6, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61000006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:47 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2505.308999] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2505.318496] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2505.336867] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2505.358520] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:47 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xffffffffffffffff, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 00:31:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x0, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:31:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000540)={0x2, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x0, 0x20}, {}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @ioapic={0xd000, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x9}]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 00:31:47 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:47 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:47 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, &(0x7f0000000000)) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2505.731020] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2505.740936] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2505.753423] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2505.776430] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:47 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e66400006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:47 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, &(0x7f0000000000)) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:47 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000140)="baa100b000eef36cba21000f20e06635000001000f22e066b9800000c00f326635001000000f30bad104ecc80080d267d9f866b9800000c00f326635000400000f300f20c06635200000000f22c067f3af", 0x51}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000540)={0x2, 0x0, [{0x1, 0x0, 0x0, 0x0, 0x0, 0x20}, {}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800], 0x0, 0x5211}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000300)={0x0, 0x0, @ioapic={0xd000, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x9}]}}) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 2505.968718] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2506.000211] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2506.028177] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2506.073400] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x30740000000000, 0x0) 00:31:50 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, 0x0, &(0x7f0000000000)) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:50 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e66500006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2508.313846] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2508.334700] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2508.364892] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2508.390822] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:50 executing program 2: 00:31:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:31:50 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:50 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e68903006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:50 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 00:31:50 executing program 2: 00:31:50 executing program 2: [ 2508.762977] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2508.777975] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2508.792965] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:31:50 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2508.819966] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:50 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e68a03006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2509.016706] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2509.032235] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2509.042232] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2509.053593] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:53 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xa0730000000000, 0x0) 00:31:53 executing program 2: 00:31:53 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:53 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6fd03006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2511.381285] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2511.390733] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2511.402313] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2511.434438] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:53 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:31:53 executing program 0: socket(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:53 executing program 2: 00:31:53 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61a04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:53 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 00:31:53 executing program 2: 00:31:53 executing program 0: socket(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2511.864295] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2511.879573] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2511.893467] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2511.914497] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:53 executing program 2: 00:31:56 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xb0530000000000, 0x0) 00:31:56 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61b04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:56 executing program 0: socket(0x10, 0x3, 0x0) r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r0, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r0, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:31:56 executing program 2: [ 2514.418576] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2514.436793] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2514.446281] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2514.478989] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:56 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:31:56 executing program 2: 00:31:56 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, 0x0, 0x0) 00:31:56 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61c04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:56 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, 0x0, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 00:31:56 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, 0x0, 0x0) 00:31:56 executing program 2: [ 2514.884220] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2514.899567] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2514.916949] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:31:56 executing program 2: [ 2514.946915] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:59 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xf0ffffff7f0000, 0x0) 00:31:59 executing program 2: 00:31:59 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61d04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:59 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, 0x0, 0x0) [ 2517.452704] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2517.462505] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2517.498402] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2517.532456] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:31:59 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:31:59 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) 00:31:59 executing program 2: