.863392]  ? find_mergeable_anon_vma+0x260/0x260
[  403.868335]  ? do_syscall_64+0xbf/0x620
[  403.872318]  do_syscall_64+0xf9/0x620
[  403.876135]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  403.882391] RIP: 0033:0x45e219
[  403.885672] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  404.050584] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  404.058305] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  404.065685] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  404.073746] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  404.081118] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000024
[  404.088403] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:40 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xc8030000, 0x0)

01:13:40 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x32000000)

01:13:40 executing program 0 (fault-call:4 fault-nth:37):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:40 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x100000000000000, 0x0)

01:13:40 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x2, 0x2011, r1, 0x0)

[  404.314522] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  404.366008] FAULT_INJECTION: forcing a failure.
[  404.366008] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  404.406452] Quota error (device loop5): write_blk: dquota write failed
[  404.578831] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  404.666148] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  404.702942] CPU: 0 PID: 26229 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  404.710895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  404.720441] Call Trace:
[  404.723044]  dump_stack+0x1fc/0x2fe
[  404.726398] Quota error (device loop5): qtree_write_dquot: Error -28 occurred while creating quota
[  404.726680]  should_fail.cold+0xa/0x14
[  404.739718]  ? lock_acquire+0x170/0x3c0
[  404.743708]  ? setup_fault_attr+0x200/0x200
[  404.748058]  __alloc_pages_nodemask+0x239/0x2890
[  404.752831]  ? retint_kernel+0x2d/0x2d
[  404.756748]  ? mark_held_locks+0xa6/0xf0
[  404.762395]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  404.767174]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  404.772041]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  404.776826]  ? retint_kernel+0x2d/0x2d
[  404.780735]  ? __cpu_to_node+0x1f/0xa0
[  404.786555]  ? __cpu_to_node+0x62/0xa0
[  404.790475]  perf_mmap_alloc_page+0x58/0xd0
[  404.794828]  rb_alloc+0x138/0x500
[  404.798303]  ? perf_mmap+0xbac/0x1810
[  404.802126]  perf_mmap+0xff9/0x1810
[  404.805778]  ? perf_release+0x40/0x40
[  404.811425]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  404.816473]  mmap_region+0xc94/0x16b0
[  404.820335]  ? vm_munmap+0x140/0x140
[  404.824088]  ? get_unmapped_area+0x294/0x3c0
[  404.828536]  do_mmap+0x8e8/0x1080
[  404.832020]  vm_mmap_pgoff+0x197/0x200
[  404.835943]  ? vma_is_stack_for_current+0xc0/0xc0
[  404.840810]  ? do_dup2+0x450/0x450
[  404.844396]  ? wait_for_completion_io+0x10/0x10
[  404.849089]  ? vfs_write+0x393/0x540
[  404.852834]  ksys_mmap_pgoff+0x298/0x5a0
[  404.856920]  ? find_mergeable_anon_vma+0x260/0x260
[  404.861977]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  404.867368]  ? trace_hardirqs_off_caller+0x6e/0x210
[  404.872411]  ? do_syscall_64+0x21/0x620
[  404.876413]  do_syscall_64+0xf9/0x620
[  404.880234]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  404.885439] RIP: 0033:0x45e219
[  404.888649] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  404.908083] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:40 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe0ffffff, 0x0)

[  404.915809] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  404.923229] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  404.930518] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  404.937803] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000025
[  404.945088] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:41 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000", 0xc, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:41 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x34000000)

01:13:41 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x3, 0x2011, r1, 0x0)

01:13:41 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x200000000000000, 0x0)

01:13:41 executing program 0 (fault-call:4 fault-nth:38):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:41 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x36000000)

[  405.195126] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  405.220614] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
01:13:41 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xe4ffffff, 0x0)

