, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={<r2=>0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, r2, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.437749][ T9425]  loop4: p2 p3 p4
[  246.439098][ T9425] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  246.444061][ T9434] loop5: detected capacity change from 0 to 1
[  246.446883][ T9425] loop4: p3 start 225 is beyond EOD, truncated
[  246.448159][ T9425] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  246.454447][ T9439] loop1: detected capacity change from 0 to 1
[  246.457790][ T9434]  loop5: p2 p3 p4
[  246.458946][ T9434] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  246.460838][ T9434] loop5: p3 start 225 is beyond EOD, truncated
[  246.462078][ T9434] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  246.475317][ T9439]  loop1: p2 p3 p4
[  246.476651][ T9439] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  246.479624][ T9439] loop1: p3 start 225 is beyond EOD, truncated
[  246.480868][ T9439] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:45 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={<r2=>0x0, 0x1, 0x2000000401, 0x1})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r3=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, r2, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r3, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r3, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r3, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f000031e000)={0xa, 0x4e22, 0x6, @empty}, 0x1c)

[  246.529064][ T9478] loop2: detected capacity change from 0 to 1
01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={<r2=>0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, r2, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.567525][ T1032]  loop2: p2 p3 p4
[  246.568743][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  246.570387][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  246.571760][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  246.582763][ T9478]  loop2: p2 p3 p4
[  246.586821][ T9495] loop4: detected capacity change from 0 to 1
[  246.586824][ T9478] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  246.587765][ T9478] loop2: p3 start 225 is beyond EOD, truncated
[  246.590936][ T9478] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  246.609751][ T9504] loop5: detected capacity change from 0 to 1
01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f000031e000)={0xa, 0x4e22, 0x6, @empty}, 0x1c)

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 2:
socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.617707][ T9495]  loop4: p2 p3 p4
[  246.618943][ T9495] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  246.621161][ T9495] loop4: p3 start 225 is beyond EOD, truncated
[  246.622441][ T9495] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  246.649885][ T9519] loop1: detected capacity change from 0 to 1
[  246.657962][ T9504]  loop5: p2 p3 p4
[  246.659132][ T9504] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  246.661038][ T9504] loop5: p3 start 225 is beyond EOD, truncated
[  246.663361][ T9504] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, 0x0, 0x0)

01:16:45 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, 0x0, 0x0)

[  246.668203][ T9519]  loop1: p2 p3 p4
[  246.669476][ T9519] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  246.671850][ T1032]  loop5: p2 p3 p4
[  246.674006][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  246.674600][ T9519] loop1: p3 start 225 is beyond EOD, truncated
[  246.677225][ T9519] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  246.682051][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  246.684744][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  246.697548][ T9527] loop2: detected capacity change from 0 to 1
[  246.711733][ T9547] loop4: detected capacity change from 0 to 1
01:16:45 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, 0x0, 0x0)

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.727772][ T9547]  loop4: p2 p3 p4
[  246.729356][ T9547] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  246.731823][ T9547] loop4: p3 start 225 is beyond EOD, truncated
[  246.733071][ T9547] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  246.738216][ T9527]  loop2: p2 p3 p4
[  246.739110][ T9527] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  246.755134][ T9527] loop2: p3 start 225 is beyond EOD, truncated
[  246.756350][ T9527] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x0, 0x6, @empty}, 0x1c)

01:16:45 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.813715][ T9574] loop1: detected capacity change from 0 to 1
[  246.817766][ T9573] loop5: detected capacity change from 0 to 1
[  246.835044][ T9590] loop2: detected capacity change from 0 to 1
01:16:45 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.867689][ T9574]  loop1: p2 p3 p4
[  246.868492][ T9574] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  246.869785][ T9573]  loop5: p2 p3 p4
[  246.870442][ T9573] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  246.871854][ T9573] loop5: p3 start 225 is beyond EOD, truncated
[  246.873162][ T9573] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  246.874747][ T9574] loop1: p3 start 225 is beyond EOD, truncated
[  246.875718][ T9574] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  246.882233][ T9599] loop4: detected capacity change from 0 to 1
[  246.882344][ T1032]  loop2: p2 p3 p4
[  246.884075][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  246.885860][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  246.886955][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  246.890271][ T9590]  loop2: p2 p3 p4
[  246.890981][ T9590] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  246.892315][ T9590] loop2: p3 start 225 is beyond EOD, truncated
[  246.893381][ T9590] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:45 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x0, 0x6, @empty}, 0x1c)

01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.917884][ T9599]  loop4: p2 p3 p4
[  246.918807][ T9599] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  246.927706][ T9599] loop4: p3 start 225 is beyond EOD, truncated
[  246.928913][ T9599] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  246.943899][ T1032]  loop4: p2 p3 p4
[  246.946093][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  246.956739][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  246.958015][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  246.981623][ T9649] loop5: detected capacity change from 0 to 1
[  246.982661][ T9644] loop2: detected capacity change from 0 to 1
01:16:46 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x0, 0x6, @empty}, 0x1c)

[  247.003183][ T9643] loop1: detected capacity change from 0 to 1
01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$PERF_EVENT_IOC_SET_FILTER(r3, 0x8914, &(0x7f0000000040)='lo\x00\x96o\xd6Q\xb9Y\xa9\xc8J,\x00\xd2\x97\x04\x03\xdc\r')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.028116][ T9649]  loop5: p2 p3 p4
[  247.029055][ T9649] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.033055][ T9644]  loop2: p2 p3 p4
[  247.033704][ T9644] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.035920][ T9643]  loop1: p2 p3 p4
[  247.036542][ T9643] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.053429][ T9643] loop1: p3 start 225 is beyond EOD, truncated
[  247.054722][ T9643] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.057703][ T9644] loop2: p3 start 225 is beyond EOD, truncated
[  247.059005][ T9644] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  247.059178][ T9667] loop4: detected capacity change from 0 to 1
[  247.063751][ T9649] loop5: p3 start 225 is beyond EOD, truncated
[  247.064813][ T9649] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:46 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 5:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.097424][ T9667]  loop4: p2 p3 p4
[  247.099179][ T9667] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.101267][ T9667] loop4: p3 start 225 is beyond EOD, truncated
[  247.102415][ T9667] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.135423][ T9697] loop1: detected capacity change from 0 to 1
01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.185614][ T9697]  loop1: p2 p3 p4
[  247.186723][ T9697] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.189059][ T9697] loop1: p3 start 225 is beyond EOD, truncated
[  247.190066][ T9697] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.200185][ T9706] loop2: detected capacity change from 0 to 1
[  247.201558][ T9705] loop4: detected capacity change from 0 to 1
[  247.210018][ T9717] loop5: detected capacity change from 0 to 1
01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.237291][ T9705]  loop4: p2 p3 p4
[  247.238134][ T9705] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.239644][ T9717]  loop5: p2 p3 p4
[  247.240372][ T9717] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.241701][ T1032]  loop2: p2 p3 p4
[  247.242482][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.243987][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  247.244924][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  247.246464][ T9717] loop5: p3 start 225 is beyond EOD, truncated
[  247.247685][ T9717] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  247.253878][ T9705] loop4: p3 start 225 is beyond EOD, truncated
[  247.255366][ T9705] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.260187][ T9706]  loop2: p2 p3 p4
[  247.262489][ T9706] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.270559][ T9706] loop2: p3 start 225 is beyond EOD, truncated
[  247.271779][ T9706] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 2:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.344514][ T9739] loop3: detected capacity change from 0 to 1
[  247.352850][ T9745] loop1: detected capacity change from 0 to 1
[  247.366154][ T9763] loop4: detected capacity change from 0 to 1
[  247.380509][ T9739]  loop3: p2 p3 p4
[  247.381451][ T9739] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  247.383463][ T9739] loop3: p3 start 225 is beyond EOD, truncated
[  247.384448][ T9739] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.397281][ T1032]  loop1: p2 p3 p4
[  247.398136][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.399767][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  247.400717][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.402626][ T9772] loop5: detected capacity change from 0 to 1
[  247.403805][ T9745]  loop1: p2 p3 p4
[  247.404546][ T9745] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.404934][ T9770] loop2: detected capacity change from 0 to 1
[  247.406285][ T9745] loop1: p3 start 225 is beyond EOD, truncated
[  247.408068][ T9745] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.417260][ T9763]  loop4: p2 p3 p4
[  247.418323][ T9763] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.420039][ T9763] loop4: p3 start 225 is beyond EOD, truncated
[  247.421107][ T9763] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.427223][ T9772]  loop5: p2 p3 p4
[  247.428005][ T9772] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.437509][ T9772] loop5: p3 start 225 is beyond EOD, truncated
[  247.438705][ T9772] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.447232][ T9770]  loop2: p2 p3 p4
[  247.448061][ T9770] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.453321][ T9770] loop2: p3 start 225 is beyond EOD, truncated
[  247.454670][ T9770] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 2:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
r2 = openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r2, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 0 (fault-call:9 fault-nth:0):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  247.525660][ T9818] loop4: detected capacity change from 0 to 1
[  247.527011][ T9819] loop1: detected capacity change from 0 to 1
[  247.540339][ T9820] loop3: detected capacity change from 0 to 1
[  247.555283][ T1032]  loop4: p2 p3 p4
[  247.556427][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.558602][ T9819]  loop1: p2 p3 p4
[  247.559301][ T9819] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.561002][ T9820]  loop3: p2 p3 p4
[  247.561881][ T9820] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  247.563754][ T9820] loop3: p3 start 225 is beyond EOD, truncated
[  247.564878][ T9820] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  247.566614][ T9819] loop1: p3 start 225 is beyond EOD, truncated
[  247.567868][ T9819] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.571721][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  247.572754][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.577779][ T9838] loop2: detected capacity change from 0 to 1
[  247.580141][ T9818]  loop4: p2 p3 p4
[  247.580986][ T9818] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.582677][ T9818] loop4: p3 start 225 is beyond EOD, truncated
[  247.583712][ T9818] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.591542][ T9831] loop5: detected capacity change from 0 to 1
[  247.593166][ T9858] FAULT_INJECTION: forcing a failure.
[  247.593166][ T9858] name fail_usercopy, interval 1, probability 0, space 0, times 1
[  247.595227][ T9858] CPU: 1 PID: 9858 Comm: syz-executor.0 Not tainted 5.13.0-rc3-syzkaller #0
[  247.596919][ T9858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.598661][ T9858] Call Trace:
[  247.599124][ T9858]  dump_stack+0x137/0x19d
[  247.599791][ T9858]  should_fail+0x23c/0x250
[  247.600408][ T9858]  should_fail_usercopy+0x16/0x20
[  247.601109][ T9858]  _copy_from_user+0x1c/0xd0
[  247.601847][ T9858]  __sys_sendto+0x1af/0x370
[  247.602677][ T9858]  ? __fget_light+0x21b/0x260
[  247.603350][ T9858]  ? __cond_resched+0x11/0x40
[  247.605648][ T9858]  ? fput+0x2d/0x130
[  247.606191][ T9858]  __x64_sys_sendto+0x74/0x90
[  247.606835][ T9858]  do_syscall_64+0x4a/0x90
[  247.607522][ T9858]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  247.608393][ T9858] RIP: 0033:0x4665d9
[  247.609040][ T9858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  247.612582][ T9858] RSP: 002b:00007fa4f2719188 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  247.614015][ T9858] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  247.615471][ T9858] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  247.616566][ T9858] RBP: 00007fa4f27191d0 R08: 000000002031e000 R09: 000000000000001c
[  247.617735][ T9858] R10: 0000000020000015 R11: 0000000000000246 R12: 0000000000000001
[  247.618837][ T9858] R13: 00007ffc87197aff R14: 00007fa4f2719300 R15: 0000000000022000
[  247.620489][ T9838]  loop2: p2 p3 p4
[  247.621674][ T9838] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.623757][ T9838] loop2: p3 start 225 is beyond EOD, truncated
[  247.624730][ T9838] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
openat$full(0xffffffffffffff9c, &(0x7f0000001480), 0x121401, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 2:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.640872][ T1032]  loop5: p2 p3 p4
[  247.641861][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.643803][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  247.645000][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:46 executing program 0 (fault-call:9 fault-nth:1):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  247.669962][ T9831]  loop5: p2 p3 p4
[  247.670813][ T9831] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.672350][ T9831] loop5: p3 start 225 is beyond EOD, truncated
[  247.673450][ T9831] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  247.691853][ T9892] loop2: detected capacity change from 0 to 1
[  247.694411][ T9891] loop3: detected capacity change from 0 to 1
[  247.696610][ T9885] loop4: detected capacity change from 0 to 1
[  247.696680][ T9884] loop1: detected capacity change from 0 to 1
[  247.700847][ T9898] FAULT_INJECTION: forcing a failure.
[  247.700847][ T9898] name failslab, interval 1, probability 0, space 0, times 1
[  247.703366][ T9898] CPU: 1 PID: 9898 Comm: syz-executor.0 Not tainted 5.13.0-rc3-syzkaller #0
[  247.704984][ T9898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.706425][ T9898] Call Trace:
[  247.707083][ T9898]  dump_stack+0x137/0x19d
[  247.707798][ T9898]  should_fail+0x23c/0x250
[  247.708641][ T9898]  __should_failslab+0x81/0x90
[  247.709338][ T9898]  ? tcp_sendmsg_locked+0x1fc7/0x23f0
[  247.710163][ T9898]  should_failslab+0x5/0x20
[  247.710808][ T9898]  kmem_cache_alloc_trace+0x49/0x310
[  247.711666][ T9898]  tcp_sendmsg_locked+0x1fc7/0x23f0
[  247.712393][ T9898]  ? __alloc_pages+0x194/0x320
[  247.713215][ T9898]  ? __mod_memcg_lruvec_state+0xaa/0x190
[  247.713999][ T9898]  ? kstrtoull+0x30e/0x350
[  247.714704][ T9898]  ? local_bh_enable+0x1b/0x20
[  247.715496][ T9898]  ? lock_sock_nested+0x128/0x160
[  247.716273][ T9898]  tcp_sendmsg+0x2c/0x40
[  247.717237][ T9898]  inet6_sendmsg+0x5f/0x80
[  247.717897][ T9898]  __sys_sendto+0x2a8/0x370
[  247.718562][ T9898]  ? __cond_resched+0x11/0x40
[  247.719220][ T9898]  ? fput+0x2d/0x130
[  247.719846][ T9898]  __x64_sys_sendto+0x74/0x90
[  247.720494][ T9898]  do_syscall_64+0x4a/0x90
[  247.721202][ T9898]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  247.722031][ T9898] RIP: 0033:0x4665d9
[  247.722596][ T9898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  247.725275][ T9898] RSP: 002b:00007fa4f2719188 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  247.726410][ T9898] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  247.727546][ T9898] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  247.728834][ T9898] RBP: 00007fa4f27191d0 R08: 000000002031e000 R09: 000000000000001c
[  247.730127][ T9898] R10: 0000000020000015 R11: 0000000000000246 R12: 0000000000000001
[  247.731304][ T9898] R13: 00007ffc87197aff R14: 00007fa4f2719300 R15: 0000000000022000
[  247.732968][ T1032]  loop4: p2 p3 p4
[  247.733805][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.735304][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  247.736617][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.737225][ T9892]  loop2: p2 p3 p4
[  247.738697][ T9892] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.741249][ T9891]  loop3: p2 p3 p4
01:16:46 executing program 0 (fault-call:9 fault-nth:2):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:46 executing program 5:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 2:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.741277][ T9885]  loop4: p2 p3 p4
[  247.742085][ T9891] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  247.742589][ T9885] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.745515][ T9892] loop2: p3 start 225 is beyond EOD, truncated
[  247.746464][ T9892] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  247.748068][ T9885] loop4: p3 start 225 is beyond EOD, truncated
[  247.749047][ T9885] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.755289][ T9891] loop3: p3 start 225 is beyond EOD, truncated
[  247.756625][ T9891] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  247.759981][ T9884]  loop1: p2 p3 p4
[  247.762013][ T9884] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  247.764041][ T9884] loop1: p3 start 225 is beyond EOD, truncated
[  247.765002][ T9884] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  247.808785][ T9929] FAULT_INJECTION: forcing a failure.
[  247.808785][ T9929] name failslab, interval 1, probability 0, space 0, times 0
[  247.810746][ T9929] CPU: 0 PID: 9929 Comm: syz-executor.0 Not tainted 5.13.0-rc3-syzkaller #0
[  247.812236][ T9929] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  247.814140][ T9929] Call Trace:
[  247.814796][ T9929]  dump_stack+0x137/0x19d
[  247.815344][ T9934] loop5: detected capacity change from 0 to 1
[  247.815469][ T9929]  should_fail+0x23c/0x250
[  247.817051][ T9929]  ? dst_alloc+0x108/0x300
[  247.817775][ T9929]  __should_failslab+0x81/0x90
[  247.818495][ T9929]  should_failslab+0x5/0x20
[  247.819281][ T9929]  kmem_cache_alloc+0x46/0x2f0
[  247.819947][ T9929]  ? ipv6_sysctl_rtcache_flush+0xe0/0xe0
[  247.820936][ T9929]  dst_alloc+0x108/0x300
[  247.821647][ T9929]  ip6_pol_route+0x5e6/0xb90
[  247.822358][ T9929]  ip6_pol_route_output+0x3b/0x50
[  247.823187][ T9929]  ? ip6_route_output_flags_noref+0x1b0/0x1b0
[  247.824202][ T9929]  fib6_rule_lookup+0x40/0x160
[  247.824895][ T9929]  ip6_route_output_flags_noref+0x192/0x1b0
[  247.825809][ T9929]  ip6_route_output_flags+0x2a/0x140
[  247.826876][ T9929]  ip6_dst_lookup_tail+0x165/0x570
[  247.827669][ T9929]  ip6_dst_lookup_flow+0x44/0xc0
[  247.828447][ T9929]  tcp_v6_connect+0x755/0xbb0
[  247.829221][ T9929]  ? __list_del_entry_valid+0x54/0xc0
[  247.830131][ T9929]  __inet_stream_connect+0x156/0x6d0
[  247.830992][ T9929]  ? kmem_cache_alloc_trace+0x215/0x310
[  247.831870][ T9929]  ? tcp_sendmsg_locked+0x1fc7/0x23f0
[  247.832660][ T9929]  tcp_sendmsg_locked+0x22e9/0x23f0
[  247.833513][ T9929]  ? __alloc_pages+0x194/0x320
[  247.833773][ T9937] loop4: detected capacity change from 0 to 1
[  247.834257][ T9929]  ? __mod_memcg_lruvec_state+0xaa/0x190
[  247.834302][ T9929]  ? kstrtoull+0x30e/0x350
[  247.834320][ T9929]  ? local_bh_enable+0x1b/0x20
[  247.837993][ T9929]  ? lock_sock_nested+0x128/0x160
[  247.838862][ T9929]  tcp_sendmsg+0x2c/0x40
[  247.839526][ T9929]  inet6_sendmsg+0x5f/0x80
[  247.840193][ T9929]  __sys_sendto+0x2a8/0x370
[  247.840901][ T9929]  ? __cond_resched+0x11/0x40
[  247.841608][ T9929]  ? fput+0x2d/0x130
[  247.842321][ T9929]  __x64_sys_sendto+0x74/0x90
[  247.843160][ T9929]  do_syscall_64+0x4a/0x90
[  247.844150][ T9929]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  247.845048][ T9929] RIP: 0033:0x4665d9
[  247.847913][ T9929] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  247.850837][ T9929] RSP: 002b:00007fa4f2719188 EFLAGS: 00000246 ORIG_RAX: 000000000000002c
[  247.852029][ T9929] RAX: ffffffffffffffda RBX: 000000000056bf80 RCX: 00000000004665d9
[  247.853175][ T9929] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  247.854395][ T9929] RBP: 00007fa4f27191d0 R08: 000000002031e000 R09: 000000000000001c
[  247.855658][ T9929] R10: 0000000020000015 R11: 0000000000000246 R12: 0000000000000001
[  247.856860][ T9929] R13: 00007ffc87197aff R14: 00007fa4f2719300 R15: 0000000000022000
01:16:46 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:46 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.877682][ T1032]  loop5: p2 p3 p4
[  247.878580][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.879831][ T9937]  loop4: p2 p3 p4
[  247.880507][ T9937] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  247.881967][ T9937] loop4: p3 start 225 is beyond EOD, truncated
[  247.883269][ T9937] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  247.884573][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  247.885551][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  247.889226][ T9934]  loop5: p2 p3 p4
[  247.889988][ T9934] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  247.891400][ T9934] loop5: p3 start 225 is beyond EOD, truncated
[  247.892285][ T9934] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  247.898889][ T9943] loop2: detected capacity change from 0 to 1
01:16:47 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  247.947337][ T9943]  loop2: p2 p3 p4
[  247.948917][ T9943] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  247.949131][ T9966] loop3: detected capacity change from 0 to 1
[  247.955390][ T9943] loop2: p3 start 225 is beyond EOD, truncated
[  247.956692][ T9943] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  247.961059][ T9968] loop1: detected capacity change from 0 to 1
[  247.969439][ T9984] loop4: detected capacity change from 0 to 1
01:16:47 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.007345][ T9968]  loop1: p2 p3 p4
[  248.007494][ T9966]  loop3: p2 p3 p4
[  248.008363][ T9968] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  248.009236][ T9966] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.011151][ T9968] loop1: p3 start 225 is beyond EOD, truncated
[  248.012170][ T9966] loop3: p3 start 225 is beyond EOD, truncated
[  248.012275][ T9968] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  248.013307][ T9966] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  248.015717][ T1032]  loop4: p2 p3 p4
[  248.016269][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  248.018590][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  248.019925][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  248.031270][ T9984]  loop4: p2 p3 p4
[  248.032207][ T9984] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  248.033889][ T9984] loop4: p3 start 225 is beyond EOD, truncated
[  248.035100][ T9984] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  248.035402][ T9988] loop5: detected capacity change from 0 to 1
[  248.050724][T10009] loop2: detected capacity change from 0 to 1
01:16:47 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.077174][T10009]  loop2: p2 p3 p4
[  248.077952][T10009] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  248.082100][T10009] loop2: p3 start 225 is beyond EOD, truncated
[  248.083213][T10009] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  248.089387][ T9988]  loop5: p2 p3 p4
[  248.090186][ T9988] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.094416][ T9988] loop5: p3 start 225 is beyond EOD, truncated
[  248.095891][ T9988] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  248.099968][T10029] loop3: detected capacity change from 0 to 1
[  248.110752][ T1032]  loop5: p2 p3 p4
[  248.111888][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.118041][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  248.119133][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  248.123218][T10036] loop4: detected capacity change from 0 to 1
[  248.127477][T10029]  loop3: p2 p3 p4
[  248.128320][T10029] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.130888][T10029] loop3: p3 start 225 is beyond EOD, truncated
[  248.131957][T10029] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  248.147277][T10036]  loop4: p2 p3 p4
[  248.148249][T10036] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  248.153562][T10036] loop4: p3 start 225 is beyond EOD, truncated
[  248.154553][T10036] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  248.211220][T10061] loop5: detected capacity change from 0 to 1
[  248.247200][T10061]  loop5: p2 p3 p4
[  248.248168][T10061] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.249846][T10061] loop5: p3 start 225 is beyond EOD, truncated
[  248.250786][T10061] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  248.253206][ T1032]  loop5: p2 p3 p4
[  248.253902][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.255261][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  248.256219][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:47 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x0, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:47 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 4:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r2=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r2, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r2, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r2, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.677673][T10116] loop2: detected capacity change from 0 to 1
[  248.680643][T10117] loop4: detected capacity change from 0 to 1
[  248.685962][T10119] loop1: detected capacity change from 0 to 1
[  248.707248][T10117]  loop4: p2 p3 p4
[  248.708332][T10116]  loop2: p2 p3 p4
[  248.708336][T10117] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  248.708982][T10116] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  248.710502][T10117] loop4: p3 start 225 is beyond EOD, truncated
[  248.711730][T10116] loop2: p3 start 225 is beyond EOD, truncated
[  248.712043][T10117] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  248.713013][T10116] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:16:47 executing program 4:
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.739810][T10119]  loop1: p2 p3 p4
[  248.740567][T10119] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  248.742072][T10126] loop5: detected capacity change from 0 to 1
[  248.742590][T10127] loop3: detected capacity change from 0 to 1
[  248.743325][T10119] loop1: p3 start 225 is beyond EOD, truncated
[  248.744828][T10119] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  248.757667][T10127]  loop3: p2 p3 p4
[  248.758611][T10127] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.760886][T10127] loop3: p3 start 225 is beyond EOD, truncated
[  248.761935][T10127] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  248.768173][T10126]  loop5: p2 p3 p4
[  248.769036][T10126] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.770508][T10126] loop5: p3 start 225 is beyond EOD, truncated
[  248.771589][T10126] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:16:47 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:47 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.816485][T10158] loop4: detected capacity change from 0 to 1
[  248.834782][T10170] loop3: detected capacity change from 0 to 1
[  248.836655][T10171] loop2: detected capacity change from 0 to 1
[  248.857289][T10158]  loop4: p2 p3 p4
[  248.858083][T10158] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  248.859266][T10171]  loop2: p2 p3 p4
[  248.860018][T10171] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  248.861454][T10158] loop4: p3 start 225 is beyond EOD, truncated
[  248.862580][T10158] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  248.863687][T10171] loop2: p3 start 225 is beyond EOD, truncated
[  248.864983][T10171] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  248.869171][T10170]  loop3: p2 p3 p4
[  248.869951][T10170] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.871962][T10170] loop3: p3 start 225 is beyond EOD, truncated
[  248.872815][T10175] loop1: detected capacity change from 0 to 1
[  248.873012][T10170] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  248.877190][ T1032]  loop3: p2 p3 p4
[  248.877886][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.879731][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  248.880798][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:48 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  248.917593][T10175]  loop1: p2 p3 p4
[  248.918516][T10175] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  248.937003][T10175] loop1: p3 start 225 is beyond EOD, truncated
[  248.938082][T10175] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  248.944571][ T1032]  loop1: p2 p3 p4
[  248.949468][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  248.954158][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  248.955315][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  248.958689][T10197] loop5: detected capacity change from 0 to 1
[  248.965985][T10218] loop3: detected capacity change from 0 to 1
[  248.987312][T10218]  loop3: p2 p3 p4
[  248.987380][T10197]  loop5: p2 p3 p4
[  248.988359][T10218] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  248.989067][T10197] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  248.992277][T10197] loop5: p3 start 225 is beyond EOD, truncated
[  248.994495][T10197] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  248.996927][T10218] loop3: p3 start 225 is beyond EOD, truncated
[  248.998038][T10218] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  249.001172][ T1032]  loop3: p2 p3 p4
[  249.002031][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  249.003532][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  249.004497][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:48 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x2, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:48 executing program 4:
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 1:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  249.585826][T10258] loop5: detected capacity change from 0 to 1
[  249.587120][T10259] loop2: detected capacity change from 0 to 1
[  249.589436][T10260] loop4: detected capacity change from 0 to 1
[  249.619180][T10259]  loop2: p2 p3 p4
[  249.620302][T10259] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  249.620843][T10260]  loop4: p2 p3 p4
[  249.621898][T10259] loop2: p3 start 225 is beyond EOD, truncated
[  249.622977][T10260] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  249.623176][T10259] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  249.625330][T10260] loop4: p3 start 225 is beyond EOD, truncated
[  249.625554][T10262] loop1: detected capacity change from 0 to 1
[  249.626508][T10260] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  249.635246][T10261] loop3: detected capacity change from 0 to 1
[  249.636423][T10258]  loop5: p2 p3 p4
[  249.637153][T10258] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  249.639569][T10258] loop5: p3 start 225 is beyond EOD, truncated
[  249.640596][T10258] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  249.658176][T10262]  loop1: p2 p3 p4
[  249.659093][T10262] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  249.660544][T10262] loop1: p3 start 225 is beyond EOD, truncated
[  249.661705][T10262] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:48 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:48 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  249.688513][T10261]  loop3: p2 p3 p4
[  249.689474][T10261] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  249.692060][T10261] loop3: p3 start 225 is beyond EOD, truncated
[  249.693357][T10261] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:48 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:48 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:48 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  249.800070][T10311] loop4: detected capacity change from 0 to 1
[  249.833935][T10311]  loop4: p2 p3 p4
[  249.834863][T10311] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  249.839946][T10311] loop4: p3 start 225 is beyond EOD, truncated
[  249.841060][T10311] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  249.845237][T10313] loop5: detected capacity change from 0 to 1
[  249.849956][T10321] loop1: detected capacity change from 0 to 1
[  249.887594][ T1032]  loop1: p2 p3 p4
[  249.888400][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  249.891613][T10333] loop3: detected capacity change from 0 to 1
[  249.892888][T10313]  loop5: p2 p3 p4
[  249.893641][T10313] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  249.895147][T10313] loop5: p3 start 225 is beyond EOD, truncated
[  249.896379][T10313] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  249.897723][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  249.898726][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  249.901200][T10321]  loop1: p2 p3 p4
[  249.902179][T10321] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  249.904811][T10321] loop1: p3 start 225 is beyond EOD, truncated
[  249.905758][T10321] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  249.917271][T10333]  loop3: p2 p3 p4
[  249.918055][T10333] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  249.919409][T10333] loop3: p3 start 225 is beyond EOD, truncated
[  249.920512][T10333] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:49 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x3, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:49 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:49 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:49 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:49 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  250.496648][T10386] loop1: detected capacity change from 0 to 1
[  250.499363][T10387] loop3: detected capacity change from 0 to 1
[  250.500760][T10384] loop4: detected capacity change from 0 to 1
01:16:49 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:49 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:49 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:49 executing program 4:
mount$9p_fd(0x0, 0x0, 0x0, 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  250.537240][T10386]  loop1: p2 p3 p4
[  250.538239][T10386] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  250.540176][T10386] loop1: p3 start 225 is beyond EOD, truncated
[  250.541097][T10387]  loop3: p2 p3 p4
[  250.541400][T10386] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  250.542120][T10387] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  250.549018][T10387] loop3: p3 start 225 is beyond EOD, truncated
[  250.550082][T10387] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  250.552049][T10384]  loop4: p2 p3 p4
[  250.552944][T10384] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  250.554626][T10384] loop4: p3 start 225 is beyond EOD, truncated
[  250.555563][T10384] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:49 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  250.645152][T10423] loop1: detected capacity change from 0 to 1
01:16:49 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  250.677884][T10425] loop4: detected capacity change from 0 to 1
[  250.679572][ T1032]  loop1: p2 p3 p4
[  250.680257][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  250.681784][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  250.682670][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  250.684313][T10437] loop3: detected capacity change from 0 to 1
[  250.685143][T10423]  loop1: p2 p3 p4
[  250.685815][T10423] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  250.687471][T10423] loop1: p3 start 225 is beyond EOD, truncated
[  250.688540][T10423] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  250.732811][T10425]  loop4: p2 p3 p4
[  250.733711][T10425] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  250.734385][ T1032]  loop3: p2 p3 p4
[  250.735565][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  250.737930][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  250.738928][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  250.751635][T10437]  loop3: p2 p3 p4
[  250.752495][T10437] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  250.754031][T10437] loop3: p3 start 225 is beyond EOD, truncated
[  250.754971][T10437] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  250.758586][T10425] loop4: p3 start 225 is beyond EOD, truncated
[  250.759690][T10425] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:50 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x4, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:50 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:50 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:50 executing program 4:
mount$9p_fd(0x0, 0x0, 0x0, 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:50 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:50 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

[  251.342920][T10488] loop4: detected capacity change from 0 to 1
[  251.344392][T10485] loop1: detected capacity change from 0 to 1
[  251.350974][T10497] loop3: detected capacity change from 0 to 1
[  251.367171][T10488]  loop4: p2 p3 p4
[  251.368064][T10488] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  251.369792][T10488] loop4: p3 start 225 is beyond EOD, truncated
[  251.373598][T10488] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  251.376963][T10485]  loop1: p2 p3 p4
[  251.377621][T10485] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  251.379477][T10485] loop1: p3 start 225 is beyond EOD, truncated
[  251.380409][T10485] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:50 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:50 executing program 3:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:50 executing program 4:
mount$9p_fd(0x0, 0x0, 0x0, 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  251.395941][T10497]  loop3: p2 p3 p4
[  251.396745][T10497] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  251.403199][T10497] loop3: p3 start 225 is beyond EOD, truncated
[  251.404448][T10497] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:50 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  251.465223][T10529] loop2: detected capacity change from 0 to 1
[  251.466997][T10533] loop4: detected capacity change from 0 to 1
[  251.471616][T10531] loop1: detected capacity change from 0 to 1
[  251.497371][T10532] loop3: detected capacity change from 0 to 1
[  251.498975][ T1032]  loop1: p2 p3 p4
[  251.498980][T10533]  loop4: p2 p3 p4
[  251.499068][T10533] loop4: p2 size 1073872896 extends beyond EOD, 
[  251.499920][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  251.501707][T10533] truncated
[  251.502579][ T1032] truncated
[  251.504800][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  251.505119][T10533] loop4: p3 start 225 is beyond EOD, truncated
[  251.505737][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  251.506694][T10533] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  251.510880][T10531]  loop1: p2 p3 p4
[  251.511631][T10531] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  251.513005][T10531] loop1: p3 start 225 is beyond EOD, truncated
01:16:50 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

[  251.514341][T10531] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  251.575338][T10532]  loop3: p2 p3 p4
[  251.576095][T10532] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  251.578377][T10532] loop3: p3 start 225 is beyond EOD, truncated
[  251.579291][T10567] loop2: detected capacity change from 0 to 1
[  251.579388][T10532] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:51 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x5, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:51 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:51 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:51 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:51 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:51 executing program 3:
socket$nl_xfrm(0x10, 0x3, 0x6)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:51 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:51 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  252.188421][T10598] loop3: detected capacity change from 0 to 1
[  252.192344][T10596] loop4: detected capacity change from 0 to 1
[  252.198684][T10606] loop2: detected capacity change from 0 to 1
[  252.199302][T10603] loop1: detected capacity change from 0 to 1
[  252.216914][T10598]  loop3: p2 p3 p4
[  252.217779][T10598] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  252.221713][T10596]  loop4: p2 p3 p4
[  252.222501][T10596] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  252.225361][T10598] loop3: p3 start 225 is beyond EOD, truncated
[  252.226627][T10598] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  252.228755][T10596] loop4: p3 start 225 is beyond EOD, truncated
[  252.229750][T10596] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  252.251074][T10603]  loop1: p2 p3 p4
[  252.252009][T10603] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  252.253651][T10603] loop1: p3 start 225 is beyond EOD, truncated
[  252.254717][T10603] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:51 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  252.288855][T10598] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
01:16:51 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:16:51 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  252.342182][T10646] loop1: detected capacity change from 0 to 1
[  252.343726][T10645] loop4: detected capacity change from 0 to 1
[  252.349469][T10648] loop2: detected capacity change from 0 to 1
[  252.356172][T10650] loop3: detected capacity change from 0 to 1
01:16:51 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  252.403397][T10645]  loop4: p2 p3 p4
[  252.404296][T10645] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  252.415080][T10646]  loop1: p2 p3 p4
[  252.415884][T10646] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  252.420341][T10650]  loop3: p2 p3 p4
[  252.421105][T10650] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  252.422790][T10650] loop3: p3 start 225 is beyond EOD, truncated
[  252.423868][T10650] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  252.427348][T10646] loop1: p3 start 225 is beyond EOD, truncated
[  252.430760][T10646] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  252.432439][T10645] loop4: p3 start 225 is beyond EOD, truncated
[  252.433607][T10645] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  252.443966][ T1032]  loop1: p2 p3 p4
[  252.444599][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  252.446044][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  252.447088][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:52 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x6, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:52 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:16:52 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:52 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:52 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x0, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:52 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:52 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.052795][T10706] loop1: detected capacity change from 0 to 1
[  253.059412][T10705] loop2: detected capacity change from 0 to 1
[  253.087050][T10706]  loop1: p2 p3 p4
[  253.087908][T10706] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.088822][T10714] loop4: detected capacity change from 0 to 1
[  253.089794][T10706] loop1: p3 start 225 is beyond EOD, truncated
[  253.091153][T10706] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.092267][T10713] loop3: detected capacity change from 0 to 1
[  253.095227][T10715] loop5: detected capacity change from 0 to 1
01:16:52 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:52 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:52 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.136947][T10713]  loop3: p2 p3 p4
[  253.137710][T10713] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  253.139215][T10714]  loop4: p2 p3 p4
[  253.139230][T10713] loop3: p3 start 225 is beyond EOD, truncated
[  253.139988][T10714] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  253.141060][T10713] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  253.145063][T10714] loop4: p3 start 225 is beyond EOD, truncated
[  253.146112][T10714] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  253.173520][T10742] loop1: detected capacity change from 0 to 1
01:16:52 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.216919][ T1032]  loop1: p2 p3 p4
[  253.218009][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.219393][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  253.220513][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.223473][T10742]  loop1: p2 p3 p4
[  253.223722][T10752] loop5: detected capacity change from 0 to 1
[  253.224259][T10742] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.226722][T10742] loop1: p3 start 225 is beyond EOD, truncated
[  253.227715][T10742] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.233123][T10740] loop2: detected capacity change from 0 to 1
[  253.234734][T10763] loop3: detected capacity change from 0 to 1
01:16:52 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.257119][T10763]  loop3: p2 p3 p4
[  253.257954][T10763] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  253.259304][T10763] loop3: p3 start 225 is beyond EOD, truncated
[  253.260476][T10763] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  253.293743][T10780] loop1: detected capacity change from 0 to 1
[  253.297269][T10782] loop4: detected capacity change from 0 to 1
[  253.317836][ T1032]  loop1: p2 p3 p4
[  253.318681][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.320754][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  253.321789][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.324710][T10780]  loop1: p2 p3 p4
[  253.325407][T10780] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.327170][T10780] loop1: p3 start 225 is beyond EOD, truncated
[  253.328368][T10780] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.336957][T10782]  loop4: p2 p3 p4
[  253.337664][T10782] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  253.339287][T10782] loop4: p3 start 225 is beyond EOD, truncated
[  253.340474][T10782] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  253.343372][ T1032]  loop4: p2 p3 p4
[  253.344172][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  253.345806][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  253.346956][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:52 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x7, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:52 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:52 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:52 executing program 3:
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:52 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:52 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.914942][T10829] loop1: detected capacity change from 0 to 1
[  253.916347][T10828] loop4: detected capacity change from 0 to 1
[  253.924252][T10837] loop3: detected capacity change from 0 to 1
[  253.946937][T10829]  loop1: p2 p3 p4
[  253.946979][T10840] loop5: detected capacity change from 0 to 1
[  253.947874][T10829] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  253.953169][T10829] loop1: p3 start 225 is beyond EOD, truncated
[  253.954528][T10829] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  253.956009][T10839] loop2: detected capacity change from 0 to 1
01:16:53 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, 0x0)
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:53 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  253.969573][T10828]  loop4: p2 p3 p4
[  253.969587][T10837]  loop3: p2 p3 p4
[  253.969637][T10837] loop3: p2 size 1073872896 extends beyond EOD, 
[  253.970446][T10828] loop4: p2 size 1073872896 extends beyond EOD, 
[  253.971092][T10837] truncated
[  253.973816][T10828] truncated
[  253.975038][T10828] loop4: p3 start 225 is beyond EOD, truncated
[  253.975810][T10837] loop3: p3 start 225 is beyond EOD, truncated
[  253.975939][T10828] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  253.977099][T10837] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  254.000571][ T1032]  loop4: p2 p3 p4
[  254.011633][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
01:16:53 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:53 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  254.024040][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  254.025136][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  254.049509][T10874] loop5: detected capacity change from 0 to 1
01:16:53 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  254.083884][T10869] loop2: detected capacity change from 0 to 1
01:16:53 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  254.131051][T10876] loop4: detected capacity change from 0 to 1
[  254.141528][T10878] loop1: detected capacity change from 0 to 1
[  254.146225][T10893] loop3: detected capacity change from 0 to 1
[  254.150030][T10897] loop5: detected capacity change from 0 to 1
[  254.176924][T10876]  loop4: p2 p3 p4
[  254.177766][T10876] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  254.179536][T10876] loop4: p3 start 225 is beyond EOD, truncated
[  254.180527][T10876] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  254.182786][T10878]  loop1: p2 p3 p4
[  254.182863][T10893]  loop3: p2 p3 p4
[  254.183476][T10878] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  254.183908][T10878] loop1: p3 start 225 is beyond EOD, 
[  254.184122][T10893] loop3: p2 size 1073872896 extends beyond EOD, 
[  254.185274][T10878] truncated
[  254.186073][T10893] truncated
[  254.188224][T10878] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  254.189972][T10893] loop3: p3 start 225 is beyond EOD, truncated
[  254.191230][T10893] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  254.195203][ T1032]  loop4: p2 p3 p4
[  254.196105][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  254.197886][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  254.198963][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:53 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x8, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:53 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:16:53 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:53 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:53 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:53 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  254.780346][T10939] loop2: detected capacity change from 0 to 1
[  254.781347][T10944] loop4: detected capacity change from 0 to 1
01:16:53 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  254.831734][T10944]  loop4: p2 p3 p4
[  254.832527][T10944] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  254.834692][T10944] loop4: p3 start 225 is beyond EOD, truncated
[  254.837840][T10944] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  254.841737][T10948] loop3: detected capacity change from 0 to 1
[  254.841991][T10945] loop1: detected capacity change from 0 to 1
[  254.851728][T10954] loop5: detected capacity change from 0 to 1
01:16:53 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  254.878070][T10948]  loop3: p2 p3 p4
[  254.879030][T10948] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  254.880507][T10948] loop3: p3 start 225 is beyond EOD, truncated
[  254.881491][T10948] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  254.888467][T10945]  loop1: p2 p3 p4
[  254.889467][T10945] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  254.892331][T10945] loop1: p3 start 225 is beyond EOD, truncated
[  254.893515][T10945] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:54 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:54 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 3:
perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  254.972155][T10977] loop4: detected capacity change from 0 to 1
[  254.975584][T10989] loop2: detected capacity change from 0 to 1
[  255.006885][T10977]  loop4: p2 p3 p4
[  255.007778][T10977] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  255.010829][T10977] loop4: p3 start 225 is beyond EOD, truncated
[  255.011892][T10977] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  255.014803][T10998] loop1: detected capacity change from 0 to 1
[  255.020840][T11002] loop3: detected capacity change from 0 to 1
[  255.026379][T10993] loop5: detected capacity change from 0 to 1
01:16:54 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  255.056873][T11002]  loop3: p2 p3 p4
[  255.060987][T11002] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  255.070579][T10998]  loop1: p2 p3 p4
[  255.074573][T10998] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  255.098641][T10998] loop1: p3 start 225 is beyond EOD, truncated
[  255.099698][T11002] loop3: p3 start 225 is beyond EOD, truncated
[  255.104921][T10998] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  255.118216][T11002] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  255.129656][T11021] loop2: detected capacity change from 0 to 1
[  255.177156][T10998] __loop_clr_fd: partition scan of loop1 failed (rc=-16)
01:16:54 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xe, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:54 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:54 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  255.645399][T11051] loop2: detected capacity change from 0 to 1
[  255.648757][T11054] loop1: detected capacity change from 0 to 1
[  255.654806][T11056] loop3: detected capacity change from 0 to 1
[  255.663457][T11057] loop4: detected capacity change from 0 to 1
01:16:54 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  255.715595][T11054]  loop1: p2 p3 p4
[  255.719490][T11056]  loop3: p2 p3 p4
[  255.720961][T11054] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  255.723245][T11056] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  255.732904][T11054] loop1: p3 start 225 is beyond EOD, truncated
[  255.745010][T11054] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  255.754313][T11064] loop5: detected capacity change from 0 to 1
01:16:54 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  255.760366][T11056] loop3: p3 start 225 is beyond EOD, truncated
[  255.761088][T11057]  loop4: p2 p3 p4
[  255.766691][T11056] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  255.787044][T11057] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  255.797492][T11057] loop4: p3 start 225 is beyond EOD, truncated
[  255.804125][T11057] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  255.810903][T11083] loop2: detected capacity change from 0 to 1
01:16:54 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:16:54 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:54 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  255.910626][T11104] loop3: detected capacity change from 0 to 1
[  255.924720][T11114] loop4: detected capacity change from 0 to 1
[  255.928992][T11116] loop2: detected capacity change from 0 to 1
[  255.931836][T11118] loop1: detected capacity change from 0 to 1
[  255.937951][T11115] loop5: detected capacity change from 0 to 1
[  255.950239][T11104]  loop3: p2 p3 p4
[  255.954316][T11104] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  255.961715][T11118]  loop1: p2 p3 p4
[  255.962195][T11104] loop3: p3 start 225 is beyond EOD, truncated
[  255.965832][T11118] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  255.971631][T11104] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  255.984730][T11118] loop1: p3 start 225 is beyond EOD, truncated
[  255.992261][T11118] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  256.019960][T11114]  loop4: p2 p3 p4
[  256.024168][T11114] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  256.034005][T11114] loop4: p3 start 225 is beyond EOD, truncated
[  256.040303][T11114] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:55 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xf, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:55 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:55 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:16:55 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:16:55 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:55 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  256.500434][T11162] loop4: detected capacity change from 0 to 1
[  256.507043][T11164] loop2: detected capacity change from 0 to 1
[  256.507089][T11161] loop1: detected capacity change from 0 to 1
[  256.519268][T11169] loop5: detected capacity change from 0 to 1
[  256.519553][T11168] loop3: detected capacity change from 0 to 1
01:16:55 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  256.557575][T11162]  loop4: p2 p3 p4
[  256.567013][T11161]  loop1: p2 p3 p4
[  256.572107][T11162] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  256.576323][T11161] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  256.587076][T11168]  loop3: p2 p3 p4
[  256.587642][T11162] loop4: p3 start 225 is beyond EOD, truncated
[  256.591556][T11168] loop3: p2 size 1073872896 extends beyond EOD, 
01:16:55 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:16:55 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:55 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  256.596998][T11162] loop4: p4 size 3657465856 extends beyond EOD, 
[  256.597005][T11168] truncated
[  256.603326][T11162] truncated
[  256.614942][T11161] loop1: p3 start 225 is beyond EOD, truncated
[  256.622250][T11161] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  256.640195][T11168] loop3: p3 start 225 is beyond EOD, truncated
[  256.647194][T11168] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:16:55 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  256.681837][T11195] loop2: detected capacity change from 0 to 1
[  256.695119][T11211] loop1: detected capacity change from 0 to 1
[  256.714514][T11194] loop5: detected capacity change from 0 to 1
01:16:55 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  256.749099][T11211]  loop1: p2 p3 p4
[  256.752951][T11211] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  256.761246][T11219] loop3: detected capacity change from 0 to 1
[  256.761529][T11223] loop4: detected capacity change from 0 to 1
[  256.774020][T11211] loop1: p3 start 225 is beyond EOD, truncated
[  256.780302][T11211] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  256.806620][T11219]  loop3: p2 p3 p4
[  256.810628][T11223]  loop4: p2 p3 p4
[  256.813770][T11219] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  256.815059][T11223] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  256.822540][T11219] loop3: p3 start 225 is beyond EOD, truncated
[  256.833329][T11238] loop2: detected capacity change from 0 to 1
[  256.834766][T11219] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  256.846616][T11223] loop4: p3 start 225 is beyond EOD, truncated
[  256.854152][T11223] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  256.868625][ T1032]  loop4: p2 p3 p4
[  256.874361][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  256.882084][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  256.889704][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:56 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x24, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:56 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:16:56 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:56 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:56 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:56 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  257.359554][T11276] loop3: detected capacity change from 0 to 1
[  257.366136][T11275] loop5: detected capacity change from 0 to 1
[  257.386818][T11276]  loop3: p2 p3 p4
[  257.390699][T11276] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  257.391213][T11282] loop2: detected capacity change from 0 to 1
01:16:56 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  257.404553][T11276] loop3: p3 start 225 is beyond EOD, truncated
[  257.408394][T11286] loop4: detected capacity change from 0 to 1
[  257.410957][T11276] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  257.417245][T11287] loop1: detected capacity change from 0 to 1
01:16:56 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:56 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  257.462166][T11301] loop5: detected capacity change from 0 to 1
[  257.477161][T11286]  loop4: p2 p3 p4
[  257.481181][T11286] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  257.495084][T11286] loop4: p3 start 225 is beyond EOD, truncated
[  257.501559][T11286] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:56 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

01:16:56 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

[  257.510831][T11287]  loop1: p2 p3 p4
[  257.514690][T11287] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  257.535845][T11287] loop1: p3 start 225 is beyond EOD, truncated
[  257.542114][T11287] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  257.549738][T11319] loop2: detected capacity change from 0 to 1
01:16:56 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  257.643897][T11338] loop4: detected capacity change from 0 to 1
[  257.670166][T11345] loop5: detected capacity change from 0 to 1
[  257.686615][T11338]  loop4: p2 p3 p4
[  257.690431][T11338] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  257.701657][T11338] loop4: p3 start 225 is beyond EOD, truncated
[  257.707880][T11338] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:57 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x54, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:57 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:57 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:16:57 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:57 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

01:16:57 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:57 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  258.231422][T11376] loop4: detected capacity change from 0 to 1
[  258.234899][T11377] loop2: detected capacity change from 0 to 1
[  258.237732][T11378] loop5: detected capacity change from 0 to 1
[  258.248563][T11380] loop1: detected capacity change from 0 to 1
01:16:57 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:16:57 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  258.299931][T11376]  loop4: p2 p3 p4
[  258.303876][T11376] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  258.312347][T11380]  loop1: p2 p3 p4
[  258.316208][T11380] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  258.323783][T11376] loop4: p3 start 225 is beyond EOD, truncated
[  258.329985][T11376] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:57 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {}, 0x2c, {[], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}]}})
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:57 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  258.344809][T11380] loop1: p3 start 225 is beyond EOD, truncated
[  258.351067][T11380] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  258.369012][T11410] loop2: detected capacity change from 0 to 1
01:16:57 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  258.395972][T11416] loop5: detected capacity change from 0 to 1
[  258.419313][T11427] loop1: detected capacity change from 0 to 1
[  258.435411][T11429] loop4: detected capacity change from 0 to 1
[  258.451952][T11427]  loop1: p2 p3 p4
[  258.455887][T11427] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  258.464863][T11427] loop1: p3 start 225 is beyond EOD, truncated
[  258.471445][T11427] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  258.471847][T11429]  loop4: p2 p3 p4
[  258.482658][T11429] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  258.496535][ T1032]  loop1: p2 p3 p4
[  258.496747][T11429] loop4: p3 start 225 is beyond EOD, truncated
[  258.500534][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  258.506518][T11429] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  258.520027][ T1032] truncated
[  258.525970][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  258.532180][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:16:58 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:16:58 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:16:58 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:58 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x58, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:58 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:58 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  259.086164][T11471] loop2: detected capacity change from 0 to 1
01:16:58 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:58 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:58 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  259.151458][T11482] loop5: detected capacity change from 0 to 1
[  259.157725][T11486] loop4: detected capacity change from 0 to 1
01:16:58 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  259.196660][T11486]  loop4: p2 p3 p4
[  259.209596][T11500] loop3: detected capacity change from 0 to 1
[  259.215353][T11486] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  259.229189][T11486] loop4: p3 start 225 is beyond EOD, truncated
[  259.235383][T11486] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:58 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:58 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