perf_event_open(&(0x7f00000002c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001200)=ANY=[@ANYBLOB="740000002400f30700000000ddffffff00000000", @ANYRES32, @ANYBLOB="00000000ffffffffffffffff080001007366710006000500fffff0000010e104deccbbbde735b9a8b2eca00000000000000000000000000033cc3512c9aa8178bdf1001b00000000000000000000de7f46000000000000007f0000000000009900007cf76567e30e03c32824f1583940fb0e363002e94564838f548258a632963f8262d0485c9b90c19b6ca74fb97882f65eb406eaf163fe648fceb6d85c1a8e44476c248656cb5d845549c5ceffcfeaabfca524afef20c0034fbd36262c964c61f3771603fd386dc70a77e574732bd950e808d63007d6c6683e251ac28f6b0000863aa3d9e240168ef067671514ccb381077c2afecae2bb28925f8dd87c3994ef3645d77e7281ab057d2bef3b8444014c8752a4a8a434ac70810633f2eb7d7a89d0f3cf2074bb2e180772593cd728026dfe9b7bc2cbc70a0c42fd1a3f071dde69a5dcd32cb951da688b879615"], 0x74}}, 0x0) r0 = socket(0x10, 0x80002, 0x0) sendmmsg$alg(r0, &(0x7f0000000180)=[{0xa, 0x1000000000000, &(0x7f0000000100)=[{&(0x7f0000000040)="e588da94b522c2d1f3139c2948718f407fe7166ac45a790cd2095b44582f3310fb073cb29f9afc1ddb6272a61982d91410b9914e7638a71eab6cd729de3c717034a0069e9ed7d8d5fa1979ad04faed8aeb23cac0ab9a4d2927d53b44ef0f6eb8b357570886780d116f40c92841c5a3d72ac31d7abedde3433aa57b7fefb2a6e25f68b39642e8ed4cba1d481661ba"}, {&(0x7f0000000600)="a175aecfc133f10e0296d588d507cb2369905aafe9156c60719627564d1f5841ed3912a4b4d6372b4d52111e6d26ae638675c823527d292fb9cfb0691358daaeed278a87b98817f0efa445e1e8110e40b7979829311002818ea4bfa43e186dbdf71f761f261789a4e4063b30213fc8674cff946703b49ecc157cd063ec3bf08b8f75365561ef81b12e6d77479cb6fba9e4a0e862fe0729da03403caa9b02aff1a185885195"}], 0xe, &(0x7f0000000100)}], 0x126618d46e7cf97, 0x0) write$binfmt_misc(0xffffffffffffffff, 0x0, 0xfffffecc) 00:31:59 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61e04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:31:59 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x20, r1, 0x0, 0x0) 00:31:59 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) [ 2517.898424] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'. [ 2517.937108] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2517.955480] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2517.970405] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:31:59 executing program 2: r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000040)={'veth1_to_batadv\x00', @ifru_names='vlan0\x00'}) 00:31:59 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, 0x0}, 0x0) [ 2517.996157] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2518.072321] veth1_to_batadv: mtu greater than device maximum [ 2518.089061] veth1_to_batadv: mtu greater than device maximum 00:32:02 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x100000000000000, 0x0) 00:32:02 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61f04006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:02 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) 00:32:02 executing program 2: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setgid(0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000040)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) lsetxattr(&(0x7f00000005c0)='./file1\x00', &(0x7f0000000600)=@known='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'U-', 0x80000000}, 0x16, 0x1) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000140)='./file1/file0\x00', 0x0, 0x80ffff) 00:32:02 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) [ 2520.472724] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2520.532434] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2520.557166] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2520.577721] overlayfs: conflicting lowerdir path [ 2520.581075] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2520.643680] overlayfs: conflicting lowerdir path 00:32:02 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:02 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x0) 00:32:02 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e62004006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:02 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x20, r1, 0x0, 0x0) 00:32:02 executing program 2: perf_event_open(&(0x7f00000012c0)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) setgid(0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x0) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000300)='./file0\x00', &(0x7f0000000040)='overlay\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='upperdir=./file0,lowerdir=.:file0,workdir=./file1']) lsetxattr(&(0x7f00000005c0)='./file1\x00', &(0x7f0000000600)=@known='trusted.overlay.redirect\x00', 0x0, 0x0, 0x0) lsetxattr$trusted_overlay_nlink(&(0x7f0000000000)='./file0\x00', &(0x7f00000000c0)='trusted.overlay.nlink\x00', &(0x7f0000000100)={'U-', 0x80000000}, 0x16, 0x1) r0 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0) mknodat(r0, &(0x7f0000000140)='./file1/file0\x00', 0x0, 0x80ffff) 00:32:02 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2520.927560] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:32:02 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2520.986775] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2521.007440] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2521.072511] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2521.191091] overlayfs: conflicting lowerdir path 00:32:05 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xe00000000000000, 0x0) 00:32:05 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x0, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:05 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e62104006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:05 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:05 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2523.528106] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2523.548960] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2523.577769] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2523.615553] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:05 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100), 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:05 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:05 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:05 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, 0x0) ptrace$cont(0x20, r1, 0x0, 0x0) 00:32:05 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e62204006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:05 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:05 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2523.986893] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2524.012248] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2524.025352] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2524.048039] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:08 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x3f00000000000000, 0x0) 00:32:08 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:08 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:08 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) 00:32:08 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e62304006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2526.582592] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2526.614274] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2526.636888] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2526.664928] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:08 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:08 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) 00:32:08 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:08 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e62404006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:08 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) [ 2526.935606] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2526.946134] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2526.956581] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:08 