01:13:41 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000", 0xc, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  405.330928] FAULT_INJECTION: forcing a failure.
[  405.330928] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  405.350682] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  405.390738] CPU: 0 PID: 26295 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  405.398661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  405.408036] Call Trace:
[  405.410652]  dump_stack+0x1fc/0x2fe
[  405.414315]  should_fail.cold+0xa/0x14
[  405.418211]  ? lock_acquire+0x170/0x3c0
[  405.422200]  ? setup_fault_attr+0x200/0x200
[  405.426540]  __alloc_pages_nodemask+0x239/0x2890
[  405.431301]  ? retint_kernel+0x2d/0x2d
[  405.435194]  ? mark_held_locks+0xf0/0xf0
[  405.439272]  ? mark_held_locks+0xa6/0xf0
[  405.443339]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  405.448192]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  405.452782]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  405.457548]  ? rcu_nmi_exit+0xb3/0x180
[  405.461439]  ? retint_kernel+0x2d/0x2d
[  405.465345]  ? perf_mmap_alloc_page+0x2f/0xd0
[  405.469872]  perf_mmap_alloc_page+0x58/0xd0
[  405.474204]  rb_alloc+0x138/0x500
[  405.477700]  perf_mmap+0xff9/0x1810
[  405.481345]  ? perf_release+0x40/0x40
[  405.485153]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  405.490206]  mmap_region+0xc94/0x16b0
[  405.494024]  ? vm_munmap+0x140/0x140
[  405.497747]  ? do_mmap+0xac3/0x1080
[  405.501382]  do_mmap+0x8e8/0x1080
[  405.504862]  vm_mmap_pgoff+0x197/0x200
[  405.508764]  ? vma_is_stack_for_current+0xc0/0xc0
[  405.513615]  ? do_dup2+0x450/0x450
[  405.517161]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  405.521932]  ksys_mmap_pgoff+0x298/0x5a0
[  405.526018]  ? find_mergeable_anon_vma+0x260/0x260
[  405.530965]  do_syscall_64+0xf9/0x620
[  405.534773]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  405.539978] RIP: 0033:0x45e219
[  405.543171] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  405.562079] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  405.569794] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  405.577078] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  405.584458] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  405.591736] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000026
[  405.599016] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:41 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x38000000)

01:13:41 executing program 0 (fault-call:4 fault-nth:39):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:41 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x300000000000000, 0x0)

[  405.749083] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:41 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf4ffffff, 0x0)

01:13:41 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3a000000)

01:13:41 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x4, 0x2011, r1, 0x0)

[  405.869156] FAULT_INJECTION: forcing a failure.
[  405.869156] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  405.894877] CPU: 0 PID: 26333 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  405.902810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  405.912182] Call Trace:
[  405.914787]  dump_stack+0x1fc/0x2fe
[  405.918433]  should_fail.cold+0xa/0x14
[  405.922330]  ? setup_fault_attr+0x200/0x200
[  405.926663]  __alloc_pages_nodemask+0x239/0x2890
[  405.931429]  ? io_schedule_timeout+0x140/0x140
[  405.936022]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  405.941007]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  405.945888]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  405.950471]  ? rcu_nmi_exit+0xb3/0x180
[  405.954371]  ? retint_kernel+0x2d/0x2d
[  405.958291]  perf_mmap_alloc_page+0x58/0xd0
[  405.962619]  rb_alloc+0x138/0x500
[  405.966076]  perf_mmap+0xff9/0x1810
[  405.969701]  ? perf_release+0x40/0x40
[  405.973530]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  405.978565]  mmap_region+0xc94/0x16b0
[  405.982490]  ? vm_munmap+0x140/0x140
[  405.986211]  ? path_noexec+0xc/0xf0
[  405.989886]  ? path_noexec+0x4e/0xf0
[  405.993618]  do_mmap+0x8e8/0x1080
[  405.997080]  vm_mmap_pgoff+0x197/0x200
[  406.001014]  ? vma_is_stack_for_current+0xc0/0xc0
[  406.005861]  ? do_dup2+0x450/0x450
[  406.009409]  ksys_mmap_pgoff+0x298/0x5a0
[  406.013477]  ? find_mergeable_anon_vma+0x260/0x260
[  406.018419]  do_syscall_64+0xf9/0x620
[  406.022244]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  406.027458] RIP: 0033:0x45e219
[  406.030665] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  406.049575] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  406.057285] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  406.064573] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  406.071841] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  406.079109] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000027
[  406.086398] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
[  406.168481] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  406.206249] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:42 executing program 0 (fault-call:4 fault-nth:40):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:42 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000", 0xc, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  406.323691] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  406.373384] FAULT_INJECTION: forcing a failure.
[  406.373384] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  406.400748] CPU: 0 PID: 26365 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  406.408705] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  406.418076] Call Trace:
[  406.420690]  dump_stack+0x1fc/0x2fe
[  406.424339]  should_fail.cold+0xa/0x14
[  406.428768]  ? lock_acquire+0x170/0x3c0
[  406.432761]  ? setup_fault_attr+0x200/0x200
[  406.437294]  __alloc_pages_nodemask+0x239/0x2890
[  406.442067]  ? __kernel_text_address+0x9/0x30
[  406.446606]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  406.451462]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  406.456232]  ? rcu_nmi_exit+0xb3/0x180
[  406.460148]  ? __alloc_pages_nodemask+0x29a/0x2890
[  406.465088]  perf_mmap_alloc_page+0x58/0xd0
[  406.469414]  rb_alloc+0x138/0x500
[  406.472876]  perf_mmap+0xff9/0x1810
[  406.476512]  ? perf_release+0x40/0x40
[  406.480320]  ? mmap_region+0xbe8/0x16b0
[  406.484298]  ? mmap_region+0xda8/0x16b0
[  406.488279]  mmap_region+0xc94/0x16b0
[  406.492095]  ? vm_munmap+0x140/0x140
[  406.495813]  ? can_do_mlock+0x87/0xa0
[  406.499621]  ? __sanitizer_cov_trace_pc+0x1c/0x50
[  406.504473]  do_mmap+0x8e8/0x1080
[  406.507941]  vm_mmap_pgoff+0x197/0x200
[  406.511848]  ? vma_is_stack_for_current+0xc0/0xc0
[  406.516721]  ? do_dup2+0x450/0x450
[  406.520294]  ksys_mmap_pgoff+0x298/0x5a0
[  406.524537]  ? find_mergeable_anon_vma+0x260/0x260
[  406.529472]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  406.534858]  ? trace_hardirqs_off_caller+0x6e/0x210
[  406.539880]  ? do_syscall_64+0x21/0x620
[  406.543860]  do_syscall_64+0xf9/0x620
[  406.547668]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  406.552880] RIP: 0033:0x45e219
01:13:42 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf5ffffff, 0x0)