[  259.256780][T11509] loop2: detected capacity change from 0 to 1
01:16:58 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:16:58 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:16:58 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  259.343624][T11523] loop4: detected capacity change from 0 to 1
[  259.346362][T11521] loop5: detected capacity change from 0 to 1
[  259.396543][T11523]  loop4: p2 p3 p4
[  259.396584][T11537] loop3: detected capacity change from 0 to 1
[  259.400543][T11523] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  259.414342][T11523] loop4: p3 start 225 is beyond EOD, truncated
[  259.420524][T11523] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  259.429495][ T1032]  loop4: p2 p3 p4
[  259.433458][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  259.441372][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  259.447586][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  259.466319][T11556] loop5: detected capacity change from 0 to 1
01:16:59 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xfc, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:59 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:59 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:16:59 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:59 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:16:59 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  259.959100][T11584] loop4: detected capacity change from 0 to 1
[  259.967697][T11583] loop3: detected capacity change from 0 to 1
[  259.975649][T11591] loop5: detected capacity change from 0 to 1
01:16:59 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:16:59 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:16:59 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:16:59 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  260.009253][T11584]  loop4: p2 p3 p4
[  260.013036][T11584] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  260.024996][T11584] loop4: p3 start 225 is beyond EOD, truncated
[  260.031260][T11584] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:59 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:59 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  260.144452][T11625] loop3: detected capacity change from 0 to 1
[  260.150937][T11634] loop4: detected capacity change from 0 to 1
[  260.151064][T11624] loop5: detected capacity change from 0 to 1
[  260.209132][ T1032]  loop4: p2 p3 p4
[  260.212961][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  260.224923][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  260.231174][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  260.247801][T11634]  loop4: p2 p3 p4
[  260.251724][T11634] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  260.260194][T11648] loop3: detected capacity change from 0 to 1
[  260.261838][T11634] loop4: p3 start 225 is beyond EOD, truncated
[  260.272464][T11634] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:16:59 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x218, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:16:59 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:59 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:16:59 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:16:59 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:16:59 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  260.823583][T11671] loop2: detected capacity change from 0 to 1
[  260.837759][T11677] loop4: detected capacity change from 0 to 1
[  260.856394][T11671]  loop2: p2 p3 p4
[  260.860014][T11682] loop5: detected capacity change from 0 to 1
[  260.860362][T11671] loop2: p2 size 1073872896 extends beyond EOD, truncated
01:17:00 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

[  260.868890][T11680] loop3: detected capacity change from 0 to 1
[  260.875997][T11671] loop2: p3 start 225 is beyond EOD, truncated
[  260.885741][T11671] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  260.913471][T11677]  loop4: p2 p3 p4
01:17:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:17:00 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:17:00 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  260.946793][T11677] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  260.970270][T11677] loop4: p3 start 225 is beyond EOD, truncated
[  260.970365][T11705] loop5: detected capacity change from 0 to 1
[  260.976673][T11677] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:00 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  260.996835][T11702] loop3: detected capacity change from 0 to 1
[  261.032647][T11727] loop1: detected capacity change from 0 to 1
[  261.032705][T11722] loop2: detected capacity change from 0 to 1
[  261.044831][T11726] loop4: detected capacity change from 0 to 1
[  261.057238][T11722]  loop2: p2 p3 p4
[  261.061223][T11722] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  261.072427][T11722] loop2: p3 start 225 is beyond EOD, truncated
[  261.078815][T11722] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  261.099535][T11726]  loop4: p2 p3 p4
[  261.103320][T11726] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  261.111100][T11726] loop4: p3 start 225 is beyond EOD, truncated
[  261.117367][T11726] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  261.137619][T11740] loop5: detected capacity change from 0 to 1
01:17:00 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x220, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:00 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:00 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:17:00 executing program 2:
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
ioctl$FS_IOC_GETFSLABEL(r0, 0x81009431, &(0x7f0000000240))
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@loopback, @in6=@remote}, {@in=@private, 0x0, 0x32}, @in=@dev, {}, {}, {}, 0x0, 0x0, 0x2}, [@algo_auth={0x48, 0x1, {{'sha384-generic\x00'}, 0x2}}, @algo_auth_trunc={0x4c, 0x14, {{'cmac(aes)\x00'}}}]}, 0x184}}, 0x0)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000100), 0x4000, &(0x7f0000000140)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@msize={'msize', 0x3d, 0xffffffffffffffff}}, {@access_client}, {@cache_fscache}, {@posixacl}, {@version_9p2000}], [{@obj_type={'obj_type', 0x3d, 'user.incfs.metadata\x00'}}, {@smackfsroot={'smackfsroot', 0x3d, 'user.incfs.metadata\x00'}}, {@uid_gt={'uid>', 0xee00}}]}})
r1 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_SCRUB(r1, 0xc400941b, &(0x7f0000000100)={0x0, 0x1, 0x2000000401, 0x1})
perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3c43}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(0xffffffffffffffff, 0x81f8943c, &(0x7f0000001a40))
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:17:00 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x0, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  261.706119][T11774] loop3: detected capacity change from 0 to 1
[  261.707161][T11770] loop1: detected capacity change from 0 to 1
[  261.712619][T11775] loop2: detected capacity change from 0 to 1
[  261.718787][T11776] loop4: detected capacity change from 0 to 1
01:17:00 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  261.751514][T11775]  loop2: p2 p3 p4
[  261.755572][T11775] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  261.763840][T11775] loop2: p3 start 225 is beyond EOD, truncated
[  261.765342][T11776]  loop4: p2 p3 p4
[  261.771311][T11775] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  261.791022][T11776] loop4: p2 size 1073872896 extends beyond EOD, truncated
01:17:00 executing program 2 (fault-call:1 fault-nth:0):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:00 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:17:00 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:00 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  261.803415][T11776] loop4: p3 start 225 is beyond EOD, truncated
[  261.809645][T11776] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  261.865797][T11812] FAULT_INJECTION: forcing a failure.
[  261.865797][T11812] name failslab, interval 1, probability 0, space 0, times 0
[  261.875640][T11813] loop3: detected capacity change from 0 to 1
[  261.878471][T11812] CPU: 0 PID: 11812 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  261.892427][T11818] loop1: detected capacity change from 0 to 1
[  261.893364][T11812] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  261.893375][T11812] Call Trace:
[  261.893381][T11812]  dump_stack+0x137/0x19d
[  261.917207][T11812]  should_fail+0x23c/0x250
[  261.921685][T11812]  ? __se_sys_memfd_create+0xfb/0x390
[  261.927087][T11812]  __should_failslab+0x81/0x90
[  261.931881][T11812]  should_failslab+0x5/0x20
[  261.936376][T11812]  __kmalloc+0x66/0x340
[  261.940523][T11812]  ? strnlen_user+0x137/0x1c0
[  261.945275][T11812]  __se_sys_memfd_create+0xfb/0x390
[  261.950500][T11812]  __x64_sys_memfd_create+0x2d/0x40
[  261.955762][T11812]  do_syscall_64+0x4a/0x90
[  261.960169][T11812]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  261.966128][T11812] RIP: 0033:0x4665d9
[  261.970000][T11812] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  261.994860][T11812] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  262.003319][T11812] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:01 executing program 2 (fault-call:1 fault-nth:1):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  262.011287][T11812] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  262.019253][T11812] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  262.027210][T11812] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  262.035169][T11812] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
[  262.080219][T11829] FAULT_INJECTION: forcing a failure.
[  262.080219][T11829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  262.093418][T11829] CPU: 1 PID: 11829 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  262.102174][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  262.112259][T11829] Call Trace:
[  262.115557][T11829]  dump_stack+0x137/0x19d
[  262.119990][T11829]  should_fail+0x23c/0x250
[  262.124982][T11829]  should_fail_usercopy+0x16/0x20
[  262.130017][T11829]  _copy_from_user+0x1c/0xd0
[  262.134615][T11829]  __se_sys_memfd_create+0x137/0x390
[  262.137059][T11828] loop4: detected capacity change from 0 to 1
[  262.139914][T11829]  __x64_sys_memfd_create+0x2d/0x40
[  262.139942][T11829]  do_syscall_64+0x4a/0x90
[  262.155671][T11829]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  262.161606][T11829] RIP: 0033:0x4665d9
[  262.165483][T11829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  262.185073][T11829] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  262.193472][T11829] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  262.201437][T11829] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  262.209410][T11829] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  262.217359][T11829] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  262.225311][T11829] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
[  262.253309][T11828]  loop4: p2 p3 p4
[  262.260608][T11828] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  262.268156][T11828] loop4: p3 start 225 is beyond EOD, truncated
[  262.274321][T11828] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:01 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x241, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:01 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:17:01 executing program 2 (fault-call:1 fault-nth:2):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:01 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:17:01 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:17:01 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  262.563510][T11857] FAULT_INJECTION: forcing a failure.
[  262.563510][T11857] name failslab, interval 1, probability 0, space 0, times 0
[  262.570605][T11859] loop3: detected capacity change from 0 to 1
[  262.576234][T11857] CPU: 0 PID: 11857 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  262.582427][T11860] loop1: detected capacity change from 0 to 1
[  262.591000][T11857] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  262.591018][T11857] Call Trace:
[  262.591025][T11857]  dump_stack+0x137/0x19d
[  262.602132][T11861] loop4: detected capacity change from 0 to 1
[  262.607175][T11857]  should_fail+0x23c/0x250
[  262.626180][T11857]  ? shmem_alloc_inode+0x22/0x30
[  262.631216][T11857]  __should_failslab+0x81/0x90
[  262.636045][T11857]  ? shmem_match+0xa0/0xa0
[  262.640613][T11857]  should_failslab+0x5/0x20
[  262.645109][T11857]  kmem_cache_alloc+0x46/0x2f0
[  262.649849][T11857]  ? do_anonymous_page+0x411/0x8b0
[  262.655054][T11857]  ? fsnotify_perm+0x59/0x2e0
[  262.659723][T11857]  ? shmem_match+0xa0/0xa0
[  262.664150][T11857]  shmem_alloc_inode+0x22/0x30
[  262.669115][T11857]  new_inode_pseudo+0x38/0x1c0
[  262.673939][T11857]  new_inode+0x21/0x120
[  262.678374][T11857]  shmem_get_inode+0xa1/0x480
[  262.683282][T11857]  __shmem_file_setup+0xf1/0x1d0
[  262.691140][T11857]  shmem_file_setup+0x37/0x40
[  262.695929][T11857]  __se_sys_memfd_create+0x1eb/0x390
[  262.702184][T11857]  __x64_sys_memfd_create+0x2d/0x40
[  262.709104][T11857]  do_syscall_64+0x4a/0x90
[  262.713526][T11857]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  262.719498][T11857] RIP: 0033:0x4665d9
[  262.723498][T11857] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  262.743201][T11857] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  262.751599][T11857] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:01 executing program 2 (fault-call:1 fault-nth:3):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  262.759570][T11857] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  262.767523][T11857] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  262.775497][T11857] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  262.783456][T11857] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
01:17:01 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:17:01 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:17:01 executing program 5 (fault-call:1 fault-nth:0):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  262.825578][T11861]  loop4: p2 p3 p4
[  262.830561][T11861] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  262.841880][T11861] loop4: p3 start 225 is beyond EOD, truncated
[  262.848128][T11861] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:02 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  262.891612][T11886] FAULT_INJECTION: forcing a failure.
[  262.891612][T11886] name failslab, interval 1, probability 0, space 0, times 0
[  262.904333][T11886] CPU: 0 PID: 11886 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  262.913146][T11886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  262.923204][T11886] Call Trace:
[  262.926490][T11886]  dump_stack+0x137/0x19d
[  262.930835][T11886]  should_fail+0x23c/0x250
[  262.935259][T11886]  ? security_inode_alloc+0x30/0x180
[  262.938584][T11895] loop1: detected capacity change from 0 to 1
[  262.940714][T11886]  __should_failslab+0x81/0x90
[  262.940740][T11886]  should_failslab+0x5/0x20
[  262.940755][T11886]  kmem_cache_alloc+0x46/0x2f0
[  262.951531][T11894] FAULT_INJECTION: forcing a failure.
[  262.951531][T11894] name failslab, interval 1, probability 0, space 0, times 0
[  262.973369][T11886]  security_inode_alloc+0x30/0x180
[  262.978551][T11886]  inode_init_always+0x20b/0x420
[  262.983471][T11886]  ? shmem_match+0xa0/0xa0
[  262.987871][T11886]  new_inode_pseudo+0x73/0x1c0
[  262.992666][T11886]  new_inode+0x21/0x120
[  262.996878][T11886]  shmem_get_inode+0xa1/0x480
[  263.001587][T11886]  __shmem_file_setup+0xf1/0x1d0
[  263.006509][T11886]  shmem_file_setup+0x37/0x40
[  263.011170][T11886]  __se_sys_memfd_create+0x1eb/0x390
[  263.016502][T11886]  __x64_sys_memfd_create+0x2d/0x40
[  263.021740][T11886]  do_syscall_64+0x4a/0x90
[  263.026141][T11886]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.032229][T11886] RIP: 0033:0x4665d9
[  263.036226][T11886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.055826][T11886] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  263.064235][T11886] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  263.072202][T11886] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  263.080158][T11886] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
01:17:02 executing program 2 (fault-call:1 fault-nth:4):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  263.088115][T11886] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  263.096076][T11886] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
[  263.104040][T11894] CPU: 1 PID: 11894 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  263.112840][T11894] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.123336][T11894] Call Trace:
[  263.126611][T11894]  dump_stack+0x137/0x19d
[  263.130941][T11894]  should_fail+0x23c/0x250
[  263.135433][T11894]  ? __se_sys_memfd_create+0xfb/0x390
[  263.140889][T11894]  __should_failslab+0x81/0x90
[  263.145753][T11894]  should_failslab+0x5/0x20
[  263.150312][T11894]  __kmalloc+0x66/0x340
[  263.154445][T11894]  ? strnlen_user+0x137/0x1c0
[  263.159103][T11894]  __se_sys_memfd_create+0xfb/0x390
[  263.164294][T11894]  __x64_sys_memfd_create+0x2d/0x40
[  263.169483][T11894]  do_syscall_64+0x4a/0x90
[  263.173929][T11894]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.179938][T11894] RIP: 0033:0x4665d9
[  263.184598][T11894] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.204189][T11894] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  263.212597][T11894] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  263.220548][T11894] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  263.228561][T11894] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  263.236549][T11894] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  263.244498][T11894] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
[  263.284799][T11892] loop3: detected capacity change from 0 to 1
[  263.286635][T11908] FAULT_INJECTION: forcing a failure.
[  263.286635][T11908] name failslab, interval 1, probability 0, space 0, times 0
[  263.303707][T11908] CPU: 0 PID: 11908 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  263.312445][T11908] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.322476][T11908] Call Trace:
[  263.325734][T11908]  dump_stack+0x137/0x19d
[  263.330045][T11908]  should_fail+0x23c/0x250
[  263.334438][T11908]  ? __d_alloc+0x36/0x370
[  263.338801][T11908]  __should_failslab+0x81/0x90
[  263.343638][T11908]  should_failslab+0x5/0x20
[  263.348164][T11908]  kmem_cache_alloc+0x46/0x2f0
[  263.352960][T11908]  ? __init_rwsem+0x59/0x70
[  263.357443][T11908]  __d_alloc+0x36/0x370
[  263.361627][T11908]  ? current_time+0xdb/0x190
[  263.366192][T11908]  d_alloc_pseudo+0x1a/0x50
[  263.370724][T11908]  alloc_file_pseudo+0x63/0x130
[  263.375718][T11908]  __shmem_file_setup+0x14c/0x1d0
[  263.380814][T11908]  shmem_file_setup+0x37/0x40
[  263.385471][T11908]  __se_sys_memfd_create+0x1eb/0x390
[  263.390790][T11908]  __x64_sys_memfd_create+0x2d/0x40
[  263.395968][T11908]  do_syscall_64+0x4a/0x90
[  263.400370][T11908]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.406268][T11908] RIP: 0033:0x4665d9
[  263.410158][T11908] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:02 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x300, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:02 executing program 5 (fault-call:1 fault-nth:1):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  263.429982][T11908] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  263.440344][T11908] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  263.449059][T11908] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  263.457023][T11908] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  263.464977][T11908] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  263.472932][T11908] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
01:17:02 executing program 2 (fault-call:1 fault-nth:5):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:02 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  263.505596][T11909] loop4: detected capacity change from 0 to 1
[  263.508559][T11918] FAULT_INJECTION: forcing a failure.
[  263.508559][T11918] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  263.525019][T11918] CPU: 0 PID: 11918 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  263.533772][T11918] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.535252][T11923] FAULT_INJECTION: forcing a failure.
[  263.535252][T11923] name failslab, interval 1, probability 0, space 0, times 0
[  263.543840][T11918] Call Trace:
[  263.543850][T11918]  dump_stack+0x137/0x19d
[  263.543874][T11918]  should_fail+0x23c/0x250
[  263.572963][T11918]  should_fail_usercopy+0x16/0x20
[  263.578117][T11918]  _copy_from_user+0x1c/0xd0
[  263.583052][T11918]  __se_sys_memfd_create+0x137/0x390
[  263.588406][T11918]  __x64_sys_memfd_create+0x2d/0x40
[  263.593602][T11918]  do_syscall_64+0x4a/0x90
[  263.598000][T11918]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.604576][T11918] RIP: 0033:0x4665d9
[  263.608446][T11918] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.629331][T11918] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  263.637853][T11918] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  263.645806][T11918] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
01:17:02 executing program 5 (fault-call:1 fault-nth:2):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  263.653771][T11918] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  263.661721][T11918] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  263.669670][T11918] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
[  263.677623][T11923] CPU: 1 PID: 11923 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  263.686387][T11923] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.696442][T11923] Call Trace:
[  263.699726][T11923]  dump_stack+0x137/0x19d
[  263.704126][T11923]  should_fail+0x23c/0x250
[  263.708537][T11923]  ? __alloc_file+0x2e/0x1a0
[  263.713111][T11923]  __should_failslab+0x81/0x90
[  263.717883][T11923]  should_failslab+0x5/0x20
[  263.722372][T11923]  kmem_cache_alloc+0x46/0x2f0
[  263.727146][T11923]  ? inode_doinit_with_dentry+0x382/0x950
[  263.732868][T11923]  __alloc_file+0x2e/0x1a0
[  263.737267][T11923]  alloc_empty_file+0xcd/0x1c0
[  263.742008][T11923]  alloc_file+0x3a/0x280
[  263.746237][T11923]  alloc_file_pseudo+0xe2/0x130
[  263.751081][T11923]  __shmem_file_setup+0x14c/0x1d0
[  263.756126][T11923]  shmem_file_setup+0x37/0x40
[  263.760796][T11923]  __se_sys_memfd_create+0x1eb/0x390
[  263.767538][T11923]  __x64_sys_memfd_create+0x2d/0x40
[  263.772765][T11923]  do_syscall_64+0x4a/0x90
[  263.777208][T11923]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  263.783179][T11923] RIP: 0033:0x4665d9
[  263.787051][T11923] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  263.806687][T11923] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  263.815092][T11923] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  263.823054][T11923] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  263.831004][T11923] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  263.839128][T11923] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  263.847177][T11923] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
01:17:02 executing program 2 (fault-call:1 fault-nth:6):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:02 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  263.868896][T11924] loop1: detected capacity change from 0 to 1
[  263.894518][T11931] FAULT_INJECTION: forcing a failure.
[  263.894518][T11931] name failslab, interval 1, probability 0, space 0, times 0
[  263.896047][T11909]  loop4: p2 p3 p4
[  263.907216][T11931] CPU: 0 PID: 11931 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  263.919618][T11931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  263.929667][T11931] Call Trace:
[  263.932949][T11931]  dump_stack+0x137/0x19d
[  263.934128][T11909] loop4: p2 size 1073872896 extends beyond EOD, 
[  263.937340][T11931]  should_fail+0x23c/0x250
[  263.937361][T11931]  ? security_file_alloc+0x30/0x190
[  263.943671][T11909] truncated
[  263.946004][T11934] FAULT_INJECTION: forcing a failure.
[  263.946004][T11934] name failslab, interval 1, probability 0, space 0, times 0
[  263.948063][T11931]  __should_failslab+0x81/0x90
[  263.973637][T11931]  should_failslab+0x5/0x20
[  263.978836][T11931]  kmem_cache_alloc+0x46/0x2f0
[  263.983586][T11931]  security_file_alloc+0x30/0x190
[  263.988590][T11931]  __alloc_file+0x83/0x1a0
[  263.992988][T11931]  alloc_empty_file+0xcd/0x1c0
[  263.997995][T11931]  alloc_file+0x3a/0x280
[  264.002276][T11931]  alloc_file_pseudo+0xe2/0x130
[  264.007108][T11931]  __shmem_file_setup+0x14c/0x1d0
[  264.012117][T11931]  shmem_file_setup+0x37/0x40
[  264.016788][T11931]  __se_sys_memfd_create+0x1eb/0x390
[  264.022195][T11931]  __x64_sys_memfd_create+0x2d/0x40
[  264.027451][T11931]  do_syscall_64+0x4a/0x90
[  264.031904][T11931]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.037793][T11931] RIP: 0033:0x4665d9
[  264.041668][T11931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  264.061523][T11931] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  264.069936][T11931] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  264.077912][T11931] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  264.085866][T11931] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  264.093817][T11931] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  264.101791][T11931] R13: 00007ffe6c84480f R14: 0000000000000380 R15: 0000000000022000
[  264.109747][T11934] CPU: 1 PID: 11934 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  264.118779][T11934] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.128844][T11934] Call Trace:
[  264.132116][T11934]  dump_stack+0x137/0x19d
[  264.136440][T11934]  should_fail+0x23c/0x250
[  264.138888][T11909] loop4: p3 start 225 is beyond EOD, truncated
[  264.140852][T11934]  ? shmem_alloc_inode+0x22/0x30
[  264.147037][T11909] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  264.151912][T11934]  __should_failslab+0x81/0x90
[  264.163780][T11934]  ? shmem_match+0xa0/0xa0
[  264.168249][T11934]  should_failslab+0x5/0x20
[  264.172739][T11934]  kmem_cache_alloc+0x46/0x2f0
[  264.177554][T11934]  ? do_anonymous_page+0x411/0x8b0
[  264.183305][T11934]  ? fsnotify_perm+0x59/0x2e0
[  264.187969][T11934]  ? shmem_match+0xa0/0xa0
[  264.192372][T11934]  shmem_alloc_inode+0x22/0x30
[  264.197133][T11934]  new_inode_pseudo+0x38/0x1c0
[  264.201959][T11934]  new_inode+0x21/0x120
[  264.206093][T11934]  shmem_get_inode+0xa1/0x480
[  264.210762][T11934]  __shmem_file_setup+0xf1/0x1d0
[  264.215802][T11934]  shmem_file_setup+0x37/0x40
[  264.220502][T11934]  __se_sys_memfd_create+0x1eb/0x390
[  264.225773][T11934]  __x64_sys_memfd_create+0x2d/0x40
[  264.230969][T11934]  do_syscall_64+0x4a/0x90
[  264.235366][T11934]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.241240][T11934] RIP: 0033:0x4665d9
[  264.245110][T11934] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:03 executing program 2 (fault-call:1 fault-nth:7):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  264.264697][T11934] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  264.273104][T11934] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  264.281055][T11934] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  264.289103][T11934] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  264.297111][T11934] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  264.305079][T11934] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
01:17:03 executing program 5 (fault-call:1 fault-nth:3):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  264.322629][T11944] FAULT_INJECTION: forcing a failure.
[  264.322629][T11944] name fail_page_alloc, interval 1, probability 0, space 0, times 1
[  264.327813][T11933] loop3: detected capacity change from 0 to 1
[  264.335973][T11944] CPU: 1 PID: 11944 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  264.350704][T11944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.360757][T11944] Call Trace:
[  264.364036][T11944]  dump_stack+0x137/0x19d
01:17:03 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x480, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  264.368899][T11944]  should_fail+0x23c/0x250
[  264.373312][T11944]  __alloc_pages+0x102/0x320
[  264.378094][T11944]  alloc_pages_vma+0x391/0x660
[  264.382880][T11944]  shmem_getpage_gfp+0x980/0x1410
[  264.383162][T11950] FAULT_INJECTION: forcing a failure.
[  264.383162][T11950] name failslab, interval 1, probability 0, space 0, times 0
[  264.387996][T11944]  ? mls_context_isvalid+0x76/0x1e0
[  264.405870][T11944]  shmem_write_begin+0x7e/0x100
[  264.410719][T11944]  generic_perform_write+0x196/0x3a0
[  264.416062][T11944]  ? file_update_time+0x1bd/0x3e0
[  264.421072][T11944]  __generic_file_write_iter+0x161/0x300
[  264.426696][T11944]  ? generic_write_checks+0x250/0x290
[  264.432046][T11944]  generic_file_write_iter+0x75/0x130
[  264.437472][T11944]  vfs_write+0x69d/0x770
[  264.441693][T11944]  __x64_sys_pwrite64+0xf5/0x150
[  264.446609][T11944]  do_syscall_64+0x4a/0x90
[  264.451027][T11944]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.456919][T11944] RIP: 0033:0x419777
[  264.460803][T11944] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  264.480387][T11944] RSP: 002b:00007f26b381de70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  264.488778][T11944] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  264.496727][T11944] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  264.504677][T11944] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  264.512640][T11944] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  264.520736][T11944] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  264.528874][T11950] CPU: 0 PID: 11950 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  264.537669][T11950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.541184][T11944] loop2: detected capacity change from 0 to 1
[  264.547736][T11950] Call Trace:
[  264.547744][T11950]  dump_stack+0x137/0x19d
[  264.557028][ T1032]  loop4: p2 p3 p4
[  264.557101][T11950]  should_fail+0x23c/0x250
[  264.561641][ T1032] loop4: p2 size 1073872896 extends beyond EOD, 
[  264.565112][T11950]  ? security_inode_alloc+0x30/0x180
[  264.571826][ T1032] truncated
[  264.578632][T11950]  __should_failslab+0x81/0x90
[  264.586105][ T1032] loop4: p3 start 225 is beyond EOD, 
[  264.587103][T11950]  should_failslab+0x5/0x20
[  264.587124][T11950]  kmem_cache_alloc+0x46/0x2f0
[  264.591859][ T1032] truncated
[  264.591864][ T1032] loop4: p4 size 3657465856 extends beyond EOD, 
[  264.597289][T11950]  security_inode_alloc+0x30/0x180
[  264.597316][T11950]  inode_init_always+0x20b/0x420
[  264.601962][ T1032] truncated
[  264.629684][T11950]  ? shmem_match+0xa0/0xa0
[  264.634279][T11950]  new_inode_pseudo+0x73/0x1c0
[  264.639024][T11950]  new_inode+0x21/0x120
[  264.643186][T11950]  shmem_get_inode+0xa1/0x480
[  264.647896][T11950]  __shmem_file_setup+0xf1/0x1d0
[  264.652849][T11950]  shmem_file_setup+0x37/0x40
[  264.657548][T11950]  __se_sys_memfd_create+0x1eb/0x390
[  264.662816][T11950]  __x64_sys_memfd_create+0x2d/0x40
[  264.669221][T11950]  do_syscall_64+0x4a/0x90
[  264.673624][T11950]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.679506][T11950] RIP: 0033:0x4665d9
[  264.683482][T11950] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  264.708715][T11950] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  264.718766][T11950] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  264.727545][T11950] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  264.736106][T11950] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  264.744838][T11950] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  264.752795][T11950] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
01:17:03 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:03 executing program 5 (fault-call:1 fault-nth:4):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:03 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:03 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

01:17:03 executing program 2 (fault-call:1 fault-nth:8):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  264.855695][T11967] FAULT_INJECTION: forcing a failure.
[  264.855695][T11967] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  264.856186][T11969] FAULT_INJECTION: forcing a failure.
[  264.856186][T11969] name failslab, interval 1, probability 0, space 0, times 0
[  264.868837][T11967] CPU: 0 PID: 11967 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  264.890132][T11967] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  264.900337][T11967] Call Trace:
[  264.903619][T11967]  dump_stack+0x137/0x19d
[  264.907948][T11967]  should_fail+0x23c/0x250
[  264.912349][T11967]  should_fail_usercopy+0x16/0x20
[  264.917355][T11967]  iov_iter_copy_from_user_atomic+0x281/0xb60
[  264.923406][T11967]  ? shmem_write_begin+0x7e/0x100
[  264.928414][T11967]  generic_perform_write+0x1e4/0x3a0
[  264.933727][T11967]  ? file_update_time+0x1bd/0x3e0
[  264.938733][T11967]  __generic_file_write_iter+0x161/0x300
[  264.944348][T11967]  ? generic_write_checks+0x250/0x290
[  264.949783][T11967]  generic_file_write_iter+0x75/0x130
[  264.955223][T11967]  vfs_write+0x69d/0x770
[  264.959474][T11967]  __x64_sys_pwrite64+0xf5/0x150
[  264.964402][T11967]  do_syscall_64+0x4a/0x90
[  264.968800][T11967]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  264.974756][T11967] RIP: 0033:0x419777
[  264.978705][T11967] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  264.998345][T11967] RSP: 002b:00007f26b381de70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  265.006810][T11967] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  265.014836][T11967] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  265.022839][T11967] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  265.030834][T11967] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  265.038790][T11967] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  265.046751][T11969] CPU: 1 PID: 11969 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  265.055599][T11969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.065701][T11969] Call Trace:
[  265.068997][T11969]  dump_stack+0x137/0x19d
[  265.073702][T11969]  should_fail+0x23c/0x250
[  265.078381][T11969]  ? __d_alloc+0x36/0x370
[  265.082710][T11969]  __should_failslab+0x81/0x90
[  265.087476][T11969]  should_failslab+0x5/0x20
[  265.091958][T11969]  kmem_cache_alloc+0x46/0x2f0
[  265.096702][T11969]  ? __init_rwsem+0x59/0x70
[  265.101195][T11969]  __d_alloc+0x36/0x370
[  265.105330][T11969]  ? current_time+0xdb/0x190
[  265.109919][T11969]  d_alloc_pseudo+0x1a/0x50
[  265.114421][T11969]  alloc_file_pseudo+0x63/0x130
[  265.119331][T11969]  __shmem_file_setup+0x14c/0x1d0
[  265.124447][T11969]  shmem_file_setup+0x37/0x40
[  265.129105][T11969]  __se_sys_memfd_create+0x1eb/0x390
[  265.134451][T11969]  __x64_sys_memfd_create+0x2d/0x40
[  265.139630][T11969]  do_syscall_64+0x4a/0x90
[  265.144038][T11969]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.150039][T11969] RIP: 0033:0x4665d9
[  265.153935][T11969] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  265.173564][T11969] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  265.181956][T11969] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  265.189987][T11969] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  265.197939][T11969] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
01:17:04 executing program 5 (fault-call:1 fault-nth:5):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  265.205960][T11969] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  265.213932][T11969] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
[  265.248445][T11968] loop1: detected capacity change from 0 to 1
[  265.254620][T11967] loop2: detected capacity change from 0 to 1
[  265.297799][T11967]  loop2: p2 p3 p4
[  265.301431][T11973] loop3: detected capacity change from 0 to 1
[  265.301924][T11967] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  265.310411][T11988] FAULT_INJECTION: forcing a failure.
[  265.310411][T11988] name failslab, interval 1, probability 0, space 0, times 0
[  265.327682][T11988] CPU: 0 PID: 11988 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  265.328294][T11980] loop4: detected capacity change from 0 to 1
[  265.336436][T11988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.336448][T11988] Call Trace:
[  265.336456][T11988]  dump_stack+0x137/0x19d
[  265.336479][T11988]  should_fail+0x23c/0x250
[  265.343370][T11967] loop2: p3 start 225 is beyond EOD, 
[  265.352601][T11988]  ? __alloc_file+0x2e/0x1a0
[  265.352625][T11988]  __should_failslab+0x81/0x90
[  265.352646][T11988]  should_failslab+0x5/0x20
[  265.355916][T11967] truncated
[  265.355921][T11967] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  265.394051][T11988]  kmem_cache_alloc+0x46/0x2f0
[  265.398919][T11988]  ? inode_doinit_with_dentry+0x382/0x950
[  265.404647][T11988]  __alloc_file+0x2e/0x1a0
[  265.409044][T11988]  alloc_empty_file+0xcd/0x1c0
[  265.413825][T11988]  alloc_file+0x3a/0x280
[  265.418044][T11988]  alloc_file_pseudo+0xe2/0x130
[  265.423053][T11988]  __shmem_file_setup+0x14c/0x1d0
[  265.428098][T11988]  shmem_file_setup+0x37/0x40
[  265.432764][T11988]  __se_sys_memfd_create+0x1eb/0x390
[  265.438026][T11988]  __x64_sys_memfd_create+0x2d/0x40
[  265.443303][T11988]  do_syscall_64+0x4a/0x90
[  265.447697][T11988]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.453741][T11988] RIP: 0033:0x4665d9
[  265.457615][T11988] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  265.477206][T11988] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  265.485611][T11988] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:04 executing program 5 (fault-call:1 fault-nth:6):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:04 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x4b8, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  265.493623][T11988] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  265.501572][T11988] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  265.509532][T11988] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  265.517492][T11988] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
[  265.535968][T11980]  loop4: p2 p3 p4
[  265.539778][T11980] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  265.556507][T12001] FAULT_INJECTION: forcing a failure.
[  265.556507][T12001] name failslab, interval 1, probability 0, space 0, times 0
[  265.569164][T12001] CPU: 0 PID: 12001 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  265.578017][T12001] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.578502][T11980] loop4: p3 start 225 is beyond EOD, 
[  265.590958][T12001] Call Trace:
[  265.590968][T12001]  dump_stack+0x137/0x19d
01:17:04 executing program 2 (fault-call:1 fault-nth:9):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:04 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

[  265.590992][T12001]  should_fail+0x23c/0x250
[  265.596548][T11980] truncated
[  265.599837][T12001]  ? security_file_alloc+0x30/0x190
[  265.604154][T11980] loop4: p4 size 3657465856 extends beyond EOD, 
[  265.608542][T12001]  __should_failslab+0x81/0x90
[  265.608565][T12001]  should_failslab+0x5/0x20
[  265.611663][T11980] truncated
[  265.633582][T12007] FAULT_INJECTION: forcing a failure.
[  265.633582][T12007] name failslab, interval 1, probability 0, space 0, times 0
[  265.636406][T12001]  kmem_cache_alloc+0x46/0x2f0
[  265.636433][T12001]  security_file_alloc+0x30/0x190
[  265.636450][T12001]  __alloc_file+0x83/0x1a0
[  265.663169][T12001]  alloc_empty_file+0xcd/0x1c0
[  265.668643][T12001]  alloc_file+0x3a/0x280
[  265.674085][T12001]  alloc_file_pseudo+0xe2/0x130
[  265.678924][T12001]  __shmem_file_setup+0x14c/0x1d0
[  265.684182][T12001]  shmem_file_setup+0x37/0x40
[  265.688856][T12001]  __se_sys_memfd_create+0x1eb/0x390
[  265.694291][T12001]  __x64_sys_memfd_create+0x2d/0x40
[  265.700190][T12001]  do_syscall_64+0x4a/0x90
[  265.705197][T12001]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.714381][T12001] RIP: 0033:0x4665d9
[  265.720063][T12001] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  265.742373][T12001] RSP: 002b:00007f4c14632e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  265.750802][T12001] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  265.758762][T12001] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  265.767657][T12001] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  265.777506][T12001] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  265.785747][T12001] R13: 00007ffd4b78812f R14: 0000000000000380 R15: 0000000000022000
[  265.793949][T12007] CPU: 1 PID: 12007 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  265.805142][T12007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  265.816938][T12007] Call Trace:
[  265.820819][T12007]  dump_stack+0x137/0x19d
[  265.825149][T12007]  should_fail+0x23c/0x250
[  265.829557][T12007]  ? getname_flags+0x84/0x3d0
[  265.834377][T12007]  __should_failslab+0x81/0x90
[  265.839159][T12007]  should_failslab+0x5/0x20
[  265.843689][T12007]  kmem_cache_alloc+0x46/0x2f0
[  265.848447][T12007]  getname_flags+0x84/0x3d0
[  265.853175][T12007]  ? vfs_write+0x50c/0x770
[  265.857572][T12007]  getname+0x15/0x20
[  265.861649][T12007]  do_sys_openat2+0x5b/0x250
[  265.866234][T12007]  __x64_sys_openat+0xef/0x110
[  265.870990][T12007]  do_syscall_64+0x4a/0x90
[  265.875503][T12007]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  265.881398][T12007] RIP: 0033:0x4196c4
[  265.885819][T12007] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
01:17:04 executing program 5 (fault-call:1 fault-nth:7):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  265.906683][T12007] RSP: 002b:00007f26b381de20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  265.916074][T12007] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  265.924679][T12007] RDX: 0000000000000002 RSI: 00007f26b381df40 RDI: 00000000ffffff9c
[  265.932657][T12007] RBP: 00007f26b381df40 R08: 0000000000000000 R09: 0000000000000000
[  265.940680][T12007] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  265.948652][T12007] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:05 executing program 2 (fault-call:1 fault-nth:10):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  265.983846][T12015] FAULT_INJECTION: forcing a failure.
[  265.983846][T12015] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  265.997611][T12015] CPU: 0 PID: 12015 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  266.006606][T12015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.025522][T12015] Call Trace:
[  266.028913][T12015]  dump_stack+0x137/0x19d
[  266.033233][T12015]  should_fail+0x23c/0x250
[  266.037769][T12015]  __alloc_pages+0x102/0x320
[  266.042349][T12015]  alloc_pages_vma+0x391/0x660
[  266.047128][T12015]  shmem_getpage_gfp+0x980/0x1410
[  266.052328][T12015]  ? mls_context_isvalid+0x76/0x1e0
[  266.057565][T12015]  shmem_write_begin+0x7e/0x100
[  266.062554][T12015]  generic_perform_write+0x196/0x3a0
[  266.067826][T12015]  ? file_update_time+0x1bd/0x3e0
[  266.074339][T12015]  __generic_file_write_iter+0x161/0x300
[  266.080412][T12015]  ? generic_write_checks+0x250/0x290
[  266.086786][T12015]  generic_file_write_iter+0x75/0x130
[  266.092257][T12015]  vfs_write+0x69d/0x770
[  266.097290][T12015]  __x64_sys_pwrite64+0xf5/0x150
[  266.102215][T12015]  do_syscall_64+0x4a/0x90
[  266.106768][T12015]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.112816][T12015] RIP: 0033:0x419777
[  266.116892][T12015] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  266.141729][T12015] RSP: 002b:00007f4c14632e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  266.150236][T12015] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  266.159000][T12015] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  266.168741][T12015] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  266.176722][T12015] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
01:17:05 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:05 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  266.184687][T12015] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  266.209984][T12014] loop1: detected capacity change from 0 to 1
[  266.217159][T12015] loop5: detected capacity change from 0 to 1
[  266.236492][T12025] FAULT_INJECTION: forcing a failure.
[  266.236492][T12025] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.240605][T12029] loop3: detected capacity change from 0 to 1
[  266.249597][T12025] CPU: 0 PID: 12025 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  266.264490][T12025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.274583][T12025] Call Trace:
[  266.277866][T12025]  dump_stack+0x137/0x19d
[  266.282203][T12025]  should_fail+0x23c/0x250
[  266.286603][T12025]  should_fail_usercopy+0x16/0x20
[  266.291615][T12025]  strncpy_from_user+0x21/0x250
[  266.298635][T12025]  getname_flags+0xb8/0x3d0
[  266.303211][T12025]  ? vfs_write+0x50c/0x770
[  266.307747][T12025]  getname+0x15/0x20
[  266.311638][T12025]  do_sys_openat2+0x5b/0x250
[  266.316211][T12025]  __x64_sys_openat+0xef/0x110
[  266.321156][T12025]  do_syscall_64+0x4a/0x90
[  266.325657][T12025]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.331537][T12025] RIP: 0033:0x4196c4
[  266.335521][T12025] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  266.355130][T12025] RSP: 002b:00007f26b381de20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  266.363529][T12025] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  266.371522][T12025] RDX: 0000000000000002 RSI: 00007f26b381df40 RDI: 00000000ffffff9c
01:17:05 executing program 2 (fault-call:1 fault-nth:11):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  266.379491][T12025] RBP: 00007f26b381df40 R08: 0000000000000000 R09: 0000000000000000
[  266.388177][T12025] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  266.397025][T12025] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  266.419834][T12030] loop4: detected capacity change from 0 to 1
01:17:05 executing program 5 (fault-call:1 fault-nth:8):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:05 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:05 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  266.460230][T12030]  loop4: p2 p3 p4
[  266.464060][T12030] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  266.502928][T12030] loop4: p3 start 225 is beyond EOD, truncated
[  266.510113][T12030] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  266.512145][T12049] FAULT_INJECTION: forcing a failure.
[  266.512145][T12049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  266.533466][T12049] CPU: 1 PID: 12049 Comm: syz-executor.5 Not tainted 5.13.0-rc3-syzkaller #0
[  266.536149][T12051] FAULT_INJECTION: forcing a failure.
[  266.536149][T12051] name failslab, interval 1, probability 0, space 0, times 0
[  266.545333][T12049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.545348][T12049] Call Trace:
[  266.545356][T12049]  dump_stack+0x137/0x19d
[  266.578393][T12049]  should_fail+0x23c/0x250
[  266.583281][T12049]  should_fail_usercopy+0x16/0x20
[  266.588314][T12049]  iov_iter_copy_from_user_atomic+0x281/0xb60
[  266.596297][T12049]  ? shmem_write_begin+0x7e/0x100
[  266.604399][T12049]  generic_perform_write+0x1e4/0x3a0
[  266.613736][T12049]  ? file_update_time+0x1bd/0x3e0
[  266.621382][T12049]  __generic_file_write_iter+0x161/0x300
[  266.627147][T12049]  ? generic_write_checks+0x250/0x290
[  266.632961][T12049]  generic_file_write_iter+0x75/0x130
[  266.638550][T12049]  vfs_write+0x69d/0x770
[  266.644033][T12049]  __x64_sys_pwrite64+0xf5/0x150
[  266.648976][T12049]  do_syscall_64+0x4a/0x90
[  266.653423][T12049]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.660983][T12049] RIP: 0033:0x419777
[  266.667041][T12049] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  266.686840][T12049] RSP: 002b:00007f4c14632e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  266.695235][T12049] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
01:17:05 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x500, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  266.703388][T12049] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  266.711453][T12049] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  266.720165][T12049] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  266.728607][T12049] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  266.737867][T12051] CPU: 0 PID: 12051 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  266.747371][T12051] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  266.758148][T12051] Call Trace:
[  266.761425][T12051]  dump_stack+0x137/0x19d
[  266.765859][T12051]  should_fail+0x23c/0x250
[  266.770339][T12051]  ? __alloc_file+0x2e/0x1a0
[  266.776220][T12051]  __should_failslab+0x81/0x90
[  266.780990][T12051]  should_failslab+0x5/0x20
[  266.785484][T12051]  kmem_cache_alloc+0x46/0x2f0
[  266.790302][T12051]  __alloc_file+0x2e/0x1a0
[  266.794698][T12051]  alloc_empty_file+0xcd/0x1c0
[  266.799439][T12051]  path_openat+0x6a/0x20b0
[  266.803834][T12051]  ? iov_iter_advance+0x291/0xe10
[  266.808949][T12051]  ? shmem_write_end+0x37d/0x3d0
[  266.816426][T12051]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  266.823113][T12051]  ? generic_perform_write+0x332/0x3a0
[  266.828570][T12051]  do_filp_open+0xd9/0x1f0
[  266.832983][T12051]  ? __virt_addr_valid+0x15a/0x1a0
[  266.838314][T12051]  ? __check_object_size+0x253/0x310
[  266.843768][T12051]  ? _find_next_bit+0x16a/0x190
[  266.848607][T12051]  ? alloc_fd+0x388/0x3e0
[  266.853031][T12051]  do_sys_openat2+0xa3/0x250
[  266.857612][T12051]  __x64_sys_openat+0xef/0x110
[  266.862472][T12051]  do_syscall_64+0x4a/0x90
[  266.869937][T12051]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  266.876416][T12051] RIP: 0033:0x4196c4
[  266.881146][T12051] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
01:17:06 executing program 2 (fault-call:1 fault-nth:12):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  266.902718][T12051] RSP: 002b:00007f26b381de20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  266.911386][T12051] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  266.920298][T12051] RDX: 0000000000000002 RSI: 00007f26b381df40 RDI: 00000000ffffff9c
[  266.928656][T12051] RBP: 00007f26b381df40 R08: 0000000000000000 R09: 0000000000000000
[  266.937387][T12051] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  266.945893][T12051] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:06 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001c40)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, <r1=>0x0}})
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, r1, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, r1, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={r1, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  266.981568][T12049] loop5: detected capacity change from 0 to 1
[  266.985856][T12050] loop1: detected capacity change from 0 to 1
[  266.988664][T12067] FAULT_INJECTION: forcing a failure.
[  266.988664][T12067] name failslab, interval 1, probability 0, space 0, times 0
[  267.006571][T12067] CPU: 0 PID: 12067 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  267.015394][T12067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.027878][T12067] Call Trace:
[  267.031218][T12067]  dump_stack+0x137/0x19d
[  267.035679][T12067]  should_fail+0x23c/0x250
[  267.040108][T12067]  ? security_file_alloc+0x30/0x190
[  267.045478][T12067]  __should_failslab+0x81/0x90
[  267.050376][T12067]  should_failslab+0x5/0x20
[  267.054880][T12067]  kmem_cache_alloc+0x46/0x2f0
[  267.059676][T12067]  security_file_alloc+0x30/0x190
[  267.064726][T12067]  __alloc_file+0x83/0x1a0
[  267.069490][T12067]  alloc_empty_file+0xcd/0x1c0
[  267.074406][T12067]  path_openat+0x6a/0x20b0
[  267.078881][T12067]  ? iov_iter_advance+0x291/0xe10
[  267.085423][T12067]  ? shmem_write_end+0x37d/0x3d0
[  267.090380][T12067]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  267.096672][T12067]  ? generic_perform_write+0x332/0x3a0
[  267.102170][T12067]  do_filp_open+0xd9/0x1f0
[  267.106571][T12067]  ? __virt_addr_valid+0x15a/0x1a0
[  267.111791][T12067]  ? __check_object_size+0x253/0x310
[  267.118470][T12067]  ? _find_next_bit+0x16a/0x190
[  267.123470][T12067]  ? alloc_fd+0x388/0x3e0
[  267.127796][T12067]  do_sys_openat2+0xa3/0x250
[  267.132568][T12067]  __x64_sys_openat+0xef/0x110
[  267.137414][T12067]  do_syscall_64+0x4a/0x90
[  267.141861][T12067]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.147938][T12067] RIP: 0033:0x4196c4
[  267.151821][T12067] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  267.171629][T12067] RSP: 002b:00007f26b381de20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  267.181574][T12067] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  267.189818][T12067] RDX: 0000000000000002 RSI: 00007f26b381df40 RDI: 00000000ffffff9c
[  267.198381][T12067] RBP: 00007f26b381df40 R08: 0000000000000000 R09: 0000000000000000
[  267.207231][T12067] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  267.215235][T12067] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:06 executing program 2 (fault-call:1 fault-nth:13):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  267.240127][T12049]  loop5: p2 p3 p4
[  267.253083][T12072] loop4: detected capacity change from 0 to 1
[  267.255731][T12049] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  267.269562][T12071] loop3: detected capacity change from 0 to 1
[  267.271640][T12049] loop5: p3 start 225 is beyond EOD, truncated
[  267.282065][T12049] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  267.297772][T12072]  loop4: p2 p3 p4
[  267.302773][T12072] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  267.308433][T12080] FAULT_INJECTION: forcing a failure.
[  267.308433][T12080] name failslab, interval 1, probability 0, space 0, times 0
[  267.310324][T12072] loop4: p3 start 225 is beyond EOD, truncated
[  267.322501][T12080] CPU: 0 PID: 12080 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  267.328668][T12072] loop4: p4 size 3657465856 extends beyond EOD, 
01:17:06 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  267.337391][T12080] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.337403][T12080] Call Trace:
[  267.337411][T12080]  dump_stack+0x137/0x19d
[  267.343716][T12072] truncated
[  267.364615][T12080]  should_fail+0x23c/0x250
[  267.369030][T12080]  ? loop_set_status_from_info+0x3a0/0x3a0
[  267.374915][T12080]  __should_failslab+0x81/0x90
[  267.379797][T12080]  ? __kthread_create_on_node+0x7a/0x290
[  267.385466][T12080]  should_failslab+0x5/0x20
[  267.390153][T12080]  kmem_cache_alloc_trace+0x49/0x310
[  267.395461][T12080]  ? loop_set_status_from_info+0x3a0/0x3a0
[  267.401318][T12080]  __kthread_create_on_node+0x7a/0x290
[  267.407841][T12080]  ? wake_up_q+0x46/0x80
[  267.412088][T12080]  ? __mutex_unlock_slowpath+0x11e/0x150
[  267.418622][T12080]  ? loop_set_status_from_info+0x3a0/0x3a0
[  267.424477][T12080]  kthread_create_on_node+0x72/0xa0
[  267.430762][T12080]  loop_configure+0x597/0xcb0
[  267.435520][T12080]  ? mntput+0x45/0x70
[  267.439630][T12080]  lo_ioctl+0x555/0x11f0
[  267.444090][T12080]  ? path_openat+0x19ab/0x20b0
[  267.448834][T12080]  ? putname+0xa5/0xc0
[  267.454249][T12080]  ? ___cache_free+0x3c/0x300
[  267.458909][T12080]  ? blkdev_common_ioctl+0x9c3/0x1040
[  267.464272][T12080]  ? selinux_file_ioctl+0x8e0/0x970
[  267.469497][T12080]  ? lo_release+0x120/0x120
[  267.474066][T12080]  blkdev_ioctl+0x1d0/0x3c0
[  267.478552][T12080]  block_ioctl+0x6d/0x80
[  267.484489][T12080]  ? blkdev_iopoll+0x70/0x70
[  267.489063][T12080]  __se_sys_ioctl+0xcb/0x140
[  267.494154][T12080]  __x64_sys_ioctl+0x3f/0x50
[  267.498763][T12080]  do_syscall_64+0x4a/0x90
[  267.503192][T12080]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.509143][T12080] RIP: 0033:0x466397
[  267.513016][T12080] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  267.533132][T12080] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:17:06 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x58c, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  267.541600][T12080] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  267.549557][T12080] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  267.557612][T12080] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  267.565603][T12080] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  267.573599][T12080] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:06 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:06 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:06 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:17:06 executing program 2 (fault-call:1 fault-nth:14):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  267.678390][T12105] loop1: detected capacity change from 0 to 1
[  267.687707][T12111] loop5: detected capacity change from 0 to 1
[  267.694608][T12115] FAULT_INJECTION: forcing a failure.
[  267.694608][T12115] name failslab, interval 1, probability 0, space 0, times 0
[  267.709290][T12115] CPU: 0 PID: 12115 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  267.718048][T12115] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  267.728085][T12115] Call Trace:
[  267.731380][T12115]  dump_stack+0x137/0x19d
[  267.735698][T12115]  should_fail+0x23c/0x250
[  267.740097][T12115]  ? __kernfs_new_node+0x6a/0x330
[  267.746867][T12115]  __should_failslab+0x81/0x90
[  267.752120][T12115]  should_failslab+0x5/0x20
[  267.756717][T12115]  kmem_cache_alloc+0x46/0x2f0
[  267.762442][T12115]  ? kvm_sched_clock_read+0xd/0x20
[  267.767536][T12115]  ? sched_clock_cpu+0x11/0x180
[  267.773266][T12115]  __kernfs_new_node+0x6a/0x330
[  267.778231][T12115]  ? select_task_rq_fair+0x186/0xc00
[  267.783784][T12115]  ? rb_insert_color+0x2fa/0x310
[  267.788707][T12115]  kernfs_create_dir_ns+0x5e/0x140
[  267.793811][T12115]  internal_create_group+0x138/0x850
[  267.799155][T12115]  ? enqueue_task_fair+0xcd/0x510
[  267.804164][T12115]  sysfs_create_group+0x1b/0x20
[  267.809025][T12115]  loop_configure+0xa21/0xcb0
[  267.813697][T12115]  lo_ioctl+0x555/0x11f0
[  267.817919][T12115]  ? path_openat+0x19ab/0x20b0
[  267.822686][T12115]  ? putname+0xa5/0xc0
[  267.826799][T12115]  ? ___cache_free+0x3c/0x300
[  267.831483][T12115]  ? blkdev_common_ioctl+0x9c3/0x1040
[  267.836835][T12115]  ? selinux_file_ioctl+0x8e0/0x970
[  267.842052][T12115]  ? lo_release+0x120/0x120
[  267.847457][T12115]  blkdev_ioctl+0x1d0/0x3c0
[  267.851949][T12115]  block_ioctl+0x6d/0x80
[  267.856242][T12115]  ? blkdev_iopoll+0x70/0x70
[  267.860908][T12115]  __se_sys_ioctl+0xcb/0x140
[  267.865493][T12115]  __x64_sys_ioctl+0x3f/0x50
[  267.870164][T12115]  do_syscall_64+0x4a/0x90
[  267.874592][T12115]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  267.881362][T12115] RIP: 0033:0x466397
[  267.885683][T12115] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  267.906911][T12115] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  267.915565][T12115] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  267.923529][T12115] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  267.931656][T12115] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  267.943937][T12115] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  267.952072][T12115] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  267.961106][T12115] loop2: detected capacity change from 0 to 1
01:17:07 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  267.984036][T12118] loop4: detected capacity change from 0 to 1
[  267.989359][T12112] loop3: detected capacity change from 0 to 1
[  267.990925][T12111]  loop5: p2 p3 p4
[  268.000255][T12111] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  268.007879][T12111] loop5: p3 start 225 is beyond EOD, truncated
[  268.014496][T12111] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  268.028214][T12118]  loop4: p2 p3 p4
[  268.032000][T12118] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  268.036251][T12115]  loop2: p2 p3 p4
[  268.043581][T12115] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  268.051634][T12118] loop4: p3 start 225 is beyond EOD, truncated
[  268.057251][T12115] loop2: p3 start 225 is beyond EOD, 
[  268.057911][T12118] loop4: p4 size 3657465856 extends beyond EOD, 
[  268.057916][T12115] truncated
[  268.057923][T12118] truncated
01:17:07 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:17:07 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.077526][T12115] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:07 executing program 2 (fault-call:1 fault-nth:15):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:07 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, &(0x7f0000000680)='lo\x00\x96o8\x0fd\xa1\xe3\xd7]b}\x1f\xa1Y\xad4\x90\x9d`\xd2\x98\x00\x00\x00 \'Y\x17]\x15c\xcaR\xdd\x98OC\x89\x1b\xe7\x84\xe2\x05\x80w\xd2|D\x8dK\x14Bx\xcbuH\xc2\xeec\xbf<>Y\x1a\xfc\x1f9OB\x81\x89\x186\xc5q@n\xb4\xb6s\xb0\x00\x00\x00\x00\x00\b\x00\x00\xda\xef\xecE\xec\xd5I\xb2\x9b\xfe\x8d\x90?\x00\xe9\xe4~g:\xc1\xb2aj\x96\xbb\xa7\xe2\xc0\xdc\xf9Q\b\xeb\x16\x7fT\x11\xd3\r7\xe6\"f\xcf\x8e\xabd\x0ftp\x82\xae\xd2\x15\x8e+c\xf6\xbf\xe14>\xa6-\xa5c\xde\xd7\xab\xea\x1f\xf8s2\x9cVF\xd5\x18\xfe\x0e\x8f \x01\x00\x00y.\xfc*\x82\xa5\xa1p5\xc8{\xf7\xef\xab\xe8\x99\xebw#\x8at\x1c\x80\xfc\xb0\x95\xa2\xa7\xd7,Y]E8\x83X\xf5F\xdc\x88-\xf5\xb0\xb5^\xdb\x1a\xb6\xaa\x14\xe2\xb9\rh^J-\xd1\xbaUn\x04\'l\x1b\xe0o\xdb\xc8\x91%\x1c\xb5\xbf\xb6\x90\xb4\xc2\x7f]/\xb3\xe7\xc9\'\x94\xcfIo\xdf\x04\x95\xb5\x06\x84\x1fH>\xda\xc5\x04 \x94\x88\xeb\'\xd4;6\x7f\xd9\x99-\x1b|G\x8d\xd4\xb9%\xaaQ\xa0K\x10\x03\x93\xe1\xcc\xe7m\x80\'\xf0\xa5\xed(\r\xa8\x0f&\xb1\xf3\xff0\f\x82%_\x92\x8bD\xb9\xd9\xe7\xf2\xe4\xc1i#\xdc\x87A\xb9\xc7\r\x92\xfa\x11\x11\xb5\x1f\x03\x9d\xdd\x1bj\xdf\xacg\xe3\xa0S\xd3\x8a\xe1n\x97\xea\xf5\xa0\'\v\xe9\xa0\xf1 f\xaan\xcf\xb5i\xb6d\xbc\x92\v\xd58\x16\b\xb3_:\xa4!\ny\xc4&\nWMM\xa8\xc4\v\x9f\x01o\xf4\xab&\xb6\x17\x02P\xc3!N\xa1\x86\"\xd7\x04\xf1\xc0!\xed\xff\xee$\xc89\x8cB0\xd1dD\xe0IP\x88\xa2\xf2Y\x9af$$\xf1\x81\x96\xf7P\xac\xca\x80:!\xb4\x94#\xcb^\x9f\'\x03\xe3\x93\xb9\x82\xbf\xcf\xc4\xe3\xf7\x03Oh\xf2r\xca\x8ff\xbb/\x9f*\xaf\x1a \xa5\xa0?%M\xa5\x86\x98\xfa4\'1\xc7\f<\xcc@\xe8\x8a\xac.\xde\xe4\xc7\xf5\x9ck\xa40!\xe9\x14$\xb3\x05m\xb5m\xed\ft\x93\xd8\xa3\x80\'Y\xb9\x05\xbbt|\xbe\xbcz\n\xf3\xf5p\xf8\x9f~\x1b\xd0\v\x1cQ')
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.135876][T12147] loop5: detected capacity change from 0 to 1
[  268.144300][T12133] loop1: detected capacity change from 0 to 1
[  268.192910][T12147]  loop5: p2 p3 p4
[  268.193523][T12162] FAULT_INJECTION: forcing a failure.
[  268.193523][T12162] name failslab, interval 1, probability 0, space 0, times 0
[  268.198392][T12147] loop5: p2 size 1073872896 extends beyond EOD, 
[  268.211314][T12162] CPU: 1 PID: 12162 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  268.211337][T12162] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.217785][T12147] truncated
[  268.226744][T12162] Call Trace:
[  268.226753][T12162]  dump_stack+0x137/0x19d
[  268.226776][T12162]  should_fail+0x23c/0x250
[  268.239523][T12160] loop3: detected capacity change from 0 to 1
[  268.239945][T12162]  ? __kernfs_new_node+0x6a/0x330
[  268.243522][T12163] loop4: detected capacity change from 0 to 1
[  268.247563][T12162]  __should_failslab+0x81/0x90
[  268.247597][T12162]  should_failslab+0x5/0x20
[  268.247613][T12162]  kmem_cache_alloc+0x46/0x2f0
[  268.247631][T12162]  ? __cond_resched+0x11/0x40
[  268.263410][T12147] loop5: p3 start 225 is beyond EOD, 
[  268.263426][T12162]  __kernfs_new_node+0x6a/0x330
[  268.269524][T12147] truncated
[  268.274448][T12162]  ? idr_alloc_cyclic+0x249/0x2d0
[  268.279071][T12147] loop5: p4 size 3657465856 extends beyond EOD, 
[  268.283792][T12162]  ? rb_insert_color+0x7e/0x310
[  268.288461][T12147] truncated
[  268.293789][T12162]  kernfs_new_node+0x5b/0xd0
[  268.327080][T12162]  __kernfs_create_file+0x45/0x1a0
[  268.332442][T12162]  sysfs_add_file_mode_ns+0x1c1/0x250
[  268.337811][T12162]  internal_create_group+0x2e4/0x850
[  268.343273][T12162]  sysfs_create_group+0x1b/0x20
[  268.348215][T12162]  loop_configure+0xa21/0xcb0
[  268.352942][T12162]  lo_ioctl+0x555/0x11f0
[  268.357167][T12162]  ? path_openat+0x19ab/0x20b0
[  268.362167][T12162]  ? putname+0xa5/0xc0
[  268.366214][T12162]  ? ___cache_free+0x3c/0x300
[  268.370961][T12162]  ? blkdev_common_ioctl+0x9c3/0x1040
[  268.376622][T12162]  ? selinux_file_ioctl+0x8e0/0x970
[  268.381819][T12162]  ? lo_release+0x120/0x120
[  268.386433][T12162]  blkdev_ioctl+0x1d0/0x3c0
[  268.390982][T12162]  block_ioctl+0x6d/0x80
[  268.395343][T12162]  ? blkdev_iopoll+0x70/0x70
[  268.400008][T12162]  __se_sys_ioctl+0xcb/0x140
[  268.404663][T12162]  __x64_sys_ioctl+0x3f/0x50
[  268.409237][T12162]  do_syscall_64+0x4a/0x90
[  268.413670][T12162]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  268.419553][T12162] RIP: 0033:0x466397
[  268.423464][T12162] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  268.443233][T12162] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.451623][T12162] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  268.459734][T12162] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  268.467745][T12162] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  268.475702][T12162] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  268.483937][T12162] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:07 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x600, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:07 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.495823][T12162] loop2: detected capacity change from 0 to 1
[  268.506479][ T1032]  loop4: p2 p3 p4
[  268.510510][ T1032] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  268.525648][ T1032] loop4: p3 start 225 is beyond EOD, truncated
[  268.525804][T12162]  loop2: p2 p3 p4
[  268.531829][ T1032] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:07 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:17:07 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