01:13:42 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x400000000000000, 0x0)

[  406.556071] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  406.574981] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  406.582700] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  406.589971] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  406.598384] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  406.605656] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000028
[  406.612931] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:42 executing program 0 (fault-call:4 fault-nth:41):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:42 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x500, 0x2011, r1, 0x0)

01:13:42 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3c000000)

[  406.792850] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  406.805577] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
01:13:43 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  406.896807] FAULT_INJECTION: forcing a failure.
[  406.896807] name fail_page_alloc, interval 1, probability 0, space 0, times 0
01:13:43 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xf6ffffff, 0x0)

01:13:43 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x3e000000)

[  406.956451] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  406.962700] CPU: 0 PID: 26398 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  406.972519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  406.981915] Call Trace:
[  406.984524]  dump_stack+0x1fc/0x2fe
[  406.988197]  should_fail.cold+0xa/0x14
[  406.992098]  ? lock_acquire+0x170/0x3c0
[  406.996083]  ? setup_fault_attr+0x200/0x200
[  407.000440]  __alloc_pages_nodemask+0x239/0x2890
[  407.005215]  ? _raw_spin_unlock_irq+0x5a/0x80
[  407.009701]  ? finish_task_switch+0x146/0x760
[  407.014185]  ? finish_task_switch+0x118/0x760
[  407.018686]  ? switch_mm_irqs_off+0x764/0x1340
[  407.023260]  ? rcu_nmi_exit+0xb3/0x180
[  407.027181]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  407.032017]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  407.036766]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  407.041410]  ? rcu_nmi_exit+0xb3/0x180
[  407.045304]  ? retint_kernel+0x2d/0x2d
[  407.049242]  perf_mmap_alloc_page+0x58/0xd0
[  407.053591]  rb_alloc+0x138/0x500
[  407.057048]  perf_mmap+0xff9/0x1810
[  407.060702]  ? perf_release+0x40/0x40
[  407.064516]  ? mmap_region+0xdf1/0x16b0
[  407.068502]  ? check_memory_region+0xcb/0x170
[  407.072990]  mmap_region+0xc94/0x16b0
[  407.076790]  ? vm_munmap+0x140/0x140
[  407.080501]  ? can_do_mlock+0x8/0xa0
[  407.084207]  do_mmap+0x8e8/0x1080
[  407.087679]  vm_mmap_pgoff+0x197/0x200
[  407.091564]  ? vma_is_stack_for_current+0xc0/0xc0
[  407.096407]  ? do_dup2+0x450/0x450
[  407.099949]  ? wait_for_completion_io+0x10/0x10
[  407.104628]  ? vfs_write+0x393/0x540
[  407.108339]  ksys_mmap_pgoff+0x298/0x5a0
[  407.112419]  ? find_mergeable_anon_vma+0x260/0x260
[  407.117346]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  407.122703]  ? trace_hardirqs_off_caller+0x6e/0x210
[  407.127726]  ? do_syscall_64+0x21/0x620
[  407.131689]  do_syscall_64+0xf9/0x620
[  407.135501]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  407.140688] RIP: 0033:0x45e219
01:13:43 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x7)

[  407.143879] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  407.162801] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  407.170517] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  407.177775] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  407.185032] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  407.192397] R10: 0000000000002011 R11: 0000000000000246 R12: 0000000000000029
[  407.199659] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:43 executing program 0 (fault-call:4 fault-nth:42):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:43 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x500000000000000, 0x0)

01:13:43 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x1c)

[  407.358148] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
01:13:43 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x40000000)

[  407.403187] EXT4-fs (loop5): group descriptors corrupted!
[  407.406477] FAULT_INJECTION: forcing a failure.
[  407.406477] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  407.438030] CPU: 1 PID: 26435 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  407.445971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  407.455336] Call Trace:
[  407.458022]  dump_stack+0x1fc/0x2fe
[  407.461703]  should_fail.cold+0xa/0x14
[  407.465634]  ? lock_acquire+0x170/0x3c0
[  407.469645]  ? setup_fault_attr+0x200/0x200
[  407.474084]  __alloc_pages_nodemask+0x239/0x2890
[  407.478860]  ? __kernel_text_address+0x9/0x30
[  407.483632]  ? mark_held_locks+0xf0/0xf0
[  407.487713]  ? __save_stack_trace+0xaf/0x190
[  407.492152]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  407.496987]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  407.501920]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  407.506538]  ? rcu_nmi_exit+0xb3/0x180
[  407.510419]  ? retint_kernel+0x2d/0x2d
[  407.514561]  perf_mmap_alloc_page+0x58/0xd0
[  407.518886]  rb_alloc+0x138/0x500
[  407.522346]  perf_mmap+0xff9/0x1810
[  407.525978]  ? perf_release+0x40/0x40
[  407.529768]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  407.534791]  mmap_region+0xc94/0x16b0
[  407.538603]  ? vm_munmap+0x140/0x140
[  407.542309]  ? path_noexec+0xc/0xf0
[  407.545951]  ? path_noexec+0x43/0xf0
[  407.549669]  do_mmap+0x8e8/0x1080
[  407.553120]  vm_mmap_pgoff+0x197/0x200
[  407.557010]  ? vma_is_stack_for_current+0xc0/0xc0
[  407.561858]  ? do_dup2+0x450/0x450
[  407.565411]  ksys_mmap_pgoff+0x298/0x5a0
[  407.569477]  ? find_mergeable_anon_vma+0x260/0x260
[  407.574404]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  407.579772]  ? trace_hardirqs_off_caller+0x6e/0x210
[  407.584806]  ? do_syscall_64+0x21/0x620
[  407.588869]  do_syscall_64+0xf9/0x620
[  407.592673]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  407.597866] RIP: 0033:0x45e219
[  407.601071] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  407.619974] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  407.627676] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  407.635064] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  407.642362] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  407.649673] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000002a
[  407.656947] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:43 executing program 0 (fault-call:4 fault-nth:43):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:43 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

[  407.760376] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  407.776709] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
01:13:43 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x1d)

01:13:43 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x43000000)

[  407.848572] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
[  407.880242] EXT4-fs (loop5): group descriptors corrupted!
01:13:44 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x600000000000000, 0x0)