[  268.542940][T12162] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  268.543818][T12184] loop5: detected capacity change from 0 to 1
[  268.556639][T12162] loop2: p3 start 225 is beyond EOD, truncated
[  268.556779][T12163]  loop4: p2 p3 p4
[  268.562824][T12162] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  268.574049][T12163] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  268.582297][T12163] loop4: p3 start 225 is beyond EOD, truncated
[  268.588519][T12163] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:07 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
r0 = perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(r0, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.601167][T12184]  loop5: p2 p3 p4
[  268.605793][T12184] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  268.613216][T12203] loop1: detected capacity change from 0 to 1
[  268.624281][T12199] loop3: detected capacity change from 0 to 1
[  268.630581][T12184] loop5: p3 start 225 is beyond EOD, truncated
01:17:07 executing program 2 (fault-call:1 fault-nth:16):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.645416][T12184] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  268.655244][T12212] FAULT_INJECTION: forcing a failure.
[  268.655244][T12212] name failslab, interval 1, probability 0, space 0, times 0
[  268.668105][T12212] CPU: 0 PID: 12212 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  268.676867][T12212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  268.686905][T12212] Call Trace:
[  268.690172][T12212]  dump_stack+0x137/0x19d
[  268.694546][T12212]  should_fail+0x23c/0x250
[  268.698939][T12212]  ? __kernfs_new_node+0x6a/0x330
[  268.704022][T12212]  __should_failslab+0x81/0x90
[  268.708830][T12212]  should_failslab+0x5/0x20
[  268.713309][T12212]  kmem_cache_alloc+0x46/0x2f0
[  268.718084][T12212]  __kernfs_new_node+0x6a/0x330
[  268.722926][T12212]  ? __cond_resched+0x11/0x40
[  268.727584][T12212]  ? mutex_lock+0x9/0x30
[  268.731810][T12212]  kernfs_new_node+0x5b/0xd0
[  268.736443][T12212]  __kernfs_create_file+0x45/0x1a0
[  268.741551][T12212]  sysfs_add_file_mode_ns+0x1c1/0x250
[  268.746912][T12212]  internal_create_group+0x2e4/0x850
[  268.752194][T12212]  sysfs_create_group+0x1b/0x20
[  268.757088][T12212]  loop_configure+0xa21/0xcb0
[  268.761772][T12212]  lo_ioctl+0x555/0x11f0
[  268.766579][T12212]  ? path_openat+0x19ab/0x20b0
[  268.771407][T12212]  ? putname+0xa5/0xc0
[  268.775459][T12212]  ? ___cache_free+0x3c/0x300
[  268.780181][T12212]  ? blkdev_common_ioctl+0x9c3/0x1040
[  268.785563][T12212]  ? selinux_file_ioctl+0x8e0/0x970
[  268.790881][T12212]  ? lo_release+0x120/0x120
[  268.795362][T12212]  blkdev_ioctl+0x1d0/0x3c0
[  268.799843][T12212]  block_ioctl+0x6d/0x80
[  268.804062][T12212]  ? blkdev_iopoll+0x70/0x70
[  268.808631][T12212]  __se_sys_ioctl+0xcb/0x140
[  268.813278][T12212]  __x64_sys_ioctl+0x3f/0x50
[  268.817868][T12212]  do_syscall_64+0x4a/0x90
[  268.822916][T12212]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  268.828786][T12212] RIP: 0033:0x466397
[  268.832667][T12212] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  268.852363][T12212] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  268.860791][T12212] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  268.868748][T12212] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  268.876702][T12212] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  268.884655][T12212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  268.892606][T12212] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:08 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  268.901929][T12212] loop2: detected capacity change from 0 to 1
01:17:08 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:17:08 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  268.956073][T12212]  loop2: p2 p3 p4
[  268.960050][T12212] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  268.975885][T12232] loop5: detected capacity change from 0 to 1
[  268.982181][T12212] loop2: p3 start 225 is beyond EOD, truncated
[  268.986952][T12225] loop4: detected capacity change from 0 to 1
[  268.988345][T12212] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:08 executing program 2 (fault-call:1 fault-nth:17):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  269.013457][T12242] loop3: detected capacity change from 0 to 1
[  269.017134][T12241] loop1: detected capacity change from 0 to 1
[  269.040384][T12232]  loop5: p2 p3 p4
[  269.040404][T12225]  loop4: p2 p3 p4
[  269.044215][T12232] loop5: p2 size 1073872896 extends beyond EOD, truncated
01:17:08 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:17:08 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  269.058299][T12225] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  269.068172][T12225] loop4: p3 start 225 is beyond EOD, truncated
[  269.074364][T12225] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  269.083503][T12232] loop5: p3 start 225 is beyond EOD, truncated
[  269.089764][T12232] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  269.098045][T12261] FAULT_INJECTION: forcing a failure.
[  269.098045][T12261] name failslab, interval 1, probability 0, space 0, times 0
[  269.105955][T12259] loop3: detected capacity change from 0 to 1
[  269.111417][T12261] CPU: 0 PID: 12261 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  269.126146][T12261] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  269.128421][T12267] loop1: detected capacity change from 0 to 1
[  269.136191][T12261] Call Trace:
[  269.136207][T12261]  dump_stack+0x137/0x19d
[  269.136234][T12261]  should_fail+0x23c/0x250
[  269.136251][T12261]  ? __kernfs_new_node+0x6a/0x330
[  269.159280][T12261]  __should_failslab+0x81/0x90
[  269.164098][T12261]  should_failslab+0x5/0x20
[  269.168590][T12261]  kmem_cache_alloc+0x46/0x2f0
[  269.173391][T12261]  __kernfs_new_node+0x6a/0x330
[  269.178278][T12261]  ? __cond_resched+0x11/0x40
[  269.183029][T12261]  ? mutex_lock+0x9/0x30
[  269.187372][T12261]  kernfs_new_node+0x5b/0xd0
[  269.192054][T12261]  __kernfs_create_file+0x45/0x1a0
[  269.197181][T12261]  sysfs_add_file_mode_ns+0x1c1/0x250
[  269.202816][T12261]  internal_create_group+0x2e4/0x850
[  269.208161][T12261]  sysfs_create_group+0x1b/0x20
[  269.214171][T12261]  loop_configure+0xa21/0xcb0
[  269.218975][T12261]  lo_ioctl+0x555/0x11f0
[  269.223210][T12261]  ? path_openat+0x19ab/0x20b0
[  269.227965][T12261]  ? putname+0xa5/0xc0
[  269.232077][T12261]  ? ___cache_free+0x3c/0x300
[  269.236801][T12261]  ? blkdev_common_ioctl+0x9c3/0x1040
[  269.242158][T12261]  ? selinux_file_ioctl+0x8e0/0x970
[  269.247346][T12261]  ? lo_release+0x120/0x120
[  269.251875][T12261]  blkdev_ioctl+0x1d0/0x3c0
[  269.256441][T12261]  block_ioctl+0x6d/0x80
[  269.260699][T12261]  ? blkdev_iopoll+0x70/0x70
[  269.265508][T12261]  __se_sys_ioctl+0xcb/0x140
[  269.270097][T12261]  __x64_sys_ioctl+0x3f/0x50
[  269.274673][T12261]  do_syscall_64+0x4a/0x90
[  269.279109][T12261]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  269.285086][T12261] RIP: 0033:0x466397
[  269.288971][T12261] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:08 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x700, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:08 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000500)={0x6, 0x4, {0x3, @struct={0x0, 0x5}, 0x0, 0x7, 0x6, 0x10001, 0x7, 0x7bc2, 0x4, @struct={0x2, 0x2}, 0x5, 0x1, [0x4, 0x7, 0xfffffffffffffff8, 0x0, 0x4, 0x40c]}, {0x4a, @usage=0x2, 0x0, 0x3, 0x800, 0x0, 0x8, 0x81, 0x428, @struct={0x1, 0x20}, 0x0, 0x2, [0x100000001, 0x1, 0x5, 0x1, 0x8000, 0x9]}, {0x7, @usage=0xffffffff, 0x0, 0x2, 0x0, 0x0, 0x4, 0x1f, 0x90, @usage=0x102, 0xe0000000, 0x6, [0x8000, 0x9d86, 0x2, 0xf4e, 0x1, 0x3]}, {0x0, 0x9adb, 0x5f2}})
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  269.308562][T12261] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  269.316955][T12261] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  269.324910][T12261] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  269.332954][T12261] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  269.340912][T12261] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  269.348859][T12261] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  269.357243][T12261] loop2: detected capacity change from 0 to 1
01:17:08 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:08 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  269.405811][T12285] loop4: detected capacity change from 0 to 1
[  269.412024][T12261]  loop2: p2 p3 p4
[  269.415128][T12289] loop5: detected capacity change from 0 to 1
[  269.415973][T12261] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  269.429661][T12261] loop2: p3 start 225 is beyond EOD, truncated
[  269.436023][T12261] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  269.448785][T12289]  loop5: p2 p3 p4
01:17:08 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  269.452698][T12285]  loop4: p2 p3 p4
[  269.456535][T12285] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  269.464119][T12289] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  269.464712][T12285] loop4: p3 start 225 is beyond EOD, truncated
[  269.477462][T12285] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  269.484303][T12289] loop5: p3 start 225 is beyond EOD, truncated
[  269.485384][ T1032]  loop2: p2 p3 p4
[  269.490779][T12289] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:08 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000540)={0x0, 0x5, {0x6fdf, @usage=0x8, 0x0, 0x5, 0x55e, 0x8, 0x3, 0x9, 0x20, @usage, 0xffffff00, 0x7, [0x100000001, 0x0, 0x7, 0x1, 0xfffffffffffffffe, 0xa45]}, {0x2, @usage=0xfffffffffffffffe, 0x0, 0xfffffffffffffbff, 0x3, 0x100000000, 0x8, 0x0, 0x448, @struct={0x3b64, 0x3}, 0x800, 0x7fff, [0x3, 0x4, 0x0, 0x2, 0xff, 0x100000000]}, {0x9, @usage=0x7e47cf27, 0x0, 0xe1, 0x4, 0x5, 0x1, 0x3, 0x67, @usage=0x7, 0x2, 0x3, [0xfff, 0x5, 0x0, 0x101, 0xe2b, 0x8]}, {0x78d, 0x40, 0x3}})
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  269.494569][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  269.505137][T12303] loop3: detected capacity change from 0 to 1
[  269.509286][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  269.515614][T12304] loop1: detected capacity change from 0 to 1
[  269.520998][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:08 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:08 executing program 2 (fault-call:1 fault-nth:18):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  269.574174][T12321] loop4: detected capacity change from 0 to 1
01:17:08 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:17:08 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  269.619999][T12321]  loop4: p2 p3 p4
[  269.636668][T12321] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  269.645209][T12333] loop5: detected capacity change from 0 to 1
[  269.645352][T12321] loop4: p3 start 225 is beyond EOD, truncated
[  269.659649][T12321] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  269.677961][T12342] FAULT_INJECTION: forcing a failure.
[  269.677961][T12342] name failslab, interval 1, probability 0, space 0, times 0
[  269.690885][T12342] CPU: 0 PID: 12342 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  269.700401][T12342] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  269.710440][T12342] Call Trace:
[  269.713706][T12342]  dump_stack+0x137/0x19d
[  269.718070][T12342]  should_fail+0x23c/0x250
[  269.722464][T12342]  ? __kernfs_new_node+0x6a/0x330
[  269.728345][T12342]  __should_failslab+0x81/0x90
[  269.733092][T12342]  should_failslab+0x5/0x20
[  269.737590][T12342]  kmem_cache_alloc+0x46/0x2f0
[  269.742332][T12342]  __kernfs_new_node+0x6a/0x330
[  269.747227][T12342]  ? __cond_resched+0x11/0x40
[  269.751941][T12342]  ? mutex_lock+0x9/0x30
[  269.756175][T12342]  kernfs_new_node+0x5b/0xd0
[  269.760741][T12342]  __kernfs_create_file+0x45/0x1a0
[  269.765920][T12342]  sysfs_add_file_mode_ns+0x1c1/0x250
[  269.771322][T12342]  internal_create_group+0x2e4/0x850
[  269.776651][T12342]  sysfs_create_group+0x1b/0x20
[  269.781482][T12342]  loop_configure+0xa21/0xcb0
[  269.786199][T12342]  lo_ioctl+0x555/0x11f0
[  269.790579][T12342]  ? path_openat+0x19ab/0x20b0
[  269.795324][T12342]  ? putname+0xa5/0xc0
[  269.799372][T12342]  ? ___cache_free+0x3c/0x300
[  269.804025][T12342]  ? blkdev_common_ioctl+0x9c3/0x1040
[  269.809462][T12342]  ? selinux_file_ioctl+0x8e0/0x970
[  269.814665][T12342]  ? lo_release+0x120/0x120
[  269.819144][T12342]  blkdev_ioctl+0x1d0/0x3c0
[  269.823690][T12342]  block_ioctl+0x6d/0x80
[  269.827917][T12342]  ? blkdev_iopoll+0x70/0x70
[  269.832576][T12342]  __se_sys_ioctl+0xcb/0x140
[  269.837217][T12342]  __x64_sys_ioctl+0x3f/0x50
[  269.841832][T12342]  do_syscall_64+0x4a/0x90
[  269.846231][T12342]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  269.852110][T12342] RIP: 0033:0x466397
[  269.856155][T12342] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  269.875740][T12342] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  269.884128][T12342] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  269.892130][T12342] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  269.900101][T12342] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  269.908049][T12342] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  269.916422][T12342] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  269.929814][T12342] loop2: detected capacity change from 0 to 1
[  269.936464][ T1032]  loop5: p2 p3 p4
[  269.936594][T12343] loop3: detected capacity change from 0 to 1
[  269.940363][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  269.946892][T12350] loop1: detected capacity change from 0 to 1
[  269.959716][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  269.965920][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  269.976182][T12333]  loop5: p2 p3 p4
01:17:09 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  269.979990][T12333] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  269.988339][T12333] loop5: p3 start 225 is beyond EOD, truncated
[  269.994645][T12333] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  269.998091][T12367] loop4: detected capacity change from 0 to 1
[  270.001884][T12342]  loop2: p2 p3 p4
[  270.012684][T12342] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  270.020646][T12342] loop2: p3 start 225 is beyond EOD, truncated
[  270.027045][T12342] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:09 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  270.069077][T12367]  loop4: p2 p3 p4
[  270.072842][T12367] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  270.116303][T12367] loop4: p3 start 225 is beyond EOD, truncated
[  270.123461][T12367] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  270.136450][T12388] loop3: detected capacity change from 0 to 1
01:17:09 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:09 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

01:17:09 executing program 2 (fault-call:1 fault-nth:19):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:09 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:09 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xe00, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:09 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  270.266288][T12417] loop5: detected capacity change from 0 to 1
[  270.273027][T12416] loop1: detected capacity change from 0 to 1
01:17:09 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  270.325482][T12413] FAULT_INJECTION: forcing a failure.
[  270.325482][T12413] name failslab, interval 1, probability 0, space 0, times 0
[  270.326467][T12418] loop4: detected capacity change from 0 to 1
[  270.338151][T12413] CPU: 0 PID: 12413 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  270.353192][T12413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.363245][T12413] Call Trace:
[  270.365547][T12417]  loop5: p2 p3 p4
[  270.366510][T12413]  dump_stack+0x137/0x19d
[  270.370610][T12417] loop5: p2 size 1073872896 extends beyond EOD, 
[  270.374520][T12413]  should_fail+0x23c/0x250
[  270.374543][T12413]  ? __kernfs_new_node+0x6a/0x330
[  270.374562][T12413]  __should_failslab+0x81/0x90
[  270.380924][T12417] truncated
[  270.385391][T12413]  should_failslab+0x5/0x20
[  270.394000][T12417] loop5: p3 start 225 is beyond EOD, 
[  270.395938][T12413]  kmem_cache_alloc+0x46/0x2f0
[  270.399059][T12417] truncated
[  270.399063][T12417] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  270.423844][T12413]  __kernfs_new_node+0x6a/0x330
[  270.428884][T12413]  ? __cond_resched+0x11/0x40
[  270.433556][T12413]  ? mutex_lock+0x9/0x30
[  270.437776][T12413]  kernfs_new_node+0x5b/0xd0
[  270.442435][T12413]  __kernfs_create_file+0x45/0x1a0
[  270.447534][T12413]  sysfs_add_file_mode_ns+0x1c1/0x250
[  270.452907][T12413]  internal_create_group+0x2e4/0x850
[  270.458310][T12413]  sysfs_create_group+0x1b/0x20
[  270.463173][T12413]  loop_configure+0xa21/0xcb0
[  270.467832][T12413]  lo_ioctl+0x555/0x11f0
[  270.472117][T12413]  ? path_openat+0x19ab/0x20b0
[  270.477045][T12413]  ? putname+0xa5/0xc0
[  270.481118][T12413]  ? ___cache_free+0x3c/0x300
[  270.485784][T12413]  ? blkdev_common_ioctl+0x9c3/0x1040
[  270.491655][T12413]  ? selinux_file_ioctl+0x8e0/0x970
[  270.496837][T12413]  ? lo_release+0x120/0x120
[  270.501317][T12413]  blkdev_ioctl+0x1d0/0x3c0
[  270.505811][T12413]  block_ioctl+0x6d/0x80
[  270.510035][T12413]  ? blkdev_iopoll+0x70/0x70
[  270.514658][T12413]  __se_sys_ioctl+0xcb/0x140
[  270.519247][T12413]  __x64_sys_ioctl+0x3f/0x50
[  270.523949][T12413]  do_syscall_64+0x4a/0x90
[  270.528400][T12413]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  270.534297][T12413] RIP: 0033:0x466397
[  270.538602][T12413] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  270.558272][T12413] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  270.566728][T12413] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  270.574770][T12413] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  270.582717][T12413] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  270.590716][T12413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  270.598689][T12413] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  270.606842][T12413] loop2: detected capacity change from 0 to 1
01:17:09 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x8, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  270.661388][T12413]  loop2: p2 p3 p4
[  270.668467][T12413] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  270.675570][T12421] loop3: detected capacity change from 0 to 1
[  270.677435][T12413] loop2: p3 start 225 is beyond EOD, truncated
[  270.690373][T12413] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  270.698136][T12418]  loop4: p2 p3 p4
[  270.701989][T12418] loop4: p2 size 1073872896 extends beyond EOD, truncated
01:17:09 executing program 2 (fault-call:1 fault-nth:20):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:09 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  270.709578][T12418] loop4: p3 start 225 is beyond EOD, truncated
[  270.715786][T12418] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  270.744022][T12447] loop1: detected capacity change from 0 to 1
01:17:09 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, &(0x7f0000000100)={0x0, 0xfd, 0x7})
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  270.774518][T12449] loop5: detected capacity change from 0 to 1
[  270.837961][T12449]  loop5: p2 p3 p4
[  270.842744][T12449] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  270.850517][T12449] loop5: p3 start 225 is beyond EOD, truncated
[  270.855057][T12463] FAULT_INJECTION: forcing a failure.
[  270.855057][T12463] name failslab, interval 1, probability 0, space 0, times 0
[  270.856799][T12449] loop5: p4 size 3657465856 extends beyond EOD, 
[  270.869378][T12463] CPU: 1 PID: 12463 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
01:17:10 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  270.869401][T12463] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  270.875738][T12449] truncated
[  270.884479][T12463] Call Trace:
[  270.884490][T12463]  dump_stack+0x137/0x19d
[  270.905230][T12463]  should_fail+0x23c/0x250
[  270.909735][T12463]  ? __kernfs_new_node+0x6a/0x330
[  270.914763][T12463]  __should_failslab+0x81/0x90
[  270.919531][T12463]  should_failslab+0x5/0x20
[  270.924037][T12463]  kmem_cache_alloc+0x46/0x2f0
[  270.927151][T12469] loop4: detected capacity change from 0 to 1
[  270.928840][T12463]  __kernfs_new_node+0x6a/0x330
[  270.939738][T12463]  ? __cond_resched+0x11/0x40
[  270.944473][T12463]  ? mutex_lock+0x9/0x30
[  270.948691][T12463]  kernfs_new_node+0x5b/0xd0
[  270.953337][T12463]  __kernfs_create_file+0x45/0x1a0
[  270.958442][T12463]  sysfs_add_file_mode_ns+0x1c1/0x250
[  270.964074][T12463]  internal_create_group+0x2e4/0x850
[  270.969340][T12463]  sysfs_create_group+0x1b/0x20
[  270.974168][T12463]  loop_configure+0xa21/0xcb0
[  270.978891][T12463]  lo_ioctl+0x555/0x11f0
[  270.984553][T12463]  ? path_openat+0x19ab/0x20b0
[  270.989345][T12463]  ? putname+0xa5/0xc0
[  270.993411][T12463]  ? ___cache_free+0x3c/0x300
[  270.998093][T12463]  ? blkdev_common_ioctl+0x9c3/0x1040
[  271.003447][T12463]  ? selinux_file_ioctl+0x8e0/0x970
[  271.008621][T12463]  ? lo_release+0x120/0x120
[  271.013128][T12463]  blkdev_ioctl+0x1d0/0x3c0
[  271.017608][T12463]  block_ioctl+0x6d/0x80
[  271.021827][T12463]  ? blkdev_iopoll+0x70/0x70
[  271.026398][T12463]  __se_sys_ioctl+0xcb/0x140
[  271.030971][T12463]  __x64_sys_ioctl+0x3f/0x50
[  271.035556][T12463]  do_syscall_64+0x4a/0x90
[  271.039963][T12463]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  271.046002][T12463] RIP: 0033:0x466397
[  271.049882][T12463] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  271.069570][T12463] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.077970][T12463] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
01:17:10 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xf00, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  271.085918][T12463] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  271.093870][T12463] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  271.101890][T12463] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  271.109863][T12463] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  271.131340][T12463] loop2: detected capacity change from 0 to 1
01:17:10 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x9, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:10 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  271.154289][T12469]  loop4: p2 p3 p4
[  271.159021][T12469] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  271.170578][T12469] loop4: p3 start 225 is beyond EOD, truncated
[  271.176829][T12469] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  271.192542][T12463]  loop2: p2 p3 p4
[  271.197330][T12490] loop1: detected capacity change from 0 to 1
01:17:10 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  271.199511][T12463] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  271.211262][T12497] loop5: detected capacity change from 0 to 1
[  271.216599][T12463] loop2: p3 start 225 is beyond EOD, truncated
[  271.223491][T12463] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:10 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:17:10 executing program 2 (fault-call:1 fault-nth:21):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  271.266534][ T1032]  loop5: p2 p3 p4
[  271.270577][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  271.286239][T12514] loop4: detected capacity change from 0 to 1
[  271.295199][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  271.301418][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  271.304991][T12523] loop1: detected capacity change from 0 to 1
[  271.318887][T12527] loop2: detected capacity change from 0 to 1
[  271.325784][T12514]  loop4: p2 p3 p4
[  271.329663][T12497]  loop5: p2 p3 p4
[  271.333443][T12514] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  271.341207][T12497] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  271.345729][T12527] FAULT_INJECTION: forcing a failure.
[  271.345729][T12527] name failslab, interval 1, probability 0, space 0, times 0
[  271.350214][T12514] loop4: p3 start 225 is beyond EOD, truncated
[  271.360986][T12527] CPU: 0 PID: 12527 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  271.367158][T12514] loop4: p4 size 3657465856 extends beyond EOD, 
[  271.375875][T12527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  271.375888][T12527] Call Trace:
[  271.375895][T12527]  dump_stack+0x137/0x19d
[  271.382213][T12514] truncated
[  271.384392][T12497] loop5: p3 start 225 is beyond EOD, 
[  271.392253][T12527]  should_fail+0x23c/0x250
[  271.392277][T12527]  __should_failslab+0x81/0x90
[  271.392298][T12527]  ? kobject_uevent_env+0x1a7/0xc40
[  271.395588][T12497] truncated
[  271.399878][T12527]  should_failslab+0x5/0x20
[  271.399895][T12527]  kmem_cache_alloc_trace+0x49/0x310
[  271.399914][T12527]  ? dev_uevent_filter+0x70/0x70
[  271.399933][T12527]  kobject_uevent_env+0x1a7/0xc40
[  271.399953][T12527]  kobject_uevent+0x18/0x20
[  271.403039][T12497] loop5: p4 size 3657465856 extends beyond EOD, 
[  271.408379][T12527]  loop_configure+0xb3c/0xcb0
[  271.408399][T12527]  lo_ioctl+0x555/0x11f0
[  271.412788][T12497] truncated
01:17:10 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

01:17:10 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  271.429817][ T1032]  loop4: p2 p3 p4
[  271.430692][T12527]  ? path_openat+0x19ab/0x20b0
[  271.430718][T12527]  ? putname+0xa5/0xc0
[  271.437349][ T1032] loop4: p2 size 1073872896 extends beyond EOD, 
[  271.440890][T12527]  ? ___cache_free+0x3c/0x300
[  271.445946][ T1032] truncated
[  271.450426][T12527]  ? blkdev_common_ioctl+0x9c3/0x1040
[  271.459638][ T1032] loop4: p3 start 225 is beyond EOD, 
[  271.461848][T12527]  ? selinux_file_ioctl+0x8e0/0x970
[  271.466115][ T1032] truncated
[  271.469181][T12527]  ? lo_release+0x120/0x120
[  271.472873][ T1032] loop4: p4 size 3657465856 extends beyond EOD, 
[  271.477603][T12527]  blkdev_ioctl+0x1d0/0x3c0
[  271.481650][ T1032] truncated
[  271.533100][T12527]  block_ioctl+0x6d/0x80
[  271.537325][T12527]  ? blkdev_iopoll+0x70/0x70
[  271.541995][T12527]  __se_sys_ioctl+0xcb/0x140
[  271.546595][T12527]  __x64_sys_ioctl+0x3f/0x50
[  271.551197][T12527]  do_syscall_64+0x4a/0x90
[  271.555592][T12527]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  271.561509][T12527] RIP: 0033:0x466397
[  271.565379][T12527] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  271.585022][T12527] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  271.593438][T12527] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  271.603099][T12527] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  271.613614][T12527] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  271.624727][T12527] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  271.634641][T12527] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:10 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:17:10 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:10 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  271.693770][T12527]  loop2: p2 p3 p4
[  271.706057][T12527] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  271.716471][T12527] loop2: p3 start 225 is beyond EOD, truncated
[  271.722685][T12527] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  271.723205][T12568] loop5: detected capacity change from 0 to 1
[  271.736488][T12565] loop1: detected capacity change from 0 to 1
01:17:10 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

[  271.794853][T12568]  loop5: p2 p3 p4
[  271.811823][T12568] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  271.822995][T12568] loop5: p3 start 225 is beyond EOD, truncated
[  271.829214][T12568] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  271.841763][T12584] loop3: detected capacity change from 0 to 1
01:17:11 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x1802, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:11 executing program 2 (fault-call:1 fault-nth:22):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:11 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:17:11 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:11 executing program 3:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:11 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, 0x0)

[  272.123308][T12614] loop3: detected capacity change from 0 to 1
[  272.124519][T12617] loop1: detected capacity change from 0 to 1
[  272.129804][T12618] loop2: detected capacity change from 0 to 1
[  272.136368][T12619] loop5: detected capacity change from 0 to 1
[  272.143587][T12618] FAULT_INJECTION: forcing a failure.
[  272.143587][T12618] name failslab, interval 1, probability 0, space 0, times 0
[  272.161206][T12618] CPU: 1 PID: 12618 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  272.170313][T12618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.180350][T12618] Call Trace:
[  272.183610][T12618]  dump_stack+0x137/0x19d
[  272.187945][T12618]  should_fail+0x23c/0x250
[  272.192338][T12618]  ? kzalloc+0x1d/0x30
[  272.196385][T12618]  __should_failslab+0x81/0x90
[  272.201253][T12618]  should_failslab+0x5/0x20
[  272.205730][T12618]  __kmalloc+0x66/0x340
[  272.209863][T12618]  kzalloc+0x1d/0x30
[  272.213733][T12618]  kobject_get_path+0x7c/0x110
[  272.218476][T12618]  kobject_uevent_env+0x1be/0xc40
[  272.223558][T12618]  kobject_uevent+0x18/0x20
[  272.228135][T12618]  loop_configure+0xb3c/0xcb0
[  272.232788][T12618]  lo_ioctl+0x555/0x11f0
[  272.237023][T12618]  ? path_openat+0x19ab/0x20b0
[  272.241818][T12618]  ? putname+0xa5/0xc0
[  272.245879][T12618]  ? ___cache_free+0x3c/0x300
[  272.250538][T12618]  ? blkdev_common_ioctl+0x9c3/0x1040
[  272.255959][T12618]  ? selinux_file_ioctl+0x8e0/0x970
[  272.261270][T12618]  ? lo_release+0x120/0x120
[  272.265755][T12618]  blkdev_ioctl+0x1d0/0x3c0
[  272.270253][T12618]  block_ioctl+0x6d/0x80
[  272.274498][T12618]  ? blkdev_iopoll+0x70/0x70
[  272.279067][T12618]  __se_sys_ioctl+0xcb/0x140
[  272.283635][T12618]  __x64_sys_ioctl+0x3f/0x50
[  272.288258][T12618]  do_syscall_64+0x4a/0x90
[  272.292674][T12618]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  272.298635][T12618] RIP: 0033:0x466397
[  272.302508][T12618] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  272.322136][T12618] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  272.330541][T12618] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  272.338510][T12618] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  272.346480][T12618] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  272.355918][T12618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  272.363875][T12618] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:11 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  272.380245][T12619]  loop5: p2 p3 p4
[  272.384392][T12619] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  272.392499][T12619] loop5: p3 start 225 is beyond EOD, truncated
[  272.400720][T12619] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  272.410055][T12618]  loop2: p2 p3 p4
[  272.414375][T12618] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  272.422500][T12618] loop2: p3 start 225 is beyond EOD, truncated
01:17:11 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:17:11 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:11 executing program 3 (fault-call:1 fault-nth:0):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  272.428730][T12618] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:11 executing program 2 (fault-call:1 fault-nth:23):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  272.489645][T12652] loop1: detected capacity change from 0 to 1
[  272.498305][T12656] FAULT_INJECTION: forcing a failure.
[  272.498305][T12656] name failslab, interval 1, probability 0, space 0, times 0
[  272.500923][T12654] loop5: detected capacity change from 0 to 1
[  272.512110][T12656] CPU: 0 PID: 12656 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  272.526878][T12656] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.536937][T12656] Call Trace:
[  272.540308][T12656]  dump_stack+0x137/0x19d
[  272.544625][T12656]  should_fail+0x23c/0x250
[  272.549169][T12656]  ? __se_sys_memfd_create+0xfb/0x390
[  272.554522][T12656]  __should_failslab+0x81/0x90
[  272.559264][T12656]  should_failslab+0x5/0x20
[  272.563809][T12656]  __kmalloc+0x66/0x340
[  272.567968][T12656]  ? strnlen_user+0x137/0x1c0
[  272.572631][T12656]  __se_sys_memfd_create+0xfb/0x390
[  272.577827][T12656]  __x64_sys_memfd_create+0x2d/0x40
[  272.583045][T12656]  do_syscall_64+0x4a/0x90
[  272.587514][T12656]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  272.593558][T12656] RIP: 0033:0x4665d9
[  272.597427][T12656] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  272.618089][T12656] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  272.626504][T12656] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:11 executing program 3 (fault-call:1 fault-nth:1):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  272.634451][T12656] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  272.642523][T12656] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  272.650479][T12656] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  272.658442][T12656] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
[  272.709060][T12654]  loop5: p2 p3 p4
[  272.722100][T12654] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  272.731076][T12654] loop5: p3 start 225 is beyond EOD, truncated
[  272.734441][T12673] FAULT_INJECTION: forcing a failure.
[  272.734441][T12673] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  272.738631][T12654] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  272.751964][T12673] CPU: 0 PID: 12673 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  272.767788][T12673] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  272.778409][T12673] Call Trace:
[  272.781695][T12673]  dump_stack+0x137/0x19d
[  272.786035][T12673]  should_fail+0x23c/0x250
[  272.791332][T12673]  should_fail_usercopy+0x16/0x20
[  272.796625][T12673]  _copy_from_user+0x1c/0xd0
[  272.801290][T12673]  __se_sys_memfd_create+0x137/0x390
[  272.807272][T12673]  __x64_sys_memfd_create+0x2d/0x40
[  272.812673][T12673]  do_syscall_64+0x4a/0x90
[  272.817161][T12673]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  272.823242][T12673] RIP: 0033:0x4665d9
[  272.827115][T12673] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  272.846925][T12673] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  272.855407][T12673] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  272.863388][T12673] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  272.871516][T12673] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  272.879472][T12673] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  272.887986][T12673] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
01:17:12 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:17:12 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x2002, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:12 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

01:17:12 executing program 3 (fault-call:1 fault-nth:2):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:12 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  272.946859][T12668] loop2: detected capacity change from 0 to 1
[  272.962246][T12668] FAULT_INJECTION: forcing a failure.
[  272.962246][T12668] name failslab, interval 1, probability 0, space 0, times 0
[  272.967157][T12689] FAULT_INJECTION: forcing a failure.
[  272.967157][T12689] name failslab, interval 1, probability 0, space 0, times 0
[  272.975388][T12668] CPU: 1 PID: 12668 Comm: syz-executor.2 Not tainted 5.13.0-rc3-syzkaller #0
[  272.998897][T12668] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.009922][T12668] Call Trace:
[  273.013186][T12668]  dump_stack+0x137/0x19d
[  273.017501][T12668]  should_fail+0x23c/0x250
[  273.021908][T12668]  ? kzalloc+0x1d/0x30
[  273.025960][T12668]  __should_failslab+0x81/0x90
[  273.030719][T12668]  should_failslab+0x5/0x20
[  273.035216][T12668]  __kmalloc+0x66/0x340
[  273.039410][T12668]  kzalloc+0x1d/0x30
[  273.043296][T12668]  kobject_get_path+0x7c/0x110
[  273.048084][T12668]  kobject_uevent_env+0x1be/0xc40
[  273.053107][T12668]  kobject_uevent+0x18/0x20
[  273.057723][T12668]  loop_configure+0xb3c/0xcb0
[  273.062454][T12668]  lo_ioctl+0x555/0x11f0
[  273.066686][T12668]  ? path_openat+0x19ab/0x20b0
[  273.071433][T12668]  ? putname+0xa5/0xc0
[  273.075537][T12668]  ? ___cache_free+0x3c/0x300
[  273.080197][T12668]  ? blkdev_common_ioctl+0x9c3/0x1040
[  273.085550][T12668]  ? selinux_file_ioctl+0x8e0/0x970
[  273.090729][T12668]  ? lo_release+0x120/0x120
[  273.095297][T12668]  blkdev_ioctl+0x1d0/0x3c0
[  273.099781][T12668]  block_ioctl+0x6d/0x80
[  273.104005][T12668]  ? blkdev_iopoll+0x70/0x70
[  273.108673][T12668]  __se_sys_ioctl+0xcb/0x140
[  273.113283][T12668]  __x64_sys_ioctl+0x3f/0x50
[  273.117856][T12668]  do_syscall_64+0x4a/0x90
[  273.122324][T12668]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.128200][T12668] RIP: 0033:0x466397
[  273.132120][T12668] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  273.151702][T12668] RSP: 002b:00007f26b381de98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  273.160101][T12668] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  273.168050][T12668] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  273.176000][T12668] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  273.183949][T12668] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  273.191946][T12668] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  273.199911][T12689] CPU: 0 PID: 12689 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  273.208712][T12689] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.218840][T12689] Call Trace:
[  273.222237][T12689]  dump_stack+0x137/0x19d
[  273.226594][T12689]  should_fail+0x23c/0x250
[  273.231019][T12689]  ? shmem_alloc_inode+0x22/0x30
[  273.235966][T12689]  __should_failslab+0x81/0x90
[  273.240740][T12689]  ? shmem_match+0xa0/0xa0
[  273.245167][T12689]  should_failslab+0x5/0x20
[  273.249662][T12689]  kmem_cache_alloc+0x46/0x2f0
[  273.254418][T12689]  ? do_anonymous_page+0x411/0x8b0
[  273.259519][T12689]  ? fsnotify_perm+0x59/0x2e0
[  273.264172][T12689]  ? shmem_match+0xa0/0xa0
[  273.268584][T12689]  shmem_alloc_inode+0x22/0x30
[  273.273392][T12689]  new_inode_pseudo+0x38/0x1c0
[  273.278131][T12689]  new_inode+0x21/0x120
[  273.282501][T12689]  shmem_get_inode+0xa1/0x480
[  273.287162][T12689]  __shmem_file_setup+0xf1/0x1d0
[  273.292190][T12689]  shmem_file_setup+0x37/0x40
[  273.296924][T12689]  __se_sys_memfd_create+0x1eb/0x390
[  273.302238][T12689]  __x64_sys_memfd_create+0x2d/0x40
[  273.307413][T12689]  do_syscall_64+0x4a/0x90
[  273.311819][T12689]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.317779][T12689] RIP: 0033:0x4665d9
[  273.321648][T12689] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:12 executing program 3 (fault-call:1 fault-nth:3):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  273.341249][T12689] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  273.349649][T12689] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  273.357652][T12689] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  273.365602][T12689] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  273.373564][T12689] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  273.381514][T12689] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
[  273.425127][T12668]  loop2: p2 p3 p4
[  273.431056][T12668] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  273.443577][T12668] loop2: p3 start 225 is beyond EOD, truncated
[  273.449794][T12668] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  273.459814][T12699] loop5: detected capacity change from 0 to 1
[  273.468752][T12701] loop1: detected capacity change from 0 to 1
01:17:12 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x0, &(0x7f0000000000))