[  407.929313] FAULT_INJECTION: forcing a failure.
[  407.929313] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  407.965123] CPU: 0 PID: 26470 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  407.973070] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  407.982437] Call Trace:
[  407.985040]  dump_stack+0x1fc/0x2fe
[  407.988679]  should_fail.cold+0xa/0x14
[  407.992592]  ? lock_acquire+0x170/0x3c0
[  407.996579]  ? setup_fault_attr+0x200/0x200
[  408.000926]  __alloc_pages_nodemask+0x239/0x2890
[  408.005718]  ? retint_kernel+0x2d/0x2d
[  408.009634]  ? mark_held_locks+0xf0/0xf0
[  408.013717]  ? mark_held_locks+0xa6/0xf0
[  408.017787]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  408.022553]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  408.027419]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  408.032205]  ? retint_kernel+0x2d/0x2d
[  408.036110]  ? __cpu_to_node+0xc/0xa0
[  408.039919]  ? __sanitizer_cov_trace_pc+0x37/0x50
[  408.044771]  perf_mmap_alloc_page+0x58/0xd0
[  408.049115]  rb_alloc+0x138/0x500
[  408.052577]  perf_mmap+0xff9/0x1810
[  408.056218]  ? perf_release+0x40/0x40
[  408.060043]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  408.065073]  mmap_region+0xc94/0x16b0
[  408.068893]  ? vm_munmap+0x140/0x140
[  408.072623]  ? get_unmapped_area+0x294/0x3c0
[  408.077064]  do_mmap+0x8e8/0x1080
[  408.080538]  vm_mmap_pgoff+0x197/0x200
[  408.084440]  ? vma_is_stack_for_current+0xc0/0xc0
[  408.089293]  ? ksys_mmap_pgoff+0x12e/0x5a0
[  408.093537]  ksys_mmap_pgoff+0x298/0x5a0
[  408.097609]  ? find_mergeable_anon_vma+0x260/0x260
[  408.102543]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  408.108024]  ? trace_hardirqs_off_caller+0x6e/0x210
[  408.113047]  ? do_syscall_64+0x21/0x620
[  408.117026]  do_syscall_64+0xf9/0x620
[  408.120838]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  408.126029] RIP: 0033:0x45e219
[  408.129224] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  408.148220] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  408.155935] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  408.163228] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  408.170499] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
01:13:44 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xfeffffff, 0x0)

01:13:44 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x8, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:44 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x104)

[  408.177769] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000002b
[  408.185044] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:44 executing program 0 (fault-call:4 fault-nth:44):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:44 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x45000000)

01:13:44 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x700)

[  408.334753] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  408.384167] EXT4-fs (loop5): ext4_check_descriptors: Block bitmap for group 0 not in group (block 0)!
01:13:44 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x700000000000000, 0x0)

[  408.428332] FAULT_INJECTION: forcing a failure.
[  408.428332] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  408.432286] EXT4-fs (loop5): group descriptors corrupted!
[  408.461630] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
[  408.465340] CPU: 1 PID: 26509 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  408.477747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  408.487119] Call Trace:
[  408.489753]  dump_stack+0x1fc/0x2fe
[  408.493402]  should_fail.cold+0xa/0x14
[  408.497309]  ? lock_acquire+0x170/0x3c0
[  408.501303]  ? setup_fault_attr+0x200/0x200
[  408.505694]  __alloc_pages_nodemask+0x239/0x2890
[  408.510492]  ? mark_held_locks+0xa6/0xf0
[  408.514583]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  408.519376]  ? mark_held_locks+0xa6/0xf0
[  408.523596]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  408.528593]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  408.533225]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  408.538016]  ? rcu_nmi_exit+0xb3/0x180
[  408.541936]  ? retint_kernel+0x2d/0x2d
[  408.545851]  ? perf_mmap_alloc_page+0x17/0xd0
[  408.550369]  ? perf_mmap_alloc_page+0x97/0xd0
[  408.554892]  perf_mmap_alloc_page+0x58/0xd0
[  408.559488]  rb_alloc+0x138/0x500
[  408.562988]  perf_mmap+0xff9/0x1810
[  408.566759]  ? perf_release+0x40/0x40
[  408.570580]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  408.575626]  mmap_region+0xc94/0x16b0
[  408.579470]  ? vm_munmap+0x140/0x140
[  408.583242]  ? get_unmapped_area+0x294/0x3c0
[  408.587681]  do_mmap+0x8e8/0x1080
[  408.591188]  vm_mmap_pgoff+0x197/0x200
[  408.595115]  ? vma_is_stack_for_current+0xc0/0xc0
[  408.599992]  ? do_dup2+0x450/0x450
[  408.603548]  ? wait_for_completion_io+0x10/0x10
[  408.608235]  ? vfs_write+0x393/0x540
[  408.611974]  ksys_mmap_pgoff+0x298/0x5a0
[  408.616058]  ? find_mergeable_anon_vma+0x260/0x260
[  408.621008]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  408.626557]  ? trace_hardirqs_off_caller+0x6e/0x210
[  408.631603]  ? do_syscall_64+0x21/0x620
[  408.635604]  do_syscall_64+0xf9/0x620
[  408.639440]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  408.644644] RIP: 0033:0x45e219
[  408.647863] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  408.666786] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
01:13:44 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x1c00)

[  408.674517] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  408.681835] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  408.689117] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  408.696451] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000002c
[  408.703745] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:44 executing program 0 (fault-call:4 fault-nth:45):
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x0)

01:13:44 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x47000000)