[  273.476124][T12702] FAULT_INJECTION: forcing a failure.
[  273.476124][T12702] name failslab, interval 1, probability 0, space 0, times 0
[  273.488830][T12702] CPU: 1 PID: 12702 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  273.497629][T12702] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.507759][T12702] Call Trace:
[  273.511023][T12702]  dump_stack+0x137/0x19d
[  273.516173][T12702]  should_fail+0x23c/0x250
[  273.520677][T12702]  ? security_inode_alloc+0x30/0x180
[  273.525951][T12702]  __should_failslab+0x81/0x90
[  273.530722][T12702]  should_failslab+0x5/0x20
[  273.535215][T12702]  kmem_cache_alloc+0x46/0x2f0
[  273.540068][T12702]  security_inode_alloc+0x30/0x180
[  273.545161][T12702]  inode_init_always+0x20b/0x420
[  273.550075][T12702]  ? shmem_match+0xa0/0xa0
[  273.554494][T12702]  new_inode_pseudo+0x73/0x1c0
[  273.559257][T12702]  new_inode+0x21/0x120
[  273.563402][T12702]  shmem_get_inode+0xa1/0x480
[  273.568059][T12702]  __shmem_file_setup+0xf1/0x1d0
[  273.573023][T12702]  shmem_file_setup+0x37/0x40
[  273.577678][T12702]  __se_sys_memfd_create+0x1eb/0x390
[  273.582948][T12702]  __x64_sys_memfd_create+0x2d/0x40
[  273.588159][T12702]  do_syscall_64+0x4a/0x90
[  273.592552][T12702]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.598437][T12702] RIP: 0033:0x4665d9
[  273.602306][T12702] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:12 executing program 3 (fault-call:1 fault-nth:4):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  273.623191][T12702] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  273.631610][T12702] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  273.639556][T12702] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  273.647509][T12702] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  273.655496][T12702] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  273.663442][T12702] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
[  273.695474][T12699]  loop5: p2 p3 p4
[  273.701602][T12699] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  273.717322][T12718] FAULT_INJECTION: forcing a failure.
[  273.717322][T12718] name failslab, interval 1, probability 0, space 0, times 0
[  273.730453][T12718] CPU: 0 PID: 12718 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  273.735442][T12699] loop5: p3 start 225 is beyond EOD, 
[  273.739912][T12718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  273.739925][T12718] Call Trace:
[  273.739933][T12718]  dump_stack+0x137/0x19d
[  273.745316][T12699] truncated
[  273.755336][T12718]  should_fail+0x23c/0x250
[  273.755360][T12718]  ? __d_alloc+0x36/0x370
[  273.755374][T12718]  __should_failslab+0x81/0x90
[  273.758648][T12699] loop5: p4 size 3657465856 extends beyond EOD, 
[  273.763059][T12718]  should_failslab+0x5/0x20
[  273.766731][T12699] truncated
[  273.771107][T12718]  kmem_cache_alloc+0x46/0x2f0
[  273.798913][T12718]  ? __init_rwsem+0x59/0x70
[  273.803419][T12718]  __d_alloc+0x36/0x370
[  273.807581][T12718]  ? current_time+0xdb/0x190
[  273.812183][T12718]  d_alloc_pseudo+0x1a/0x50
[  273.816678][T12718]  alloc_file_pseudo+0x63/0x130
[  273.821531][T12718]  __shmem_file_setup+0x14c/0x1d0
[  273.826634][T12718]  shmem_file_setup+0x37/0x40
[  273.831331][T12718]  __se_sys_memfd_create+0x1eb/0x390
[  273.836661][T12718]  __x64_sys_memfd_create+0x2d/0x40
01:17:12 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:12 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  273.842107][T12718]  do_syscall_64+0x4a/0x90
[  273.846530][T12718]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  273.852430][T12718] RIP: 0033:0x4665d9
[  273.856306][T12718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  273.875911][T12718] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  273.877781][T12728] loop2: detected capacity change from 0 to 1
01:17:13 executing program 3 (fault-call:1 fault-nth:5):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  273.884324][T12718] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  273.884340][T12718] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  273.884352][T12718] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  273.884364][T12718] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  273.922597][T12718] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
01:17:13 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:17:13 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

[  273.974493][T12728]  loop2: p2 p3 p4
[  273.993566][T12728] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  274.019464][T12746] FAULT_INJECTION: forcing a failure.
[  274.019464][T12746] name failslab, interval 1, probability 0, space 0, times 0
[  274.025547][T12728] loop2: p3 start 225 is beyond EOD, truncated
[  274.032279][T12746] CPU: 1 PID: 12746 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  274.038419][T12728] loop2: p4 size 3657465856 extends beyond EOD, 
[  274.047123][T12746] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.047135][T12746] Call Trace:
[  274.047142][T12746]  dump_stack+0x137/0x19d
[  274.053451][T12728] truncated
01:17:13 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x2400, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:13 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  274.055377][T12751] loop4: detected capacity change from 0 to 1
[  274.063506][T12746]  should_fail+0x23c/0x250
[  274.063532][T12746]  ? __alloc_file+0x2e/0x1a0
[  274.067028][T12748] loop5: detected capacity change from 0 to 1
[  274.071124][T12746]  __should_failslab+0x81/0x90
[  274.100303][T12746]  should_failslab+0x5/0x20
[  274.104804][T12746]  kmem_cache_alloc+0x46/0x2f0
[  274.109578][T12746]  ? inode_doinit_with_dentry+0x382/0x950
[  274.115325][T12746]  __alloc_file+0x2e/0x1a0
[  274.119742][T12746]  alloc_empty_file+0xcd/0x1c0
[  274.124549][T12746]  alloc_file+0x3a/0x280
[  274.128861][T12746]  alloc_file_pseudo+0xe2/0x130
[  274.133691][T12746]  __shmem_file_setup+0x14c/0x1d0
[  274.138700][T12746]  shmem_file_setup+0x37/0x40
[  274.143374][T12746]  __se_sys_memfd_create+0x1eb/0x390
[  274.148635][T12746]  __x64_sys_memfd_create+0x2d/0x40
[  274.153850][T12746]  do_syscall_64+0x4a/0x90
[  274.158245][T12746]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  274.164134][T12746] RIP: 0033:0x4665d9
[  274.168698][T12746] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  274.188406][T12746] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  274.197839][T12746] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  274.205809][T12746] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  274.213775][T12746] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
01:17:13 executing program 3 (fault-call:1 fault-nth:6):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  274.221753][T12746] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  274.229796][T12746] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
[  274.261928][T12748]  loop5: p2 p3 p4
[  274.265913][ T5160]  loop2: p2 p3 p4
[  274.268287][T12748] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  274.269837][ T5160] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  274.283822][T12769] FAULT_INJECTION: forcing a failure.
[  274.283822][T12769] name failslab, interval 1, probability 0, space 0, times 0
[  274.296551][T12769] CPU: 1 PID: 12769 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  274.297162][ T5160] loop2: p3 start 225 is beyond EOD, 
[  274.306521][T12769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.306533][T12769] Call Trace:
[  274.306540][T12769]  dump_stack+0x137/0x19d
[  274.311906][ T5160] truncated
[  274.311911][ T5160] loop2: p4 size 3657465856 extends beyond EOD, 
[  274.322050][T12769]  should_fail+0x23c/0x250
[  274.325379][ T5160] truncated
[  274.329654][T12769]  ? security_file_alloc+0x30/0x190
[  274.351687][T12769]  __should_failslab+0x81/0x90
[  274.356450][T12748] loop5: p3 start 225 is beyond EOD, truncated
[  274.356558][T12769]  should_failslab+0x5/0x20
[  274.362887][T12748] loop5: p4 size 3657465856 extends beyond EOD, 
[  274.367347][T12769]  kmem_cache_alloc+0x46/0x2f0
[  274.367371][T12769]  security_file_alloc+0x30/0x190
[  274.373681][T12748] truncated
[  274.386566][T12769]  __alloc_file+0x83/0x1a0
[  274.390963][T12769]  alloc_empty_file+0xcd/0x1c0
[  274.395835][T12769]  alloc_file+0x3a/0x280
[  274.400081][T12769]  alloc_file_pseudo+0xe2/0x130
[  274.404907][T12769]  __shmem_file_setup+0x14c/0x1d0
[  274.409911][T12769]  shmem_file_setup+0x37/0x40
[  274.414584][T12769]  __se_sys_memfd_create+0x1eb/0x390
[  274.419854][T12769]  __x64_sys_memfd_create+0x2d/0x40
[  274.425033][T12769]  do_syscall_64+0x4a/0x90
[  274.429441][T12769]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  274.435569][T12769] RIP: 0033:0x4665d9
[  274.439541][T12769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  274.459222][T12769] RSP: 002b:00007f8e9927de98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  274.467611][T12769] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:13 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:17:13 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

01:17:13 executing program 3 (fault-call:1 fault-nth:7):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  274.475638][T12769] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  274.483585][T12769] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  274.491541][T12769] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  274.499494][T12769] R13: 00007ffedece0e8f R14: 0000000000000380 R15: 0000000000022000
01:17:13 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xf, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:13 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  274.581171][T12791] loop4: detected capacity change from 0 to 1
[  274.598222][T12797] FAULT_INJECTION: forcing a failure.
[  274.598222][T12797] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  274.611623][T12797] CPU: 1 PID: 12797 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  274.613986][T12798] loop2: detected capacity change from 0 to 1
[  274.620418][T12797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  274.620431][T12797] Call Trace:
[  274.620438][T12797]  dump_stack+0x137/0x19d
[  274.620460][T12797]  should_fail+0x23c/0x250
[  274.648597][T12797]  __alloc_pages+0x102/0x320
[  274.653351][T12797]  alloc_pages_vma+0x391/0x660
[  274.658192][T12797]  shmem_getpage_gfp+0x980/0x1410
[  274.663271][T12797]  ? mls_context_isvalid+0x76/0x1e0
[  274.669239][T12797]  shmem_write_begin+0x7e/0x100
[  274.674085][T12797]  generic_perform_write+0x196/0x3a0
[  274.679505][T12797]  ? file_update_time+0x1bd/0x3e0
[  274.684560][T12797]  __generic_file_write_iter+0x161/0x300
[  274.690255][T12797]  ? generic_write_checks+0x250/0x290
[  274.695627][T12797]  generic_file_write_iter+0x75/0x130
[  274.701006][T12797]  vfs_write+0x69d/0x770
[  274.705233][T12797]  __x64_sys_pwrite64+0xf5/0x150
[  274.710191][T12797]  do_syscall_64+0x4a/0x90
[  274.714587][T12797]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  274.720498][T12797] RIP: 0033:0x419777
[  274.724370][T12797] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  274.752896][T12797] RSP: 002b:00007f8e9927de70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  274.762477][T12797] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  274.770462][T12797] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  274.778417][T12797] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  274.786433][T12797] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  274.794388][T12797] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
01:17:13 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x1c0}])

[  274.839383][T12798]  loop2: p2 p3 p4
[  274.847045][T12798] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  274.848752][T12804] loop5: detected capacity change from 0 to 1
[  274.861958][T12797] loop3: detected capacity change from 0 to 1
[  274.866156][T12798] loop2: p3 start 225 is beyond EOD, truncated
[  274.874271][T12798] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  274.905621][T12804]  loop5: p2 p3 p4
[  274.909653][T12804] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  274.912695][T12822] loop4: detected capacity change from 0 to 1
[  274.917951][T12804] loop5: p3 start 225 is beyond EOD, truncated
[  274.930329][T12804] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  274.945814][ T1032]  loop5: p2 p3 p4
01:17:14 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:14 executing program 3 (fault-call:1 fault-nth:8):
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:14 executing program 1 (fault-call:4 fault-nth:0):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  274.949610][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  274.962379][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  274.968595][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  274.995006][T12844] FAULT_INJECTION: forcing a failure.
[  274.995006][T12844] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.000764][T12845] FAULT_INJECTION: forcing a failure.
[  275.000764][T12845] name failslab, interval 1, probability 0, space 0, times 0
[  275.008074][T12844] CPU: 1 PID: 12844 Comm: syz-executor.3 Not tainted 5.13.0-rc3-syzkaller #0
[  275.029484][T12844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.039635][T12844] Call Trace:
[  275.042898][T12844]  dump_stack+0x137/0x19d
[  275.047299][T12844]  should_fail+0x23c/0x250
[  275.053431][T12844]  should_fail_usercopy+0x16/0x20
[  275.058438][T12844]  iov_iter_copy_from_user_atomic+0x281/0xb60
[  275.064565][T12844]  ? shmem_write_begin+0x7e/0x100
[  275.069635][T12844]  generic_perform_write+0x1e4/0x3a0
[  275.074901][T12844]  ? file_update_time+0x1bd/0x3e0
[  275.079924][T12844]  __generic_file_write_iter+0x161/0x300
[  275.085625][T12844]  ? generic_write_checks+0x250/0x290
[  275.091128][T12844]  generic_file_write_iter+0x75/0x130
[  275.096487][T12844]  vfs_write+0x69d/0x770
[  275.100712][T12844]  __x64_sys_pwrite64+0xf5/0x150
[  275.105631][T12844]  do_syscall_64+0x4a/0x90
[  275.110042][T12844]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.115949][T12844] RIP: 0033:0x419777
[  275.119840][T12844] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  275.139586][T12844] RSP: 002b:00007f8e9927de70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  275.147980][T12844] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  275.155937][T12844] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  275.163893][T12844] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  275.171844][T12844] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  275.179796][T12844] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  275.187814][T12845] CPU: 0 PID: 12845 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  275.196580][T12845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.207581][T12845] Call Trace:
[  275.210884][T12845]  dump_stack+0x137/0x19d
[  275.215322][T12845]  should_fail+0x23c/0x250
[  275.219719][T12845]  ? __se_sys_memfd_create+0xfb/0x390
[  275.225081][T12845]  __should_failslab+0x81/0x90
[  275.230605][T12845]  should_failslab+0x5/0x20
[  275.235124][T12845]  __kmalloc+0x66/0x340
[  275.239289][T12845]  ? strnlen_user+0x137/0x1c0
[  275.243940][T12845]  __se_sys_memfd_create+0xfb/0x390
[  275.249134][T12845]  __x64_sys_memfd_create+0x2d/0x40
[  275.254313][T12845]  do_syscall_64+0x4a/0x90
[  275.258732][T12845]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.264686][T12845] RIP: 0033:0x4665d9
[  275.268569][T12845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  275.288151][T12845] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  275.296548][T12845] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:14 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x4000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:14 executing program 1 (fault-call:4 fault-nth:1):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  275.304498][T12845] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  275.313140][T12845] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  275.321159][T12845] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  275.329119][T12845] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
[  275.351391][T12844] loop3: detected capacity change from 0 to 1
01:17:14 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  275.357995][T12843] loop2: detected capacity change from 0 to 1
[  275.376067][T12858] FAULT_INJECTION: forcing a failure.
[  275.376067][T12858] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.389270][T12858] CPU: 0 PID: 12858 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  275.398092][T12858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
01:17:14 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x10, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  275.405236][T12844]  loop3: p2 p3 p4
[  275.408126][T12858] Call Trace:
[  275.408134][T12858]  dump_stack+0x137/0x19d
[  275.411971][T12844] loop3: p2 size 1073872896 extends beyond EOD, 
[  275.415104][T12858]  should_fail+0x23c/0x250
[  275.415126][T12858]  should_fail_usercopy+0x16/0x20
[  275.419429][T12844] truncated
[  275.423098][ T1032]  loop2: p2 p3 p4
[  275.425741][T12858]  _copy_from_user+0x1c/0xd0
[  275.425767][T12858]  __se_sys_memfd_create+0x137/0x390
[  275.425787][T12858]  __x64_sys_memfd_create+0x2d/0x40
[  275.431145][ T1032] loop2: p2 size 1073872896 extends beyond EOD, 
[  275.435179][T12858]  do_syscall_64+0x4a/0x90
[  275.435204][T12858]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.438309][ T1032] truncated
[  275.439913][T12844] loop3: p3 start 225 is beyond EOD, 
[  275.442009][T12858] RIP: 0033:0x4665d9
[  275.442023][T12858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:14 executing program 1 (fault-call:4 fault-nth:2):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  275.442040][T12858] RSP: 002b:00007f561932ee98 EFLAGS: 00000246
[  275.446626][T12844] truncated
[  275.451865][T12858]  ORIG_RAX: 000000000000013f
[  275.451873][T12858] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  275.457051][T12844] loop3: p4 size 3657465856 extends beyond EOD, 
[  275.463330][T12858] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  275.467731][T12844] truncated
[  275.473575][T12858] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  275.479472][ T1032] loop2: p3 start 225 is beyond EOD, 
[  275.482001][T12858] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  275.482015][T12858] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
[  275.485908][ T1032] truncated
[  275.513521][T12864] loop4: detected capacity change from 0 to 1
[  275.514682][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  275.527765][T12867] loop5: detected capacity change from 0 to 1
[  275.557270][T12843]  loop2: p2 p3 p4
[  275.562053][T12875] FAULT_INJECTION: forcing a failure.
[  275.562053][T12875] name failslab, interval 1, probability 0, space 0, times 0
[  275.567333][T12843] loop2: p2 size 1073872896 extends beyond EOD, 
[  275.574663][T12875] CPU: 1 PID: 12875 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  275.574683][T12875] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.574693][T12875] Call Trace:
[  275.574701][T12875]  dump_stack+0x137/0x19d
[  275.577853][T12843] truncated
[  275.583830][T12875]  should_fail+0x23c/0x250
[  275.592443][T12843] loop2: p3 start 225 is beyond EOD, 
[  275.597022][T12875]  ? shmem_alloc_inode+0x22/0x30
[  275.597051][T12875]  __should_failslab+0x81/0x90
[  275.600753][T12843] truncated
[  275.600758][T12843] loop2: p4 size 3657465856 extends beyond EOD, 
[  275.613299][T12875]  ? shmem_match+0xa0/0xa0
[  275.619646][T12843] truncated
[  275.628364][T12875]  should_failslab+0x5/0x20
[  275.628383][T12875]  kmem_cache_alloc+0x46/0x2f0
[  275.695726][T12875]  ? do_anonymous_page+0x411/0x8b0
[  275.700826][T12875]  ? fsnotify_perm+0x59/0x2e0
[  275.705484][T12875]  ? shmem_match+0xa0/0xa0
[  275.709883][T12875]  shmem_alloc_inode+0x22/0x30
[  275.714686][T12875]  new_inode_pseudo+0x38/0x1c0
[  275.719500][T12875]  new_inode+0x21/0x120
[  275.723659][T12875]  shmem_get_inode+0xa1/0x480
[  275.728318][T12875]  __shmem_file_setup+0xf1/0x1d0
[  275.733340][T12875]  shmem_file_setup+0x37/0x40
[  275.738086][T12875]  __se_sys_memfd_create+0x1eb/0x390
[  275.743370][T12875]  __x64_sys_memfd_create+0x2d/0x40
[  275.748551][T12875]  do_syscall_64+0x4a/0x90
[  275.753038][T12875]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.758914][T12875] RIP: 0033:0x4665d9
[  275.763159][T12875] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  275.784495][T12875] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  275.794024][T12875] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  275.801984][T12875] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
01:17:14 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:14 executing program 1 (fault-call:4 fault-nth:3):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:14 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  275.809992][T12875] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  275.817943][T12875] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  275.825982][T12875] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
[  275.863718][T12885] FAULT_INJECTION: forcing a failure.
[  275.863718][T12885] name failslab, interval 1, probability 0, space 0, times 0
[  275.876372][T12885] CPU: 1 PID: 12885 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  275.879914][T12886] loop3: detected capacity change from 0 to 1
[  275.885207][T12885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  275.885220][T12885] Call Trace:
[  275.885227][T12885]  dump_stack+0x137/0x19d
[  275.885259][T12885]  should_fail+0x23c/0x250
[  275.913332][T12885]  ? security_inode_alloc+0x30/0x180
[  275.918707][T12885]  __should_failslab+0x81/0x90
[  275.923552][T12885]  should_failslab+0x5/0x20
[  275.928076][T12885]  kmem_cache_alloc+0x46/0x2f0
[  275.932902][T12885]  security_inode_alloc+0x30/0x180
[  275.938051][T12885]  inode_init_always+0x20b/0x420
[  275.943744][T12885]  ? shmem_match+0xa0/0xa0
[  275.948195][T12885]  new_inode_pseudo+0x73/0x1c0
[  275.952964][T12885]  new_inode+0x21/0x120
[  275.957211][T12885]  shmem_get_inode+0xa1/0x480
[  275.961870][T12885]  __shmem_file_setup+0xf1/0x1d0
[  275.966863][T12885]  shmem_file_setup+0x37/0x40
[  275.971527][T12885]  __se_sys_memfd_create+0x1eb/0x390
[  275.976864][T12885]  __x64_sys_memfd_create+0x2d/0x40
[  275.982195][T12885]  do_syscall_64+0x4a/0x90
[  275.986597][T12885]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  275.992545][T12885] RIP: 0033:0x4665d9
[  275.996417][T12885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  276.016163][T12885] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  276.024553][T12885] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  276.032501][T12885] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  276.040454][T12885] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  276.048423][T12885] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  276.056486][T12885] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
01:17:15 executing program 1 (fault-call:4 fault-nth:4):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.066017][T12867]  loop5: p2 p3 p4
[  276.069810][T12867] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  276.094504][T12867] loop5: p3 start 225 is beyond EOD, truncated
[  276.096863][T12899] FAULT_INJECTION: forcing a failure.
[  276.096863][T12899] name failslab, interval 1, probability 0, space 0, times 0
[  276.100747][T12867] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  276.113659][T12899] CPU: 1 PID: 12899 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  276.121187][T12886]  loop3: p2 p3 p4
[  276.129487][T12899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.129500][T12899] Call Trace:
[  276.129507][T12899]  dump_stack+0x137/0x19d
[  276.129532][T12899]  should_fail+0x23c/0x250
[  276.134039][T12886] loop3: p2 size 1073872896 extends beyond EOD, 
[  276.143779][T12899]  ? __d_alloc+0x36/0x370
01:17:15 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

01:17:15 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x4102, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  276.143799][T12899]  __should_failslab+0x81/0x90
[  276.143821][T12899]  should_failslab+0x5/0x20
[  276.147130][T12886] truncated
[  276.151378][T12899]  kmem_cache_alloc+0x46/0x2f0
[  276.160822][T12886] loop3: p3 start 225 is beyond EOD, 
[  276.162087][T12899]  ? __init_rwsem+0x59/0x70
[  276.162108][T12899]  __d_alloc+0x36/0x370
[  276.166451][T12886] truncated
[  276.171197][T12899]  ? current_time+0xdb/0x190
[  276.175690][T12886] loop3: p4 size 3657465856 extends beyond EOD, 
[  276.178783][T12899]  d_alloc_pseudo+0x1a/0x50
[  276.183577][T12886] truncated
[  276.219328][T12897] loop2: detected capacity change from 0 to 1
[  276.221427][T12899]  alloc_file_pseudo+0x63/0x130
[  276.221451][T12899]  __shmem_file_setup+0x14c/0x1d0
[  276.221473][T12899]  shmem_file_setup+0x37/0x40
[  276.221510][T12899]  __se_sys_memfd_create+0x1eb/0x390
[  276.233370][T12909] loop4: detected capacity change from 0 to 1
[  276.237408][T12899]  __x64_sys_memfd_create+0x2d/0x40
[  276.237436][T12899]  do_syscall_64+0x4a/0x90
[  276.237457][T12899]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  276.269366][T12899] RIP: 0033:0x4665d9
[  276.273236][T12899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  276.293279][T12899] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  276.301743][T12899] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
01:17:15 executing program 1 (fault-call:4 fault-nth:5):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.309690][T12899] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  276.317652][T12899] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  276.325626][T12899] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  276.333843][T12899] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
[  276.343443][ T1032]  loop5: p2 p3 p4
[  276.347390][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  276.355410][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  276.362354][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  276.369819][T12920] FAULT_INJECTION: forcing a failure.
[  276.369819][T12920] name failslab, interval 1, probability 0, space 0, times 0
[  276.382691][T12920] CPU: 1 PID: 12920 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  276.388712][T12897]  loop2: p2 p3 p4
[  276.391520][T12920] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.391532][T12920] Call Trace:
[  276.391539][T12920]  dump_stack+0x137/0x19d
01:17:15 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x11, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.408142][T12897] loop2: p2 size 1073872896 extends beyond EOD, 
[  276.408552][T12920]  should_fail+0x23c/0x250
[  276.408572][T12920]  ? __alloc_file+0x2e/0x1a0
[  276.412912][T12897] truncated
[  276.419199][T12920]  __should_failslab+0x81/0x90
[  276.419228][T12920]  should_failslab+0x5/0x20
[  276.425430][T12897] loop2: p3 start 225 is beyond EOD, 
[  276.428190][T12920]  kmem_cache_alloc+0x46/0x2f0
[  276.431307][T12897] truncated
[  276.431313][T12897] loop2: p4 size 3657465856 extends beyond EOD, 
[  276.436044][T12920]  ? inode_doinit_with_dentry+0x382/0x950
[  276.436071][T12920]  __alloc_file+0x2e/0x1a0
[  276.440562][T12897] truncated
[  276.473345][T12920]  alloc_empty_file+0xcd/0x1c0
[  276.478178][T12920]  alloc_file+0x3a/0x280
[  276.482400][T12920]  alloc_file_pseudo+0xe2/0x130
[  276.487274][T12920]  __shmem_file_setup+0x14c/0x1d0
[  276.492277][T12920]  shmem_file_setup+0x37/0x40
[  276.496930][T12920]  __se_sys_memfd_create+0x1eb/0x390
[  276.502212][T12920]  __x64_sys_memfd_create+0x2d/0x40
[  276.507415][T12920]  do_syscall_64+0x4a/0x90
[  276.511816][T12920]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  276.517686][T12920] RIP: 0033:0x4665d9
[  276.521605][T12920] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  276.541196][T12920] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  276.549602][T12920] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  276.557582][T12920] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
01:17:15 executing program 1 (fault-call:4 fault-nth:6):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.565599][T12920] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  276.573566][T12920] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  276.581526][T12920] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
01:17:15 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.611937][T12931] FAULT_INJECTION: forcing a failure.
[  276.611937][T12931] name failslab, interval 1, probability 0, space 0, times 0
[  276.624969][T12931] CPU: 1 PID: 12931 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  276.633734][T12931] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.638075][T12933] loop3: detected capacity change from 0 to 1
[  276.643796][T12931] Call Trace:
[  276.643805][T12931]  dump_stack+0x137/0x19d
[  276.643829][T12931]  should_fail+0x23c/0x250
[  276.662460][T12931]  ? security_file_alloc+0x30/0x190
[  276.667649][T12931]  __should_failslab+0x81/0x90
[  276.672561][T12931]  should_failslab+0x5/0x20
[  276.677446][T12931]  kmem_cache_alloc+0x46/0x2f0
[  276.685725][T12931]  security_file_alloc+0x30/0x190
[  276.691509][T12931]  __alloc_file+0x83/0x1a0
[  276.696064][T12931]  alloc_empty_file+0xcd/0x1c0
[  276.701469][T12931]  alloc_file+0x3a/0x280
[  276.705877][T12931]  alloc_file_pseudo+0xe2/0x130
[  276.711129][T12931]  __shmem_file_setup+0x14c/0x1d0
[  276.717690][T12931]  shmem_file_setup+0x37/0x40
[  276.725188][T12931]  __se_sys_memfd_create+0x1eb/0x390
[  276.731821][T12931]  __x64_sys_memfd_create+0x2d/0x40
[  276.739661][T12931]  do_syscall_64+0x4a/0x90
[  276.748337][T12931]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  276.758982][T12931] RIP: 0033:0x4665d9
[  276.766066][T12931] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  276.800567][T12931] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  276.809861][T12931] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  276.820981][T12931] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  276.829625][T12931] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  276.837944][T12931] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  276.845898][T12931] R13: 00007ffe6170f6df R14: 0000000000000380 R15: 0000000000022000
01:17:15 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:15 executing program 1 (fault-call:4 fault-nth:7):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  276.871117][T12926] loop5: detected capacity change from 0 to 1
[  276.902461][T12951] FAULT_INJECTION: forcing a failure.
[  276.902461][T12951] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  276.912562][T12933]  loop3: p2 p3 p4
[  276.916345][T12951] CPU: 0 PID: 12951 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  276.920250][T12933] loop3: p2 size 1073872896 extends beyond EOD, 
[  276.931699][T12951] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  276.931712][T12951] Call Trace:
[  276.931719][T12951]  dump_stack+0x137/0x19d
[  276.938515][T12933] truncated
[  276.948627][T12951]  should_fail+0x23c/0x250
[  276.954141][T12933] loop3: p3 start 225 is beyond EOD, 
01:17:16 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0), 0x0, 0x1c0}])

[  276.956669][T12951]  __alloc_pages+0x102/0x320
[  276.956691][T12951]  alloc_pages_vma+0x391/0x660
[  276.956710][T12951]  shmem_getpage_gfp+0x980/0x1410
[  276.959975][T12933] truncated
[  276.959981][T12933] loop3: p4 size 3657465856 extends beyond EOD, 
[  276.964520][T12951]  ? mls_context_isvalid+0x76/0x1e0
[  276.969881][T12933] truncated
[  276.975753][T12951]  shmem_write_begin+0x7e/0x100
[  277.013931][T12951]  generic_perform_write+0x196/0x3a0
[  277.019644][T12951]  ? file_update_time+0x1bd/0x3e0
[  277.025270][T12951]  __generic_file_write_iter+0x161/0x300
[  277.031506][T12951]  ? generic_write_checks+0x250/0x290
[  277.037024][T12951]  generic_file_write_iter+0x75/0x130
[  277.042915][T12951]  vfs_write+0x69d/0x770
[  277.047148][T12951]  __x64_sys_pwrite64+0xf5/0x150
[  277.052257][T12951]  do_syscall_64+0x4a/0x90
[  277.056693][T12951]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  277.062615][T12951] RIP: 0033:0x419777
01:17:16 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x5400, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  277.066497][T12951] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  277.086359][T12951] RSP: 002b:00007f561932ee70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  277.094791][T12951] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  277.102757][T12951] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  277.110742][T12951] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  277.118698][T12951] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  277.126656][T12951] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  277.139065][ T1032]  loop5: p2 p3 p4
[  277.143097][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  277.150597][T12951] loop1: detected capacity change from 0 to 1
[  277.163902][T12966] loop2: detected capacity change from 0 to 1
01:17:16 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.168404][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  277.177383][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  277.181464][T12974] loop3: detected capacity change from 0 to 1
[  277.185132][T12967] loop4: detected capacity change from 0 to 1
[  277.194430][T12926]  loop5: p2 p3 p4
[  277.200813][T12966]  loop2: p2 p3 p4
[  277.205421][T12926] loop5: p2 size 1073872896 extends beyond EOD, 
[  277.205430][T12974]  loop3: p2 p3 p4
[  277.205499][T12974] loop3: p2 size 1073872896 extends beyond EOD, 
[  277.211742][T12926] truncated
[  277.212057][T12966] loop2: p2 size 1073872896 extends beyond EOD, 
[  277.215524][T12974] truncated
[  277.221887][T12966] truncated
[  277.222186][T12966] loop2: p3 start 225 is beyond EOD, 
[  277.228053][T12926] loop5: p3 start 225 is beyond EOD, 
[  277.231355][T12966] truncated
[  277.231361][T12966] loop2: p4 size 3657465856 extends beyond EOD, 
[  277.234694][T12926] truncated
[  277.238437][T12966] truncated
[  277.241375][T12974] loop3: p3 start 225 is beyond EOD, 
01:17:16 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x12, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:16 executing program 1 (fault-call:4 fault-nth:8):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.243917][T12926] loop5: p4 size 3657465856 extends beyond EOD, 
[  277.249329][T12974] truncated
[  277.252516][T12926] truncated
[  277.283685][T12974] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  277.309535][T12992] FAULT_INJECTION: forcing a failure.
[  277.309535][T12992] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.323218][T12992] CPU: 0 PID: 12992 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  277.332057][T12992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.343475][T12992] Call Trace:
[  277.346743][T12992]  dump_stack+0x137/0x19d
[  277.351066][T12992]  should_fail+0x23c/0x250
[  277.355825][T12992]  should_fail_usercopy+0x16/0x20
[  277.362023][T12992]  iov_iter_copy_from_user_atomic+0x281/0xb60
[  277.368965][T12992]  ? shmem_write_begin+0x7e/0x100
[  277.373987][T12992]  generic_perform_write+0x1e4/0x3a0
[  277.379317][T12992]  ? file_update_time+0x1bd/0x3e0
[  277.384470][T12992]  __generic_file_write_iter+0x161/0x300
[  277.390103][T12992]  ? generic_write_checks+0x250/0x290
[  277.395456][T12992]  generic_file_write_iter+0x75/0x130
[  277.400873][T12992]  vfs_write+0x69d/0x770
[  277.405323][T12992]  __x64_sys_pwrite64+0xf5/0x150
[  277.410237][T12992]  do_syscall_64+0x4a/0x90
[  277.414635][T12992]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  277.420608][T12992] RIP: 0033:0x419777
[  277.424492][T12992] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  277.444166][T12992] RSP: 002b:00007f561932ee70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  277.452566][T12992] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  277.460518][T12992] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
01:17:16 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:16 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.468477][T12992] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
[  277.476503][T12992] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  277.484590][T12992] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  277.498261][T12992] loop1: detected capacity change from 0 to 1
01:17:16 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.534702][T12992]  loop1: p2 p3 p4
[  277.542867][T12992] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  277.544482][T13011] loop3: detected capacity change from 0 to 1
[  277.555140][T13007] loop5: detected capacity change from 0 to 1
[  277.561006][T12992] loop1: p3 start 225 is beyond EOD, truncated
[  277.568860][T12992] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  277.594699][T13011]  loop3: p2 p3 p4
[  277.594971][T13015] loop4: detected capacity change from 0 to 1
[  277.598598][T13007]  loop5: p2 p3 p4
[  277.608421][T13011] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  277.615700][T13007] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  277.617464][T13016] loop2: detected capacity change from 0 to 1
[  277.623251][T13007] loop5: p3 start 225 is beyond EOD, truncated
[  277.629277][T13011] loop3: p3 start 225 is beyond EOD, 
01:17:16 executing program 1 (fault-call:4 fault-nth:9):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.635112][T13007] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  277.647790][T13011] truncated
[  277.650888][T13011] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  277.668410][T13035] FAULT_INJECTION: forcing a failure.
[  277.668410][T13035] name failslab, interval 1, probability 0, space 0, times 0
[  277.681276][T13035] CPU: 1 PID: 13035 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  277.691421][T13035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.703200][T13035] Call Trace:
[  277.706465][T13035]  dump_stack+0x137/0x19d
[  277.711042][T13035]  should_fail+0x23c/0x250
[  277.715441][T13035]  ? getname_flags+0x84/0x3d0
[  277.720218][T13035]  __should_failslab+0x81/0x90
[  277.725932][T13035]  should_failslab+0x5/0x20
[  277.730419][T13035]  kmem_cache_alloc+0x46/0x2f0
[  277.735218][T13035]  getname_flags+0x84/0x3d0
[  277.744314][T13035]  ? vfs_write+0x50c/0x770
[  277.748731][T13035]  getname+0x15/0x20
[  277.752686][T13035]  do_sys_openat2+0x5b/0x250
[  277.757502][T13035]  __x64_sys_openat+0xef/0x110
[  277.762407][T13035]  do_syscall_64+0x4a/0x90
[  277.766822][T13035]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  277.772797][T13035] RIP: 0033:0x4196c4
[  277.776823][T13035] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  277.797551][T13035] RSP: 002b:00007f561932ee20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  277.812833][T13035] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  277.824720][T13035] RDX: 0000000000000002 RSI: 00007f561932ef40 RDI: 00000000ffffff9c
[  277.832772][T13035] RBP: 00007f561932ef40 R08: 0000000000000000 R09: 0000000000000000
01:17:16 executing program 1 (fault-call:4 fault-nth:10):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:16 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x13, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:16 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:16 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  277.840729][T13035] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  277.848715][T13035] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  277.858360][T13016]  loop2: p2 p3 p4
[  277.862675][T13016] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  277.872775][T13016] loop2: p3 start 225 is beyond EOD, truncated
[  277.878973][T13016] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  277.921454][T13049] FAULT_INJECTION: forcing a failure.
[  277.921454][T13049] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  277.934578][T13049] CPU: 1 PID: 13049 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  277.943463][T13049] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  277.946998][T13056] loop3: detected capacity change from 0 to 1
[  277.954249][T13049] Call Trace:
[  277.954257][T13049]  dump_stack+0x137/0x19d
01:17:17 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x5800, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  277.954282][T13049]  should_fail+0x23c/0x250
[  277.954299][T13049]  should_fail_usercopy+0x16/0x20
[  277.979786][T13049]  strncpy_from_user+0x21/0x250
[  277.984662][T13049]  getname_flags+0xb8/0x3d0
[  277.989330][T13049]  ? vfs_write+0x50c/0x770
[  277.994612][T13049]  getname+0x15/0x20
[  277.998664][T13049]  do_sys_openat2+0x5b/0x250
[  278.003914][T13049]  __x64_sys_openat+0xef/0x110
[  278.011290][T13049]  do_syscall_64+0x4a/0x90
[  278.015884][T13049]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  278.022200][T13049] RIP: 0033:0x4196c4
[  278.026361][T13049] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  278.050176][T13049] RSP: 002b:00007f561932ee20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  278.058580][T13049] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
01:17:17 executing program 1 (fault-call:4 fault-nth:11):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.066544][T13049] RDX: 0000000000000002 RSI: 00007f561932ef40 RDI: 00000000ffffff9c
[  278.074550][T13049] RBP: 00007f561932ef40 R08: 0000000000000000 R09: 0000000000000000
[  278.082905][T13049] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  278.090941][T13049] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  278.105206][T13059] loop4: detected capacity change from 0 to 1
01:17:17 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.117932][T13052] loop5: detected capacity change from 0 to 1
[  278.130846][T13074] FAULT_INJECTION: forcing a failure.
[  278.130846][T13074] name failslab, interval 1, probability 0, space 0, times 0
[  278.143612][T13074] CPU: 0 PID: 13074 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  278.152569][T13074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.163184][T13074] Call Trace:
[  278.166522][T13074]  dump_stack+0x137/0x19d
[  278.170836][T13074]  should_fail+0x23c/0x250
[  278.175884][T13074]  ? __alloc_file+0x2e/0x1a0
[  278.180902][T13074]  __should_failslab+0x81/0x90
[  278.185809][T13074]  should_failslab+0x5/0x20
[  278.190356][T13074]  kmem_cache_alloc+0x46/0x2f0
[  278.195102][T13074]  __alloc_file+0x2e/0x1a0
[  278.199508][T13074]  alloc_empty_file+0xcd/0x1c0
[  278.206966][T13074]  path_openat+0x6a/0x20b0
[  278.214456][T13074]  ? iov_iter_advance+0x291/0xe10
[  278.219538][T13074]  ? shmem_write_end+0x37d/0x3d0
[  278.224491][T13074]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  278.230802][T13074]  ? generic_perform_write+0x332/0x3a0
[  278.236326][T13074]  do_filp_open+0xd9/0x1f0
[  278.240869][T13074]  ? __virt_addr_valid+0x15a/0x1a0
[  278.245965][T13074]  ? __check_object_size+0x253/0x310
[  278.251309][T13074]  ? _find_next_bit+0x16a/0x190
[  278.256257][T13074]  ? alloc_fd+0x388/0x3e0
[  278.260580][T13074]  do_sys_openat2+0xa3/0x250
[  278.265310][T13074]  __x64_sys_openat+0xef/0x110
[  278.270154][T13074]  do_syscall_64+0x4a/0x90
[  278.274557][T13074]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  278.280541][T13074] RIP: 0033:0x4196c4
[  278.284584][T13074] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  278.304951][T13074] RSP: 002b:00007f561932ee20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  278.313438][T13074] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  278.321682][T13074] RDX: 0000000000000002 RSI: 00007f561932ef40 RDI: 00000000ffffff9c
[  278.329874][T13074] RBP: 00007f561932ef40 R08: 0000000000000000 R09: 0000000000000000
[  278.338080][T13074] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  278.346330][T13074] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  278.354848][T13056]  loop3: p2 p3 p4
[  278.358818][T13056] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:17 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ff", 0x20, 0x1c0}])

01:17:17 executing program 1 (fault-call:4 fault-nth:12):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.372648][T13056] loop3: p3 start 225 is beyond EOD, truncated
[  278.378883][T13056] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  278.386831][T13052]  loop5: p2 p3 p4
[  278.390616][T13052] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  278.399513][T13052] loop5: p3 start 225 is beyond EOD, truncated
[  278.403430][T13083] FAULT_INJECTION: forcing a failure.
[  278.403430][T13083] name failslab, interval 1, probability 0, space 0, times 0
[  278.405802][T13052] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  278.420161][T13077] loop2: detected capacity change from 0 to 1
[  278.425558][T13083] CPU: 1 PID: 13083 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  278.425581][T13083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.451394][T13083] Call Trace:
[  278.454659][T13083]  dump_stack+0x137/0x19d
[  278.458977][T13083]  should_fail+0x23c/0x250
[  278.463413][T13083]  ? security_file_alloc+0x30/0x190
[  278.468799][T13083]  __should_failslab+0x81/0x90
[  278.473557][T13083]  should_failslab+0x5/0x20
[  278.478057][T13083]  kmem_cache_alloc+0x46/0x2f0
[  278.482994][T13083]  security_file_alloc+0x30/0x190
[  278.488058][T13083]  __alloc_file+0x83/0x1a0
[  278.492454][T13083]  alloc_empty_file+0xcd/0x1c0
[  278.497215][T13083]  path_openat+0x6a/0x20b0
[  278.501618][T13083]  ? iov_iter_advance+0x291/0xe10
[  278.506637][T13083]  ? shmem_write_end+0x37d/0x3d0
[  278.511592][T13083]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  278.518082][T13083]  ? generic_perform_write+0x332/0x3a0
[  278.523777][T13083]  do_filp_open+0xd9/0x1f0
[  278.528253][T13083]  ? __virt_addr_valid+0x15a/0x1a0
[  278.533343][T13083]  ? __check_object_size+0x253/0x310
[  278.538663][T13083]  ? _find_next_bit+0x16a/0x190
[  278.543672][T13083]  ? alloc_fd+0x388/0x3e0
[  278.548349][T13083]  do_sys_openat2+0xa3/0x250
[  278.553564][T13083]  __x64_sys_openat+0xef/0x110
[  278.558750][T13083]  do_syscall_64+0x4a/0x90
[  278.563269][T13083]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  278.569481][T13083] RIP: 0033:0x4196c4
[  278.573380][T13083] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  278.593288][T13083] RSP: 002b:00007f561932ee20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  278.601714][T13083] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  278.610536][T13083] RDX: 0000000000000002 RSI: 00007f561932ef40 RDI: 00000000ffffff9c
01:17:17 executing program 1 (fault-call:4 fault-nth:13):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.620276][T13083] RBP: 00007f561932ef40 R08: 0000000000000000 R09: 0000000000000000
[  278.628490][T13083] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  278.636887][T13083] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:17 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x24, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:17 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.694742][T13077]  loop2: p2 p3 p4
[  278.701372][T13077] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  278.711397][T13095] loop4: detected capacity change from 0 to 1
[  278.718947][T13104] FAULT_INJECTION: forcing a failure.
[  278.718947][T13104] name failslab, interval 1, probability 0, space 0, times 0
[  278.725132][T13077] loop2: p3 start 225 is beyond EOD, truncated
[  278.731596][T13104] CPU: 1 PID: 13104 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  278.737742][T13077] loop2: p4 size 3657465856 extends beyond EOD, 
[  278.746880][T13104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  278.746893][T13104] Call Trace:
[  278.746901][T13104]  dump_stack+0x137/0x19d
[  278.753446][T13077] truncated
[  278.759140][T13108] loop3: detected capacity change from 0 to 1
[  278.764333][T13104]  should_fail+0x23c/0x250
[  278.764355][T13104]  ? loop_set_status_from_info+0x3a0/0x3a0
[  278.764375][T13104]  __should_failslab+0x81/0x90
[  278.764397][T13104]  ? __kthread_create_on_node+0x7a/0x290
[  278.768208][T13107] loop5: detected capacity change from 0 to 1
[  278.772016][T13104]  should_failslab+0x5/0x20
[  278.772038][T13104]  kmem_cache_alloc_trace+0x49/0x310
[  278.820439][T13104]  ? loop_set_status_from_info+0x3a0/0x3a0
[  278.829701][T13104]  __kthread_create_on_node+0x7a/0x290
[  278.835669][T13104]  ? __blkdev_get+0xc1/0x6d0
[  278.840267][T13104]  ? loop_set_status_from_info+0x3a0/0x3a0
[  278.846093][T13104]  kthread_create_on_node+0x72/0xa0
[  278.851291][T13104]  loop_configure+0x597/0xcb0
[  278.855948][T13104]  ? mntput+0x45/0x70
[  278.860481][T13104]  lo_ioctl+0x555/0x11f0
[  278.865679][T13104]  ? path_openat+0x19ab/0x20b0
[  278.871398][T13104]  ? putname+0xa5/0xc0
[  278.877135][T13104]  ? ___cache_free+0x3c/0x300
[  278.881884][T13104]  ? blkdev_common_ioctl+0x9c3/0x1040
01:17:17 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x8004, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  278.889242][T13104]  ? selinux_file_ioctl+0x8e0/0x970
[  278.898896][T13104]  ? lo_release+0x120/0x120
[  278.903582][T13104]  blkdev_ioctl+0x1d0/0x3c0
[  278.909595][T13104]  block_ioctl+0x6d/0x80
[  278.914743][T13104]  ? blkdev_iopoll+0x70/0x70
[  278.919348][T13104]  __se_sys_ioctl+0xcb/0x140
[  278.924201][T13104]  __x64_sys_ioctl+0x3f/0x50
[  278.928847][T13104]  do_syscall_64+0x4a/0x90
[  278.933360][T13104]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  278.940887][T13104] RIP: 0033:0x466397
[  278.946965][T13104] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  278.967800][T13104] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  278.976223][T13104] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  278.984278][T13104] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
01:17:18 executing program 1 (fault-call:4 fault-nth:14):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  278.992647][T13104] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  279.000627][T13104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  279.008587][T13104] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  279.074490][T13108]  loop3: p2 p3 p4
[  279.074547][T13107]  loop5: p2 p3 p4
[  279.078768][T13108] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  279.082126][T13107] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  279.091246][T13108] loop3: p3 start 225 is beyond EOD, truncated
[  279.102453][T13108] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  279.104712][T13124] FAULT_INJECTION: forcing a failure.
[  279.104712][T13124] name failslab, interval 1, probability 0, space 0, times 0
[  279.110629][T13107] loop5: p3 start 225 is beyond EOD, truncated
[  279.122176][T13124] CPU: 0 PID: 13124 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  279.122196][T13124] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  279.122205][T13124] Call Trace:
[  279.122212][T13124]  dump_stack+0x137/0x19d
[  279.122235][T13124]  should_fail+0x23c/0x250
[  279.122250][T13124]  ? __kernfs_new_node+0x6a/0x330
[  279.122267][T13124]  __should_failslab+0x81/0x90
01:17:18 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x8, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.128449][T13107] loop5: p4 size 3657465856 extends beyond EOD, 
[  279.137172][T13124]  should_failslab+0x5/0x20
[  279.147326][T13107] truncated
[  279.151531][T13124]  kmem_cache_alloc+0x46/0x2f0
[  279.151557][T13124]  ? kvm_sched_clock_read+0xd/0x20
[  279.193711][T13124]  __kernfs_new_node+0x6a/0x330
[  279.198546][T13124]  ? select_task_rq_fair+0x186/0xc00
[  279.203809][T13124]  ? rb_insert_color+0x2fa/0x310
[  279.208736][T13124]  kernfs_create_dir_ns+0x5e/0x140
[  279.213904][T13124]  internal_create_group+0x138/0x850
[  279.219179][T13124]  ? check_preempt_wakeup+0x1bb/0x360
[  279.224532][T13124]  sysfs_create_group+0x1b/0x20
[  279.229416][T13124]  loop_configure+0xa21/0xcb0
[  279.234107][T13124]  lo_ioctl+0x555/0x11f0
[  279.238325][T13124]  ? path_openat+0x19ab/0x20b0
[  279.243064][T13124]  ? putname+0xa5/0xc0
[  279.247107][T13124]  ? ___cache_free+0x3c/0x300
[  279.251786][T13124]  ? blkdev_common_ioctl+0x9c3/0x1040
[  279.257186][T13124]  ? selinux_file_ioctl+0x8e0/0x970
[  279.262359][T13124]  ? lo_release+0x120/0x120
[  279.266857][T13124]  blkdev_ioctl+0x1d0/0x3c0
[  279.271508][T13124]  block_ioctl+0x6d/0x80
[  279.275726][T13124]  ? blkdev_iopoll+0x70/0x70
[  279.280295][T13124]  __se_sys_ioctl+0xcb/0x140
[  279.284877][T13124]  __x64_sys_ioctl+0x3f/0x50
[  279.289518][T13124]  do_syscall_64+0x4a/0x90
[  279.293926][T13124]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  279.299933][T13124] RIP: 0033:0x466397
[  279.303875][T13124] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  279.323472][T13124] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.331907][T13124] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  279.339875][T13124] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  279.347832][T13124] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  279.355784][T13124] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  279.363743][T13124] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  279.371769][T13124] loop1: detected capacity change from 0 to 1
01:17:18 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x25, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:18 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:17:18 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.410298][T13124]  loop1: p2 p3 p4
[  279.417517][T13124] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  279.439124][T13145] loop2: detected capacity change from 0 to 1
[  279.445515][T13124] loop1: p3 start 225 is beyond EOD, truncated
[  279.451769][T13124] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.464663][T13153] loop4: detected capacity change from 0 to 1
[  279.472161][T13151] loop5: detected capacity change from 0 to 1
[  279.472290][T13157] loop3: detected capacity change from 0 to 1
[  279.504240][T13145]  loop2: p2 p3 p4
01:17:18 executing program 1 (fault-call:4 fault-nth:15):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.508170][T13145] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  279.514110][T13151]  loop5: p2 p3 p4
[  279.520220][T13151] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  279.520970][T13157]  loop3: p2 p3 p4
[  279.527837][T13151] loop5: p3 start 225 is beyond EOD, truncated
[  279.532089][T13145] loop2: p3 start 225 is beyond EOD, 
[  279.537420][T13151] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  279.539135][T13157] loop3: p2 size 1073872896 extends beyond EOD, 
[  279.542809][T13145] truncated
[  279.542815][T13145] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  279.556909][T13173] FAULT_INJECTION: forcing a failure.
[  279.556909][T13173] name failslab, interval 1, probability 0, space 0, times 0
[  279.559404][T13157] truncated
[  279.567437][T13157] loop3: p3 start 225 is beyond EOD, 
[  279.579238][T13173] CPU: 0 PID: 13173 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  279.582335][T13157] truncated
[  279.582341][T13157] loop3: p4 size 3657465856 extends beyond EOD, 
01:17:18 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x9, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.587680][T13173] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  279.587690][T13173] Call Trace:
[  279.587696][T13173]  dump_stack+0x137/0x19d
[  279.596874][T13157] truncated
[  279.600730][T13173]  should_fail+0x23c/0x250
[  279.632214][T13173]  ? __kernfs_new_node+0x6a/0x330
[  279.637221][T13173]  __should_failslab+0x81/0x90
[  279.642064][T13173]  should_failslab+0x5/0x20
[  279.646590][T13173]  kmem_cache_alloc+0x46/0x2f0
[  279.651345][T13173]  ? __cond_resched+0x11/0x40
[  279.655997][T13173]  __kernfs_new_node+0x6a/0x330
[  279.660842][T13173]  ? idr_alloc_cyclic+0x249/0x2d0
[  279.665910][T13173]  ? rb_insert_color+0x7e/0x310
[  279.670782][T13173]  kernfs_new_node+0x5b/0xd0
[  279.675366][T13173]  __kernfs_create_file+0x45/0x1a0
[  279.680457][T13173]  sysfs_add_file_mode_ns+0x1c1/0x250
[  279.685840][T13173]  internal_create_group+0x2e4/0x850
[  279.691156][T13173]  sysfs_create_group+0x1b/0x20
[  279.696178][T13173]  loop_configure+0xa21/0xcb0
[  279.700838][T13173]  lo_ioctl+0x555/0x11f0
[  279.705155][T13173]  ? path_openat+0x19ab/0x20b0
[  279.709910][T13173]  ? putname+0xa5/0xc0
[  279.713953][T13173]  ? ___cache_free+0x3c/0x300
[  279.718608][T13173]  ? blkdev_common_ioctl+0x9c3/0x1040
[  279.723990][T13173]  ? selinux_file_ioctl+0x8e0/0x970
[  279.729162][T13173]  ? lo_release+0x120/0x120
[  279.733715][T13173]  blkdev_ioctl+0x1d0/0x3c0
[  279.738196][T13173]  block_ioctl+0x6d/0x80
[  279.742417][T13173]  ? blkdev_iopoll+0x70/0x70
[  279.747083][T13173]  __se_sys_ioctl+0xcb/0x140
[  279.751700][T13173]  __x64_sys_ioctl+0x3f/0x50
[  279.756343][T13173]  do_syscall_64+0x4a/0x90
[  279.760754][T13173]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  279.766624][T13173] RIP: 0033:0x466397
[  279.770490][T13173] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  279.790171][T13173] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  279.798569][T13173] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  279.806517][T13173] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
01:17:18 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:17:18 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x80fe, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  279.814465][T13173] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  279.822591][T13173] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  279.830539][T13173] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  279.846484][ T1032]  loop2: p2 p3 p4
[  279.850808][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  279.857467][T13173] loop1: detected capacity change from 0 to 1
01:17:18 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x8, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:18 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x26, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.886353][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  279.892636][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  279.901472][T13198] loop5: detected capacity change from 0 to 1
[  279.904456][T13199] loop3: detected capacity change from 0 to 1
[  279.913875][T13173]  loop1: p2 p3 p4
[  279.918226][T13173] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  279.919966][T13203] loop4: detected capacity change from 0 to 1
[  279.930388][T13173] loop1: p3 start 225 is beyond EOD, truncated
[  279.937690][T13173] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  279.964160][T13198]  loop5: p2 p3 p4
[  279.968302][T13199]  loop3: p2 p3 p4
[  279.972050][T13199] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:19 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e1000000887700720030", 0x30, 0x1c0}])