01:13:44 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff010000, 0x0)

01:13:44 executing program 5:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x7, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x0, 0x0)

01:13:45 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x1d00)

[  408.941211] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue
[  408.941466] FAULT_INJECTION: forcing a failure.
[  408.941466] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  408.978876] CPU: 0 PID: 26545 Comm: syz-executor.0 Not tainted 4.19.166-syzkaller #0
[  408.986799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  408.996188] Call Trace:
[  408.998809]  dump_stack+0x1fc/0x2fe
[  409.002445]  should_fail.cold+0xa/0x14
[  409.006336]  ? lock_acquire+0x170/0x3c0
[  409.010325]  ? setup_fault_attr+0x200/0x200
[  409.014661]  __alloc_pages_nodemask+0x239/0x2890
[  409.019425]  ? retint_kernel+0x2d/0x2d
[  409.023323]  ? mark_held_locks+0xf0/0xf0
[  409.027390]  ? mark_held_locks+0xa6/0xf0
[  409.031451]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  409.036217]  ? gfp_pfmemalloc_allowed+0x150/0x150
[  409.041061]  ? trace_hardirqs_on_thunk+0x1a/0x1c
[  409.045825]  ? retint_kernel+0x2d/0x2d
[  409.049724]  ? __cpu_to_node+0xc/0xa0
[  409.053539]  ? __cpu_to_node+0x14/0xa0
[  409.057434]  perf_mmap_alloc_page+0x58/0xd0
[  409.061761]  rb_alloc+0x138/0x500
[  409.065227]  perf_mmap+0xff9/0x1810
[  409.069395]  ? perf_release+0x40/0x40
[  409.073199]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  409.078404]  mmap_region+0xc94/0x16b0
[  409.082225]  ? vm_munmap+0x140/0x140
[  409.085948]  do_mmap+0x8e8/0x1080
[  409.089413]  vm_mmap_pgoff+0x197/0x200
[  409.093310]  ? vma_is_stack_for_current+0xc0/0xc0
[  409.098178]  ? do_dup2+0x450/0x450
[  409.101738]  ? wait_for_completion_io+0x10/0x10
[  409.106413]  ? vfs_write+0x393/0x540
[  409.110133]  ksys_mmap_pgoff+0x298/0x5a0
[  409.114203]  ? find_mergeable_anon_vma+0x260/0x260
[  409.119142]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  409.124536]  ? trace_hardirqs_off_caller+0x6e/0x210
[  409.129569]  ? do_syscall_64+0x21/0x620
[  409.133548]  do_syscall_64+0xf9/0x620
[  409.137459]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  409.142655] RIP: 0033:0x45e219
[  409.145857] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  409.165116] RSP: 002b:00007f0b65dd2c68 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  409.172837] RAX: ffffffffffffffda RBX: 0000000000000006 RCX: 000000000045e219
[  409.180108] RDX: 0000000000000001 RSI: 0000000000400002 RDI: 0000000020200000
[  409.188698] RBP: 00007f0b65dd2ca0 R08: 0000000000000005 R09: 0000000000000000
[  409.195973] R10: 0000000000002011 R11: 0000000000000246 R12: 000000000000002d
[  409.203357] R13: 00007ffdec8747df R14: 00007f0b65dd39c0 R15: 000000000119bf8c
01:13:45 executing program 1:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
write$nbd(0xffffffffffffffff, 0x0, 0x0)
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0x800000000000000, 0x0)

[  409.287921] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue
[  409.305623] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue
01:13:45 executing program 2:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000100)='./file0\x00', 0x40000, 0x9, &(0x7f0000000200)=[{&(0x7f0000010000)="20000000000100000c000000ce0000000f000000010000000000000000000000002000000020000020000000d7f4655fd7f4655f0100ffff53ef010001000000d7f4655f000000000000000001000000000000000b0000008000000008000000524700006201", 0x66, 0x400}, {&(0x7f0000010200)="010000000000050011", 0x9, 0x560}, {&(0x7f0000010300)="03", 0x1, 0x640}, {&(0x7f0000010400)="030000001300000023000000ce", 0xd, 0x800}, {&(0x7f0000010500)="fffffffffcff0700000000000000000000000000000000000000000000000080ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff", 0x400, 0xc00}, {&(0x7f0000011600)="504d4d00504d4dff", 0x8, 0x4400}, {&(0x7f0000011700)="111fc0d901000000803a0900803a09000000000006", 0x15, 0x4800}, {&(0x7f0000012b00)="ed41000000040000d7f4655fd7f4655fd7f4655f000000000000040002", 0x1d, 0x8c80}, {&(0x7f0000012c00)="8081000000180000d7f4655fd7f4655fd7f4655f00000000000001000c00000010000800000000000af303000400000000000000000000000100000012000000010000000100000018000000020000000400000014", 0x55, 0x8d00}], 0x0, &(0x7f0000000040)=ANY=[])
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
setresgid(0x0, 0x0, 0xffffffffffffffff)
getegid()
lsetxattr$trusted_overlay_upper(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='trusted.overlay.upper\x00', 0x0, 0xff0f0000, 0x0)