01:17:19 executing program 1 (fault-call:4 fault-nth:16):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:19 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x9, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  279.981190][T13198] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  279.984071][T13199] loop3: p3 start 225 is beyond EOD, truncated
[  279.990064][T13198] loop5: p3 start 225 is beyond EOD, 
[  279.994541][T13199] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.007017][T13198] truncated
[  280.010105][T13198] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  280.020500][T13210] loop2: detected capacity change from 0 to 1
01:17:19 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2e, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  280.073411][T13210]  loop2: p2 p3 p4
[  280.081965][T13210] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  280.099953][T13210] loop2: p3 start 225 is beyond EOD, truncated
[  280.101800][T13236] loop4: detected capacity change from 0 to 1
[  280.106165][T13210] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  280.119073][T13247] FAULT_INJECTION: forcing a failure.
[  280.119073][T13247] name failslab, interval 1, probability 0, space 0, times 0
[  280.119745][T13248] loop5: detected capacity change from 0 to 1
[  280.131938][T13247] CPU: 1 PID: 13247 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  280.138604][T13244] loop3: detected capacity change from 0 to 1
[  280.146873][T13247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  280.146887][T13247] Call Trace:
[  280.146894][T13247]  dump_stack+0x137/0x19d
[  280.146919][T13247]  should_fail+0x23c/0x250
[  280.175003][T13247]  ? __kernfs_new_node+0x6a/0x330
[  280.180116][T13247]  __should_failslab+0x81/0x90
[  280.184860][T13247]  should_failslab+0x5/0x20
[  280.189426][T13247]  kmem_cache_alloc+0x46/0x2f0
[  280.194184][T13247]  __kernfs_new_node+0x6a/0x330
[  280.199058][T13247]  ? __cond_resched+0x11/0x40
[  280.203712][T13247]  ? mutex_lock+0x9/0x30
[  280.207931][T13247]  kernfs_new_node+0x5b/0xd0
[  280.212498][T13247]  __kernfs_create_file+0x45/0x1a0
[  280.217608][T13247]  sysfs_add_file_mode_ns+0x1c1/0x250
[  280.222965][T13247]  internal_create_group+0x2e4/0x850
[  280.228274][T13247]  sysfs_create_group+0x1b/0x20
[  280.233101][T13247]  loop_configure+0xa21/0xcb0
[  280.237772][T13247]  lo_ioctl+0x555/0x11f0
[  280.241989][T13247]  ? path_openat+0x19ab/0x20b0
[  280.246731][T13247]  ? putname+0xa5/0xc0
[  280.250779][T13247]  ? ___cache_free+0x3c/0x300
[  280.255446][T13247]  ? blkdev_common_ioctl+0x9c3/0x1040
[  280.260810][T13247]  ? selinux_file_ioctl+0x8e0/0x970
[  280.265985][T13247]  ? lo_release+0x120/0x120
[  280.270499][T13247]  blkdev_ioctl+0x1d0/0x3c0
[  280.274996][T13247]  block_ioctl+0x6d/0x80
[  280.279229][T13247]  ? blkdev_iopoll+0x70/0x70
[  280.283796][T13247]  __se_sys_ioctl+0xcb/0x140
[  280.288364][T13247]  __x64_sys_ioctl+0x3f/0x50
[  280.293821][T13247]  do_syscall_64+0x4a/0x90
[  280.298295][T13247]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  280.304181][T13247] RIP: 0033:0x466397
[  280.308057][T13247] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  280.327689][T13247] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.336093][T13247] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  280.344065][T13247] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  280.352012][T13247] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  280.360000][T13247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  280.367959][T13247] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  280.376049][T13247] loop1: detected capacity change from 0 to 1
[  280.404009][T13244]  loop3: p2 p3 p4
[  280.407831][T13244] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  280.413694][ T1032]  loop5: p2 p3 p4
01:17:19 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:19 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  280.418837][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  280.426360][T13247]  loop1: p2 p3 p4
[  280.430403][T13247] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  280.438233][T13244] loop3: p3 start 225 is beyond EOD, truncated
[  280.444472][T13244] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.449436][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  280.457001][T13269] loop2: detected capacity change from 0 to 1
[  280.457804][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  280.471493][T13247] loop1: p3 start 225 is beyond EOD, truncated
[  280.477724][T13247] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  280.486313][T13248]  loop5: p2 p3 p4
[  280.488382][T13273] loop4: detected capacity change from 0 to 1
[  280.490200][T13248] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  280.503665][T13248] loop5: p3 start 225 is beyond EOD, truncated
[  280.509934][T13248] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  280.513803][T13269]  loop2: p2 p3 p4
01:17:19 executing program 1 (fault-call:4 fault-nth:17):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:19 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  280.521140][T13269] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  280.528931][T13269] loop2: p3 start 225 is beyond EOD, truncated
[  280.535116][T13269] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:19 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  280.576179][T13298] FAULT_INJECTION: forcing a failure.
[  280.576179][T13298] name failslab, interval 1, probability 0, space 0, times 0
[  280.588893][T13298] CPU: 0 PID: 13298 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  280.597656][T13298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  280.607714][T13298] Call Trace:
[  280.610998][T13298]  dump_stack+0x137/0x19d
[  280.616415][T13298]  should_fail+0x23c/0x250
[  280.620867][T13298]  ? __kernfs_new_node+0x6a/0x330
[  280.626050][T13298]  __should_failslab+0x81/0x90
[  280.630859][T13298]  should_failslab+0x5/0x20
[  280.633538][T13301] loop3: detected capacity change from 0 to 1
[  280.635357][T13298]  kmem_cache_alloc+0x46/0x2f0
[  280.646178][T13298]  __kernfs_new_node+0x6a/0x330
[  280.651169][T13298]  ? __cond_resched+0x11/0x40
[  280.655908][T13298]  ? mutex_lock+0x9/0x30
[  280.660129][T13298]  kernfs_new_node+0x5b/0xd0
[  280.664699][T13298]  __kernfs_create_file+0x45/0x1a0
[  280.669898][T13298]  sysfs_add_file_mode_ns+0x1c1/0x250
[  280.675298][T13298]  internal_create_group+0x2e4/0x850
[  280.680634][T13298]  sysfs_create_group+0x1b/0x20
[  280.685483][T13298]  loop_configure+0xa21/0xcb0
[  280.690151][T13298]  lo_ioctl+0x555/0x11f0
[  280.694426][T13298]  ? path_openat+0x19ab/0x20b0
[  280.699167][T13298]  ? putname+0xa5/0xc0
[  280.703257][T13298]  ? ___cache_free+0x3c/0x300
[  280.707908][T13298]  ? blkdev_common_ioctl+0x9c3/0x1040
[  280.713257][T13298]  ? selinux_file_ioctl+0x8e0/0x970
[  280.718431][T13298]  ? lo_release+0x120/0x120
01:17:19 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x8c05, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:19 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3e, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:19 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  280.722908][T13298]  blkdev_ioctl+0x1d0/0x3c0
[  280.727390][T13298]  block_ioctl+0x6d/0x80
[  280.731611][T13298]  ? blkdev_iopoll+0x70/0x70
[  280.736245][T13298]  __se_sys_ioctl+0xcb/0x140
[  280.740814][T13298]  __x64_sys_ioctl+0x3f/0x50
[  280.745395][T13298]  do_syscall_64+0x4a/0x90
[  280.749902][T13298]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  280.755864][T13298] RIP: 0033:0x466397
[  280.759848][T13298] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  280.779786][T13298] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  280.788245][T13298] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  280.796213][T13298] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  280.804166][T13298] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  280.812117][T13298] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  280.820098][T13298] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  280.828453][T13298] loop1: detected capacity change from 0 to 1
[  280.877866][T13301]  loop3: p2 p3 p4
[  280.877876][ T1032]  loop1: p2 p3 p4
[  280.877952][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  280.881676][T13301] loop3: p2 size 1073872896 extends beyond EOD, 
[  280.885396][ T1032] truncated
[  280.889753][T13321] loop5: detected capacity change from 0 to 1
[  280.891704][T13301] truncated
[  280.891840][T13308] loop4: detected capacity change from 0 to 1
[  280.898223][ T1032] loop1: p3 start 225 is beyond EOD, 
[  280.907753][T13301] loop3: p3 start 225 is beyond EOD, 
[  280.910358][ T1032] truncated
[  280.910364][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  280.919095][T13327] loop2: detected capacity change from 0 to 1
[  280.921853][T13301] truncated
[  280.946597][T13301] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  280.955573][T13298]  loop1: p2 p3 p4
[  280.959431][T13298] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  280.967879][T13298] loop1: p3 start 225 is beyond EOD, truncated
[  280.974103][T13298] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  280.981774][T13321]  loop5: p2 p3 p4
[  280.981774][T13327]  loop2: p2 p3 p4
[  280.981964][T13327] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  280.989945][T13321] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  281.004211][T13327] loop2: p3 start 225 is beyond EOD, truncated
[  281.007806][T13321] loop5: p3 start 225 is beyond EOD, truncated
[  281.010501][T13327] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:20 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:20 executing program 1 (fault-call:4 fault-nth:18):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  281.016674][T13321] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:20 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff0000", 0x38, 0x1c0}])

[  281.049490][T13349] loop3: detected capacity change from 0 to 1
01:17:20 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x48, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:20 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  281.103570][T13349]  loop3: p2 p3 p4
[  281.107405][T13349] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  281.125518][T13359] FAULT_INJECTION: forcing a failure.
[  281.125518][T13359] name failslab, interval 1, probability 0, space 0, times 0
[  281.128544][T13349] loop3: p3 start 225 is beyond EOD, truncated
[  281.138164][T13359] CPU: 1 PID: 13359 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  281.144348][T13349] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  281.153048][T13359] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.153062][T13359] Call Trace:
[  281.173451][T13359]  dump_stack+0x137/0x19d
[  281.177812][T13359]  should_fail+0x23c/0x250
[  281.182214][T13359]  ? __kernfs_new_node+0x6a/0x330
[  281.187174][T13370] loop4: detected capacity change from 0 to 1
[  281.187217][T13359]  __should_failslab+0x81/0x90
[  281.197999][T13359]  should_failslab+0x5/0x20
[  281.202501][T13359]  kmem_cache_alloc+0x46/0x2f0
[  281.207267][T13359]  __kernfs_new_node+0x6a/0x330
[  281.212256][T13359]  ? __cond_resched+0x11/0x40
[  281.217012][T13359]  ? mutex_lock+0x9/0x30
[  281.221289][T13359]  kernfs_new_node+0x5b/0xd0
[  281.225881][T13359]  __kernfs_create_file+0x45/0x1a0
[  281.231030][T13359]  sysfs_add_file_mode_ns+0x1c1/0x250
[  281.236392][T13359]  internal_create_group+0x2e4/0x850
[  281.241722][T13359]  sysfs_create_group+0x1b/0x20
[  281.246650][T13359]  loop_configure+0xa21/0xcb0
[  281.251447][T13359]  lo_ioctl+0x555/0x11f0
[  281.255726][T13359]  ? path_openat+0x19ab/0x20b0
[  281.260510][T13359]  ? putname+0xa5/0xc0
[  281.264565][T13359]  ? ___cache_free+0x3c/0x300
[  281.269221][T13359]  ? blkdev_common_ioctl+0x9c3/0x1040
[  281.274577][T13359]  ? selinux_file_ioctl+0x8e0/0x970
[  281.279756][T13359]  ? lo_release+0x120/0x120
[  281.284257][T13359]  blkdev_ioctl+0x1d0/0x3c0
[  281.288737][T13359]  block_ioctl+0x6d/0x80
[  281.292981][T13359]  ? blkdev_iopoll+0x70/0x70
[  281.297547][T13359]  __se_sys_ioctl+0xcb/0x140
[  281.302149][T13359]  __x64_sys_ioctl+0x3f/0x50
[  281.306722][T13359]  do_syscall_64+0x4a/0x90
[  281.311195][T13359]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  281.317085][T13359] RIP: 0033:0x466397
[  281.320955][T13359] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  281.340552][T13359] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:17:20 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  281.348945][T13359] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  281.356943][T13359] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  281.364970][T13359] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  281.372928][T13359] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  281.380926][T13359] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  281.389122][T13359] loop1: detected capacity change from 0 to 1
[  281.448448][T13359]  loop1: p2 p3 p4
[  281.452344][T13359] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  281.459956][T13379] loop2: detected capacity change from 0 to 1
[  281.466359][T13380] loop5: detected capacity change from 0 to 1
[  281.466414][T13359] loop1: p3 start 225 is beyond EOD, truncated
[  281.477891][T13390] loop3: detected capacity change from 0 to 1
[  281.478655][T13359] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:20 executing program 1 (fault-call:4 fault-nth:19):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:20 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  281.514409][T13390]  loop3: p2 p3 p4
[  281.518310][T13380]  loop5: p2 p3 p4
[  281.522100][T13379]  loop2: p2 p3 p4
[  281.530305][T13390] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  281.534378][T13380] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  281.545492][T13379] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  281.561855][T13390] loop3: p3 start 225 is beyond EOD, truncated
[  281.564358][T13380] loop5: p3 start 225 is beyond EOD, truncated
[  281.568075][T13390] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  281.574266][T13380] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  281.606550][T13379] loop2: p3 start 225 is beyond EOD, truncated
[  281.612739][T13379] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  281.624535][T13412] loop4: detected capacity change from 0 to 1
[  281.630852][T13413] FAULT_INJECTION: forcing a failure.
[  281.630852][T13413] name failslab, interval 1, probability 0, space 0, times 0
[  281.643480][T13413] CPU: 0 PID: 13413 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
01:17:20 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xb804, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  281.653409][T13413] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  281.663467][T13413] Call Trace:
[  281.666819][T13413]  dump_stack+0x137/0x19d
[  281.671756][T13413]  should_fail+0x23c/0x250
[  281.676248][T13413]  ? __kernfs_new_node+0x6a/0x330
[  281.681277][T13413]  __should_failslab+0x81/0x90
[  281.686096][T13413]  should_failslab+0x5/0x20
[  281.690577][T13413]  kmem_cache_alloc+0x46/0x2f0
[  281.695321][T13413]  __kernfs_new_node+0x6a/0x330
[  281.700383][T13413]  ? __cond_resched+0x11/0x40
[  281.705242][T13413]  ? mutex_lock+0x9/0x30
[  281.709535][T13413]  kernfs_new_node+0x5b/0xd0
[  281.714121][T13413]  __kernfs_create_file+0x45/0x1a0
[  281.719326][T13413]  sysfs_add_file_mode_ns+0x1c1/0x250
[  281.724699][T13413]  internal_create_group+0x2e4/0x850
[  281.729979][T13413]  sysfs_create_group+0x1b/0x20
[  281.734808][T13413]  loop_configure+0xa21/0xcb0
[  281.739537][T13413]  lo_ioctl+0x555/0x11f0
[  281.743757][T13413]  ? path_openat+0x19ab/0x20b0
[  281.748499][T13413]  ? putname+0xa5/0xc0
[  281.752545][T13413]  ? kcsan_setup_watchpoint+0x213/0x380
[  281.758075][T13413]  ? blkdev_common_ioctl+0x9c3/0x1040
[  281.763428][T13413]  ? selinux_file_ioctl+0x8e0/0x970
[  281.768624][T13413]  ? lo_release+0x120/0x120
[  281.773159][T13413]  blkdev_ioctl+0x1d0/0x3c0
[  281.777644][T13413]  block_ioctl+0x6d/0x80
[  281.781883][T13413]  ? blkdev_iopoll+0x70/0x70
[  281.786456][T13413]  __se_sys_ioctl+0xcb/0x140
[  281.791030][T13413]  __x64_sys_ioctl+0x3f/0x50
[  281.795659][T13413]  do_syscall_64+0x4a/0x90
[  281.800497][T13413]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  281.806431][T13413] RIP: 0033:0x466397
[  281.810300][T13413] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  281.830819][T13413] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  281.839208][T13413] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  281.847177][T13413] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
01:17:20 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:21 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:21 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  281.855195][T13413] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  281.863333][T13413] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  281.873234][T13413] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  281.887307][T13413] loop1: detected capacity change from 0 to 1
01:17:21 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  281.940965][T13413]  loop1: p2 p3 p4
[  281.945045][T13413] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  281.967516][T13413] loop1: p3 start 225 is beyond EOD, truncated
[  281.973749][T13413] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  281.981707][T13443] loop3: detected capacity change from 0 to 1
01:17:21 executing program 1 (fault-call:4 fault-nth:20):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  281.992029][T13441] loop5: detected capacity change from 0 to 1
[  281.999047][T13440] loop2: detected capacity change from 0 to 1
[  282.005249][T13444] loop4: detected capacity change from 0 to 1
[  282.023594][T13443]  loop3: p2 p3 p4
[  282.031739][T13443] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  282.040336][T13443] loop3: p3 start 225 is beyond EOD, truncated
[  282.043671][T13441]  loop5: p2 p3 p4
[  282.046581][T13443] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  282.050476][T13441] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  282.064931][T13441] loop5: p3 start 225 is beyond EOD, truncated
[  282.065263][T13440]  loop2: p2 p3 p4
[  282.071087][T13441] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  282.087228][T13440] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  282.094922][T13440] loop2: p3 start 225 is beyond EOD, truncated
[  282.101092][T13440] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  282.106557][T13472] FAULT_INJECTION: forcing a failure.
[  282.106557][T13472] name failslab, interval 1, probability 0, space 0, times 0
[  282.120924][T13472] CPU: 0 PID: 13472 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  282.129677][T13472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  282.139751][T13472] Call Trace:
[  282.143026][T13472]  dump_stack+0x137/0x19d
[  282.147593][T13472]  should_fail+0x23c/0x250
[  282.151989][T13472]  ? __kernfs_new_node+0x6a/0x330
[  282.156993][T13472]  __should_failslab+0x81/0x90
[  282.161901][T13472]  should_failslab+0x5/0x20
[  282.166471][T13472]  kmem_cache_alloc+0x46/0x2f0
[  282.171350][T13472]  __kernfs_new_node+0x6a/0x330
[  282.176190][T13472]  ? __cond_resched+0x11/0x40
[  282.180862][T13472]  ? mutex_lock+0x9/0x30
[  282.185112][T13472]  kernfs_new_node+0x5b/0xd0
[  282.189711][T13472]  __kernfs_create_file+0x45/0x1a0
[  282.194899][T13472]  sysfs_add_file_mode_ns+0x1c1/0x250
[  282.201132][T13472]  internal_create_group+0x2e4/0x850
[  282.206646][T13472]  sysfs_create_group+0x1b/0x20
[  282.211488][T13472]  loop_configure+0xa21/0xcb0
[  282.216147][T13472]  lo_ioctl+0x555/0x11f0
[  282.220434][T13472]  ? path_openat+0x19ab/0x20b0
[  282.225207][T13472]  ? putname+0xa5/0xc0
[  282.229254][T13472]  ? ___cache_free+0x3c/0x300
[  282.233985][T13472]  ? blkdev_common_ioctl+0x9c3/0x1040
[  282.239400][T13472]  ? selinux_file_ioctl+0x8e0/0x970
[  282.244582][T13472]  ? lo_release+0x120/0x120
[  282.249072][T13472]  blkdev_ioctl+0x1d0/0x3c0
[  282.253667][T13472]  block_ioctl+0x6d/0x80
[  282.257992][T13472]  ? blkdev_iopoll+0x70/0x70
[  282.262708][T13472]  __se_sys_ioctl+0xcb/0x140
[  282.267280][T13472]  __x64_sys_ioctl+0x3f/0x50
[  282.271883][T13472]  do_syscall_64+0x4a/0x90
[  282.276277][T13472]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  282.282165][T13472] RIP: 0033:0x466397
[  282.286039][T13472] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  282.305774][T13472] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  282.314162][T13472] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  282.322122][T13472] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  282.330094][T13472] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
01:17:21 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff000000000080", 0x3c, 0x1c0}])

[  282.338050][T13472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  282.346318][T13472] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  282.355290][T13472] loop1: detected capacity change from 0 to 1
01:17:21 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x60, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:21 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:21 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  282.393293][T13472]  loop1: p2 p3 p4
[  282.397285][T13472] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  282.410735][T13472] loop1: p3 start 225 is beyond EOD, truncated
[  282.416981][T13472] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  282.424571][T13485] loop4: detected capacity change from 0 to 1
[  282.445238][T13497] loop5: detected capacity change from 0 to 1
[  282.454061][T13501] loop2: detected capacity change from 0 to 1
[  282.460918][T13502] loop3: detected capacity change from 0 to 1
[  282.473372][T13497]  loop5: p2 p3 p4
[  282.477233][T13497] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  282.485142][T13497] loop5: p3 start 225 is beyond EOD, truncated
[  282.491308][T13497] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  282.499146][T13502]  loop3: p2 p3 p4
[  282.506192][T13501]  loop2: p2 p3 p4
[  282.513559][T13502] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  282.526979][T13502] loop3: p3 start 225 is beyond EOD, truncated
[  282.530887][T13501] loop2: p2 size 1073872896 extends beyond EOD, 
01:17:21 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

01:17:21 executing program 1 (fault-call:4 fault-nth:21):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  282.533192][T13502] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  282.546720][T13501] truncated
01:17:21 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xfc00, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:21 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x68, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:21 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xf, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  282.577778][T13501] loop2: p3 start 225 is beyond EOD, truncated
[  282.584028][T13501] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  282.592029][T13533] loop4: detected capacity change from 0 to 1
[  282.667348][T13535] loop1: detected capacity change from 0 to 1
[  282.672544][T13546] loop5: detected capacity change from 0 to 1
[  282.680215][T13535] FAULT_INJECTION: forcing a failure.
[  282.680215][T13535] name failslab, interval 1, probability 0, space 0, times 0
[  282.684624][T13551] loop3: detected capacity change from 0 to 1
[  282.692874][T13535] CPU: 1 PID: 13535 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
01:17:21 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xf, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  282.709976][T13535] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  282.720032][T13535] Call Trace:
[  282.723310][T13535]  dump_stack+0x137/0x19d
[  282.727640][T13535]  should_fail+0x23c/0x250
[  282.732110][T13535]  __should_failslab+0x81/0x90
[  282.736929][T13535]  ? kobject_uevent_env+0x1a7/0xc40
[  282.742107][T13535]  should_failslab+0x5/0x20
[  282.746662][T13535]  kmem_cache_alloc_trace+0x49/0x310
[  282.751975][T13535]  ? dev_uevent_filter+0x70/0x70
[  282.756890][T13535]  kobject_uevent_env+0x1a7/0xc40
[  282.761919][T13535]  kobject_uevent+0x18/0x20
[  282.766402][T13535]  loop_configure+0xb3c/0xcb0
[  282.771069][T13535]  lo_ioctl+0x555/0x11f0
[  282.775389][T13535]  ? path_openat+0x19ab/0x20b0
[  282.780248][T13535]  ? putname+0xa5/0xc0
[  282.784293][T13535]  ? ___cache_free+0x3c/0x300
[  282.788952][T13535]  ? blkdev_common_ioctl+0x9c3/0x1040
[  282.794328][T13535]  ? selinux_file_ioctl+0x8e0/0x970
[  282.799515][T13535]  ? lo_release+0x120/0x120
[  282.804702][T13535]  blkdev_ioctl+0x1d0/0x3c0
[  282.809200][T13535]  block_ioctl+0x6d/0x80
[  282.813424][T13535]  ? blkdev_iopoll+0x70/0x70
[  282.818121][T13535]  __se_sys_ioctl+0xcb/0x140
[  282.822761][T13535]  __x64_sys_ioctl+0x3f/0x50
[  282.828227][T13535]  do_syscall_64+0x4a/0x90
[  282.833245][T13535]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  282.839363][T13535] RIP: 0033:0x466397
[  282.843291][T13535] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  282.862928][T13535] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  282.871331][T13535] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  282.879303][T13535] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  282.887302][T13535] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  282.895255][T13535] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  282.904108][T13535] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  282.923221][T13546]  loop5: p2 p3 p4
[  282.927147][T13546] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  282.937917][ T1032]  loop1: p2 p3 p4
[  282.941760][T13561] loop2: detected capacity change from 0 to 1
[  282.941791][T13551]  loop3: p2 p3 p4
[  282.952579][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  282.957819][T13551] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  282.967531][T13546] loop5: p3 start 225 is beyond EOD, truncated
01:17:22 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  282.969779][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  282.973816][T13546] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  282.979935][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  283.000619][T13551] loop3: p3 start 225 is beyond EOD, truncated
[  283.001965][T13571] loop4: detected capacity change from 0 to 1
[  283.006872][T13551] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:22 executing program 1 (fault-call:4 fault-nth:22):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da", 0x3e, 0x1c0}])

[  283.021832][T13535]  loop1: p2 p3 p4
[  283.023458][T13561]  loop2: p2 p3 p4
[  283.026458][T13535] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  283.029651][T13561] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  283.036786][T13535] loop1: p3 start 225 is beyond EOD, truncated
[  283.045683][T13561] loop2: p3 start 225 is beyond EOD, 
[  283.049710][T13535] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  283.062215][T13561] truncated
[  283.065346][T13561] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:22 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x10, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x10, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  283.136722][T13598] loop4: detected capacity change from 0 to 1
[  283.137504][T13601] loop5: detected capacity change from 0 to 1
[  283.145220][T13599] loop1: detected capacity change from 0 to 1
[  283.155174][T13599] FAULT_INJECTION: forcing a failure.
[  283.155174][T13599] name failslab, interval 1, probability 0, space 0, times 0
[  283.167817][T13599] CPU: 1 PID: 13599 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  283.170531][T13612] loop3: detected capacity change from 0 to 1
[  283.176685][T13599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.192828][T13599] Call Trace:
[  283.196105][T13599]  dump_stack+0x137/0x19d
[  283.200444][T13599]  should_fail+0x23c/0x250
[  283.204887][T13599]  ? kzalloc+0x1d/0x30
[  283.208966][T13599]  __should_failslab+0x81/0x90
[  283.213731][T13599]  should_failslab+0x5/0x20
[  283.218247][T13599]  __kmalloc+0x66/0x340
[  283.222383][T13599]  kzalloc+0x1d/0x30
[  283.226269][T13599]  kobject_get_path+0x7c/0x110
[  283.231029][T13599]  kobject_uevent_env+0x1be/0xc40
[  283.236089][T13599]  kobject_uevent+0x18/0x20
[  283.240637][T13599]  loop_configure+0xb3c/0xcb0
[  283.245305][T13599]  lo_ioctl+0x555/0x11f0
[  283.249559][T13599]  ? path_openat+0x19ab/0x20b0
[  283.254324][T13599]  ? putname+0xa5/0xc0
[  283.258378][T13599]  ? ___cache_free+0x3c/0x300
[  283.263033][T13599]  ? blkdev_common_ioctl+0x9c3/0x1040
[  283.268500][T13599]  ? selinux_file_ioctl+0x8e0/0x970
[  283.273778][T13599]  ? lo_release+0x120/0x120
[  283.278279][T13599]  blkdev_ioctl+0x1d0/0x3c0
[  283.282777][T13599]  block_ioctl+0x6d/0x80
[  283.287069][T13599]  ? blkdev_iopoll+0x70/0x70
[  283.291653][T13599]  __se_sys_ioctl+0xcb/0x140
[  283.296238][T13599]  __x64_sys_ioctl+0x3f/0x50
[  283.300823][T13599]  do_syscall_64+0x4a/0x90
[  283.305247][T13599]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  283.311118][T13599] RIP: 0033:0x466397
[  283.315041][T13599] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  283.334724][T13599] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  283.343386][T13599] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  283.351632][T13599] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  283.359605][T13599] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  283.367567][T13599] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  283.375528][T13599] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  283.393155][T13612]  loop3: p2 p3 p4
[  283.393242][T13601]  loop5: p2 p3 p4
[  283.397064][T13612] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  283.400803][T13601] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  283.410136][T13612] loop3: p3 start 225 is beyond EOD, truncated
[  283.416755][T13599]  loop1: p2 p3 p4
[  283.421116][T13612] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  283.430391][T13614] loop2: detected capacity change from 0 to 1
01:17:22 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

01:17:22 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xfe80, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  283.439051][T13601] loop5: p3 start 225 is beyond EOD, truncated
[  283.441869][T13599] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  283.445277][T13601] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  283.460571][T13599] loop1: p3 start 225 is beyond EOD, truncated
[  283.466776][T13599] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  283.484487][ T1032]  loop5: p2 p3 p4
01:17:22 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x11, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  283.489941][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  283.492986][T13614]  loop2: p2 p3 p4
[  283.498848][T13634] loop4: detected capacity change from 0 to 1
[  283.507009][T13614] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  283.509235][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  283.520319][ T1032] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  283.525159][T13614] loop2: p3 start 225 is beyond EOD, truncated
[  283.533422][T13650] loop3: detected capacity change from 0 to 1
01:17:22 executing program 1 (fault-call:4 fault-nth:23):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x74, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x11, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:22 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  283.533646][T13614] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  283.553022][T13650]  loop3: p2 p3 p4
[  283.557016][T13650] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  283.572342][T13650] loop3: p3 start 225 is beyond EOD, truncated
[  283.578573][T13650] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:22 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x12, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  283.628188][T13666] loop1: detected capacity change from 0 to 1
[  283.636961][T13666] FAULT_INJECTION: forcing a failure.
[  283.636961][T13666] name failslab, interval 1, probability 0, space 0, times 0
[  283.649642][T13666] CPU: 1 PID: 13666 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  283.658487][T13666] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  283.661558][T13672] loop5: detected capacity change from 0 to 1
[  283.668533][T13666] Call Trace:
[  283.668543][T13666]  dump_stack+0x137/0x19d
[  283.668565][T13666]  should_fail+0x23c/0x250
[  283.668582][T13666]  ? kzalloc+0x1d/0x30
[  283.690622][T13666]  __should_failslab+0x81/0x90
[  283.695368][T13666]  should_failslab+0x5/0x20
[  283.699851][T13666]  __kmalloc+0x66/0x340
[  283.704075][T13666]  kzalloc+0x1d/0x30
[  283.708002][T13666]  kobject_get_path+0x7c/0x110
[  283.712770][T13666]  kobject_uevent_env+0x1be/0xc40
[  283.717782][T13666]  kobject_uevent+0x18/0x20
[  283.722337][T13666]  loop_configure+0xb3c/0xcb0
[  283.726999][T13666]  lo_ioctl+0x555/0x11f0
[  283.731239][T13666]  ? path_openat+0x19ab/0x20b0
[  283.736036][T13666]  ? putname+0xa5/0xc0
[  283.740303][T13666]  ? ___cache_free+0x3c/0x300
[  283.744993][T13666]  ? blkdev_common_ioctl+0x9c3/0x1040
[  283.750461][T13666]  ? selinux_file_ioctl+0x8e0/0x970
[  283.755648][T13666]  ? lo_release+0x120/0x120
[  283.760146][T13666]  blkdev_ioctl+0x1d0/0x3c0
[  283.764629][T13666]  block_ioctl+0x6d/0x80
[  283.769039][T13666]  ? blkdev_iopoll+0x70/0x70
[  283.773804][T13666]  __se_sys_ioctl+0xcb/0x140
[  283.778380][T13666]  __x64_sys_ioctl+0x3f/0x50
[  283.782972][T13666]  do_syscall_64+0x4a/0x90
[  283.787449][T13666]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  283.793324][T13666] RIP: 0033:0x466397
[  283.797192][T13666] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  283.816795][T13666] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  283.825238][T13666] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  283.833279][T13666] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  283.841234][T13666] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  283.849228][T13666] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  283.857241][T13666] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  283.866421][T13680] loop4: detected capacity change from 0 to 1
[  283.876032][T13684] loop2: detected capacity change from 0 to 1
[  283.876418][T13685] loop3: detected capacity change from 0 to 1
[  283.892865][T13672]  loop5: p2 p3 p4
[  283.896728][T13672] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  283.906698][T13666]  loop1: p2 p3 p4
[  283.910713][T13666] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  283.912941][ T1032]  loop2: p2 p3 p4
01:17:23 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55", 0x3f, 0x1c0}])

[  283.920042][T13666] loop1: p3 start 225 is beyond EOD, truncated
[  283.925210][T13685]  loop3: p2 p3 p4
[  283.930320][T13666] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  283.942773][T13672] loop5: p3 start 225 is beyond EOD, truncated
[  283.948994][T13672] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  283.963831][T13685] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:23 executing program 1 (fault-call:4 fault-nth:24):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  283.983208][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  283.990716][T13705] loop4: detected capacity change from 0 to 1
[  283.997636][T13685] loop3: p3 start 225 is beyond EOD, truncated
[  284.003846][T13685] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  284.011259][T13710] loop1: detected capacity change from 0 to 1
[  284.012229][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  284.017441][T13710] FAULT_INJECTION: forcing a failure.
[  284.017441][T13710] name failslab, interval 1, probability 0, space 0, times 0
[  284.023536][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  284.036131][T13710] CPU: 1 PID: 13710 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  284.052158][T13710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  284.062212][T13710] Call Trace:
[  284.065494][T13710]  dump_stack+0x137/0x19d
[  284.070514][T13710]  should_fail+0x23c/0x250
[  284.074908][T13710]  __should_failslab+0x81/0x90
[  284.079664][T13710]  should_failslab+0x5/0x20
[  284.084147][T13710]  kmem_cache_alloc_node_trace+0x58/0x2e0
[  284.089863][T13710]  ? __kmalloc_node_track_caller+0x30/0x40
[  284.095652][T13710]  ? kmem_cache_alloc_node+0x1da/0x2b0
[  284.101103][T13710]  __kmalloc_node_track_caller+0x30/0x40
[  284.106725][T13710]  ? alloc_uevent_skb+0x5b/0x120
[  284.111767][T13710]  __alloc_skb+0x187/0x420
[  284.116242][T13710]  alloc_uevent_skb+0x5b/0x120
[  284.120986][T13710]  kobject_uevent_env+0x863/0xc40
[  284.126059][T13710]  kobject_uevent+0x18/0x20
[  284.130559][T13710]  loop_configure+0xb3c/0xcb0
[  284.135216][T13710]  lo_ioctl+0x555/0x11f0
[  284.139438][T13710]  ? path_openat+0x19ab/0x20b0
[  284.144181][T13710]  ? putname+0xa5/0xc0
[  284.148236][T13710]  ? ___cache_free+0x3c/0x300
[  284.153058][T13710]  ? blkdev_common_ioctl+0x9c3/0x1040
[  284.158472][T13710]  ? selinux_file_ioctl+0x8e0/0x970
[  284.163678][T13710]  ? lo_release+0x120/0x120
[  284.168164][T13710]  blkdev_ioctl+0x1d0/0x3c0
[  284.172684][T13710]  block_ioctl+0x6d/0x80
[  284.176908][T13710]  ? blkdev_iopoll+0x70/0x70
[  284.181476][T13710]  __se_sys_ioctl+0xcb/0x140
[  284.186044][T13710]  __x64_sys_ioctl+0x3f/0x50
[  284.190612][T13710]  do_syscall_64+0x4a/0x90
[  284.195067][T13710]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  284.200988][T13710] RIP: 0033:0x466397
[  284.204869][T13710] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  284.224454][T13710] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  284.232873][T13710] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  284.240871][T13710] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  284.248817][T13710] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  284.256801][T13710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  284.265097][T13710] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  284.280150][T13684]  loop2: p2 p3 p4
01:17:23 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  284.283971][T13684] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  284.291782][T13684] loop2: p3 start 225 is beyond EOD, truncated
[  284.297970][T13684] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  284.303217][T13710]  loop1: p2 p3 p4
[  284.320838][T13710] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:23 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x13, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:23 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xff00, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:23 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7a, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:23 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x12, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  284.333150][T13710] loop1: p3 start 225 is beyond EOD, truncated
[  284.339353][T13710] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:23 executing program 1 (fault-call:4 fault-nth:25):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  284.432789][T13750] loop3: detected capacity change from 0 to 1
[  284.444937][T13751] loop5: detected capacity change from 0 to 1
[  284.466940][T13751]  loop5: p2 p3 p4
[  284.470740][T13751] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  284.475711][ T1032]  loop3: p2 p3 p4
01:17:23 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

[  284.481700][T13760] loop2: detected capacity change from 0 to 1
[  284.482412][T13751] loop5: p3 start 225 is beyond EOD, truncated
[  284.491815][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  284.493980][T13751] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  284.512886][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  284.519131][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  284.522888][T13768] loop1: detected capacity change from 0 to 1
[  284.533091][T13760]  loop2: p2 p3 p4
[  284.537026][T13768] FAULT_INJECTION: forcing a failure.
[  284.537026][T13768] name failslab, interval 1, probability 0, space 0, times 0
[  284.549659][T13768] CPU: 1 PID: 13768 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  284.558712][T13768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  284.569907][T13768] Call Trace:
[  284.573213][T13768]  dump_stack+0x137/0x19d
[  284.578505][T13768]  should_fail+0x23c/0x250
[  284.584165][T13768]  ? skb_clone+0x12c/0x1f0
[  284.588560][T13768]  __should_failslab+0x81/0x90
[  284.593607][T13768]  should_failslab+0x5/0x20
[  284.598101][T13768]  kmem_cache_alloc+0x46/0x2f0
[  284.602857][T13768]  skb_clone+0x12c/0x1f0
[  284.607079][T13768]  netlink_broadcast_filtered+0x50d/0xb90
[  284.612823][T13768]  ? skb_put+0xb9/0xf0
[  284.617001][T13768]  netlink_broadcast+0x35/0x50
[  284.621802][T13768]  kobject_uevent_env+0x8c9/0xc40
[  284.626859][T13768]  kobject_uevent+0x18/0x20
[  284.631364][T13768]  loop_configure+0xb3c/0xcb0
[  284.636080][T13768]  lo_ioctl+0x555/0x11f0
[  284.640309][T13768]  ? path_openat+0x19ab/0x20b0
[  284.645104][T13768]  ? putname+0xa5/0xc0
[  284.649151][T13768]  ? ___cache_free+0x3c/0x300
[  284.653967][T13768]  ? blkdev_common_ioctl+0x9c3/0x1040
[  284.659434][T13768]  ? selinux_file_ioctl+0x8e0/0x970
[  284.664617][T13768]  ? lo_release+0x120/0x120
[  284.669129][T13768]  blkdev_ioctl+0x1d0/0x3c0
[  284.673659][T13768]  block_ioctl+0x6d/0x80
[  284.677907][T13768]  ? blkdev_iopoll+0x70/0x70
[  284.682550][T13768]  __se_sys_ioctl+0xcb/0x140
[  284.687132][T13768]  __x64_sys_ioctl+0x3f/0x50
[  284.691702][T13768]  do_syscall_64+0x4a/0x90
[  284.696132][T13768]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  284.702033][T13768] RIP: 0033:0x466397
[  284.705935][T13768] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  284.725536][T13768] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  284.734007][T13768] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  284.742049][T13768] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  284.750000][T13768] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  284.757999][T13768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  284.765965][T13768] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  284.774910][T13760] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  284.782460][T13760] loop2: p3 start 225 is beyond EOD, truncated
[  284.788629][T13760] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  284.789810][T13750]  loop3: p2 p3 p4
[  284.801872][T13750] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  284.810515][T13750] loop3: p3 start 225 is beyond EOD, truncated
[  284.811241][T13768]  loop1: p2 p3 p4
[  284.816711][T13750] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  284.820828][T13768] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:23 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x90, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:23 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40}])

01:17:23 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x13, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  284.844073][T13768] loop1: p3 start 225 is beyond EOD, truncated
[  284.850278][T13768] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  284.864358][T13795] loop5: detected capacity change from 0 to 1
01:17:23 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x24, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:24 executing program 1 (fault-call:4 fault-nth:26):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  284.904172][T13795]  loop5: p2 p3 p4
[  284.910286][T13795] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  284.914382][T13812] loop2: detected capacity change from 0 to 1
[  284.923940][T13795] loop5: p3 start 225 is beyond EOD, truncated
[  284.930238][T13795] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  284.942756][ T1032]  loop2: p2 p3 p4
[  284.946828][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  284.960090][T13818] loop3: detected capacity change from 0 to 1
[  284.960455][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  284.970627][T13830] loop1: detected capacity change from 0 to 1
[  284.972384][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  284.985913][T13830] FAULT_INJECTION: forcing a failure.
[  284.985913][T13830] name failslab, interval 1, probability 0, space 0, times 0
[  284.998531][T13830] CPU: 0 PID: 13830 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  285.007290][T13830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.010754][T13812]  loop2: p2 p3 p4
[  285.017343][T13830] Call Trace:
[  285.017354][T13830]  dump_stack+0x137/0x19d
[  285.017378][T13830]  should_fail+0x23c/0x250
[  285.032609][T13812] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  285.033028][T13830]  __should_failslab+0x81/0x90
[  285.033052][T13830]  ? call_usermodehelper_setup+0x81/0x160
[  285.041241][T13812] loop2: p3 start 225 is beyond EOD, 
[  285.045095][T13830]  should_failslab+0x5/0x20
01:17:24 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:24 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x74, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.045118][T13830]  kmem_cache_alloc_trace+0x49/0x310
[  285.050830][T13812] truncated
[  285.050838][T13812] loop2: p4 size 3657465856 extends beyond EOD, 
[  285.056177][T13830]  ? add_uevent_var+0x16e/0x1c0
[  285.060671][T13812] truncated
[  285.083435][T13830]  ? __kfree_skb+0xfe/0x150
[  285.087976][T13830]  call_usermodehelper_setup+0x81/0x160
[  285.093618][T13830]  ? add_uevent_var+0x1c0/0x1c0
[  285.098477][T13830]  kobject_uevent_env+0xb29/0xc40
[  285.103531][T13830]  kobject_uevent+0x18/0x20
[  285.108013][T13830]  loop_configure+0xb3c/0xcb0
[  285.112665][T13830]  lo_ioctl+0x555/0x11f0
[  285.116918][T13830]  ? path_openat+0x19ab/0x20b0
[  285.121706][T13830]  ? putname+0xa5/0xc0
[  285.125795][T13830]  ? ___cache_free+0x3c/0x300
[  285.130546][T13830]  ? blkdev_common_ioctl+0x9c3/0x1040
[  285.135893][T13830]  ? selinux_file_ioctl+0x8e0/0x970
[  285.141066][T13830]  ? lo_release+0x120/0x120
[  285.145654][T13830]  blkdev_ioctl+0x1d0/0x3c0
[  285.150257][T13830]  block_ioctl+0x6d/0x80
[  285.154510][T13830]  ? blkdev_iopoll+0x70/0x70
[  285.159235][T13830]  __se_sys_ioctl+0xcb/0x140
[  285.163809][T13830]  __x64_sys_ioctl+0x3f/0x50
[  285.168556][T13830]  do_syscall_64+0x4a/0x90
[  285.172981][T13830]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  285.178858][T13830] RIP: 0033:0x466397
[  285.182871][T13830] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  285.202454][T13830] RSP: 002b:00007f561932ee98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:17:24 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xff0f, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  285.210869][T13830] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  285.219189][T13830] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  285.227178][T13830] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  285.235173][T13830] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  285.243482][T13830] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:24 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x24, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.262688][T13818]  loop3: p2 p3 p4
[  285.266480][T13818] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  285.274833][T13818] loop3: p3 start 225 is beyond EOD, truncated
[  285.281016][T13818] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  285.288881][ T1032]  loop1: p2 p3 p4
[  285.293032][T13849] loop5: detected capacity change from 0 to 1
[  285.299273][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  285.300134][T13851] loop4: detected capacity change from 0 to 1
[  285.313671][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  285.318806][T13864] loop2: detected capacity change from 0 to 1
[  285.319833][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  285.321137][T13830]  loop1: p2 p3 p4
[  285.336954][T13830] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  285.342604][T13851]  loop4: p2 p3 p4
[  285.348060][T13849]  loop5: p2 p3 p4
[  285.351856][T13849] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  285.352818][T13864]  loop2: p2 p3 p4
01:17:24 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x25, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.359309][T13851] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  285.370811][T13851] loop4: p3 start 225 is beyond EOD, truncated
[  285.373564][T13830] loop1: p3 start 225 is beyond EOD, truncated
[  285.377005][T13851] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  285.383147][T13830] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  285.393129][T13864] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  285.403645][T13881] loop3: detected capacity change from 0 to 1
01:17:24 executing program 1 (fault-call:4 fault-nth:27):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.405487][T13864] loop2: p3 start 225 is beyond EOD, truncated
[  285.410686][T13849] loop5: p3 start 225 is beyond EOD, truncated
[  285.416800][T13864] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  285.423054][T13849] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:24 executing program 4:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:24 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xfe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:24 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x25, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.463116][T13881]  loop3: p2 p3 p4
[  285.479641][T13881] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  285.508039][T13881] loop3: p3 start 225 is beyond EOD, truncated
[  285.509152][T13907] loop5: detected capacity change from 0 to 1
[  285.514261][T13881] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  285.530154][T13912] loop1: detected capacity change from 0 to 1
[  285.533738][T13910] loop4: detected capacity change from 0 to 1
[  285.536757][T13912] FAULT_INJECTION: forcing a failure.
[  285.536757][T13912] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.542376][ T1032]  loop3: p2 p3 p4
[  285.555345][T13912] CPU: 1 PID: 13912 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  285.559523][T13913] loop2: detected capacity change from 0 to 1
[  285.567780][T13912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.567793][T13912] Call Trace:
[  285.567800][T13912]  dump_stack+0x137/0x19d
[  285.574928][ T1032] loop3: p2 size 1073872896 extends beyond EOD, 
[  285.583933][T13912]  should_fail+0x23c/0x250
[  285.587219][ T1032] truncated
01:17:24 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x26, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.588264][ T1032] loop3: p3 start 225 is beyond EOD, 
[  285.591521][T13912]  should_fail_usercopy+0x16/0x20
[  285.597883][ T1032] truncated
[  285.602598][T13912]  _copy_to_user+0x1c/0x90
[  285.605719][ T1032] loop3: p4 size 3657465856 extends beyond EOD, 
[  285.611061][T13912]  lo_ioctl+0x8ce/0x11f0
[  285.616067][ T1032] truncated
[  285.619136][T13912]  ? path_openat+0x19ab/0x20b0
[  285.644149][T13912]  ? putname+0xa5/0xc0
[  285.648251][T13912]  ? ___cache_free+0x3c/0x300
[  285.652965][T13912]  ? blkdev_common_ioctl+0x9c3/0x1040
[  285.658325][T13912]  ? selinux_file_ioctl+0x8e0/0x970
[  285.663532][T13912]  ? lo_release+0x120/0x120
[  285.668035][T13912]  blkdev_ioctl+0x1d0/0x3c0
[  285.672543][T13912]  block_ioctl+0x6d/0x80
[  285.676768][T13912]  ? blkdev_iopoll+0x70/0x70
[  285.681353][T13912]  __se_sys_ioctl+0xcb/0x140
[  285.685924][T13912]  __x64_sys_ioctl+0x3f/0x50
[  285.690539][T13912]  do_syscall_64+0x4a/0x90
[  285.694940][T13912]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  285.700828][T13912] RIP: 0033:0x466397
[  285.704703][T13912] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  285.724964][T13912] RSP: 002b:00007f561932eef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  285.733476][T13912] RAX: ffffffffffffffda RBX: 00007f561932ef40 RCX: 0000000000466397
[  285.741445][T13912] RDX: 00007f561932f050 RSI: 0000000000004c05 RDI: 0000000000000006
[  285.750544][T13912] RBP: 00007f561932f1d0 R08: 0000000000000000 R09: 0000000000000000
[  285.758670][T13912] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f561932f050
[  285.766783][T13912] R13: 00007ffe6170f6df R14: 00007f561932f300 R15: 0000000000022000
[  285.775221][T13907]  loop5: p2 p3 p4
[  285.779012][T13907] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  285.782537][T13913]  loop2: p2 p3 p4
[  285.790698][T13910]  loop4: p2 p3 p4
[  285.790700][T13907] loop5: p3 start 225 is beyond EOD, truncated
[  285.795324][T13910] loop4: p2 size 1073872896 extends beyond EOD, 
[  285.800687][T13907] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  285.807056][T13910] truncated
[  285.808581][T13913] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  285.827093][T13910] loop4: p3 start 225 is beyond EOD, truncated
[  285.833320][T13910] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  285.833731][T13940] loop3: detected capacity change from 0 to 1
[  285.847736][T13913] loop2: p3 start 225 is beyond EOD, truncated
01:17:24 executing program 1 (fault-call:4 fault-nth:28):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.853956][T13913] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  285.865294][ T1032]  loop2: p2 p3 p4
[  285.869286][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  285.873894][T13953] loop1: detected capacity change from 0 to 1
[  285.882886][T13953] FAULT_INJECTION: forcing a failure.
[  285.882886][T13953] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  285.886964][ T1032] loop2: p3 start 225 is beyond EOD, truncated
01:17:25 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x140, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  285.895951][T13953] CPU: 0 PID: 13953 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  285.902105][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  285.911255][T13953] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  285.911270][T13953] Call Trace:
[  285.911278][T13953]  dump_stack+0x137/0x19d
[  285.935969][T13953]  should_fail+0x23c/0x250
[  285.940648][T13953]  should_fail_usercopy+0x16/0x20
[  285.945672][T13953]  _copy_from_user+0x1c/0xd0
[  285.946491][T13957] loop5: detected capacity change from 0 to 1
[  285.950638][T13953]  lo_ioctl+0x3d5/0x11f0
[  285.950665][T13953]  ? avc_has_extended_perms+0x5d8/0x7b0
[  285.968589][T13953]  ? ctx_sched_in+0x1db/0x200
[  285.973375][T13953]  ? __perf_event_task_sched_in+0x471/0x4c0
[  285.979307][T13953]  ? blkdev_common_ioctl+0x9c3/0x1040
[  285.984658][T13953]  ? selinux_file_ioctl+0x8e0/0x970
[  285.989838][T13953]  ? lo_release+0x120/0x120
[  285.994360][T13953]  blkdev_ioctl+0x1d0/0x3c0
[  285.998898][T13953]  block_ioctl+0x6d/0x80
[  286.003124][T13953]  ? blkdev_iopoll+0x70/0x70
[  286.007741][T13953]  __se_sys_ioctl+0xcb/0x140
[  286.012308][T13953]  __x64_sys_ioctl+0x3f/0x50
[  286.016876][T13953]  do_syscall_64+0x4a/0x90
[  286.021289][T13953]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.027176][T13953] RIP: 0033:0x466397
[  286.031082][T13953] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:25 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x50000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  286.053195][T13953] RSP: 002b:00007f561932eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  286.061600][T13953] RAX: ffffffffffffffda RBX: 00007f561932ef40 RCX: 0000000000466397
[  286.069874][T13953] RDX: 00007f561932f050 RSI: 0000000000004c04 RDI: 0000000000000006
[  286.077835][T13953] RBP: 00007f561932f1d0 R08: 0000000000000000 R09: 0000000000000000
[  286.085901][T13953] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f561932f050
[  286.093923][T13953] R13: 00007ffe6170f6df R14: 00007f561932f300 R15: 0000000000022000
01:17:25 executing program 4 (fault-call:7 fault-nth:0):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  286.110883][ T1032]  loop3: p2 p3 p4
[  286.114850][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  286.123225][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  286.130226][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  286.131873][T13971] FAULT_INJECTION: forcing a failure.
[  286.131873][T13971] name failslab, interval 1, probability 0, space 0, times 0
[  286.149973][T13971] CPU: 0 PID: 13971 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
01:17:25 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x26, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  286.152870][T13957]  loop5: p2 p3 p4
[  286.158826][T13971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.158840][T13971] Call Trace:
[  286.158847][T13971]  dump_stack+0x137/0x19d
[  286.172984][T13957] loop5: p2 size 1073872896 extends beyond EOD, 
[  286.176054][T13971]  should_fail+0x23c/0x250
[  286.180379][T13957] truncated
[  286.184375][T13957] loop5: p3 start 225 is beyond EOD, 
[  286.186684][T13971]  ? __se_sys_memfd_create+0xfb/0x390
[  286.186711][T13971]  __should_failslab+0x81/0x90
[  286.191203][T13957] truncated
[  286.191208][T13957] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  286.207773][T13981] loop2: detected capacity change from 0 to 1
[  286.209797][T13971]  should_failslab+0x5/0x20
[  286.209818][T13971]  __kmalloc+0x66/0x340
[  286.234695][T13971]  ? strnlen_user+0x137/0x1c0
[  286.239551][T13971]  __se_sys_memfd_create+0xfb/0x390
[  286.244767][T13971]  __x64_sys_memfd_create+0x2d/0x40
[  286.249961][T13971]  do_syscall_64+0x4a/0x90
[  286.254362][T13971]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.260248][T13971] RIP: 0033:0x4665d9
[  286.264116][T13971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  286.283899][T13971] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  286.292294][T13971] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  286.300326][T13971] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
01:17:25 executing program 1 (fault-call:4 fault-nth:29):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:25 executing program 4 (fault-call:7 fault-nth:1):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  286.308342][T13971] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  286.316299][T13971] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  286.324252][T13971] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  286.334555][T13940]  loop3: p2 p3 p4
[  286.346245][T13940] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  286.364228][T13940] loop3: p3 start 225 is beyond EOD, truncated
[  286.369624][T13991] FAULT_INJECTION: forcing a failure.
[  286.369624][T13991] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  286.370428][T13940] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  286.383452][T13991] CPU: 1 PID: 13991 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  286.399350][T13991] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.409424][T13991] Call Trace:
[  286.412757][T13991]  dump_stack+0x137/0x19d
[  286.417071][T13991]  should_fail+0x23c/0x250
[  286.421467][T13991]  should_fail_usercopy+0x16/0x20
[  286.426517][T13991]  _copy_from_user+0x1c/0xd0
[  286.431127][T13991]  __se_sys_memfd_create+0x137/0x390
[  286.436394][T13991]  __x64_sys_memfd_create+0x2d/0x40
[  286.441650][T13991]  do_syscall_64+0x4a/0x90
[  286.446050][T13991]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.451939][T13991] RIP: 0033:0x4665d9
[  286.455815][T13991] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  286.475471][T13991] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  286.483950][T13991] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  286.491903][T13991] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  286.499931][T13991] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
01:17:25 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2e, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:25 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x166, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:25 executing program 4 (fault-call:7 fault-nth:2):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  286.507933][T13991] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  286.515905][T13991] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  286.526971][T13981]  loop2: p2 p3 p4
[  286.527190][T13992] loop1: detected capacity change from 0 to 1
[  286.531891][T13981] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  286.551603][T13981] loop2: p3 start 225 is beyond EOD, truncated
[  286.557918][T13981] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  286.565168][T13992] FAULT_INJECTION: forcing a failure.
[  286.565168][T13992] name failslab, interval 1, probability 0, space 0, times 0
[  286.577925][T13992] CPU: 0 PID: 13992 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  286.580561][T14003] FAULT_INJECTION: forcing a failure.
[  286.580561][T14003] name failslab, interval 1, probability 0, space 0, times 0
[  286.586905][T13992] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.609578][T13992] Call Trace:
[  286.612845][T13992]  dump_stack+0x137/0x19d
[  286.617245][T13992]  should_fail+0x23c/0x250
[  286.621724][T13992]  __should_failslab+0x81/0x90
[  286.626498][T13992]  ? blk_add_partitions+0xaa/0xa80
[  286.631604][T13992]  should_failslab+0x5/0x20
[  286.636093][T13992]  kmem_cache_alloc_trace+0x49/0x310
[  286.641360][T13992]  blk_add_partitions+0xaa/0xa80
[  286.646356][T13992]  bdev_disk_changed+0x2d3/0x340
[  286.651299][T13992]  loop_set_status+0x75f/0x7e0
[  286.656094][T13992]  lo_ioctl+0x758/0x11f0
[  286.660360][T13992]  ? ctx_sched_in+0x1db/0x200
[  286.665016][T13992]  ? __perf_event_task_sched_in+0x471/0x4c0
[  286.670981][T13992]  ? blkdev_common_ioctl+0x9c3/0x1040
[  286.676807][T13992]  ? selinux_file_ioctl+0x8e0/0x970
[  286.682022][T13992]  ? lo_release+0x120/0x120
[  286.686528][T13992]  blkdev_ioctl+0x1d0/0x3c0
[  286.691017][T13992]  block_ioctl+0x6d/0x80
[  286.695246][T13992]  ? blkdev_iopoll+0x70/0x70
[  286.699823][T13992]  __se_sys_ioctl+0xcb/0x140
[  286.704397][T13992]  __x64_sys_ioctl+0x3f/0x50
[  286.708969][T13992]  do_syscall_64+0x4a/0x90
[  286.713367][T13992]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.719243][T13992] RIP: 0033:0x466397
[  286.723126][T13992] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  286.742715][T13992] RSP: 002b:00007f561932eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  286.751148][T13992] RAX: ffffffffffffffda RBX: 00007f561932ef40 RCX: 0000000000466397
[  286.759543][T13992] RDX: 00007f561932f050 RSI: 0000000000004c04 RDI: 0000000000000006
[  286.767521][T13992] RBP: 00007f561932f1d0 R08: 0000000000000000 R09: 0000000000000000
[  286.775493][T13992] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f561932f050
[  286.783448][T13992] R13: 00007ffe6170f6df R14: 00007f561932f300 R15: 0000000000022000
[  286.791423][T14003] CPU: 1 PID: 14003 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  286.800271][T14003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  286.807046][ T1032]  loop1: p2 p3 p4
[  286.810321][T14003] Call Trace:
[  286.810330][T14003]  dump_stack+0x137/0x19d
[  286.810353][T14003]  should_fail+0x23c/0x250
[  286.810369][T14003]  ? shmem_alloc_inode+0x22/0x30
[  286.815798][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  286.817335][T14003]  __should_failslab+0x81/0x90
[  286.821675][ T1032] truncated
[  286.825201][ T1032] loop1: p3 start 225 is beyond EOD, 
[  286.826068][T14003]  ? shmem_match+0xa0/0xa0
[  286.830999][ T1032] truncated
[  286.831003][ T1032] loop1: p4 size 3657465856 extends beyond EOD, 
[  286.837298][T14003]  should_failslab+0x5/0x20
[  286.837315][T14003]  kmem_cache_alloc+0x46/0x2f0
[  286.837333][T14003]  ? do_anonymous_page+0x411/0x8b0
[  286.837355][T14003]  ? fsnotify_perm+0x59/0x2e0
[  286.837396][T14003]  ? shmem_match+0xa0/0xa0
[  286.837414][T14003]  shmem_alloc_inode+0x22/0x30
[  286.842170][ T1032] truncated
[  286.896039][T14003]  new_inode_pseudo+0x38/0x1c0
[  286.900816][T14003]  new_inode+0x21/0x120
[  286.904947][T14003]  shmem_get_inode+0xa1/0x480
[  286.909603][T14003]  __shmem_file_setup+0xf1/0x1d0
[  286.914571][T14003]  shmem_file_setup+0x37/0x40
[  286.919240][T14003]  __se_sys_memfd_create+0x1eb/0x390
[  286.924543][T14003]  __x64_sys_memfd_create+0x2d/0x40
[  286.929719][T14003]  do_syscall_64+0x4a/0x90
[  286.934176][T14003]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  286.940933][T14003] RIP: 0033:0x4665d9
01:17:26 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xf0ff7f, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  286.944950][T14003] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  286.974987][T14003] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  286.987900][T14003] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  286.996972][T14003] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  287.005014][T14003] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
01:17:26 executing program 4 (fault-call:7 fault-nth:3):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:26 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2e, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  287.013071][T14003] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  287.022184][T14003] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  287.044367][T14014] loop3: detected capacity change from 0 to 1
01:17:26 executing program 1 (fault-call:4 fault-nth:30):
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  287.062316][T14004] loop5: detected capacity change from 0 to 1
[  287.070778][T14032] FAULT_INJECTION: forcing a failure.
[  287.070778][T14032] name failslab, interval 1, probability 0, space 0, times 0
[  287.083724][T14032] CPU: 1 PID: 14032 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  287.092490][T14032] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.102530][T14032] Call Trace:
[  287.105790][T14032]  dump_stack+0x137/0x19d
[  287.110133][T14032]  should_fail+0x23c/0x250
[  287.114540][T14032]  ? security_inode_alloc+0x30/0x180
[  287.119895][T14032]  __should_failslab+0x81/0x90
[  287.124653][T14032]  should_failslab+0x5/0x20
[  287.129180][T14032]  kmem_cache_alloc+0x46/0x2f0
[  287.133955][T14032]  security_inode_alloc+0x30/0x180
[  287.139143][T14032]  inode_init_always+0x20b/0x420
[  287.144133][T14032]  ? shmem_match+0xa0/0xa0
[  287.148565][T14032]  new_inode_pseudo+0x73/0x1c0
[  287.153332][T14032]  new_inode+0x21/0x120
[  287.157466][T14032]  shmem_get_inode+0xa1/0x480
[  287.162126][T14032]  __shmem_file_setup+0xf1/0x1d0
[  287.167076][T14032]  shmem_file_setup+0x37/0x40
[  287.171740][T14032]  __se_sys_memfd_create+0x1eb/0x390
[  287.177069][T14032]  __x64_sys_memfd_create+0x2d/0x40
[  287.182274][T14032]  do_syscall_64+0x4a/0x90
[  287.186676][T14032]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  287.192704][T14032] RIP: 0033:0x4665d9
[  287.196582][T14032] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:26 executing program 4 (fault-call:7 fault-nth:4):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  287.216204][T14032] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  287.224599][T14032] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  287.232628][T14032] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  287.240616][T14032] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  287.248565][T14032] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  287.256604][T14032] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  287.284921][ T1032]  loop3: p2 p3 p4
[  287.288768][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  287.298948][T14035] loop1: detected capacity change from 0 to 1
[  287.300798][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  287.305819][T14004]  loop5: p2 p3 p4
[  287.311191][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  287.312727][T14039] loop2: detected capacity change from 0 to 1
[  287.316248][T14004] loop5: p2 size 1073872896 extends beyond EOD, 
[  287.323029][T14042] FAULT_INJECTION: forcing a failure.
[  287.323029][T14042] name failslab, interval 1, probability 0, space 0, times 0
[  287.328132][T14004] truncated
[  287.330284][T14014]  loop3: p2 p3 p4
[  287.334631][T14042] CPU: 1 PID: 14042 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  287.347485][T14004] loop5: p3 start 225 is beyond EOD, 
[  287.350284][T14042] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.350296][T14042] Call Trace:
[  287.350304][T14042]  dump_stack+0x137/0x19d
[  287.350327][T14042]  should_fail+0x23c/0x250
[  287.350343][T14042]  ? __d_alloc+0x36/0x370
[  287.350373][T14042]  __should_failslab+0x81/0x90
[  287.350392][T14042]  should_failslab+0x5/0x20
[  287.354125][T14004] truncated
[  287.362812][T14042]  kmem_cache_alloc+0x46/0x2f0
[  287.362840][T14042]  ? __init_rwsem+0x59/0x70
[  287.362857][T14042]  __d_alloc+0x36/0x370
[  287.368219][T14004] loop5: p4 size 3657465856 extends beyond EOD, 
[  287.378248][T14042]  ? current_time+0xdb/0x190
[  287.381535][T14004] truncated
01:17:26 executing program 4 (fault-call:7 fault-nth:5):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  287.385821][T14042]  d_alloc_pseudo+0x1a/0x50
[  287.385842][T14042]  alloc_file_pseudo+0x63/0x130
[  287.385858][T14042]  __shmem_file_setup+0x14c/0x1d0
[  287.385879][T14042]  shmem_file_setup+0x37/0x40
[  287.385897][T14042]  __se_sys_memfd_create+0x1eb/0x390
[  287.385915][T14042]  __x64_sys_memfd_create+0x2d/0x40
[  287.395431][T14014] loop3: p2 size 1073872896 extends beyond EOD, 
[  287.399354][T14042]  do_syscall_64+0x4a/0x90
[  287.399381][T14042]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  287.403886][T14014] truncated
[  287.407117][T14042] RIP: 0033:0x4665d9
[  287.416921][T14014] loop3: p3 start 225 is beyond EOD, 
[  287.420457][T14042] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  287.420479][T14042] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246
[  287.426908][T14014] truncated
[  287.432314][T14042]  ORIG_RAX: 000000000000013f
[  287.432325][T14042] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  287.432336][T14042] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  287.432348][T14042] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  287.432359][T14042] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  287.432372][T14042] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  287.435463][T14014] loop3: p4 size 3657465856 extends beyond EOD, 
[  287.461743][T14035] FAULT_INJECTION: forcing a failure.
[  287.461743][T14035] name failslab, interval 1, probability 0, space 0, times 0
[  287.465176][T14014] truncated
[  287.471448][T14035] CPU: 1 PID: 14035 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  287.480719][T14055] FAULT_INJECTION: forcing a failure.
[  287.480719][T14055] name failslab, interval 1, probability 0, space 0, times 0
[  287.482228][T14035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.482241][T14035] Call Trace:
[  287.482249][T14035]  dump_stack+0x137/0x19d
[  287.633976][T14035]  should_fail+0x23c/0x250
[  287.638448][T14035]  __should_failslab+0x81/0x90
[  287.643470][T14035]  should_failslab+0x5/0x20
[  287.647963][T14035]  kmem_cache_alloc_node_trace+0x58/0x2e0
[  287.653671][T14035]  ? __get_vm_area_node+0x11b/0x260
[  287.659038][T14035]  __get_vm_area_node+0x11b/0x260
[  287.664105][T14035]  __vmalloc_node_range+0xc2/0x5b0
[  287.669254][T14035]  ? blk_add_partitions+0x136/0xa80
[  287.674509][T14035]  ? blk_add_partitions+0x136/0xa80
[  287.680496][T14035]  vzalloc+0x5a/0x70
[  287.684455][T14035]  ? blk_add_partitions+0x136/0xa80
[  287.689638][T14035]  blk_add_partitions+0x136/0xa80
[  287.694649][T14035]  bdev_disk_changed+0x2d3/0x340
[  287.700440][T14035]  loop_set_status+0x75f/0x7e0
[  287.705228][T14035]  lo_ioctl+0x758/0x11f0
[  287.709451][T14035]  ? path_openat+0x19ab/0x20b0
[  287.714196][T14035]  ? putname+0xa5/0xc0
[  287.719268][T14035]  ? ___cache_free+0x3c/0x300
[  287.723938][T14035]  ? blkdev_common_ioctl+0x9c3/0x1040
[  287.729461][T14035]  ? selinux_file_ioctl+0x8e0/0x970
[  287.734644][T14035]  ? lo_release+0x120/0x120
[  287.740262][T14035]  blkdev_ioctl+0x1d0/0x3c0
[  287.746319][T14035]  block_ioctl+0x6d/0x80
[  287.750566][T14035]  ? blkdev_iopoll+0x70/0x70
[  287.755362][T14035]  __se_sys_ioctl+0xcb/0x140
[  287.759939][T14035]  __x64_sys_ioctl+0x3f/0x50
[  287.764582][T14035]  do_syscall_64+0x4a/0x90
[  287.770486][T14035]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  287.776406][T14035] RIP: 0033:0x466397
[  287.780279][T14035] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  287.800478][T14035] RSP: 002b:00007f561932eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  287.808890][T14035] RAX: ffffffffffffffda RBX: 00007f561932ef40 RCX: 0000000000466397
[  287.816975][T14035] RDX: 00007f561932f050 RSI: 0000000000004c04 RDI: 0000000000000006
[  287.824927][T14035] RBP: 00007f561932f1d0 R08: 0000000000000000 R09: 0000000000000000
[  287.832941][T14035] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f561932f050
[  287.840890][T14035] R13: 00007ffe6170f6df R14: 00007f561932f300 R15: 0000000000022000
[  287.848845][T14055] CPU: 0 PID: 14055 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  287.848883][T14035] syz-executor.1: vmalloc size 32768 allocation failure: vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  287.857622][T14055] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  287.857645][T14035] ,cpuset=/,mems_allowed=0
[  287.886161][T14055] Call Trace:
[  287.889421][T14055]  dump_stack+0x137/0x19d
[  287.893736][T14055]  should_fail+0x23c/0x250
[  287.898139][T14055]  ? __alloc_file+0x2e/0x1a0
[  287.902715][T14055]  __should_failslab+0x81/0x90
[  287.907479][T14055]  should_failslab+0x5/0x20
[  287.911995][T14055]  kmem_cache_alloc+0x46/0x2f0
[  287.916834][T14055]  ? inode_doinit_with_dentry+0x382/0x950
[  287.922553][T14055]  __alloc_file+0x2e/0x1a0
[  287.926961][T14055]  alloc_empty_file+0xcd/0x1c0
[  287.931715][T14055]  alloc_file+0x3a/0x280
[  287.935939][T14055]  alloc_file_pseudo+0xe2/0x130
[  287.941226][T14055]  __shmem_file_setup+0x14c/0x1d0
[  287.946310][T14055]  shmem_file_setup+0x37/0x40
[  287.950970][T14055]  __se_sys_memfd_create+0x1eb/0x390
[  287.956265][T14055]  __x64_sys_memfd_create+0x2d/0x40
[  287.961542][T14055]  do_syscall_64+0x4a/0x90
[  287.965944][T14055]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  287.971828][T14055] RIP: 0033:0x4665d9
[  287.975709][T14055] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  287.996149][T14055] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  288.006210][T14055] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  288.014802][T14055] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  288.023062][T14055] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  288.033473][T14055] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  288.044258][T14055] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  288.052238][T14035] CPU: 1 PID: 14035 Comm: syz-executor.1 Not tainted 5.13.0-rc3-syzkaller #0
[  288.061007][T14035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.071822][T14035] Call Trace:
[  288.075130][T14035]  dump_stack+0x137/0x19d
[  288.079659][T14035]  warn_alloc+0x105/0x160
[  288.085256][T14035]  __vmalloc_node_range+0x222/0x5b0
[  288.090470][T14035]  ? blk_add_partitions+0x136/0xa80
[  288.098202][T14035]  vzalloc+0x5a/0x70
[  288.103390][T14035]  ? blk_add_partitions+0x136/0xa80
[  288.108809][T14035]  blk_add_partitions+0x136/0xa80
[  288.113836][T14035]  bdev_disk_changed+0x2d3/0x340
[  288.121026][T14035]  loop_set_status+0x75f/0x7e0
[  288.125786][T14035]  lo_ioctl+0x758/0x11f0
[  288.130142][T14035]  ? path_openat+0x19ab/0x20b0
[  288.134980][T14035]  ? putname+0xa5/0xc0
[  288.139394][T14035]  ? ___cache_free+0x3c/0x300
[  288.144170][T14035]  ? blkdev_common_ioctl+0x9c3/0x1040
[  288.149524][T14035]  ? selinux_file_ioctl+0x8e0/0x970
[  288.154707][T14035]  ? lo_release+0x120/0x120
[  288.159191][T14035]  blkdev_ioctl+0x1d0/0x3c0
[  288.163676][T14035]  block_ioctl+0x6d/0x80
[  288.167910][T14035]  ? blkdev_iopoll+0x70/0x70
[  288.173017][T14035]  __se_sys_ioctl+0xcb/0x140
[  288.181153][T14035]  __x64_sys_ioctl+0x3f/0x50
[  288.186161][T14035]  do_syscall_64+0x4a/0x90
[  288.190580][T14035]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  288.196536][T14035] RIP: 0033:0x466397
[  288.200593][T14035] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  288.220629][T14035] RSP: 002b:00007f561932eef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  288.229110][T14035] RAX: ffffffffffffffda RBX: 00007f561932ef40 RCX: 0000000000466397
[  288.237414][T14035] RDX: 00007f561932f050 RSI: 0000000000004c04 RDI: 0000000000000006
[  288.245368][T14035] RBP: 00007f561932f1d0 R08: 0000000000000000 R09: 0000000000000000
[  288.253724][T14035] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f561932f050
[  288.262100][T14035] R13: 00007ffe6170f6df R14: 00007f561932f300 R15: 0000000000022000
[  288.270548][T14035] Mem-Info:
[  288.273669][T14035] active_anon:75 inactive_anon:59524 isolated_anon:0
[  288.273669][T14035]  active_file:5254 inactive_file:55245 isolated_file:0
01:17:27 executing program 4 (fault-call:7 fault-nth:6):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:27 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x48, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:27 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x1000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  288.273669][T14035]  unevictable:0 dirty:278 writeback:0
[  288.273669][T14035]  slab_reclaimable:3761 slab_unreclaimable:5953
[  288.273669][T14035]  mapped:60798 shmem:2616 pagetables:1480 bounce:0
[  288.273669][T14035]  free:1836202 free_pcp:837 free_cma:0
[  288.312280][T14035] Node 0 active_anon:300kB inactive_anon:238096kB active_file:21016kB inactive_file:220980kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:243192kB dirty:1112kB writeback:0kB shmem:10464kB writeback_tmp:0kB kernel_stack:2064kB pagetables:5920kB all_unreclaimable? no
[  288.341625][T14035] Node 0 DMA free:15908kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  288.369484][T14035] lowmem_reserve[]: 0 2938 7916 7916
[  288.375231][T14067] FAULT_INJECTION: forcing a failure.
[  288.375231][T14067] name failslab, interval 1, probability 0, space 0, times 0
[  288.375318][T14035] Node 0 DMA32 free:3012112kB min:4220kB low:7228kB high:10236kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:3013528kB mlocked:0kB bounce:0kB free_pcp:1416kB local_pcp:0kB free_cma:0kB
[  288.375364][T14035] lowmem_reserve[]: 0 0 4978 4978
[  288.388506][T14067] CPU: 0 PID: 14067 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  288.416093][T14035] Node 0 
[  288.422168][T14067] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.422181][T14067] Call Trace:
[  288.422188][T14067]  dump_stack+0x137/0x19d
[  288.430914][T14035] Normal free:4317020kB min:7152kB low:12248kB high:17344kB reserved_highatomic:0KB active_anon:300kB inactive_anon:238016kB active_file:21024kB inactive_file:221012kB unevictable:0kB writepending:1148kB present:5242880kB managed:5098252kB mlocked:0kB bounce:0kB free_pcp:1592kB local_pcp:536kB free_cma:0kB
[  288.434369][T14067]  should_fail+0x23c/0x250
[  288.444609][T14035] lowmem_reserve[]:
[  288.448004][T14067]  ? security_file_alloc+0x30/0x190
[  288.452332][T14035]  0
[  288.481365][T14067]  __should_failslab+0x81/0x90
[  288.481389][T14067]  should_failslab+0x5/0x20
[  288.481402][T14067]  kmem_cache_alloc+0x46/0x2f0
[  288.481419][T14067]  security_file_alloc+0x30/0x190
[  288.481434][T14067]  __alloc_file+0x83/0x1a0
[  288.485854][T14035]  0
[  288.489647][T14067]  alloc_empty_file+0xcd/0x1c0
[  288.494826][T14035]  0
[  288.497484][T14067]  alloc_file+0x3a/0x280
[  288.502231][T14035]  0
[  288.506699][T14067]  alloc_file_pseudo+0xe2/0x130
[  288.511688][T14035] 
[  288.517627][T14067]  __shmem_file_setup+0x14c/0x1d0
[  288.522026][T14035] Node 0 
[  288.524496][T14067]  shmem_file_setup+0x37/0x40
[  288.529235][T14035] DMA: 1*4kB 
[  288.531715][T14067]  __se_sys_memfd_create+0x1eb/0x390
[  288.538455][T14035] (U) 0*8kB 0*16kB 1*32kB (U) 
[  288.541533][T14067]  __x64_sys_memfd_create+0x2d/0x40
[  288.546452][T14035] 2*64kB 
[  288.549366][T14067]  do_syscall_64+0x4a/0x90
[  288.554371][T14035] (U) 
[  288.557731][T14067]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  288.562497][T14035] 1*128kB 
[  288.565895][T14067] RIP: 0033:0x4665d9
[  288.571162][T14035] (U) 1*256kB (U) 0*512kB 1*1024kB 
[  288.577411][T14067] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  288.582601][T14035] (U) 
[  288.585505][T14067] RSP: 002b:00007f7f3054fe98 EFLAGS: 00000246
[  288.589980][T14035] 1*2048kB 
[  288.592630][T14067]  ORIG_RAX: 000000000000013f
[  288.592637][T14067] RAX: ffffffffffffffda RBX: 0000000020000000 RCX: 00000000004665d9
[  288.598505][T14035] (M) 3*4096kB 
[  288.601611][T14067] RDX: 0000000000000380 RSI: 0000000000000000 RDI: 00000000004bee66
[  288.601624][T14067] RBP: 0000000000000001 R08: 00000000000001c0 R09: 0000000000000000
[  288.605489][T14035] (M) = 15908kB
[  288.610658][T14067] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000008100000
[  288.630263][T14035] Node 0 
[  288.632906][T14067] R13: 00007ffe4b9f801f R14: 0000000000000380 R15: 0000000000022000
[  288.697118][T14035] DMA32: 4*4kB (M) 2*8kB (M) 5*16kB (M) 5*32kB (M) 4*64kB (M) 6*128kB (M) 5*256kB (M) 6*512kB (M) 2*1024kB (M) 1*2048kB (M) 733*4096kB (M) = 3012112kB
[  288.712892][T14035] Node 0 Normal: 72*4kB (UE) 36*8kB (UME) 9*16kB (UME) 9*32kB (UME) 2*64kB (UE) 14*128kB (UME) 20*256kB (UME) 18*512kB (UME) 5*1024kB (U) 3*2048kB (UM) 1047*4096kB (UM) = 4317040kB
[  288.731474][T14035] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  288.740895][T14035] 17114 total pagecache pages
[  288.746452][T14035] 0 pages in swap cache
[  288.751122][T14035] Swap cache stats: add 0, delete 0, find 0/0
[  288.757376][T14035] Free swap  = 0kB
[  288.761209][T14035] Total swap = 0kB
[  288.765057][T14035] 2097051 pages RAM
[  288.769283][T14035] 0 pages HighMem/MovableOnly
[  288.773956][T14035] 65129 pages reserved
[  288.778276][T14039]  loop2: p2 p3 p4
01:17:27 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x204, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:27 executing program 4 (fault-call:7 fault-nth:7):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:27 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  288.791065][T14039] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  288.798857][T14039] loop2: p3 start 225 is beyond EOD, truncated
[  288.805126][T14039] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  288.820642][T14072] FAULT_INJECTION: forcing a failure.
[  288.820642][T14072] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  288.834436][T14072] CPU: 1 PID: 14072 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  288.843269][T14072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  288.853461][T14072] Call Trace:
[  288.856734][T14072]  dump_stack+0x137/0x19d
[  288.861067][T14072]  should_fail+0x23c/0x250
[  288.865483][T14072]  __alloc_pages+0x102/0x320
[  288.870127][T14072]  alloc_pages_vma+0x391/0x660
[  288.874868][T14072]  shmem_getpage_gfp+0x980/0x1410
[  288.879871][T14072]  ? mls_context_isvalid+0x76/0x1e0
[  288.885075][T14072]  shmem_write_begin+0x7e/0x100
[  288.889910][T14072]  generic_perform_write+0x196/0x3a0
[  288.895252][T14072]  ? file_update_time+0x1bd/0x3e0
[  288.900401][T14072]  __generic_file_write_iter+0x161/0x300
[  288.906082][T14072]  ? generic_write_checks+0x250/0x290
[  288.911451][T14072]  generic_file_write_iter+0x75/0x130
[  288.916833][T14072]  vfs_write+0x69d/0x770
[  288.921074][T14072]  __x64_sys_pwrite64+0xf5/0x150
[  288.925989][T14072]  do_syscall_64+0x4a/0x90
[  288.930426][T14072]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  288.936426][T14072] RIP: 0033:0x419777
[  288.940301][T14072] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  288.959886][T14072] RSP: 002b:00007f7f30570e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  288.968377][T14072] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  288.976326][T14072] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  288.984283][T14072] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
01:17:28 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x48, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  288.992331][T14072] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  289.000339][T14072] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  289.030264][T14081] loop5: detected capacity change from 0 to 1
[  289.033407][T14072] loop4: detected capacity change from 0 to 1
[  289.043506][T14082] loop3: detected capacity change from 0 to 1
[  289.051970][T14081]  loop5: p2 p3 p4
[  289.055853][T14081] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  289.064106][T14090] loop1: detected capacity change from 0 to 1
[  289.064174][T14081] loop5: p3 start 225 is beyond EOD, truncated
[  289.072115][T14082]  loop3: p2 p3 p4
[  289.076400][T14081] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  289.081118][T14082] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:28 executing program 4 (fault-call:7 fault-nth:8):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.096502][T14103] loop2: detected capacity change from 0 to 1
[  289.103712][T14082] loop3: p3 start 225 is beyond EOD, truncated
[  289.110065][T14082] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  289.118062][T14090]  loop1: p2 p3 p4
[  289.125046][T14090] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  289.140527][ T1032]  loop2: p2 p3 p4
[  289.153081][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  289.164285][T14090] loop1: p3 start 225 is beyond EOD, truncated
[  289.170471][T14090] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  289.170872][T14121] FAULT_INJECTION: forcing a failure.
[  289.170872][T14121] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.180286][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  289.190741][T14121] CPU: 1 PID: 14121 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  289.196898][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  289.205625][T14121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.205672][T14121] Call Trace:
[  289.205679][T14121]  dump_stack+0x137/0x19d
[  289.205698][T14121]  should_fail+0x23c/0x250
[  289.205716][T14121]  should_fail_usercopy+0x16/0x20
[  289.240300][T14121]  iov_iter_copy_from_user_atomic+0x281/0xb60
[  289.246547][T14121]  ? shmem_write_begin+0x7e/0x100
[  289.251593][T14121]  generic_perform_write+0x1e4/0x3a0
[  289.256923][T14121]  ? file_update_time+0x1bd/0x3e0
[  289.261956][T14121]  __generic_file_write_iter+0x161/0x300
[  289.267599][T14121]  ? generic_write_checks+0x250/0x290
[  289.272960][T14121]  generic_file_write_iter+0x75/0x130
[  289.278354][T14121]  vfs_write+0x69d/0x770
[  289.282588][T14121]  __x64_sys_pwrite64+0xf5/0x150
[  289.287576][T14121]  do_syscall_64+0x4a/0x90
[  289.291982][T14121]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  289.297861][T14121] RIP: 0033:0x419777
[  289.301934][T14121] Code: 08 89 3c 24 48 89 4c 24 18 e8 e5 f8 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 12 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 15 f9 ff ff 48 8b
[  289.321558][T14121] RSP: 002b:00007f7f30570e70 EFLAGS: 00000293 ORIG_RAX: 0000000000000012
[  289.329953][T14121] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000419777
[  289.337902][T14121] RDX: 0000000000000040 RSI: 00000000200000c0 RDI: 0000000000000005
[  289.345853][T14121] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000
01:17:28 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:28 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x274, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:28 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x2000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  289.353817][T14121] R10: 00000000000001c0 R11: 0000000000000293 R12: 0000000000000005
[  289.361768][T14121] R13: 0000000000000005 R14: 0000000020000000 R15: 0000000000000000
[  289.385320][T14121] loop4: detected capacity change from 0 to 1
[  289.389861][T14130] loop5: detected capacity change from 0 to 1
[  289.395089][T14103]  loop2: p2 p3 p4
[  289.401282][T14131] loop3: detected capacity change from 0 to 1
[  289.402847][T14103] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  289.415228][T14130]  loop5: p2 p3 p4
[  289.417830][T14103] loop2: p3 start 225 is beyond EOD, truncated
[  289.419198][T14130] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  289.425197][T14103] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  289.440249][T14131]  loop3: p2 p3 p4
[  289.441076][T14130] loop5: p3 start 225 is beyond EOD, truncated
01:17:28 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.450165][T14130] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  289.451389][T14131] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  289.458391][T14121]  loop4: p2 p3 p4
[  289.468896][T14121] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  289.476846][T14121] loop4: p3 start 225 is beyond EOD, truncated
[  289.483170][T14121] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  289.485610][T14131] loop3: p3 start 225 is beyond EOD, truncated
[  289.496545][T14131] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:28 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.507052][T14153] loop1: detected capacity change from 0 to 1
[  289.542653][T14153]  loop1: p2 p3 p4
[  289.548612][T14153] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:28 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x29a, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:28 executing program 4 (fault-call:7 fault-nth:9):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:28 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x60, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.556660][T14153] loop1: p3 start 225 is beyond EOD, truncated
[  289.562881][T14153] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  289.623901][T14171] loop2: detected capacity change from 0 to 1
[  289.632317][T14187] loop1: detected capacity change from 0 to 1
[  289.642278][T14194] FAULT_INJECTION: forcing a failure.
[  289.642278][T14194] name failslab, interval 1, probability 0, space 0, times 0
[  289.652181][T14189] loop3: detected capacity change from 0 to 1
[  289.655033][T14194] CPU: 0 PID: 14194 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  289.669138][T14195] loop5: detected capacity change from 0 to 1
[  289.669793][T14194] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.669805][T14194] Call Trace:
[  289.669812][T14194]  dump_stack+0x137/0x19d
[  289.693671][T14194]  should_fail+0x23c/0x250
[  289.698071][T14194]  ? getname_flags+0x84/0x3d0
[  289.702746][T14194]  __should_failslab+0x81/0x90
[  289.707507][T14194]  should_failslab+0x5/0x20
[  289.711987][T14194]  kmem_cache_alloc+0x46/0x2f0
[  289.716753][T14194]  getname_flags+0x84/0x3d0
[  289.721231][T14194]  ? vfs_write+0x50c/0x770
[  289.725648][T14194]  getname+0x15/0x20
[  289.729541][T14194]  do_sys_openat2+0x5b/0x250
[  289.734187][T14194]  __x64_sys_openat+0xef/0x110
[  289.738927][T14194]  do_syscall_64+0x4a/0x90
[  289.743362][T14194]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  289.749267][T14194] RIP: 0033:0x4196c4
[  289.753134][T14194] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
01:17:28 executing program 4 (fault-call:7 fault-nth:10):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.772752][T14194] RSP: 002b:00007f7f30570e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  289.781214][T14194] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  289.789232][T14194] RDX: 0000000000000002 RSI: 00007f7f30570f40 RDI: 00000000ffffff9c
[  289.797185][T14194] RBP: 00007f7f30570f40 R08: 0000000000000000 R09: 0000000000000000
[  289.805164][T14194] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  289.814696][T14194] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  289.841397][ T1032]  loop1: p2 p3 p4
[  289.845432][T14171]  loop2: p2 p3 p4
[  289.846543][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  289.849354][T14171] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  289.857150][T14189]  loop3: p2 p3 p4
[  289.866305][T14171] loop2: p3 start 225 is beyond EOD, truncated
[  289.870737][T14195]  loop5: p2 p3 p4
[  289.874221][T14171] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  289.884278][T14189] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  289.885248][T14195] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  289.897280][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  289.900588][T14195] loop5: p3 start 225 is beyond EOD, 
[  289.905849][ T1032] loop1: p4 size 3657465856 extends beyond EOD, 
[  289.905856][T14195] truncated
[  289.905864][ T1032] truncated
[  289.912242][T14211] FAULT_INJECTION: forcing a failure.
[  289.912242][T14211] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  289.917554][T14195] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  289.926904][T14189] loop3: p3 start 225 is beyond EOD, 
[  289.936926][T14211] CPU: 0 PID: 14211 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  289.936951][T14211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  289.944118][T14189] truncated
[  289.949452][T14211] Call Trace:
[  289.949461][T14211]  dump_stack+0x137/0x19d
[  289.949481][T14211]  should_fail+0x23c/0x250
[  289.949515][T14211]  should_fail_usercopy+0x16/0x20
01:17:29 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x60, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  289.958362][T14189] loop3: p4 size 3657465856 extends beyond EOD, 
[  289.968364][T14211]  strncpy_from_user+0x21/0x250
[  289.968386][T14211]  getname_flags+0xb8/0x3d0
[  289.971494][T14189] truncated
[  289.999837][T14222] loop2: detected capacity change from 0 to 1
[  289.999883][T14211]  ? vfs_write+0x50c/0x770
[  290.018343][T14211]  getname+0x15/0x20
[  290.022232][T14211]  do_sys_openat2+0x5b/0x250
[  290.027232][T14211]  __x64_sys_openat+0xef/0x110
[  290.033192][T14211]  do_syscall_64+0x4a/0x90
[  290.038012][T14211]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  290.044388][T14211] RIP: 0033:0x4196c4
[  290.049218][T14211] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  290.068829][T14211] RSP: 002b:00007f7f30570e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  290.077289][T14211] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
01:17:29 executing program 4 (fault-call:7 fault-nth:11):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  290.086351][T14211] RDX: 0000000000000002 RSI: 00007f7f30570f40 RDI: 00000000ffffff9c
[  290.095632][T14211] RBP: 00007f7f30570f40 R08: 0000000000000000 R09: 0000000000000000
[  290.103601][T14211] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  290.112052][T14211] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  290.121809][T14187]  loop1: p2 p3 p4
[  290.125602][T14187] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  290.133676][T14187] loop1: p3 start 225 is beyond EOD, truncated
[  290.139917][T14187] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  290.147517][T14230] FAULT_INJECTION: forcing a failure.
[  290.147517][T14230] name failslab, interval 1, probability 0, space 0, times 0
[  290.160375][T14230] CPU: 0 PID: 14230 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  290.160631][T14222]  loop2: p2 p3 p4
[  290.169221][T14230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.169235][T14230] Call Trace:
[  290.169243][T14230]  dump_stack+0x137/0x19d
[  290.183140][T14222] loop2: p2 size 1073872896 extends beyond EOD, 
[  290.186313][T14230]  should_fail+0x23c/0x250
[  290.191773][T14222] truncated
[  290.198513][T14230]  ? __alloc_file+0x2e/0x1a0
[  290.203663][T14222] loop2: p3 start 225 is beyond EOD, 
[  290.206032][T14230]  __should_failslab+0x81/0x90
[  290.210598][T14222] truncated
[  290.210603][T14222] loop2: p4 size 3657465856 extends beyond EOD, 
[  290.215959][T14230]  should_failslab+0x5/0x20
[  290.220713][T14222] truncated
[  290.237699][T14230]  kmem_cache_alloc+0x46/0x2f0
01:17:29 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x3000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  290.242632][T14230]  __alloc_file+0x2e/0x1a0
[  290.247054][T14230]  alloc_empty_file+0xcd/0x1c0
[  290.251925][T14230]  path_openat+0x6a/0x20b0
[  290.256342][T14230]  ? iov_iter_advance+0x291/0xe10
[  290.261373][T14230]  ? shmem_write_end+0x37d/0x3d0
[  290.266300][T14230]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  290.272551][T14230]  ? generic_perform_write+0x332/0x3a0
[  290.278054][T14230]  do_filp_open+0xd9/0x1f0
[  290.282450][T14230]  ? __virt_addr_valid+0x15a/0x1a0
[  290.287536][T14230]  ? __check_object_size+0x253/0x310
[  290.292875][T14230]  ? _find_next_bit+0x16a/0x190
[  290.297704][T14230]  ? alloc_fd+0x388/0x3e0
[  290.302014][T14230]  do_sys_openat2+0xa3/0x250
[  290.306627][T14230]  __x64_sys_openat+0xef/0x110
[  290.311369][T14230]  do_syscall_64+0x4a/0x90
[  290.315781][T14230]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  290.321750][T14230] RIP: 0033:0x4196c4
[  290.325674][T14230] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  290.345269][T14230] RSP: 002b:00007f7f30570e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  290.353670][T14230] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
[  290.361617][T14230] RDX: 0000000000000002 RSI: 00007f7f30570f40 RDI: 00000000ffffff9c
[  290.369565][T14230] RBP: 00007f7f30570f40 R08: 0000000000000000 R09: 0000000000000000
[  290.378731][T14230] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
01:17:29 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:29 executing program 4 (fault-call:7 fault-nth:12):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  290.386730][T14230] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  290.412621][ T1032]  loop1: p2 p3 p4
[  290.416389][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  290.436542][T14252] FAULT_INJECTION: forcing a failure.
[  290.436542][T14252] name failslab, interval 1, probability 0, space 0, times 0
[  290.449215][T14252] CPU: 0 PID: 14252 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  290.452534][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  290.457968][T14252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.457981][T14252] Call Trace:
[  290.464138][ T1032] loop1: p4 size 3657465856 extends beyond EOD, 
[  290.474150][T14252]  dump_stack+0x137/0x19d
[  290.477416][ T1032] truncated
[  290.491106][T14252]  should_fail+0x23c/0x250
[  290.495525][T14252]  ? security_file_alloc+0x30/0x190
[  290.500754][T14252]  __should_failslab+0x81/0x90
[  290.505500][T14252]  should_failslab+0x5/0x20
[  290.510035][T14252]  kmem_cache_alloc+0x46/0x2f0
[  290.514811][T14252]  security_file_alloc+0x30/0x190
[  290.519867][T14252]  __alloc_file+0x83/0x1a0
[  290.524281][T14252]  alloc_empty_file+0xcd/0x1c0
[  290.529036][T14252]  path_openat+0x6a/0x20b0
[  290.534022][T14252]  ? iov_iter_advance+0x291/0xe10
[  290.539024][T14252]  ? shmem_write_end+0x37d/0x3d0
[  290.544010][T14252]  ? balance_dirty_pages_ratelimited+0xb1/0x280
[  290.550283][T14252]  ? generic_perform_write+0x332/0x3a0
[  290.555722][T14252]  do_filp_open+0xd9/0x1f0
[  290.560275][T14252]  ? __virt_addr_valid+0x15a/0x1a0
[  290.565365][T14252]  ? __check_object_size+0x253/0x310
[  290.570631][T14252]  ? _find_next_bit+0x16a/0x190
[  290.575459][T14252]  ? alloc_fd+0x388/0x3e0
[  290.579779][T14252]  do_sys_openat2+0xa3/0x250
[  290.584552][T14252]  __x64_sys_openat+0xef/0x110
[  290.589357][T14252]  do_syscall_64+0x4a/0x90
[  290.593798][T14252]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  290.599674][T14252] RIP: 0033:0x4196c4
[  290.603545][T14252] Code: 84 00 00 00 00 00 44 89 54 24 0c e8 96 f9 ff ff 44 8b 54 24 0c 44 89 e2 48 89 ee 41 89 c0 bf 9c ff ff ff b8 01 01 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 89 44 24 0c e8 c8 f9 ff ff 8b 44
[  290.623142][T14252] RSP: 002b:00007f7f30570e20 EFLAGS: 00000293 ORIG_RAX: 0000000000000101
[  290.631596][T14252] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 00000000004196c4
01:17:29 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x300, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:29 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x68, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:29 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x68, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  290.639565][T14252] RDX: 0000000000000002 RSI: 00007f7f30570f40 RDI: 00000000ffffff9c
[  290.647513][T14252] RBP: 00007f7f30570f40 R08: 0000000000000000 R09: 0000000000000000
[  290.655466][T14252] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002
[  290.663422][T14252] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:29 executing program 4 (fault-call:7 fault-nth:13):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  290.691851][T14258] loop3: detected capacity change from 0 to 1
[  290.697721][T14262] loop5: detected capacity change from 0 to 1
[  290.698084][T14260] loop2: detected capacity change from 0 to 1
[  290.713709][T14269] FAULT_INJECTION: forcing a failure.
[  290.713709][T14269] name failslab, interval 1, probability 0, space 0, times 0
[  290.726377][T14269] CPU: 0 PID: 14269 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  290.735127][T14269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  290.745211][T14269] Call Trace:
[  290.748645][T14269]  dump_stack+0x137/0x19d
[  290.752974][T14269]  should_fail+0x23c/0x250
[  290.757367][T14269]  ? loop_set_status_from_info+0x3a0/0x3a0
[  290.763184][T14269]  __should_failslab+0x81/0x90
[  290.767939][T14269]  ? __kthread_create_on_node+0x7a/0x290
[  290.773551][T14269]  should_failslab+0x5/0x20
[  290.778093][T14269]  kmem_cache_alloc_trace+0x49/0x310
[  290.783433][T14269]  ? loop_set_status_from_info+0x3a0/0x3a0
[  290.789348][T14269]  __kthread_create_on_node+0x7a/0x290
[  290.794816][T14269]  ? __blkdev_get+0xc1/0x6d0
[  290.799411][T14269]  ? loop_set_status_from_info+0x3a0/0x3a0
[  290.805197][T14269]  kthread_create_on_node+0x72/0xa0
[  290.810390][T14269]  loop_configure+0x597/0xcb0
[  290.815044][T14269]  ? mntput+0x45/0x70
[  290.819017][T14269]  lo_ioctl+0x555/0x11f0
[  290.823418][T14269]  ? path_openat+0x19ab/0x20b0
[  290.828176][T14269]  ? putname+0xa5/0xc0
[  290.832311][T14269]  ? ___cache_free+0x3c/0x300
[  290.836969][T14269]  ? blkdev_common_ioctl+0x9c3/0x1040
[  290.842379][T14269]  ? selinux_file_ioctl+0x8e0/0x970
[  290.847563][T14269]  ? lo_release+0x120/0x120
[  290.852040][T14269]  blkdev_ioctl+0x1d0/0x3c0
[  290.856644][T14269]  block_ioctl+0x6d/0x80
[  290.860922][T14269]  ? blkdev_iopoll+0x70/0x70
[  290.865500][T14269]  __se_sys_ioctl+0xcb/0x140
[  290.870077][T14269]  __x64_sys_ioctl+0x3f/0x50
[  290.874649][T14269]  do_syscall_64+0x4a/0x90
[  290.879102][T14269]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  290.885014][T14269] RIP: 0033:0x466397
[  290.888884][T14269] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  290.908474][T14269] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  290.916935][T14269] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  290.924898][T14269] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  290.932915][T14269] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  290.940932][T14269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  290.948942][T14269] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  290.961273][T14258]  loop3: p2 p3 p4
[  290.965098][T14260]  loop2: p2 p3 p4
[  290.969346][T14262]  loop5: p2 p3 p4
[  290.970000][T14258] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  290.973517][T14262] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  290.980427][T14260] loop2: p2 size 1073872896 extends beyond EOD, truncated
01:17:30 executing program 4 (fault-call:7 fault-nth:14):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  290.988124][T14262] loop5: p3 start 225 is beyond EOD, truncated
[  290.995621][T14260] loop2: p3 start 225 is beyond EOD, 
[  291.000729][T14262] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  291.013298][T14260] truncated
[  291.016395][T14260] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  291.021692][T14258] loop3: p3 start 225 is beyond EOD, truncated
[  291.029673][T14258] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  291.039123][T14276] FAULT_INJECTION: forcing a failure.
[  291.039123][T14276] name failslab, interval 1, probability 0, space 0, times 0
[  291.052476][T14276] CPU: 0 PID: 14276 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  291.056077][T14286] loop1: detected capacity change from 0 to 1
[  291.061300][T14276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.061314][T14276] Call Trace:
[  291.061321][T14276]  dump_stack+0x137/0x19d
[  291.061346][T14276]  should_fail+0x23c/0x250
[  291.090629][T14276]  ? __kernfs_new_node+0x6a/0x330
01:17:30 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x4000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  291.095740][T14276]  __should_failslab+0x81/0x90
[  291.100486][T14276]  should_failslab+0x5/0x20
[  291.104985][T14276]  kmem_cache_alloc+0x46/0x2f0
[  291.109753][T14276]  ? kvm_sched_clock_read+0xd/0x20
[  291.114908][T14276]  __kernfs_new_node+0x6a/0x330
[  291.119760][T14276]  ? select_task_rq_fair+0x186/0xc00
[  291.125118][T14276]  ? rb_insert_color+0x2bd/0x310
[  291.130232][T14276]  kernfs_create_dir_ns+0x5e/0x140
[  291.135373][T14276]  internal_create_group+0x138/0x850
[  291.140649][T14276]  ? enqueue_task_fair+0xcd/0x510
[  291.145714][T14276]  sysfs_create_group+0x1b/0x20
[  291.150593][T14276]  loop_configure+0xa21/0xcb0
[  291.155286][T14276]  lo_ioctl+0x555/0x11f0
[  291.159503][T14276]  ? path_openat+0x19ab/0x20b0
[  291.164252][T14276]  ? putname+0xa5/0xc0
[  291.168361][T14276]  ? ___cache_free+0x3c/0x300
[  291.173017][T14276]  ? blkdev_common_ioctl+0x9c3/0x1040
[  291.180120][T14276]  ? selinux_file_ioctl+0x8e0/0x970
[  291.185302][T14276]  ? lo_release+0x120/0x120
[  291.189830][T14276]  blkdev_ioctl+0x1d0/0x3c0
[  291.194318][T14276]  block_ioctl+0x6d/0x80
[  291.198713][T14276]  ? blkdev_iopoll+0x70/0x70
[  291.203280][T14276]  __se_sys_ioctl+0xcb/0x140
[  291.207859][T14276]  __x64_sys_ioctl+0x3f/0x50
[  291.212490][T14276]  do_syscall_64+0x4a/0x90
[  291.216890][T14276]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  291.222830][T14276] RIP: 0033:0x466397
[  291.226705][T14276] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  291.246328][T14276] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  291.254734][T14276] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  291.262688][T14276] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  291.270649][T14276] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  291.278597][T14276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  291.286621][T14276] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  291.294785][T14276] loop4: detected capacity change from 0 to 1
[  291.301830][ T1032]  loop3: p2 p3 p4
[  291.305781][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  291.313983][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  291.320289][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  291.328338][T14286]  loop1: p2 p3 p4
[  291.334564][T14286] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  291.336444][T14276]  loop4: p2 p3 p4
01:17:30 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x310, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x6c, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  291.343369][T14286] loop1: p3 start 225 is beyond EOD, truncated
[  291.351688][T14286] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.372387][T14276] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  291.383807][T14276] loop4: p3 start 225 is beyond EOD, truncated
[  291.390043][T14276] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  291.413414][T14324] loop2: detected capacity change from 0 to 1
[  291.415812][T14320] loop1: detected capacity change from 0 to 1
[  291.419645][T14311] loop5: detected capacity change from 0 to 1
[  291.429889][T14327] loop3: detected capacity change from 0 to 1
[  291.451027][T14311]  loop5: p2 p3 p4
[  291.455529][T14311] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  291.463817][T14311] loop5: p3 start 225 is beyond EOD, truncated
[  291.471071][T14311] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  291.481447][T14327]  loop3: p2 p3 p4
[  291.485987][ T1032]  loop1: p2 p3 p4
[  291.486050][T14324]  loop2: p2 p3 p4
[  291.490402][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  291.495538][T14327] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:30 executing program 4 (fault-call:7 fault-nth:15):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  291.512783][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  291.513487][T14324] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  291.519384][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  291.527839][T14327] loop3: p3 start 225 is beyond EOD, truncated
[  291.539895][T14327] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  291.548130][T14324] loop2: p3 start 225 is beyond EOD, truncated
[  291.554425][T14324] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  291.562776][T14320]  loop1: p2 p3 p4
[  291.566567][T14320] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  291.571464][T14352] FAULT_INJECTION: forcing a failure.
[  291.571464][T14352] name failslab, interval 1, probability 0, space 0, times 0
[  291.575114][T14320] loop1: p3 start 225 is beyond EOD, 
[  291.586310][T14352] CPU: 0 PID: 14352 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  291.586322][T14320] truncated
[  291.591909][T14320] loop1: p4 size 3657465856 extends beyond EOD, 
01:17:30 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  291.601944][T14352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  291.601957][T14352] Call Trace:
[  291.601964][T14352]  dump_stack+0x137/0x19d
[  291.601987][T14352]  should_fail+0x23c/0x250
[  291.602002][T14352]  ? __kernfs_new_node+0x6a/0x330
[  291.602024][T14352]  __should_failslab+0x81/0x90
[  291.605134][T14320] truncated
[  291.611549][T14352]  should_failslab+0x5/0x20
[  291.611567][T14352]  kmem_cache_alloc+0x46/0x2f0
[  291.657312][T14352]  ? __cond_resched+0x11/0x40
01:17:30 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3fe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x6, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  291.662000][T14352]  __kernfs_new_node+0x6a/0x330
[  291.666951][T14352]  ? idr_alloc_cyclic+0x249/0x2d0
[  291.672161][T14352]  ? rb_insert_color+0x7e/0x310
[  291.677023][T14352]  kernfs_new_node+0x5b/0xd0
[  291.681706][T14352]  __kernfs_create_file+0x45/0x1a0
[  291.686817][T14352]  sysfs_add_file_mode_ns+0x1c1/0x250
[  291.692204][T14352]  internal_create_group+0x2e4/0x850
[  291.697524][T14352]  sysfs_create_group+0x1b/0x20
[  291.702368][T14352]  loop_configure+0xa21/0xcb0
[  291.707040][T14352]  lo_ioctl+0x555/0x11f0
[  291.711374][T14352]  ? path_openat+0x19ab/0x20b0
[  291.716117][T14352]  ? putname+0xa5/0xc0
[  291.720164][T14352]  ? ___cache_free+0x3c/0x300
[  291.725023][T14352]  ? blkdev_common_ioctl+0x9c3/0x1040
[  291.730403][T14352]  ? selinux_file_ioctl+0x8e0/0x970
[  291.735611][T14352]  ? lo_release+0x120/0x120
[  291.740135][T14352]  blkdev_ioctl+0x1d0/0x3c0
[  291.745356][T14352]  block_ioctl+0x6d/0x80
[  291.749578][T14352]  ? blkdev_iopoll+0x70/0x70
[  291.754150][T14352]  __se_sys_ioctl+0xcb/0x140
[  291.758729][T14352]  __x64_sys_ioctl+0x3f/0x50
[  291.763329][T14352]  do_syscall_64+0x4a/0x90
[  291.767797][T14352]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  291.773743][T14352] RIP: 0033:0x466397
[  291.777615][T14352] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  291.797202][T14352] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  291.805668][T14352] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  291.813824][T14352] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  291.824380][T14352] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  291.834031][T14352] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  291.842480][T14352] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:30 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x7, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x74, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:30 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x72, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  291.860841][T14352] loop4: detected capacity change from 0 to 1
[  291.865000][T14371] loop5: detected capacity change from 0 to 1
[  291.927541][T14371]  loop5: p2 p3 p4
[  291.931533][T14352]  loop4: p2 p3 p4
[  291.935378][T14352] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  291.939500][T14386] loop1: detected capacity change from 0 to 1
[  291.943852][T14371] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  291.958273][T14393] loop2: detected capacity change from 0 to 1
[  291.964873][T14352] loop4: p3 start 225 is beyond EOD, truncated
[  291.965077][T14394] loop3: detected capacity change from 0 to 1
01:17:31 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x5000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  291.971087][T14352] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  291.982404][T14371] loop5: p3 start 225 is beyond EOD, truncated
[  291.985607][T14386]  loop1: p2 p3 p4
[  291.993351][T14371] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  292.000701][T14386] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  292.010906][T14394]  loop3: p2 p3 p4
[  292.014857][T14393]  loop2: p2 p3 p4
[  292.015331][T14394] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  292.022366][T14393] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  292.028078][T14394] loop3: p3 start 225 is beyond EOD, truncated
[  292.042624][T14394] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  292.054946][T14386] loop1: p3 start 225 is beyond EOD, truncated
01:17:31 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x402, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:31 executing program 4 (fault-call:7 fault-nth:16):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.066270][T14386] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  292.079778][T14393] loop2: p3 start 225 is beyond EOD, truncated
[  292.086310][T14393] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  292.092454][T14421] loop5: detected capacity change from 0 to 2
[  292.100958][ T1032]  loop1: p2 p3 p4
[  292.105621][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  292.113047][T14433] FAULT_INJECTION: forcing a failure.
[  292.113047][T14433] name failslab, interval 1, probability 0, space 0, times 0
[  292.114001][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  292.125767][T14433] CPU: 1 PID: 14433 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  292.131928][ T1032] loop1: p4 size 3657465856 extends beyond EOD, 
[  292.140819][T14433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.140831][T14433] Call Trace:
[  292.140838][T14433]  dump_stack+0x137/0x19d
[  292.147139][ T1032] truncated
[  292.170721][T14433]  should_fail+0x23c/0x250
[  292.175299][T14433]  ? __kernfs_new_node+0x6a/0x330
[  292.180319][T14433]  __should_failslab+0x81/0x90
[  292.185067][T14433]  should_failslab+0x5/0x20
[  292.189551][T14433]  kmem_cache_alloc+0x46/0x2f0
[  292.194294][T14433]  __kernfs_new_node+0x6a/0x330
[  292.199127][T14433]  ? __cond_resched+0x11/0x40
[  292.203783][T14433]  ? mutex_lock+0x9/0x30
[  292.208074][T14433]  kernfs_new_node+0x5b/0xd0
[  292.212658][T14433]  __kernfs_create_file+0x45/0x1a0
[  292.217820][T14433]  sysfs_add_file_mode_ns+0x1c1/0x250
[  292.223181][T14433]  internal_create_group+0x2e4/0x850
[  292.228465][T14433]  sysfs_create_group+0x1b/0x20
[  292.233306][T14433]  loop_configure+0xa21/0xcb0
[  292.238005][T14433]  lo_ioctl+0x555/0x11f0
[  292.242302][T14433]  ? path_openat+0x19ab/0x20b0
[  292.247070][T14433]  ? putname+0xa5/0xc0
[  292.251114][T14433]  ? ___cache_free+0x3c/0x300
[  292.255818][T14433]  ? blkdev_common_ioctl+0x9c3/0x1040
[  292.261168][T14433]  ? selinux_file_ioctl+0x8e0/0x970
[  292.266413][T14433]  ? lo_release+0x120/0x120
[  292.270925][T14433]  blkdev_ioctl+0x1d0/0x3c0
[  292.275404][T14433]  block_ioctl+0x6d/0x80
[  292.279626][T14433]  ? blkdev_iopoll+0x70/0x70
[  292.284272][T14433]  __se_sys_ioctl+0xcb/0x140
[  292.288971][T14433]  __x64_sys_ioctl+0x3f/0x50
[  292.293554][T14433]  do_syscall_64+0x4a/0x90
[  292.297959][T14433]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  292.303839][T14433] RIP: 0033:0x466397
[  292.307724][T14433] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  292.328360][T14433] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  292.336755][T14433] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  292.344717][T14433] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  292.352803][T14433] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  292.363106][T14433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  292.371063][T14433] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:31 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x74, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:31 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x8, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:31 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7a, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.379956][T14421]  loop5: p2 p3 p4
[  292.384286][T14421] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  292.386910][T14433] loop4: detected capacity change from 0 to 1
[  292.427162][T14421] loop5: p3 start 225 is beyond EOD, truncated
[  292.433405][T14421] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  292.441393][T14433]  loop4: p2 p3 p4
[  292.444045][T14454] loop1: detected capacity change from 0 to 1
[  292.445281][T14433] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  292.462994][T14451] loop3: detected capacity change from 0 to 1
[  292.463829][T14433] loop4: p3 start 225 is beyond EOD, truncated
[  292.474728][T14458] loop2: detected capacity change from 0 to 1
[  292.475355][T14433] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  292.500831][T14454]  loop1: p2 p3 p4
[  292.501018][ T1032]  loop3: p2 p3 p4
[  292.504870][T14458]  loop2: p2 p3 p4
[  292.508452][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  292.512663][T14454] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:31 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x406, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.527326][T14458] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  292.527500][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  292.536258][T14458] loop2: p3 start 225 is beyond EOD, truncated
[  292.540740][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  292.546974][T14458] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  292.570620][T14454] loop1: p3 start 225 is beyond EOD, truncated
01:17:31 executing program 4 (fault-call:7 fault-nth:17):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.576807][T14454] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  292.592316][T14451]  loop3: p2 p3 p4
[  292.593560][T14488] loop5: detected capacity change from 0 to 2
[  292.601265][T14451] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  292.610107][T14451] loop3: p3 start 225 is beyond EOD, truncated
[  292.616324][T14451] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  292.621596][T14494] FAULT_INJECTION: forcing a failure.
[  292.621596][T14494] name failslab, interval 1, probability 0, space 0, times 0
[  292.624599][T14488]  loop5: p2 p3 p4
[  292.636146][T14494] CPU: 0 PID: 14494 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  292.636165][T14494] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  292.642024][T14488] loop5: p2 size 1073872896 extends beyond EOD, 
[  292.648600][T14494] Call Trace:
[  292.648609][T14494]  dump_stack+0x137/0x19d
[  292.658800][T14488] truncated
[  292.665261][T14494]  should_fail+0x23c/0x250
[  292.665285][T14494]  ? __kernfs_new_node+0x6a/0x330
[  292.675181][T14488] loop5: p3 start 225 is beyond EOD, 
[  292.676279][T14494]  __should_failslab+0x81/0x90
[  292.676309][T14494]  should_failslab+0x5/0x20
[  292.680711][T14488] truncated
[  292.685783][T14494]  kmem_cache_alloc+0x46/0x2f0
[  292.692133][T14488] loop5: p4 size 3657465856 extends beyond EOD, 
[  292.696850][T14494]  __kernfs_new_node+0x6a/0x330
[  292.701353][T14488] truncated
[  292.704423][T14494]  ? __cond_resched+0x11/0x40
01:17:31 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x7a, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:31 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x9, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:31 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x90, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.728149][T14494]  ? mutex_lock+0x9/0x30
[  292.733597][T14494]  kernfs_new_node+0x5b/0xd0
[  292.738191][T14494]  __kernfs_create_file+0x45/0x1a0
[  292.743340][T14494]  sysfs_add_file_mode_ns+0x1c1/0x250
[  292.748728][T14494]  internal_create_group+0x2e4/0x850
[  292.754100][T14494]  sysfs_create_group+0x1b/0x20
[  292.758967][T14494]  loop_configure+0xa21/0xcb0
[  292.763700][T14494]  lo_ioctl+0x555/0x11f0
[  292.767946][T14494]  ? path_openat+0x19ab/0x20b0
[  292.772797][T14494]  ? putname+0xa5/0xc0
[  292.777167][T14494]  ? kcsan_setup_watchpoint+0x213/0x380
[  292.781586][ T1032]  loop3: p2 p3 p4
[  292.782763][T14494]  ? blkdev_common_ioctl+0x9c3/0x1040
[  292.782786][T14494]  ? selinux_file_ioctl+0x8e0/0x970
[  292.782802][T14494]  ? lo_release+0x120/0x120
[  292.786692][ T1032] loop3: p2 size 1073872896 extends beyond EOD, 
[  292.791854][T14494]  blkdev_ioctl+0x1d0/0x3c0
[  292.791876][T14494]  block_ioctl+0x6d/0x80
[  292.791893][T14494]  ? blkdev_iopoll+0x70/0x70
[  292.791910][T14494]  __se_sys_ioctl+0xcb/0x140
[  292.797214][ T1032] truncated
01:17:31 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x90, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.802590][ T1032] loop3: p3 start 225 is beyond EOD, 
[  292.807999][T14494]  __x64_sys_ioctl+0x3f/0x50
[  292.808026][T14494]  do_syscall_64+0x4a/0x90
[  292.812522][ T1032] truncated
[  292.816719][T14494]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  292.821296][ T1032] loop3: p4 size 3657465856 extends beyond EOD, 
[  292.825841][T14494] RIP: 0033:0x466397
[  292.828934][ T1032] truncated
[  292.840690][T14501] loop1: detected capacity change from 0 to 1
01:17:31 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x6000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  292.843236][T14494] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  292.843256][T14494] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246
[  292.854761][T14520] loop2: detected capacity change from 0 to 1
[  292.858607][T14494]  ORIG_RAX: 0000000000000010
[  292.858616][T14494] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  292.858630][T14494] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
01:17:32 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x480, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  292.924871][T14494] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  292.932876][T14494] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  292.940826][T14494] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  292.949612][T14494] loop4: detected capacity change from 0 to 1
[  292.971002][T14520]  loop2: p2 p3 p4
[  292.974982][T14501]  loop1: p2 p3 p4
[  292.979022][T14520] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  292.990606][T14494]  loop4: p2 p3 p4
[  292.990726][T14501] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  292.994444][T14494] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  293.004098][T14520] loop2: p3 start 225 is beyond EOD, truncated
[  293.014840][T14520] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  293.023373][T14532] loop5: detected capacity change from 0 to 2
[  293.023394][T14494] loop4: p3 start 225 is beyond EOD, truncated
[  293.031067][T14501] loop1: p3 start 225 is beyond EOD, truncated
[  293.035660][T14494] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  293.041789][T14501] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  293.056210][T14543] loop3: detected capacity change from 0 to 1
[  293.070512][T14532]  loop5: p2 p3 p4
01:17:32 executing program 4 (fault-call:7 fault-nth:18):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.074314][T14532] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  293.088300][T14532] loop5: p3 start 225 is beyond EOD, truncated
[  293.094967][T14532] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  293.112031][T14563] FAULT_INJECTION: forcing a failure.
[  293.112031][T14563] name failslab, interval 1, probability 0, space 0, times 0
[  293.112887][T14543]  loop3: p2 p3 p4
[  293.124755][T14563] CPU: 1 PID: 14563 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  293.124784][T14563] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.124793][T14563] Call Trace:
[  293.124800][T14563]  dump_stack+0x137/0x19d
[  293.138701][T14543] loop3: p2 size 1073872896 extends beyond EOD, 
[  293.147281][T14563]  should_fail+0x23c/0x250
[  293.147307][T14563]  ? __kernfs_new_node+0x6a/0x330
[  293.147328][T14563]  __should_failslab+0x81/0x90
[  293.150634][T14543] truncated
01:17:32 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.154916][T14563]  should_failslab+0x5/0x20
[  293.154930][T14563]  kmem_cache_alloc+0x46/0x2f0
[  293.154963][T14563]  __kernfs_new_node+0x6a/0x330
[  293.154979][T14563]  ? __cond_resched+0x11/0x40
[  293.165464][T14565] loop1: detected capacity change from 0 to 1
[  293.165765][T14563]  ? mutex_lock+0x9/0x30
[  293.190957][T14543] loop3: p3 start 225 is beyond EOD, 
[  293.192800][T14563]  kernfs_new_node+0x5b/0xd0
[  293.197464][T14543] truncated
[  293.197468][T14543] loop3: p4 size 3657465856 extends beyond EOD, 
[  293.203511][T14563]  __kernfs_create_file+0x45/0x1a0
[  293.203534][T14563]  sysfs_add_file_mode_ns+0x1c1/0x250
[  293.207761][T14543] truncated
[  293.217261][T14576] loop2: detected capacity change from 0 to 1
[  293.217678][T14563]  internal_create_group+0x2e4/0x850
[  293.251977][T14563]  sysfs_create_group+0x1b/0x20
[  293.256858][T14563]  loop_configure+0xa21/0xcb0
[  293.261519][T14563]  lo_ioctl+0x555/0x11f0
[  293.265979][T14563]  ? path_openat+0x19ab/0x20b0
[  293.270781][T14563]  ? putname+0xa5/0xc0
[  293.274839][T14563]  ? ___cache_free+0x3c/0x300
[  293.279643][T14563]  ? blkdev_common_ioctl+0x9c3/0x1040
[  293.285002][T14563]  ? selinux_file_ioctl+0x8e0/0x970
[  293.290201][T14563]  ? lo_release+0x120/0x120
[  293.294682][T14563]  blkdev_ioctl+0x1d0/0x3c0
[  293.299260][T14563]  block_ioctl+0x6d/0x80
[  293.303485][T14563]  ? blkdev_iopoll+0x70/0x70
[  293.308051][T14563]  __se_sys_ioctl+0xcb/0x140
[  293.312620][T14563]  __x64_sys_ioctl+0x3f/0x50
[  293.317216][T14563]  do_syscall_64+0x4a/0x90
[  293.321718][T14563]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  293.327592][T14563] RIP: 0033:0x466397
[  293.331485][T14563] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  293.351080][T14563] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.359485][T14563] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  293.367487][T14563] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  293.378570][T14563] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  293.386658][T14563] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  293.394611][T14563] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  293.403090][T14563] loop4: detected capacity change from 0 to 1
[  293.408321][ T1032]  loop3: p2 p3 p4
[  293.413830][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:32 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xa, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:32 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4f5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.432364][T14576]  loop2: p2 p3 p4
[  293.436575][T14576] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  293.441422][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  293.445052][T14563]  loop4: p2 p3 p4
[  293.449840][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  293.450530][T14576] loop2: p3 start 225 is beyond EOD, 
[  293.454089][T14563] loop4: p2 size 1073872896 extends beyond EOD, 
[  293.460810][T14576] truncated
[  293.460816][T14576] loop2: p4 size 3657465856 extends beyond EOD, 
01:17:32 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:32 executing program 4 (fault-call:7 fault-nth:19):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.466187][T14563] truncated
[  293.467924][T14563] loop4: p3 start 225 is beyond EOD, 
[  293.472524][T14576] truncated
[  293.473251][T14589] loop5: detected capacity change from 0 to 2
[  293.475622][T14563] truncated
[  293.475627][T14563] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  293.509933][T14600] loop1: detected capacity change from 0 to 1
[  293.520472][T14589]  loop5: p2 p3 p4
[  293.524299][T14589] loop5: p2 size 1073872896 extends beyond EOD, truncated
01:17:32 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x204, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.542314][T14600]  loop1: p2 p3 p4
[  293.542561][T14589] loop5: p3 start 225 is beyond EOD, truncated
[  293.551078][T14600] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  293.553006][T14589] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  293.574787][T14600] loop1: p3 start 225 is beyond EOD, truncated
[  293.581041][T14600] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  293.584130][T14620] loop3: detected capacity change from 0 to 1
[  293.591750][T14621] FAULT_INJECTION: forcing a failure.
[  293.591750][T14621] name failslab, interval 1, probability 0, space 0, times 0
[  293.607171][T14621] CPU: 1 PID: 14621 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  293.615934][T14621] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  293.625967][T14621] Call Trace:
[  293.629383][T14621]  dump_stack+0x137/0x19d
[  293.633697][T14621]  should_fail+0x23c/0x250
[  293.638122][T14621]  ? __kernfs_new_node+0x6a/0x330
[  293.644192][T14621]  __should_failslab+0x81/0x90
[  293.649018][T14621]  should_failslab+0x5/0x20
[  293.653504][T14621]  kmem_cache_alloc+0x46/0x2f0
[  293.658451][T14621]  __kernfs_new_node+0x6a/0x330
[  293.663382][T14621]  ? __cond_resched+0x11/0x40
[  293.668041][T14621]  ? mutex_lock+0x9/0x30
[  293.672261][T14621]  kernfs_new_node+0x5b/0xd0
[  293.676875][T14621]  __kernfs_create_file+0x45/0x1a0
[  293.681968][T14621]  sysfs_add_file_mode_ns+0x1c1/0x250
[  293.687392][T14621]  internal_create_group+0x2e4/0x850
[  293.692735][T14621]  sysfs_create_group+0x1b/0x20
[  293.697565][T14621]  loop_configure+0xa21/0xcb0
[  293.702259][T14621]  lo_ioctl+0x555/0x11f0
[  293.706616][T14621]  ? path_openat+0x19ab/0x20b0
[  293.711424][T14621]  ? putname+0xa5/0xc0
[  293.715618][T14621]  ? ___cache_free+0x3c/0x300
[  293.720283][T14621]  ? blkdev_common_ioctl+0x9c3/0x1040
[  293.725726][T14621]  ? selinux_file_ioctl+0x8e0/0x970
[  293.730903][T14621]  ? lo_release+0x120/0x120
[  293.735394][T14621]  blkdev_ioctl+0x1d0/0x3c0
[  293.739881][T14621]  block_ioctl+0x6d/0x80
[  293.744118][T14621]  ? blkdev_iopoll+0x70/0x70
[  293.748688][T14621]  __se_sys_ioctl+0xcb/0x140
[  293.753375][T14621]  __x64_sys_ioctl+0x3f/0x50
[  293.757994][T14621]  do_syscall_64+0x4a/0x90
[  293.762745][T14621]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  293.768739][T14621] RIP: 0033:0x466397
[  293.772622][T14621] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
01:17:32 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x7000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  293.792227][T14621] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  293.800735][T14621] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  293.808719][T14621] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  293.816701][T14621] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  293.824734][T14621] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  293.832878][T14621] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
01:17:32 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x500, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.846694][T14621] loop4: detected capacity change from 0 to 1
[  293.853955][T14620]  loop3: p2 p3 p4
[  293.857722][T14620] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  293.872490][T14620] loop3: p3 start 225 is beyond EOD, truncated
[  293.878693][T14620] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  293.882434][T14626] loop2: detected capacity change from 0 to 1
[  293.886117][T14645] loop1: detected capacity change from 0 to 1
[  293.902153][ T1032]  loop3: p2 p3 p4
[  293.905975][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  293.909406][T14651] loop5: detected capacity change from 0 to 2
[  293.915121][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  293.925472][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  293.926561][T14621]  loop4: p2 p3 p4
[  293.936880][T14626]  loop2: p2 p3 p4
[  293.936997][T14645]  loop1: p2 p3 p4
[  293.940898][T14626] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  293.950368][T14645] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  293.951653][T14651]  loop5: p2 p3 p4
[  293.961068][T14645] loop1: p3 start 225 is beyond EOD, truncated
[  293.963186][T14651] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  293.968534][T14645] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  293.970490][T14621] loop4: p2 size 1073872896 extends beyond EOD, 
[  293.976654][T14626] loop2: p3 start 225 is beyond EOD, 
[  293.982842][T14621] truncated
01:17:33 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  293.989485][T14621] loop4: p3 start 225 is beyond EOD, 
[  293.994632][T14626] truncated
[  293.997710][T14621] truncated
[  293.997716][T14621] loop4: p4 size 3657465856 extends beyond EOD, 
[  294.003164][T14626] loop2: p4 size 3657465856 extends beyond EOD, 
[  294.006282][T14621] truncated
[  294.009358][T14626] truncated
[  294.016009][T14651] loop5: p3 start 225 is beyond EOD, truncated
[  294.034415][T14651] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  294.045013][T14678] loop3: detected capacity change from 0 to 1
01:17:33 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xb, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:33 executing program 4 (fault-call:7 fault-nth:20):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  294.094286][ T1032]  loop1: p2 p3 p4
[  294.111319][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  294.112235][T14678]  loop3: p2 p3 p4
[  294.127842][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  294.134157][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:33 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x300, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:33 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x600, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  294.140927][T14678] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  294.153593][T14678] loop3: p3 start 225 is beyond EOD, truncated
[  294.159387][T14694] FAULT_INJECTION: forcing a failure.
[  294.159387][T14694] name failslab, interval 1, probability 0, space 0, times 0
[  294.162166][T14678] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  294.174748][T14694] CPU: 0 PID: 14694 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  294.190577][T14694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.193994][T14705] loop2: detected capacity change from 0 to 1
[  294.200633][T14694] Call Trace:
[  294.200643][T14694]  dump_stack+0x137/0x19d
[  294.200667][T14694]  should_fail+0x23c/0x250
[  294.200683][T14694]  ? __kernfs_new_node+0x6a/0x330
[  294.207233][T14704] loop5: detected capacity change from 0 to 3
[  294.210047][T14694]  __should_failslab+0x81/0x90
[  294.234772][T14694]  should_failslab+0x5/0x20
[  294.239301][T14694]  kmem_cache_alloc+0x46/0x2f0
[  294.244058][T14694]  __kernfs_new_node+0x6a/0x330
[  294.248984][T14694]  ? __cond_resched+0x11/0x40
[  294.253885][T14694]  ? mutex_lock+0x9/0x30
[  294.258149][T14694]  kernfs_new_node+0x5b/0xd0
[  294.262724][T14694]  __kernfs_create_file+0x45/0x1a0
[  294.267827][T14694]  sysfs_add_file_mode_ns+0x1c1/0x250
[  294.273212][T14694]  internal_create_group+0x2e4/0x850
[  294.278481][T14694]  sysfs_create_group+0x1b/0x20
[  294.283382][T14694]  loop_configure+0xa21/0xcb0
[  294.288121][T14694]  lo_ioctl+0x555/0x11f0
[  294.292700][T14694]  ? path_openat+0x19ab/0x20b0
[  294.297448][T14694]  ? putname+0xa5/0xc0
[  294.301509][T14694]  ? ___cache_free+0x3c/0x300
[  294.306167][T14694]  ? blkdev_common_ioctl+0x9c3/0x1040
[  294.311523][T14694]  ? selinux_file_ioctl+0x8e0/0x970
[  294.316704][T14694]  ? lo_release+0x120/0x120
[  294.321183][T14694]  blkdev_ioctl+0x1d0/0x3c0
[  294.325676][T14694]  block_ioctl+0x6d/0x80
[  294.329924][T14694]  ? blkdev_iopoll+0x70/0x70
[  294.334687][T14694]  __se_sys_ioctl+0xcb/0x140
[  294.339411][T14694]  __x64_sys_ioctl+0x3f/0x50
[  294.345290][T14694]  do_syscall_64+0x4a/0x90
[  294.349730][T14694]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  294.355641][T14694] RIP: 0033:0x466397
[  294.359567][T14694] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  294.379260][T14694] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.387655][T14694] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  294.395604][T14694] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  294.403559][T14694] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  294.411508][T14694] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  294.419589][T14694] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  294.431912][T14694] loop4: detected capacity change from 0 to 1
[  294.450467][T14704]  loop5: p2 p3 p4
[  294.454460][T14704] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  294.461906][T14699] loop1: detected capacity change from 0 to 1
[  294.468678][T14704] loop5: p3 start 225 is beyond EOD, truncated
[  294.474868][T14704] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  294.486597][T14705]  loop2: p2 p3 p4
[  294.486802][T14694]  loop4: p2 p3 p4
01:17:33 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xfe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  294.491277][T14705] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  294.501370][T14699]  loop1: p2 p3 p4
[  294.505833][T14699] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  294.510190][T14694] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  294.521108][T14694] loop4: p3 start 225 is beyond EOD, truncated
[  294.525528][T14699] loop1: p3 start 225 is beyond EOD, 
[  294.527315][T14694] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  294.539890][T14699] truncated
[  294.543020][T14699] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  294.544943][T14705] loop2: p3 start 225 is beyond EOD, truncated
[  294.556375][T14705] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  294.563678][T14731] loop3: detected capacity change from 0 to 1
01:17:33 executing program 4 (fault-call:7 fault-nth:21):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:33 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x604, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  294.600851][T14731]  loop3: p2 p3 p4
[  294.604670][T14731] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  294.614241][T14731] loop3: p3 start 225 is beyond EOD, truncated
[  294.620453][T14731] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:33 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x310, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  294.645998][T14752] loop1: detected capacity change from 0 to 1
[  294.665842][ T1032]  loop3: p2 p3 p4
[  294.670307][T14759] loop5: detected capacity change from 0 to 3
[  294.676596][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  294.676789][T14763] loop2: detected capacity change from 0 to 1
[  294.684856][T14768] loop4: detected capacity change from 0 to 1
01:17:33 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x8000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  294.692445][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  294.700645][T14768] FAULT_INJECTION: forcing a failure.
[  294.700645][T14768] name failslab, interval 1, probability 0, space 0, times 0
[  294.702351][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  294.714917][T14768] CPU: 0 PID: 14768 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  294.714942][T14768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  294.740793][T14768] Call Trace:
[  294.744073][T14768]  dump_stack+0x137/0x19d
[  294.748405][T14768]  should_fail+0x23c/0x250
[  294.752824][T14768]  __should_failslab+0x81/0x90
[  294.757585][T14768]  ? kobject_uevent_env+0x1a7/0xc40
[  294.762797][T14768]  should_failslab+0x5/0x20
[  294.767283][T14768]  kmem_cache_alloc_trace+0x49/0x310
[  294.772552][T14768]  ? dev_uevent_filter+0x70/0x70
[  294.777473][T14768]  kobject_uevent_env+0x1a7/0xc40
[  294.782483][T14768]  kobject_uevent+0x18/0x20
[  294.786997][T14768]  loop_configure+0xb3c/0xcb0
[  294.791653][T14768]  lo_ioctl+0x555/0x11f0
[  294.795889][T14768]  ? path_openat+0x19ab/0x20b0
[  294.800674][T14768]  ? putname+0xa5/0xc0
[  294.804723][T14768]  ? ___cache_free+0x3c/0x300
[  294.809384][T14768]  ? blkdev_common_ioctl+0x9c3/0x1040
[  294.814736][T14768]  ? selinux_file_ioctl+0x8e0/0x970
[  294.819913][T14768]  ? lo_release+0x120/0x120
[  294.824446][T14768]  blkdev_ioctl+0x1d0/0x3c0
[  294.828929][T14768]  block_ioctl+0x6d/0x80
[  294.833166][T14768]  ? blkdev_iopoll+0x70/0x70
[  294.837738][T14768]  __se_sys_ioctl+0xcb/0x140
[  294.842364][T14768]  __x64_sys_ioctl+0x3f/0x50
[  294.846935][T14768]  do_syscall_64+0x4a/0x90
[  294.851364][T14768]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  294.857241][T14768] RIP: 0033:0x466397
[  294.861116][T14768] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  294.880731][T14768] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  294.889440][T14768] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  294.897403][T14768] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  294.905361][T14768] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  294.913400][T14768] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  294.921454][T14768] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  294.930350][T14759]  loop5: p2 p3 p4
[  294.934481][T14759] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  294.935235][T14752]  loop1: p2 p3 p4
[  294.942768][T14759] loop5: p3 start 225 is beyond EOD, truncated
[  294.945865][T14752] loop1: p2 size 1073872896 extends beyond EOD, 
[  294.951507][T14759] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  294.957913][T14752] truncated
[  294.958946][T14752] loop1: p3 start 225 is beyond EOD, truncated
[  294.970782][ T1032]  loop2: p2 p3 p4
[  294.974347][T14752] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  294.978362][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  294.993177][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  294.999541][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  295.008470][T14763]  loop2: p2 p3 p4
[  295.012543][T14763] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  295.020400][T14768]  loop4: p2 p3 p4
[  295.022082][T14763] loop2: p3 start 225 is beyond EOD, truncated
[  295.025779][T14768] loop4: p2 size 1073872896 extends beyond EOD, 
[  295.030686][T14763] loop2: p4 size 3657465856 extends beyond EOD, 
[  295.031134][    C1] ==================================================================
[  295.031143][    C1] BUG: KCSAN: data-race in console_unlock / console_unlock
[  295.031162][    C1] 
[  295.031166][    C1] write to 0xffffffff8454e940 of 8 bytes by task 14763 on cpu 0:
[  295.031174][    C1]  console_unlock+0x570/0xb30
[  295.031179][    C1]  vprintk_emit+0x125/0x3d0
[  295.031183][    C1]  vprintk_default+0x22/0x30
[  295.031188][    C1]  vprintk+0x15a/0x170
[  295.031192][    C1]  printk+0x62/0x87
[  295.031196][    C1]  blk_add_partitions+0x686/0xa80
[  295.031201][    C1]  bdev_disk_changed+0x2d3/0x340
01:17:34 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xc, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:34 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x204, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:34 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x700, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.031205][    C1]  loop_set_status+0x75f/0x7e0
[  295.031210][    C1]  lo_ioctl+0x758/0x11f0
[  295.031214][    C1]  blkdev_ioctl+0x1d0/0x3c0
[  295.031218][    C1]  block_ioctl+0x6d/0x80
[  295.031223][    C1]  __se_sys_ioctl+0xcb/0x140
[  295.031227][    C1]  __x64_sys_ioctl+0x3f/0x50
[  295.031232][    C1]  do_syscall_64+0x4a/0x90
[  295.031236][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  295.031241][    C1] 
[  295.031245][    C1] read to 0xffffffff8454e940 of 8 bytes by task 14768 on cpu 1:
[  295.031252][    C1]  console_unlock+0x9f5/0xb30
[  295.031256][    C1]  vprintk_emit+0x125/0x3d0
[  295.031280][    C1]  vprintk_default+0x22/0x30
[  295.031284][    C1]  vprintk+0x15a/0x170
[  295.031288][    C1]  printk+0x62/0x87
[  295.031293][    C1]  blk_add_partitions+0x686/0xa80
[  295.031297][    C1]  bdev_disk_changed+0x2d3/0x340
[  295.031302][    C1]  loop_set_status+0x75f/0x7e0
[  295.031307][    C1]  lo_ioctl+0x758/0x11f0
[  295.031311][    C1]  blkdev_ioctl+0x1d0/0x3c0
[  295.031315][    C1]  block_ioctl+0x6d/0x80
[  295.031319][    C1]  __se_sys_ioctl+0xcb/0x140
[  295.031324][    C1]  __x64_sys_ioctl+0x3f/0x50
[  295.031329][    C1]  do_syscall_64+0x4a/0x90
[  295.031333][    C1]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  295.031338][    C1] 
[  295.031342][    C1] value changed: 0x00000000000019e8 -> 0x00000000000019e9
[  295.031348][    C1] 
[  295.031351][    C1] Reported by Kernel Concurrency Sanitizer on:
01:17:34 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3b4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.031358][    C1] CPU: 1 PID: 14768 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  295.031366][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.031375][    C1] ==================================================================
[  295.031407][T14768] truncated
[  295.037011][T14763] truncated
[  295.285037][T14768] loop4: p3 start 225 is beyond EOD, truncated
[  295.291548][T14768] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  295.322553][T14810] loop5: detected capacity change from 0 to 3
[  295.339368][T14820] loop3: detected capacity change from 0 to 1
[  295.343958][T14818] loop1: detected capacity change from 0 to 1
[  295.350550][T14815] loop2: detected capacity change from 0 to 1
[  295.361227][T14810]  loop5: p2 p3 p4
[  295.365122][T14810] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  295.373255][T14810] loop5: p3 start 225 is beyond EOD, truncated
[  295.379575][T14810] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  295.390173][T14815]  loop2: p2 p3 p4
[  295.393968][T14820]  loop3: p2 p3 p4
[  295.395203][T14815] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  295.397748][T14820] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  295.406941][T14815] loop2: p3 start 225 is beyond EOD, truncated
01:17:34 executing program 4 (fault-call:7 fault-nth:22):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.418578][T14815] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  295.428870][T14820] loop3: p3 start 225 is beyond EOD, truncated
[  295.435097][T14820] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  295.442479][ T1032]  loop1: p2 p3 p4
[  295.446477][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  295.455663][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  295.462376][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:34 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x900, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.468098][T14847] loop4: detected capacity change from 0 to 1
[  295.478080][T14847] FAULT_INJECTION: forcing a failure.
[  295.478080][T14847] name failslab, interval 1, probability 0, space 0, times 0
[  295.491082][T14847] CPU: 0 PID: 14847 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  295.492218][T14850] loop5: detected capacity change from 0 to 4
[  295.500544][T14847] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.500583][T14847] Call Trace:
[  295.500590][T14847]  dump_stack+0x137/0x19d
[  295.524902][T14847]  should_fail+0x23c/0x250
[  295.529525][T14847]  __should_failslab+0x81/0x90
[  295.534833][T14847]  ? kobject_uevent_env+0x1a7/0xc40
[  295.540286][T14847]  should_failslab+0x5/0x20
[  295.544793][T14847]  kmem_cache_alloc_trace+0x49/0x310
[  295.550160][T14847]  ? dev_uevent_filter+0x70/0x70
[  295.555114][T14847]  kobject_uevent_env+0x1a7/0xc40
[  295.561983][T14847]  kobject_uevent+0x18/0x20
[  295.566497][T14847]  loop_configure+0xb3c/0xcb0
01:17:34 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xe000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  295.571178][T14847]  lo_ioctl+0x555/0x11f0
[  295.575651][T14847]  ? path_openat+0x19ab/0x20b0
[  295.580872][T14847]  ? putname+0xa5/0xc0
[  295.584933][T14847]  ? ___cache_free+0x3c/0x300
[  295.589637][T14847]  ? blkdev_common_ioctl+0x9c3/0x1040
[  295.595102][T14847]  ? selinux_file_ioctl+0x8e0/0x970
[  295.600838][T14847]  ? lo_release+0x120/0x120
[  295.605429][T14847]  blkdev_ioctl+0x1d0/0x3c0
[  295.610432][T14847]  block_ioctl+0x6d/0x80
[  295.614708][T14847]  ? blkdev_iopoll+0x70/0x70
[  295.619285][T14847]  __se_sys_ioctl+0xcb/0x140
[  295.624036][T14847]  __x64_sys_ioctl+0x3f/0x50
[  295.628828][T14847]  do_syscall_64+0x4a/0x90
[  295.634033][T14847]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  295.639998][T14847] RIP: 0033:0x466397
[  295.644093][T14847] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  295.664251][T14847] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  295.673719][T14847] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  295.682222][T14847] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  295.690199][T14847] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  295.698605][T14847] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  295.706841][T14847] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  295.720054][T14850]  loop5: p2 p3 p4
01:17:34 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3da, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:34 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x300, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.720267][T14818]  loop1: p2 p3 p4
[  295.723846][T14850] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  295.727540][T14818] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  295.741560][T14850] loop5: p3 start 225 is beyond EOD, truncated
[  295.743061][T14847]  loop4: p2 p3 p4
[  295.748318][T14850] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  295.753383][T14847] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  295.783334][T14818] loop1: p3 start 225 is beyond EOD, truncated
[  295.789756][T14818] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  295.791946][T14874] loop3: detected capacity change from 0 to 1
[  295.798754][T14847] loop4: p3 start 225 is beyond EOD, truncated
[  295.806771][T14876] loop2: detected capacity change from 0 to 1
[  295.811338][T14847] loop4: p4 size 3657465856 extends beyond EOD, truncated
01:17:34 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.830521][T14874]  loop3: p2 p3 p4
[  295.830552][T14876]  loop2: p2 p3 p4
[  295.838820][T14874] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  295.840780][T14876] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  295.856638][T14874] loop3: p3 start 225 is beyond EOD, truncated
[  295.863627][T14874] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  295.871955][T14876] loop2: p3 start 225 is beyond EOD, truncated
01:17:35 executing program 4 (fault-call:7 fault-nth:23):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:35 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xd, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:35 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3fe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.878288][T14876] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  295.889723][T14882] loop1: detected capacity change from 0 to 1
[  295.899302][T14896] loop5: detected capacity change from 0 to 5
[  295.909409][ T1032]  loop2: p2 p3 p4
[  295.914271][ T1032] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  295.922220][ T1032] loop2: p3 start 225 is beyond EOD, truncated
[  295.929035][ T1032] loop2: p4 size 3657465856 extends beyond EOD, truncated
01:17:35 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x310, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  295.953076][T14912] loop4: detected capacity change from 0 to 1
[  295.959481][T14912] FAULT_INJECTION: forcing a failure.
[  295.959481][T14912] name failslab, interval 1, probability 0, space 0, times 0
[  295.972228][T14912] CPU: 0 PID: 14912 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  295.981307][T14912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  295.990140][T14918] loop3: detected capacity change from 0 to 1
[  295.991701][T14912] Call Trace:
[  295.991710][T14912]  dump_stack+0x137/0x19d
[  296.005789][T14912]  should_fail+0x23c/0x250
[  296.010295][T14912]  __should_failslab+0x81/0x90
[  296.015057][T14912]  should_failslab+0x5/0x20
[  296.019550][T14912]  kmem_cache_alloc_node+0x58/0x2b0
[  296.024804][T14912]  ? __alloc_skb+0xed/0x420
[  296.029518][T14912]  __alloc_skb+0xed/0x420
[  296.034915][T14912]  alloc_uevent_skb+0x5b/0x120
[  296.039957][T14912]  kobject_uevent_env+0x863/0xc40
[  296.044968][T14912]  kobject_uevent+0x18/0x20
[  296.050454][T14912]  loop_configure+0xb3c/0xcb0
[  296.056936][T14912]  lo_ioctl+0x555/0x11f0
[  296.061532][T14912]  ? path_openat+0x19ab/0x20b0
[  296.066468][T14912]  ? putname+0xa5/0xc0
[  296.070663][T14912]  ? ___cache_free+0x3c/0x300
[  296.075337][T14912]  ? blkdev_common_ioctl+0x9c3/0x1040
[  296.080759][T14912]  ? selinux_file_ioctl+0x8e0/0x970
[  296.086025][T14912]  ? lo_release+0x120/0x120
[  296.091066][T14912]  blkdev_ioctl+0x1d0/0x3c0
[  296.095557][T14912]  block_ioctl+0x6d/0x80
[  296.099781][T14912]  ? blkdev_iopoll+0x70/0x70
[  296.107390][T14912]  __se_sys_ioctl+0xcb/0x140
[  296.111964][T14912]  __x64_sys_ioctl+0x3f/0x50
[  296.116540][T14912]  do_syscall_64+0x4a/0x90
[  296.121011][T14912]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  296.126888][T14912] RIP: 0033:0x466397
[  296.135746][T14912] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  296.163067][T14912] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.171563][T14912] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  296.179519][T14912] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  296.187694][T14912] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  296.197300][T14912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  296.205634][T14912] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  296.223353][T14896]  loop5: p2 p3 p4
[  296.228130][T14896] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  296.236564][T14912]  loop4: p2 p3 p4
[  296.238015][T14896] loop5: p3 start 225 is beyond EOD, truncated
[  296.241138][T14912] loop4: p2 size 1073872896 extends beyond EOD, 
[  296.246455][T14896] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  296.254207][ T1032]  loop3: p2 p3 p4
[  296.260023][T14912] truncated
[  296.260549][T14931] loop2: detected capacity change from 0 to 1
[  296.264014][ T1032] loop3: p2 size 1073872896 extends beyond EOD, 
[  296.267053][T14929] loop1: detected capacity change from 0 to 1
[  296.273096][ T1032] truncated
[  296.275044][ T1032] loop3: p3 start 225 is beyond EOD, 
[  296.279960][T14912] loop4: p3 start 225 is beyond EOD, 
[  296.285863][ T1032] truncated
[  296.288934][T14912] truncated
01:17:35 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.288939][T14912] loop4: p4 size 3657465856 extends beyond EOD, 
[  296.294329][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  296.320678][T14912] truncated
[  296.325569][T14918]  loop3: p2 p3 p4
[  296.329564][T14918] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  296.337316][T14918] loop3: p3 start 225 is beyond EOD, truncated
[  296.343645][T14918] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  296.349675][T14929]  loop1: p2 p3 p4
[  296.351145][T14931]  loop2: p2 p3 p4
[  296.354564][T14929] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  296.358297][T14931] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  296.372854][T14929] loop1: p3 start 225 is beyond EOD, truncated
[  296.374832][T14931] loop2: p3 start 225 is beyond EOD, truncated
[  296.379227][T14929] loop1: p4 size 3657465856 extends beyond EOD, 
[  296.385382][T14931] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  296.400072][T14929] truncated
01:17:35 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x368, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:35 executing program 4 (fault-call:7 fault-nth:24):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.404023][T14954] loop5: detected capacity change from 0 to 5
01:17:35 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0xf000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:35 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x402, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.479729][T14984] loop3: detected capacity change from 0 to 1
[  296.486072][T14954]  loop5: p2 p3 p4
[  296.490547][T14980] loop1: detected capacity change from 0 to 1
[  296.496723][T14954] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  296.504827][T14991] loop2: detected capacity change from 0 to 2
[  296.510090][T14954] loop5: p3 start 225 is beyond EOD, truncated
[  296.517055][T14954] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  296.517514][T14988] loop4: detected capacity change from 0 to 1
[  296.531539][T14980]  loop1: p2 p3 p4
[  296.535328][ T1032]  loop3: p2 p3 p4
[  296.539133][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  296.546409][T14980] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  296.550912][T14988] FAULT_INJECTION: forcing a failure.
[  296.550912][T14988] name failslab, interval 1, probability 0, space 0, times 0
[  296.567201][T14988] CPU: 0 PID: 14988 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  296.575993][T14988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  296.586044][T14988] Call Trace:
[  296.589357][T14988]  dump_stack+0x137/0x19d
[  296.593867][T14988]  should_fail+0x23c/0x250
[  296.598266][T14988]  __should_failslab+0x81/0x90
[  296.603058][T14988]  should_failslab+0x5/0x20
[  296.607567][T14988]  kmem_cache_alloc_node_trace+0x58/0x2e0
[  296.613516][T14988]  ? __kmalloc_node_track_caller+0x30/0x40
[  296.619320][T14988]  ? kmem_cache_alloc_node+0x1da/0x2b0
[  296.624865][T14988]  __kmalloc_node_track_caller+0x30/0x40
[  296.630545][T14988]  ? alloc_uevent_skb+0x5b/0x120
[  296.635559][T14988]  __alloc_skb+0x187/0x420
[  296.640032][T14988]  alloc_uevent_skb+0x5b/0x120
[  296.644903][T14988]  kobject_uevent_env+0x863/0xc40
[  296.650031][T14988]  kobject_uevent+0x18/0x20
[  296.654694][T14988]  loop_configure+0xb3c/0xcb0
[  296.659730][T14988]  lo_ioctl+0x555/0x11f0
[  296.663964][T14988]  ? path_openat+0x19ab/0x20b0
[  296.668729][T14988]  ? putname+0xa5/0xc0
[  296.673427][T14988]  ? ___cache_free+0x3c/0x300
[  296.678204][T14988]  ? blkdev_common_ioctl+0x9c3/0x1040
[  296.683572][T14988]  ? selinux_file_ioctl+0x8e0/0x970
[  296.690258][T14988]  ? lo_release+0x120/0x120
[  296.694971][T14988]  blkdev_ioctl+0x1d0/0x3c0
[  296.699466][T14988]  block_ioctl+0x6d/0x80
[  296.703697][T14988]  ? blkdev_iopoll+0x70/0x70
[  296.708304][T14988]  __se_sys_ioctl+0xcb/0x140
[  296.712905][T14988]  __x64_sys_ioctl+0x3f/0x50
[  296.717593][T14988]  do_syscall_64+0x4a/0x90
[  296.722064][T14988]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  296.727943][T14988] RIP: 0033:0x466397
[  296.731821][T14988] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  296.751677][T14988] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  296.761651][T14988] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  296.769607][T14988] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  296.778516][T14988] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  296.786559][T14988] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  296.794601][T14988] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  296.803118][T14991]  loop2: p2 p3 p4
[  296.807655][T14991] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  296.807932][T14980] loop1: p3 start 225 is beyond EOD, truncated
[  296.817387][ T1032] loop3: p3 start 225 is beyond EOD, 
01:17:35 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xbaf, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.822856][T14980] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  296.823570][T14991] loop2: p3 start 225 is beyond EOD, 
[  296.828409][ T1032] truncated
[  296.828416][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  296.852316][T14991] truncated
[  296.855475][T14991] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  296.859724][T14988]  loop4: p2 p3 p4
[  296.866747][T14984]  loop3: p2 p3 p4
[  296.866782][T14988] loop4: p2 size 1073872896 extends beyond EOD, truncated
01:17:36 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.871123][T14984] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  296.886855][T14988] loop4: p3 start 225 is beyond EOD, truncated
[  296.888178][T15017] loop5: detected capacity change from 0 to 5
[  296.893109][T14988] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  296.899701][T14984] loop3: p3 start 225 is beyond EOD, truncated
[  296.912689][T14984] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x406, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:36 executing program 4 (fault-call:7 fault-nth:25):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.939779][T15017]  loop5: p2 p3 p4
[  296.943689][T15017] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  296.966184][T15017] loop5: p3 start 225 is beyond EOD, truncated
[  296.972567][T15017] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:36 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x3fe, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  296.990009][T15044] loop2: detected capacity change from 0 to 2
[  296.996857][T15045] loop1: detected capacity change from 0 to 1
[  297.032891][T15056] loop4: detected capacity change from 0 to 1
[  297.040237][T15056] FAULT_INJECTION: forcing a failure.
[  297.040237][T15056] name failslab, interval 1, probability 0, space 0, times 0
[  297.040317][T15045]  loop1: p2 p3 p4
[  297.053603][T15056] CPU: 1 PID: 15056 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  297.066625][T15056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.076888][T15056] Call Trace:
[  297.080335][T15056]  dump_stack+0x137/0x19d
[  297.084884][T15056]  should_fail+0x23c/0x250
[  297.090843][T15056]  __should_failslab+0x81/0x90
[  297.097184][T15056]  should_failslab+0x5/0x20
[  297.101681][T15056]  kmem_cache_alloc_node_trace+0x58/0x2e0
[  297.107481][T15056]  ? __kmalloc_node_track_caller+0x30/0x40
[  297.115389][T15056]  ? kmem_cache_alloc_node+0x1da/0x2b0
[  297.120959][T15056]  __kmalloc_node_track_caller+0x30/0x40
[  297.126652][T15056]  ? alloc_uevent_skb+0x5b/0x120
[  297.131591][T15056]  __alloc_skb+0x187/0x420
[  297.135995][T15056]  alloc_uevent_skb+0x5b/0x120
[  297.140740][T15056]  kobject_uevent_env+0x863/0xc40
[  297.145772][T15056]  kobject_uevent+0x18/0x20
[  297.153237][T15056]  loop_configure+0xb3c/0xcb0
[  297.159982][T15056]  lo_ioctl+0x555/0x11f0
[  297.165753][T15056]  ? path_openat+0x19ab/0x20b0
[  297.171755][T15056]  ? putname+0xa5/0xc0
[  297.176020][T15056]  ? ___cache_free+0x3c/0x300
[  297.180726][T15056]  ? blkdev_common_ioctl+0x9c3/0x1040
[  297.186121][T15056]  ? selinux_file_ioctl+0x8e0/0x970
[  297.191387][T15056]  ? lo_release+0x120/0x120
[  297.195991][T15056]  blkdev_ioctl+0x1d0/0x3c0
[  297.200495][T15056]  block_ioctl+0x6d/0x80
[  297.204763][T15056]  ? blkdev_iopoll+0x70/0x70
[  297.209354][T15056]  __se_sys_ioctl+0xcb/0x140
[  297.214157][T15056]  __x64_sys_ioctl+0x3f/0x50
[  297.218732][T15056]  do_syscall_64+0x4a/0x90
[  297.223279][T15056]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  297.229592][T15056] RIP: 0033:0x466397
[  297.233645][T15056] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  297.253281][T15056] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  297.261682][T15056] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  297.269638][T15056] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
01:17:36 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x10000120, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  297.277627][T15056] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  297.285637][T15056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
[  297.293621][T15056] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  297.309530][T15045] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  297.321142][T15045] loop1: p3 start 225 is beyond EOD, truncated
[  297.327328][T15045] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:36 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xbb0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.343173][T15044]  loop2: p2 p3 p4
[  297.346998][T15056]  loop4: p2 p3 p4
[  297.351256][T15044] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  297.358394][T15056] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  297.366051][T15044] loop2: p3 start 225 is beyond EOD, truncated
[  297.366708][T15056] loop4: p3 start 225 is beyond EOD, 
[  297.372237][T15044] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  297.385373][T15056] truncated
01:17:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x480, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.388467][T15056] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  297.396745][T15074] loop5: detected capacity change from 0 to 5
[  297.404360][T15073] loop3: detected capacity change from 0 to 1
01:17:36 executing program 4 (fault-call:7 fault-nth:26):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.439806][ T1032]  loop3: p2 p3 p4
[  297.443598][T15074]  loop5: p2 p3 p4
[  297.447361][T15086] loop1: detected capacity change from 0 to 1
[  297.451762][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  297.454927][T15074] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  297.461142][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  297.474461][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  297.478318][T15104] loop4: detected capacity change from 0 to 1
[  297.481837][T15097] loop2: detected capacity change from 0 to 2
[  297.488493][T15074] loop5: p3 start 225 is beyond EOD, truncated
[  297.494655][T15104] FAULT_INJECTION: forcing a failure.
[  297.494655][T15104] name failslab, interval 1, probability 0, space 0, times 0
[  297.501060][T15074] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  297.521405][T15104] CPU: 0 PID: 15104 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  297.530156][T15104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.540201][T15104] Call Trace:
[  297.543471][T15104]  dump_stack+0x137/0x19d
[  297.547796][T15104]  should_fail+0x23c/0x250
[  297.552271][T15104]  __should_failslab+0x81/0x90
[  297.557108][T15104]  ? call_usermodehelper_setup+0x81/0x160
[  297.563150][T15104]  should_failslab+0x5/0x20
[  297.567637][T15104]  kmem_cache_alloc_trace+0x49/0x310
[  297.573025][T15104]  ? add_uevent_var+0x16e/0x1c0
[  297.577898][T15104]  ? __kfree_skb+0xfe/0x150
[  297.582388][T15104]  call_usermodehelper_setup+0x81/0x160
[  297.587925][T15104]  ? add_uevent_var+0x1c0/0x1c0
[  297.592774][T15104]  kobject_uevent_env+0xb29/0xc40
[  297.597812][T15104]  kobject_uevent+0x18/0x20
[  297.602954][T15104]  loop_configure+0xb3c/0xcb0
[  297.607613][T15104]  lo_ioctl+0x555/0x11f0
[  297.611849][T15104]  ? path_openat+0x19ab/0x20b0
[  297.616632][T15104]  ? putname+0xa5/0xc0
[  297.620733][T15104]  ? ___cache_free+0x3c/0x300
[  297.625393][T15104]  ? blkdev_common_ioctl+0x9c3/0x1040
[  297.630747][T15104]  ? selinux_file_ioctl+0x8e0/0x970
[  297.636015][T15104]  ? lo_release+0x120/0x120
[  297.640499][T15104]  blkdev_ioctl+0x1d0/0x3c0
[  297.644987][T15104]  block_ioctl+0x6d/0x80
[  297.649251][T15104]  ? blkdev_iopoll+0x70/0x70
[  297.653824][T15104]  __se_sys_ioctl+0xcb/0x140
[  297.658397][T15104]  __x64_sys_ioctl+0x3f/0x50
[  297.663083][T15104]  do_syscall_64+0x4a/0x90
[  297.667485][T15104]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  297.673362][T15104] RIP: 0033:0x466397
[  297.677236][T15104] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  297.696828][T15104] RSP: 002b:00007f7f30570e98 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  297.705242][T15104] RAX: ffffffffffffffda RBX: 00000000004afcc0 RCX: 0000000000466397
[  297.713215][T15104] RDX: 0000000000000005 RSI: 0000000000004c00 RDI: 0000000000000006
[  297.721167][T15104] RBP: 0000000000000006 R08: 0000000000000000 R09: 0000000000000000
[  297.729166][T15104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000005
01:17:36 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0xf, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.737136][T15104] R13: 0000000000000005 R14: 0000000020000018 R15: 0000000000000001
[  297.759821][T15073]  loop3: p2 p3 p4
[  297.764176][T15073] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  297.772378][T15073] loop3: p3 start 225 is beyond EOD, truncated
[  297.778605][T15073] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  297.786089][T15104]  loop4: p2 p3 p4
[  297.787393][T15097]  loop2: p2 p3 p4
[  297.790275][T15104] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  297.794084][T15097] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  297.801946][T15104] loop4: p3 start 225 is beyond EOD, truncated
[  297.814074][T15104] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  297.822214][T15097] loop2: p3 start 225 is beyond EOD, truncated
[  297.827082][T15124] loop1: detected capacity change from 0 to 1
01:17:36 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x402, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:36 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xbb1, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.828400][T15097] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  297.859920][T15124]  loop1: p2 p3 p4
[  297.864659][T15124] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:36 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4f5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:36 executing program 4 (fault-call:7 fault-nth:27):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  297.890037][T15124] loop1: p3 start 225 is beyond EOD, truncated
[  297.897536][T15124] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  297.906325][T15143] loop3: detected capacity change from 0 to 2
[  297.913774][T15142] loop5: detected capacity change from 0 to 5
[  297.916456][T15149] loop4: detected capacity change from 0 to 1
[  297.926971][T15149] FAULT_INJECTION: forcing a failure.
[  297.926971][T15149] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  297.928255][T15150] loop2: detected capacity change from 0 to 2
[  297.940343][T15149] CPU: 1 PID: 15149 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  297.947907][T15153]  loop1: p2 p3 p4
[  297.957168][T15149] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  297.957184][T15149] Call Trace:
[  297.957191][T15149]  dump_stack+0x137/0x19d
[  297.962187][T15153] loop1: p2 size 1073872896 extends beyond EOD, 
[  297.971058][T15149]  should_fail+0x23c/0x250
[  297.974833][T15153] truncated
[  297.980376][T15149]  should_fail_usercopy+0x16/0x20
[  297.980397][T15149]  _copy_to_user+0x1c/0x90
[  297.989185][T15153] loop1: p3 start 225 is beyond EOD, 
[  297.991416][T15149]  lo_ioctl+0x8ce/0x11f0
[  297.991446][T15149]  ? __mod_node_page_state+0x18/0x80
[  297.996538][T15153] truncated
[  297.996543][T15153] loop1: p4 size 3657465856 extends beyond EOD, 
[  298.001536][T15149]  ? __mod_lruvec_page_state+0xff/0x130
[  298.001561][T15149]  ? rcu_segcblist_enqueue+0x8e/0xa0
[  298.001579][T15149]  ? blkdev_common_ioctl+0x9c3/0x1040
[  298.005968][T15153] truncated
[  298.050427][T15149]  ? selinux_file_ioctl+0x8e0/0x970
[  298.055625][T15149]  ? lo_release+0x120/0x120
[  298.060473][T15149]  blkdev_ioctl+0x1d0/0x3c0
[  298.065010][T15149]  block_ioctl+0x6d/0x80
[  298.069485][T15149]  ? blkdev_iopoll+0x70/0x70
[  298.074058][T15149]  __se_sys_ioctl+0xcb/0x140
[  298.079660][T15149]  __x64_sys_ioctl+0x3f/0x50
[  298.084230][T15149]  do_syscall_64+0x4a/0x90
[  298.088625][T15149]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  298.095354][T15149] RIP: 0033:0x466397
[  298.099297][T15149] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  298.120129][T15149] RSP: 002b:00007f7f30570ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  298.128530][T15149] RAX: ffffffffffffffda RBX: 00007f7f30570f40 RCX: 0000000000466397
01:17:37 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x12bdbbbc, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  298.137100][T15149] RDX: 00007f7f30571050 RSI: 0000000000004c05 RDI: 0000000000000006
[  298.146527][T15149] RBP: 00007f7f305711d0 R08: 0000000000000000 R09: 0000000000000000
[  298.155286][T15149] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f30571050
[  298.163266][T15149] R13: 00007ffe4b9f801f R14: 00007f7f30571300 R15: 0000000000022000
[  298.179541][T15143]  loop3: p2 p3 p4
[  298.184158][T15143] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:37 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x10, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.192742][T15142]  loop5: p2 p3 p4
[  298.193524][T15150]  loop2: p2 p3 p4
[  298.196669][T15142] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  298.206491][T15143] loop3: p3 start 225 is beyond EOD, truncated
[  298.219979][T15143] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  298.224413][T15176] loop1: detected capacity change from 0 to 1
[  298.228918][T15150] loop2: p2 size 1073872896 extends beyond EOD, truncated
01:17:37 executing program 4 (fault-call:7 fault-nth:28):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.239865][T15142] loop5: p3 start 225 is beyond EOD, truncated
[  298.248242][T15142] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  298.256497][ T1032]  loop3: p2 p3 p4
[  298.260544][T15176]  loop1: p2 p3 p4
[  298.264305][T15176] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  298.271760][T15176] loop1: p3 start 225 is beyond EOD, truncated
[  298.272444][ T1032] loop3: p2 size 1073872896 extends beyond EOD, 
[  298.278274][T15176] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:37 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x406, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.285432][T15150] loop2: p3 start 225 is beyond EOD, 
[  298.291970][ T1032] truncated
[  298.300457][T15150] truncated
[  298.303546][ T1032] loop3: p3 start 225 is beyond EOD, 
[  298.303550][T15150] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  298.308936][ T1032] truncated
[  298.319144][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  298.324285][T15189] loop4: detected capacity change from 0 to 1
[  298.333213][T15189] FAULT_INJECTION: forcing a failure.
[  298.333213][T15189] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  298.340343][T15198] loop1: detected capacity change from 0 to 1
[  298.346261][T15189] CPU: 1 PID: 15189 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  298.361119][T15189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.371244][T15189] Call Trace:
[  298.374518][T15189]  dump_stack+0x137/0x19d
[  298.378849][T15189]  should_fail+0x23c/0x250
[  298.383256][T15189]  should_fail_usercopy+0x16/0x20
[  298.388256][T15189]  _copy_to_user+0x1c/0x90
[  298.392686][T15189]  lo_ioctl+0x8ce/0x11f0
[  298.396907][T15189]  ? ctx_sched_in+0x1db/0x200
[  298.401570][T15189]  ? __perf_event_task_sched_in+0x471/0x4c0
[  298.407485][T15189]  ? blkdev_common_ioctl+0x9c3/0x1040
[  298.412945][T15189]  ? selinux_file_ioctl+0x8e0/0x970
[  298.418147][T15189]  ? lo_release+0x120/0x120
[  298.422630][T15189]  blkdev_ioctl+0x1d0/0x3c0
[  298.427218][T15189]  block_ioctl+0x6d/0x80
[  298.431445][T15189]  ? blkdev_iopoll+0x70/0x70
[  298.436026][T15189]  __se_sys_ioctl+0xcb/0x140
[  298.440758][T15189]  __x64_sys_ioctl+0x3f/0x50
[  298.445967][T15189]  do_syscall_64+0x4a/0x90
[  298.450379][T15189]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  298.456315][T15189] RIP: 0033:0x466397
[  298.460337][T15189] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  298.480014][T15189] RSP: 002b:00007f7f30570ef8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
01:17:37 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x500, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.488411][T15189] RAX: ffffffffffffffda RBX: 00007f7f30570f40 RCX: 0000000000466397
[  298.496454][T15189] RDX: 00007f7f30571050 RSI: 0000000000004c05 RDI: 0000000000000006
[  298.504481][T15189] RBP: 00007f7f305711d0 R08: 0000000000000000 R09: 0000000000000000
[  298.512430][T15189] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f7f30571050
[  298.520380][T15189] R13: 00007ffe4b9f801f R14: 00007f7f30571300 R15: 0000000000022000
01:17:37 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xbb2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:37 executing program 4 (fault-call:7 fault-nth:29):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.549434][T15198]  loop1: p2 p3 p4
[  298.554275][T15198] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  298.565814][T15203] loop3: detected capacity change from 0 to 2
[  298.566972][T15215] loop2: detected capacity change from 0 to 2
[  298.572688][T15198] loop1: p3 start 225 is beyond EOD, truncated
[  298.584188][T15198] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  298.592395][T15225] loop5: detected capacity change from 0 to 5
[  298.606540][T15230] loop4: detected capacity change from 0 to 1
[  298.619370][T15203]  loop3: p2 p3 p4
[  298.622733][T15215]  loop2: p2 p3 p4
[  298.623252][T15203] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  298.627054][T15215] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  298.640168][T15203] loop3: p3 start 225 is beyond EOD, truncated
[  298.647292][T15203] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  298.649526][T15225]  loop5: p2 p3 p4
[  298.659029][T15230] FAULT_INJECTION: forcing a failure.
[  298.659029][T15230] name failslab, interval 1, probability 0, space 0, times 0
[  298.660096][T15215] loop2: p3 start 225 is beyond EOD, truncated
[  298.671646][T15230] CPU: 0 PID: 15230 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  298.677793][T15215] loop2: p4 size 3657465856 extends beyond EOD, 
[  298.686523][T15230] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  298.686534][T15230] Call Trace:
01:17:37 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x11, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.686541][T15230]  dump_stack+0x137/0x19d
[  298.686565][T15230]  should_fail+0x23c/0x250
[  298.692887][T15215] truncated
[  298.702907][T15230]  __should_failslab+0x81/0x90
[  298.711179][T15225] loop5: p2 size 1073872896 extends beyond EOD, 
[  298.714867][T15230]  ? blk_add_partitions+0xaa/0xa80
[  298.714896][T15230]  should_failslab+0x5/0x20
[  298.718098][T15225] truncated
[  298.719880][T15225] loop5: p3 start 225 is beyond EOD, 
[  298.722843][T15230]  kmem_cache_alloc_trace+0x49/0x310
[  298.729187][T15225] truncated
[  298.734961][T15230]  blk_add_partitions+0xaa/0xa80
[  298.739458][T15225] loop5: p4 size 3657465856 extends beyond EOD, 
[  298.742543][T15230]  bdev_disk_changed+0x2d3/0x340
[  298.747885][T15225] truncated
[  298.775716][T15230]  loop_set_status+0x75f/0x7e0
[  298.780460][T15230]  lo_ioctl+0x758/0x11f0
[  298.784715][T15230]  ? path_openat+0x19ab/0x20b0
[  298.789457][T15230]  ? putname+0xa5/0xc0
[  298.793570][T15230]  ? ___cache_free+0x3c/0x300
[  298.798228][T15230]  ? blkdev_common_ioctl+0x9c3/0x1040
[  298.803678][T15230]  ? selinux_file_ioctl+0x8e0/0x970
[  298.808871][T15230]  ? lo_release+0x120/0x120
[  298.813363][T15230]  blkdev_ioctl+0x1d0/0x3c0
[  298.817856][T15230]  block_ioctl+0x6d/0x80
[  298.822091][T15230]  ? blkdev_iopoll+0x70/0x70
[  298.826665][T15230]  __se_sys_ioctl+0xcb/0x140
[  298.831291][T15230]  __x64_sys_ioctl+0x3f/0x50
[  298.835968][T15230]  do_syscall_64+0x4a/0x90
[  298.840363][T15230]  ? irqentry_exit_to_user_mode+0x5/0x20
[  298.845981][T15230]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  298.851899][T15230] RIP: 0033:0x466397
[  298.855778][T15230] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  298.875809][T15230] RSP: 002b:00007f7f30570ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  298.884261][T15230] RAX: ffffffffffffffda RBX: 00007f7f30570f40 RCX: 0000000000466397
[  298.892301][T15230] RDX: 00007f7f30571050 RSI: 0000000000004c04 RDI: 0000000000000006
[  298.900266][T15230] RBP: 00007f7f305711d0 R08: 0000000000000000 R09: 0000000000000000
01:17:38 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x600, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:38 executing program 4 (fault-call:7 fault-nth:30):
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  298.908229][T15230] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f7f30571050
[  298.916180][T15230] R13: 00007ffe4b9f801f R14: 00007f7f30571300 R15: 0000000000022000
[  298.924491][ T1032]  loop1: p2 p3 p4
[  298.928271][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  298.936014][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  298.942400][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:38 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:38 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x480, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:38 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x18020000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  299.021511][T15265] loop1: detected capacity change from 0 to 1
[  299.030436][T15269] loop4: detected capacity change from 0 to 1
[  299.040923][T15273] loop5: detected capacity change from 0 to 6
[  299.047446][T15270] loop2: detected capacity change from 0 to 3
[  299.059047][T15269] FAULT_INJECTION: forcing a failure.
[  299.059047][T15269] name failslab, interval 1, probability 0, space 0, times 0
[  299.072122][T15269] CPU: 0 PID: 15269 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  299.072274][T15273]  loop5: p2 p3 p4
[  299.080888][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.080902][T15269] Call Trace:
[  299.080909][T15269]  dump_stack+0x137/0x19d
[  299.080942][T15269]  should_fail+0x23c/0x250
[  299.084876][T15273] loop5: p2 size 1073872896 extends beyond EOD, 
[  299.094948][T15269]  __should_failslab+0x81/0x90
[  299.098252][T15273] truncated
[  299.098834][T15273] loop5: p3 start 225 is beyond EOD, 
[  299.102556][T15269]  should_failslab+0x5/0x20
[  299.102576][T15269]  kmem_cache_alloc_node_trace+0x58/0x2e0
[  299.102599][T15269]  ? __get_vm_area_node+0x11b/0x260
[  299.106987][T15273] truncated
[  299.106992][T15273] loop5: p4 size 3657465856 extends beyond EOD, 
[  299.113285][T15269]  __get_vm_area_node+0x11b/0x260
[  299.113309][T15269]  __vmalloc_node_range+0xc2/0x5b0
[  299.113330][T15269]  ? blk_add_partitions+0x136/0xa80
[  299.113371][T15269]  ? blk_add_partitions+0x136/0xa80
[  299.118218][T15273] truncated
[  299.127879][ T1032]  loop1: p2 p3 p4
[  299.131171][T15269]  vzalloc+0x5a/0x70
[  299.137174][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  299.142194][T15269]  ? blk_add_partitions+0x136/0xa80
[  299.142219][T15269]  blk_add_partitions+0x136/0xa80
[  299.145312][ T1032] truncated
[  299.147077][ T1032] loop1: p3 start 225 is beyond EOD, 
[  299.151739][T15269]  bdev_disk_changed+0x2d3/0x340
[  299.151763][T15269]  loop_set_status+0x75f/0x7e0
[  299.151783][T15269]  lo_ioctl+0x758/0x11f0
[  299.156809][ T1032] truncated
[  299.156813][ T1032] loop1: p4 size 3657465856 extends beyond EOD, 
[  299.161892][T15269]  ? ctx_sched_in+0x1db/0x200
[  299.167070][ T1032] truncated
[  299.170541][T15265]  loop1: p2 p3 p4
[  299.172257][T15269]  ? __perf_event_task_sched_in+0x471/0x4c0
[  299.175494][T15265] loop1: p2 size 1073872896 extends beyond EOD, 
[  299.179078][T15269]  ? blkdev_common_ioctl+0x9c3/0x1040
[  299.179132][T15269]  ? selinux_file_ioctl+0x8e0/0x970
[  299.182981][T15265] truncated
[  299.189996][T15269]  ? lo_release+0x120/0x120
[  299.190018][T15269]  blkdev_ioctl+0x1d0/0x3c0
[  299.198268][T15265] loop1: p3 start 225 is beyond EOD, 
[  299.203375][T15269]  block_ioctl+0x6d/0x80
[  299.203403][T15269]  ? blkdev_iopoll+0x70/0x70
[  299.203422][T15269]  __se_sys_ioctl+0xcb/0x140
[  299.207129][T15265] truncated
[  299.207135][T15265] loop1: p4 size 3657465856 extends beyond EOD, 
[  299.212497][T15269]  __x64_sys_ioctl+0x3f/0x50
[  299.217449][T15265] truncated
[  299.232207][T15274] loop3: detected capacity change from 0 to 2
[  299.235999][T15269]  do_syscall_64+0x4a/0x90
[  299.328643][T15269]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  299.334531][T15269] RIP: 0033:0x466397
[  299.338528][T15269] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  299.361848][T15269] RSP: 002b:00007f7f30570ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  299.370298][T15269] RAX: ffffffffffffffda RBX: 00007f7f30570f40 RCX: 0000000000466397
[  299.378296][T15269] RDX: 00007f7f30571050 RSI: 0000000000004c04 RDI: 0000000000000006
[  299.386267][T15269] RBP: 00007f7f305711d0 R08: 0000000000000000 R09: 0000000000000000
[  299.394230][T15269] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f7f30571050
[  299.402221][T15269] R13: 00007ffe4b9f801f R14: 00007f7f30571300 R15: 0000000000022000
[  299.410233][T15269] syz-executor.4: vmalloc size 32768 allocation failure: vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0
[  299.426387][T15269] CPU: 0 PID: 15269 Comm: syz-executor.4 Not tainted 5.13.0-rc3-syzkaller #0
[  299.435216][T15269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
[  299.445253][T15269] Call Trace:
[  299.448514][T15269]  dump_stack+0x137/0x19d
[  299.452824][T15269]  warn_alloc+0x105/0x160
[  299.457128][T15269]  __vmalloc_node_range+0x222/0x5b0
[  299.462321][T15269]  ? blk_add_partitions+0x136/0xa80
[  299.467561][T15269]  vzalloc+0x5a/0x70
[  299.471440][T15269]  ? blk_add_partitions+0x136/0xa80
[  299.476616][T15269]  blk_add_partitions+0x136/0xa80
[  299.481741][T15269]  bdev_disk_changed+0x2d3/0x340
[  299.486684][T15269]  loop_set_status+0x75f/0x7e0
[  299.491444][T15269]  lo_ioctl+0x758/0x11f0
[  299.495741][T15269]  ? ctx_sched_in+0x1db/0x200
[  299.500414][T15269]  ? __perf_event_task_sched_in+0x471/0x4c0
[  299.506412][T15269]  ? blkdev_common_ioctl+0x9c3/0x1040
[  299.511766][T15269]  ? selinux_file_ioctl+0x8e0/0x970
[  299.516944][T15269]  ? lo_release+0x120/0x120
[  299.521505][T15269]  blkdev_ioctl+0x1d0/0x3c0
[  299.526133][T15269]  block_ioctl+0x6d/0x80
[  299.530371][T15269]  ? blkdev_iopoll+0x70/0x70
[  299.534936][T15269]  __se_sys_ioctl+0xcb/0x140
[  299.539509][T15269]  __x64_sys_ioctl+0x3f/0x50
[  299.544077][T15269]  do_syscall_64+0x4a/0x90
[  299.548546][T15269]  entry_SYSCALL_64_after_hwframe+0x44/0xae
[  299.554451][T15269] RIP: 0033:0x466397
[  299.558500][T15269] Code: 3c 1c 48 f7 d8 49 39 c4 72 b8 e8 a4 48 02 00 85 c0 78 bd 48 83 c4 08 4c 89 e0 5b 41 5c c3 0f 1f 44 00 00 b8 10 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 bc ff ff ff f7 d8 64 89 01 48
[  299.579247][T15269] RSP: 002b:00007f7f30570ef8 EFLAGS: 00000202 ORIG_RAX: 0000000000000010
[  299.587670][T15269] RAX: ffffffffffffffda RBX: 00007f7f30570f40 RCX: 0000000000466397
[  299.595772][T15269] RDX: 00007f7f30571050 RSI: 0000000000004c04 RDI: 0000000000000006
[  299.603731][T15269] RBP: 00007f7f305711d0 R08: 0000000000000000 R09: 0000000000000000
[  299.611685][T15269] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f7f30571050
[  299.619808][T15269] R13: 00007ffe4b9f801f R14: 00007f7f30571300 R15: 0000000000022000
[  299.627860][T15269] Mem-Info:
[  299.630984][T15269] active_anon:72 inactive_anon:59597 isolated_anon:0
[  299.630984][T15269]  active_file:5265 inactive_file:55364 isolated_file:0
[  299.630984][T15269]  unevictable:0 dirty:153 writeback:0
[  299.630984][T15269]  slab_reclaimable:3765 slab_unreclaimable:5977
[  299.630984][T15269]  mapped:60967 shmem:2615 pagetables:1515 bounce:0
[  299.630984][T15269]  free:1835928 free_pcp:777 free_cma:0
[  299.667775][T15269] Node 0 active_anon:288kB inactive_anon:238388kB active_file:21060kB inactive_file:221456kB unevictable:0kB isolated(anon):0kB isolated(file):0kB mapped:243868kB dirty:612kB writeback:0kB shmem:10460kB writeback_tmp:0kB kernel_stack:2112kB pagetables:6060kB all_unreclaimable? no
[  299.694296][T15269] Node 0 DMA free:15908kB min:20kB low:32kB high:44kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15908kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  299.720403][T15269] lowmem_reserve[]: 0 2938 7916 7916
[  299.725778][T15269] Node 0 DMA32 free:3012112kB min:4220kB low:7228kB high:10236kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3129332kB managed:3013528kB mlocked:0kB bounce:0kB free_pcp:1416kB local_pcp:1416kB free_cma:0kB
[  299.753696][T15269] lowmem_reserve[]: 0 0 4978 4978
[  299.758756][T15269] Node 0 Normal free:4315692kB min:7152kB low:12248kB high:17344kB reserved_highatomic:0KB active_anon:288kB inactive_anon:238388kB active_file:21060kB inactive_file:221456kB unevictable:0kB writepending:612kB present:5242880kB managed:5098252kB mlocked:0kB bounce:0kB free_pcp:1680kB local_pcp:992kB free_cma:0kB
[  299.788546][T15269] lowmem_reserve[]: 0 0 0 0
[  299.793076][T15269] Node 0 DMA: 1*4kB (U) 0*8kB 0*16kB 1*32kB (U) 2*64kB (U) 1*128kB (U) 1*256kB (U) 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15908kB
[  299.807499][T15269] Node 0 DMA32: 4*4kB (M) 2*8kB (M) 5*16kB (M) 5*32kB (M) 4*64kB (M) 6*128kB (M) 5*256kB (M) 6*512kB (M) 2*1024kB (M) 1*2048kB (M) 733*4096kB (M) = 3012112kB
[  299.823652][T15269] Node 0 Normal: 47*4kB (UM) 22*8kB (UME) 16*16kB (UME) 6*32kB (UME) 2*64kB (UM) 5*128kB (UME) 20*256kB (UME) 18*512kB (UME) 5*1024kB (U) 3*2048kB (UM) 1047*4096kB (UM) = 4315692kB
[  299.841686][T15269] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB
[  299.851159][T15269] 17234 total pagecache pages
[  299.855825][T15269] 0 pages in swap cache
[  299.860058][T15269] Swap cache stats: add 0, delete 0, find 0/0
[  299.866118][T15269] Free swap  = 0kB
[  299.869865][T15269] Total swap = 0kB
01:17:38 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x20010010, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