01:13:45 executing program 4:
perf_event_open(&(0x7f00000003c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
r0 = perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
r1 = memfd_create(&(0x7f0000000000), 0x0)
dup2(r0, r1)
mmap(&(0x7f0000200000/0x400000)=nil, 0x400002, 0x1, 0x2011, r1, 0x2020)

01:13:45 executing program 3:
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000040)="0f42", 0x2)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000000000/0x1000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x80000000fb]})
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
r4 = dup(r3)
ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200)
openat(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)
ioctl$KVM_NMI(r2, 0xae9a)
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380))
ioctl$KVM_RUN(r2, 0xae80, 0x49000000)

[  409.345769] EXT4-fs error (device loop5): ext4_mb_generate_buddy:744: group 0, block bitmap and bg descriptor inconsistent: 8192 vs 206 free clusters
[  409.390721] WARNING: CPU: 0 PID: 26563 at fs/ext4/xattr.c:1661 ext4_xattr_set_entry+0x2910/0x3690
[  409.400028] Kernel panic - not syncing: panic_on_warn set ...
[  409.400028] 
[  409.407412] CPU: 0 PID: 26563 Comm: syz-executor.5 Not tainted 4.19.166-syzkaller #0
[  409.415318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  409.424690] Call Trace:
[  409.428623]  dump_stack+0x1fc/0x2fe
[  409.432265]  panic+0x26a/0x50e
[  409.435473]  ? __warn_printk+0xf3/0xf3
[  409.439378]  ? ext4_xattr_set_entry+0x2910/0x3690
[  409.444233]  ? __probe_kernel_read+0x130/0x1b0
[  409.448827]  ? __warn.cold+0x5/0x61
[  409.452467]  ? ext4_xattr_set_entry+0x2910/0x3690
[  409.457326]  __warn.cold+0x20/0x61
[  409.460903]  ? ext4_xattr_set_entry+0x2910/0x3690
[  409.465757]  report_bug+0x262/0x2b0
[  409.469397]  do_error_trap+0x1d7/0x310
[  409.473290]  ? math_error+0x310/0x310
[  409.477099]  ? is_bpf_text_address+0xfc/0x1b0
[  409.481616]  ? kernel_text_address+0xbd/0xf0
[  409.486035]  ? __kernel_text_address+0x9/0x30
[  409.490543]  ? error_entry+0x72/0xd0
[  409.494269]  ? trace_hardirqs_off_caller+0x6e/0x210
[  409.499300]  ? trace_hardirqs_off_thunk+0x1a/0x1c
[  409.504160]  invalid_op+0x14/0x20
[  409.507625] RIP: 0010:ext4_xattr_set_entry+0x2910/0x3690
[  409.513084] Code: e8 b5 1a 72 ff 48 8b 7c 24 20 e8 5b e5 ce ff 4c 8b b4 24 20 01 00 00 48 c7 44 24 18 00 00 00 00 e9 b2 db ff ff e8 90 1a 72 ff <0f> 0b e9 fb e7 ff ff e8 84 1a 72 ff 48 8b 7c 24 18 e8 9a 8c f0 ff
[  409.532003] RSP: 0018:ffff88809256f3a8 EFLAGS: 00010216
[  409.537376] RAX: 0000000000040000 RBX: ffff8880a2d424e0 RCX: ffffc9001066e000
[  409.544654] RDX: 0000000000022b8c RSI: ffffffff81f2b680 RDI: 0000000000000007
[  409.551942] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000
[  409.559222] R10: 0000000000000007 R11: 0000000023f37d17 R12: 00000000000003dc
[  409.566503] R13: 0000000000000000 R14: 00000000ffffffc3 R15: 0000000000000001
[  409.573898]  ? ext4_xattr_set_entry+0x2910/0x3690
[  409.578775]  ? ext4_xattr_set_entry+0x2910/0x3690
[  409.583637]  ? lock_downgrade+0x720/0x720