[  299.873636][T15269] 2097051 pages RAM
[  299.877419][T15269] 0 pages HighMem/MovableOnly
[  299.882234][T15269] 65129 pages reserved
[  299.908948][T15270]  loop2: p2 p3 p4
[  299.909880][T15274]  loop3: p2 p3 p4
[  299.912804][T15270] loop2: p2 size 1073872896 extends beyond EOD, truncated
01:17:39 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x12, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x0, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  299.934083][T15270] loop2: p3 start 225 is beyond EOD, truncated
[  299.934255][T15274] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  299.940300][T15270] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  299.960136][T15274] loop3: p3 start 225 is beyond EOD, truncated
[  299.966409][T15274] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:39 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x604, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.000241][ T1032]  loop3: p2 p3 p4
[  300.002637][T15322] loop5: detected capacity change from 0 to 6
[  300.004070][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  300.016673][T15324] loop1: detected capacity change from 0 to 1
[  300.017636][T15327] loop4: detected capacity change from 0 to 1
[  300.024559][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  300.035720][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  300.043807][T15322]  loop5: p2 p3 p4
01:17:39 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x4f5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.043908][T15324]  loop1: p2 p3 p4
[  300.047831][T15322] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  300.051641][T15324] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.066003][T15324] loop1: p3 start 225 is beyond EOD, truncated
[  300.072297][T15324] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.078853][T15327]  loop4: p2 p3 p4
[  300.080239][T15322] loop5: p3 start 225 is beyond EOD, truncated
[  300.083191][T15327] loop4: p2 size 1073872896 extends beyond EOD, 
01:17:39 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.089321][T15322] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  300.102774][T15327] truncated
[  300.106058][T15350] loop2: detected capacity change from 0 to 3
[  300.109100][T15327] loop4: p3 start 225 is beyond EOD, truncated
[  300.118279][T15327] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  300.139030][T15350]  loop2: p2 p3 p4
[  300.142983][T15350] loop2: p2 size 1073872896 extends beyond EOD, truncated
01:17:39 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x2, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.150979][T15350] loop2: p3 start 225 is beyond EOD, truncated
[  300.157150][T15350] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  300.157356][T15361] loop1: detected capacity change from 0 to 1
01:17:39 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x700, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.232022][ T1032]  loop1: p2 p3 p4
[  300.235892][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.243919][T15369] loop3: detected capacity change from 0 to 2
[  300.246214][T15382] loop4: detected capacity change from 0 to 1
[  300.250845][T15377] loop5: detected capacity change from 0 to 7
[  300.267291][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  300.273490][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.281523][T15369]  loop3: p2 p3 p4
[  300.281630][T15390] loop2: detected capacity change from 0 to 3
[  300.285565][T15369] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  300.299033][T15382]  loop4: p2 p3 p4
[  300.302878][T15382] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  300.303488][T15369] loop3: p3 start 225 is beyond EOD, truncated
[  300.310863][T15361]  loop1: p2 p3 p4
[  300.316169][T15369] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  300.321932][T15382] loop4: p3 start 225 is beyond EOD, truncated
[  300.327511][T15361] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.333200][T15382] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  300.344478][T15361] loop1: p3 start 225 is beyond EOD, truncated
[  300.353694][T15361] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.368937][T15390]  loop2: p2 p3 p4
[  300.368930][T15377]  loop5: p2 p3 p4
01:17:39 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x500, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x3, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.372842][T15390] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  300.376475][T15377] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  300.385555][T15390] loop2: p3 start 225 is beyond EOD, truncated
[  300.390956][T15377] loop5: p3 start 225 is beyond EOD, truncated
[  300.396804][T15390] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  300.403106][T15377] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:39 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x13, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.446798][T15422] loop3: detected capacity change from 0 to 2
[  300.449402][ T1032]  loop1: p2 p3 p4
[  300.456812][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.462139][T15423] loop4: detected capacity change from 0 to 1
[  300.467970][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  300.476286][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.508791][T15422]  loop3: p2 p3 p4
[  300.512626][T15422] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  300.518843][T15423]  loop4: p2 p3 p4
[  300.520929][T15422] loop3: p3 start 225 is beyond EOD, truncated
[  300.524619][T15423] loop4: p2 size 1073872896 extends beyond EOD, 
[  300.530477][T15422] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  300.543941][T15423] truncated
[  300.544334][T15440] loop1: detected capacity change from 0 to 1
[  300.547851][T15423] loop4: p3 start 225 is beyond EOD, truncated
[  300.559974][T15423] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  300.598810][ T1032]  loop1: p2 p3 p4
[  300.602984][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.611429][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  300.618785][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.627689][T15440]  loop1: p2 p3 p4
[  300.633733][T15440] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.641726][T15440] loop1: p3 start 225 is beyond EOD, truncated
[  300.647994][T15440] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.683098][T15474] loop1: detected capacity change from 0 to 1
[  300.721105][T15474]  loop1: p2 p3 p4
[  300.725134][T15474] loop1: p2 size 1073872896 extends beyond EOD, truncated
01:17:39 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x20020000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:39 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xf00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x600, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x900, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x4, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:39 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x24, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.732626][T15474] loop1: p3 start 225 is beyond EOD, truncated
[  300.738820][T15474] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.747114][ T1032]  loop1: p2 p3 p4
[  300.750933][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  300.758484][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  300.764661][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  300.796208][T15497] loop3: detected capacity change from 0 to 3
[  300.796260][T15500] loop2: detected capacity change from 0 to 4
[  300.804075][T15499] loop5: detected capacity change from 0 to 7
[  300.813618][T15501] loop4: detected capacity change from 0 to 1
[  300.858871][T15499]  loop5: p2 p3 p4
[  300.858914][T15500]  loop2: p2 p3 p4
[  300.862787][T15497]  loop3: p2 p3 p4
[  300.866531][T15500] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  300.871646][T15499] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  300.878183][T15500] loop2: p3 start 225 is beyond EOD, truncated
[  300.888237][T15497] loop3: p2 size 1073872896 extends beyond EOD, 
[  300.892499][T15500] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  300.892587][T15501]  loop4: p2 p3 p4
[  300.900203][T15497] truncated
[  300.915340][T15499] loop5: p3 start 225 is beyond EOD, truncated
[  300.921006][T15501] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  300.921563][T15499] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  300.929296][T15501] loop4: p3 start 225 is beyond EOD, truncated
[  300.942218][T15501] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  300.942536][T15497] loop3: p3 start 225 is beyond EOD, truncated
01:17:40 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x1003, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  300.955595][T15497] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  300.964206][T15525] loop1: detected capacity change from 0 to 1
[  300.975094][ T1032]  loop3: p2 p3 p4
[  300.981647][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  300.989527][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  300.995932][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
01:17:40 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x5, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x604, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.009739][T15525]  loop1: p2 p3 p4
[  301.013724][T15525] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  301.037934][T15546] loop2: detected capacity change from 0 to 5
[  301.046830][T15525] loop1: p3 start 225 is beyond EOD, truncated
[  301.052230][T15562] loop4: detected capacity change from 0 to 1
[  301.053055][T15525] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.066962][T15547] loop5: detected capacity change from 0 to 8
[  301.070018][ T1032]  loop1: p2 p3 p4
[  301.081794][T15546]  loop2: p2 p3 p4
[  301.083501][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  301.086717][T15546] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  301.096175][T15568] loop3: detected capacity change from 0 to 3
[  301.103197][T15546] loop2: p3 start 225 is beyond EOD, truncated
[  301.108788][T15562]  loop4: p2 p3 p4
[  301.114696][T15546] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  301.118408][T15562] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  301.126927][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  301.133002][T15547]  loop5: p2 p3 p4
[  301.139071][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.150396][T15547] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  301.153079][T15562] loop4: p3 start 225 is beyond EOD, truncated
[  301.162572][T15547] loop5: p3 start 225 is beyond EOD, truncated
[  301.163891][T15562] loop4: p4 size 3657465856 extends beyond EOD, 
[  301.170027][T15547] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  301.187373][T15562] truncated
01:17:40 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x1100, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x6, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.209344][T15568]  loop3: p2 p3 p4
[  301.214596][T15568] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  301.226384][T15568] loop3: p3 start 225 is beyond EOD, truncated
[  301.239202][T15568] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  301.249725][T15588] loop1: detected capacity change from 0 to 1
[  301.269376][T15603] loop5: detected capacity change from 0 to 8
[  301.277049][ T1032]  loop3: p2 p3 p4
[  301.278945][T15588]  loop1: p2 p3 p4
[  301.280974][ T1032] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  301.285578][T15588] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  301.298964][ T1032] loop3: p3 start 225 is beyond EOD, truncated
[  301.301038][T15588] loop1: p3 start 225 is beyond EOD, 
[  301.305201][ T1032] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  301.308557][T15603]  loop5: p2 p3 p4
[  301.310639][T15588] truncated
[  301.317903][T15603] loop5: p2 size 1073872896 extends beyond EOD, 
[  301.321441][T15588] loop1: p4 size 3657465856 extends beyond EOD, 
[  301.324528][T15603] truncated
[  301.331110][T15612] loop4: detected capacity change from 0 to 1
[  301.337182][T15588] truncated
[  301.343443][T15603] loop5: p3 start 225 is beyond EOD, truncated
[  301.355952][T15603] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  301.386130][T15612]  loop4: p2 p3 p4
[  301.386130][ T1032]  loop1: p2 p3 p4
[  301.386171][ T1032] loop1: p2 size 1073872896 extends beyond EOD, 
[  301.390295][T15612] loop4: p2 size 1073872896 extends beyond EOD, 
[  301.393596][ T1032] truncated
[  301.394493][ T1032] loop1: p3 start 225 is beyond EOD, 
[  301.399947][T15612] truncated
[  301.417181][T15612] loop4: p3 start 225 is beyond EOD, 
[  301.417828][ T1032] truncated
[  301.417828][T15612] truncated
[  301.417833][T15612] loop4: p4 size 3657465856 extends beyond EOD, 
[  301.423198][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.443064][T15612] truncated
01:17:40 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x24000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:40 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x700, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x25, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x1200, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x7, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.665559][T15678] loop3: detected capacity change from 0 to 3
[  301.665826][T15680] loop2: detected capacity change from 0 to 5
[  301.671816][T15679] loop1: detected capacity change from 0 to 1
[  301.685128][T15682] loop5: detected capacity change from 0 to 9
[  301.694602][T15685] loop4: detected capacity change from 0 to 1
[  301.728775][T15679]  loop1: p2 p3 p4
[  301.732742][T15678]  loop3: p2 p3 p4
[  301.736553][T15678] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  301.738882][T15679] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  301.746387][T15678] loop3: p3 start 225 is beyond EOD, truncated
[  301.751482][T15682]  loop5: p2 p3 p4
[  301.757549][T15678] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  301.768857][T15680]  loop2: p2 p3 p4
[  301.769660][T15679] loop1: p3 start 225 is beyond EOD, truncated
[  301.772887][T15680] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  301.778769][T15679] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  301.786777][T15680] loop2: p3 start 225 is beyond EOD, truncated
[  301.793269][T15685]  loop4: p2 p3 p4
[  301.799187][T15680] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  301.804030][T15685] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  301.821387][T15682] loop5: p2 size 1073872896 extends beyond EOD, truncated
01:17:40 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x900, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:40 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.828031][T15685] loop4: p3 start 225 is beyond EOD, truncated
[  301.834677][T15685] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  301.847762][T15682] loop5: p3 start 225 is beyond EOD, truncated
[  301.854007][T15682] loop5: p4 size 3657465856 extends beyond EOD, truncated
01:17:40 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x1300, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.894567][T15715] loop3: detected capacity change from 0 to 4
[  301.902633][T15722] loop1: detected capacity change from 0 to 1
[  301.918685][T15715]  loop3: p2 p3 p4
[  301.926654][T15715] loop3: p2 size 1073872896 extends beyond EOD, truncated
01:17:41 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x8, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  301.968534][T15722]  loop1: p2 p3 p4
[  301.972395][T15722] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  301.980273][T15715] loop3: p3 start 225 is beyond EOD, truncated
[  301.990336][T15715] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  301.998903][T15722] loop1: p3 start 225 is beyond EOD, truncated
[  302.005121][T15722] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.007154][T15747] loop2: detected capacity change from 0 to 6
[  302.020343][T15748] loop5: detected capacity change from 0 to 9
[  302.032637][T15753] loop4: detected capacity change from 0 to 1
[  302.048702][T15748]  loop5: p2 p3 p4
[  302.052683][T15748] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  302.061325][T11899] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0
[  302.068520][T15715] __loop_clr_fd: partition scan of loop3 failed (rc=-16)
[  302.074386][  T703] blk_update_request: I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  302.081916][T15747]  loop2: p2 p3 p4
[  302.092245][  T703] Buffer I/O error on dev loop3p2, logical block 0, async page read
[  302.104517][T15748] loop5: p3 start 225 is beyond EOD, truncated
[  302.109003][T15747] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  302.110805][T15748] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  302.120020][ T1032]  loop1: p2 p3 p4
[  302.126984][T15753]  loop4: p2 p3 p4
[  302.131582][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.139315][T15753] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  302.153765][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  302.154840][T15753] loop4: p3 start 225 is beyond EOD, 
01:17:41 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xa00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x26, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.159999][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.169496][T15747] loop2: p3 start 225 is beyond EOD, 
[  302.172561][T15753] truncated
[  302.172562][T15747] truncated
[  302.172567][T15747] loop2: p4 size 3657465856 extends beyond EOD, 
[  302.177911][T15753] loop4: p4 size 3657465856 extends beyond EOD, 
[  302.181292][T15747] truncated
[  302.200214][T15753] truncated
[  302.202202][T15775] loop3: detected capacity change from 0 to 5
[  302.252854][T15775]  loop3: p2 p3 p4
[  302.259092][T15775] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  302.268072][T15775] loop3: p3 start 225 is beyond EOD, truncated
[  302.274361][T15775] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  302.282340][T15801] loop1: detected capacity change from 0 to 1
[  302.329116][ T1032]  loop1: p2 p3 p4
[  302.332967][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.340740][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  302.347163][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.355955][T15801]  loop1: p2 p3 p4
[  302.359883][T15801] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.367460][T15801] loop1: p3 start 225 is beyond EOD, truncated
[  302.373683][T15801] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.440440][T15822] loop1: detected capacity change from 0 to 1
[  302.479938][T15822]  loop1: p2 p3 p4
01:17:41 executing program 0:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000640)={0xa, 0x4e22, 0x0, @loopback}, 0x1c)
listen(r0, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.swap.current\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='&'], 0x8)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r2, 0x0)
setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000140), 0x4)
setsockopt$inet6_tcp_int(r1, 0x6, 0xa, &(0x7f0000000000), 0x4)
sendto$inet6(r1, 0x0, 0x40000000, 0x20000015, &(0x7f000031e000)={0xa, 0x4e22, 0x0, @empty}, 0x1c)