[  409.587802]  ? debug_check_no_obj_freed+0xb5/0x482
[  409.592737]  ? should_fail+0x142/0x7b0
[  409.596626]  ? ext4_xattr_inode_get+0x680/0x680
[  409.601317]  ? setup_fault_attr+0x200/0x200
[  409.605668]  ? check_preemption_disabled+0x41/0x280
[  409.610695]  ? rcu_read_lock_sched_held+0x16c/0x1d0
[  409.616083]  ? __kmalloc+0x38e/0x3c0
[  409.619801]  ? ext4_xattr_block_set+0xe19/0x2eb0
[  409.624570]  ext4_xattr_block_set+0xf44/0x2eb0
[  409.629191]  ? ext4_xattr_ibody_set+0x2a0/0x2a0
[  409.633879]  ? __getblk_gfp+0x48/0x70
[  409.637704]  ? ext4_xattr_ibody_find+0x253/0x540
[  409.642508]  ? ext4_xattr_block_find+0x5c/0x6c0
[  409.647189]  ext4_xattr_set_handle+0x9c1/0xfa0
[  409.651792]  ? ext4_xattr_ibody_inline_set+0x2a0/0x2a0
[  409.657086]  ? __save_stack_trace+0x72/0x190
[  409.661521]  ? ext4_journal_check_start+0x185/0x220
[  409.666569]  ? ext4_get_nojournal+0x53/0xb0
[  409.674201]  ? __ext4_journal_start_sb+0x12d/0x3f0
[  409.679142]  ext4_xattr_set+0x135/0x2a0
[  409.683126]  ? ext4_xattr_set_credits+0x200/0x200
[  409.687991]  ? check_preemption_disabled+0x41/0x280
[  409.693035]  ? mark_held_locks+0xf0/0xf0
[  409.697107]  ? xattr_resolve_name+0x26e/0x3d0
[  409.701619]  ? ext4_get_inode_usage.cold+0x19/0x19
[  409.706553]  __vfs_setxattr+0x10e/0x170
[  409.710556]  ? xattr_resolve_name+0x3d0/0x3d0
[  409.715073]  ? evm_protect_xattr.constprop.0+0x99/0x3d0
[  409.720449]  __vfs_setxattr_noperm+0x11a/0x420
[  409.725211]  __vfs_setxattr_locked+0x176/0x250
[  409.729800]  vfs_setxattr+0xe5/0x270
[  409.733520]  ? __vfs_setxattr_locked+0x250/0x250
[  409.738281]  ? strncpy_from_user+0x2a2/0x350
[  409.742702]  setxattr+0x23d/0x330
[  409.746160]  ? vfs_setxattr+0x270/0x270
[  409.750277]  ? filename_lookup+0x3d5/0x5a0
[  409.754531]  ? __phys_addr_symbol+0x2c/0x70
[  409.758881]  ? __check_object_size+0x17b/0x3d1
[  409.763491]  ? check_preemption_disabled+0x41/0x280
[  409.768521]  ? preempt_count_add+0xaf/0x190
[  409.772847]  ? __mnt_want_write+0x22c/0x2c0
[  409.777179]  path_setxattr+0x170/0x190
[  409.781089]  ? __se_sys_fsetxattr+0x1b0/0x1b0
[  409.786054]  ? __se_sys_clock_gettime+0x124/0x1e0
[  409.790917]  ? entry_SYSCALL_64_after_hwframe+0x3e/0xbe
[  409.796297]  __x64_sys_lsetxattr+0xbd/0x150
[  409.800655]  ? lockdep_hardirqs_on+0x3a8/0x5c0
[  409.805252]  do_syscall_64+0xf9/0x620
[  409.809065]  entry_SYSCALL_64_after_hwframe+0x49/0xbe
[  409.814282] RIP: 0033:0x45e219
[  409.817492] Code: 0d b4 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b3 fb ff c3 66 2e 0f 1f 84 00 00 00 00
[  409.836607] RSP: 002b:00007f8bc0d8fc68 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd
[  409.844335] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000000045e219
[  409.851625] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 00000000200000c0
[  409.858902] RBP: 000000000119bfd0 R08: 0000000000000000 R09: 0000000000000000
[  409.866315] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000119bf8c
[  409.873613] R13: 00007fff3809f89f R14: 00007f8bc0d909c0 R15: 000000000119bf8c
[  409.881879] Kernel Offset: disabled
[  409.889445] Rebooting in 86400 seconds..