01:17:41 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2000, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0x9, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xb00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.489695][T15822] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.507997][T15822] loop1: p3 start 225 is beyond EOD, truncated
[  302.514267][T15822] loop1: p4 size 3657465856 extends beyond EOD, truncated
01:17:41 executing program 1:
ioctl$FS_IOC_GETFSLABEL(0xffffffffffffffff, 0x81009431, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
syz_read_part_table(0x2e, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.547277][ T1032]  loop1: p2 p3 p4
[  302.552897][ T1032] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.564562][T15836] loop4: detected capacity change from 0 to 1
[  302.564750][ T1032] loop1: p3 start 225 is beyond EOD, truncated
[  302.571552][T15842] loop3: detected capacity change from 0 to 5
[  302.576819][ T1032] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.585626][T15835] loop5: detected capacity change from 0 to 16
[  302.593753][T15845] loop2: detected capacity change from 0 to 6
[  302.638385][T15845]  loop2: p2 p3 p4
[  302.638533][T15842]  loop3: p2 p3 p4
[  302.642301][T15845] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  302.647126][T15836]  loop4: p2 p3 p4
[  302.654854][T15845] loop2: p3 start 225 is beyond EOD, truncated
[  302.661446][T15842] loop3: p2 size 1073872896 extends beyond EOD, 
[  302.664554][T15845] loop2: p4 size 3657465856 extends beyond EOD, truncated
[  302.671025][T15842] truncated
[  302.672398][T15836] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  302.682650][T15842] loop3: p3 start 225 is beyond EOD, truncated
[  302.688703][T15835]  loop5: p2 p3 p4
[  302.694753][T15842] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  302.705225][T15836] loop4: p3 start 225 is beyond EOD, truncated
[  302.710895][T15835] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  302.716601][T15836] loop4: p4 size 3657465856 extends beyond EOD, truncated
[  302.724073][T15835] loop5: p3 start 225 is beyond EOD, truncated
01:17:41 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xc00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 2:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xe00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

01:17:41 executing program 4:
mount$9p_fd(0x0, 0x0, &(0x7f0000000100), 0x4000, &(0x7f0000000140))
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, 0x0)
ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x8923, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, 0x0)
ioctl$BTRFS_IOC_SCRUB(0xffffffffffffffff, 0xc400941b, 0x0)
syz_read_part_table(0xa, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.737362][T15835] loop5: p4 size 3657465856 extends beyond EOD, truncated
[  302.751894][T15873] loop1: detected capacity change from 0 to 1
01:17:41 executing program 5:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0x2400, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.798595][T15873]  loop1: p2 p3 p4
[  302.806347][T15873] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  302.823487][T15873] loop1: p3 start 225 is beyond EOD, truncated
[  302.824498][T15886] loop3: detected capacity change from 0 to 6
[  302.829793][T15873] loop1: p4 size 3657465856 extends beyond EOD, truncated
[  302.864530][T15886]  loop3: p2 p3 p4
[  302.868349][T15886] loop3: p2 size 1073872896 extends beyond EOD, truncated
[  302.873117][T15899] loop2: detected capacity change from 0 to 7
[  302.876825][T15886] loop3: p3 start 225 is beyond EOD, truncated
[  302.881946][T15896] loop4: detected capacity change from 0 to 1
[  302.887765][T15886] loop3: p4 size 3657465856 extends beyond EOD, truncated
[  302.908491][T15913] loop1: detected capacity change from 0 to 1
01:17:42 executing program 3:
perf_event_open(&(0x7f0000000040)={0x2, 0x80, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0)
syz_read_part_table(0xd00, 0x1, &(0x7f0000000000)=[{&(0x7f00000000c0)="0201a5ffffffe70100000000000000ffffffa6000800000000000000024000ffffffbf000000e10000008877007200300700a9ffffff00000000008000da55aa", 0x40, 0x1c0}])

[  302.915104][T15908] loop5: detected capacity change from 0 to 18
[  302.961243][T15896]  loop4: p2 p3 p4
[  302.964358][T15899]  loop2: p2 p3 p4
[  302.965034][T15896] loop4: p2 size 1073872896 extends beyond EOD, truncated
[  302.969598][T15899] loop2: p2 size 1073872896 extends beyond EOD, truncated
[  302.976412][ T1032]  loop5: p2 p3 p4
[  302.983301][T15913]  loop1: p2 p3 p4
[  302.990509][ T1032] loop5: p2 size 1073872896 extends beyond EOD, truncated
[  302.991641][T15913] loop1: p2 size 1073872896 extends beyond EOD, truncated
[  303.005001][ T1032] loop5: p3 start 225 is beyond EOD, truncated
[  303.005889][T15896] loop4: p3 start 225 is beyond EOD, tru