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) [ 2526.984258] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:08 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:11 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x8000000000000000, 0x0) 00:32:11 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6ef27006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:11 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) 00:32:11 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:11 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 2529.618569] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2529.650362] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2529.666121] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2529.692607] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:11 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:11 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x30, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8, 0x8, 'tbf\x00'}, {0x4}}]}, 0x30}}, 0x0) 00:32:11 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) 00:32:11 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e61f28006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:11 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) [ 2529.982325] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2529.996181] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:32:11 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) [ 2530.029766] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:12 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) [ 2530.075728] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:14 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xfeffffff00000000, 0x0) 00:32:14 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 00:32:14 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60034006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:14 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 00:32:14 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0xffffffffffffffff, r1, 0x0, 0x0) [ 2532.699043] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2532.738157] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2532.752103] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2532.786008] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:14 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{0x0}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:14 executing program 0: r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r1, 0x0, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='\b'], 0x1) getsockopt$inet_pktinfo(r1, 0x0, 0x8, &(0x7f0000000040)={0x0, @local, @local}, &(0x7f0000000000)=0xc) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) 00:32:14 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 00:32:14 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e600af006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2533.009045] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2533.025095] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:32:14 executing program 0: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ifreq(r0, 0x8922, &(0x7f0000000040)={'veth1_to_batadv\x00', @ifru_names='vlan0\x00'}) 00:32:14 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0x400) 00:32:15 executing program 0: perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41be, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)) [ 2533.075224] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2533.102565] veth1_to_batadv: mtu greater than device maximum [ 2533.146391] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:17 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xffefffffff7f0000, 0x0) 00:32:17 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) 00:32:17 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e680bb006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:17 executing program 0: perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) setfsuid(0x0) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x2, 0x2110, &(0x7f0000000640)=ANY=[@ANYBLOB="61128c000000000061138c0000000000bf2000000000000015000000080000002d0301000000000095000000000000006916000000000000bf67000000000000350600000fff07086706000002000000070300000ee60060bf050000000000004f650000000000006507f9ff01000000070700004c0000005f75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000000500000000000000950000000000000032ed3c5be9525db67754bb12fe3054ac69a5864e764f9914953170d2d7ffffff8ecf264e0f84f9f17d3c30e3c7bdd2d17f2f1754558f227857c4299bfd22a33daf6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd399703d6c4f6f3be4b369289aa6812b8e007e733a9a4f16d0a3e1282ee45a010fb94fe9de56c9d8a814261bdb94a05000000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546c087431d7700000006e7c955cfa1f6ab689fde4de4e63ede20271a51445dc8da39e5b0ab70100010000000000d048cd6002d4519af619e3cca4d69e0dee5eb106774a8f3e6916df85aaf34c4756ad3a6d74ec88158f0200000000c8fb735fd552bdc206004aeb0743eb2dc819b6cf5c8ac86d8a297dff0445a13d0045fb3cda32a673a6bb55d8c85f21dce431e56723888fb126a163f16fb2ad9bc1172ba7cbebe174aba210d702a018f9bbec63222d20cecac4d03723f1c932b3a6aa57f1ad2e99e0e67a993716dbf580469f62ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000004000000000000000000000000bc00f674629709e7e78f4ddc211bc3ebf0bd9d42ca019dd5d022cf74686e9fbe2562671cd47840a7afaab43176e65ec1118d46d1e827f3472f4445d253887a5ad103649afa17690884f8d2001e03a651bb96589a7eab04871bc47287cd313f00000000000000407d00000000000000000000c59050647802cf86f10000005f37d83f84e98a52fbbecd106425563d80bd0d0d703f37ca363f601ae899a53f6715a0a62a34b0c94cce699452050000000000000026a0f6a5480a55c22fe394ac000000000000000000000000000000437d57defb79ea6a58bc3eeed729a2f95e1d6a1fc3857ff51b1e3ee00000000000000090867f577cdde2144d9d7a3b9bc43717188cb8426286fc55fc57cc3c6de4aa67babf350709e282a4f2bf59f46e20465eae865dbfd533b1cb2d540d0490cd5248715c74b6bd0248a9a0b417bbdfb5351defc6"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000)={0x0, 0x0, 0x81}}, 0x48) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) socket$unix(0x1, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) pipe(&(0x7f0000000040)) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000000)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = perf_event_open(&(0x7f0000000700)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x50d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r4 = dup3(r3, r1, 0x0) dup2(r4, r2) openat$vcsa(0xffffff9c, &(0x7f0000000080)='/dev/vcsa\x00', 0x52201, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 00:32:17 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 2535.743641] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2535.812452] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2535.846727] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2535.873409] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:17 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:17 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) 00:32:17 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e600c0006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:17 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000039c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4a06b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a9705735b68727d6ef3834293812e927c03c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df98588374e267846442f9e49b9e473c6c58a4ca03767c69cee1b6be486e4c9507af216bd889eff7dd5adb8e49f4a94615e49c08c9a20819e02cc22e6be4557cd4ed88b37ab8d7674c644dca2f1b4d745fd9d42f49db6d4a4762e5cc23dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43e8118e1407a601dae4b8b99bffffb1ac006c67767b03b95151aeb89e6d0843c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a0e3ed34258b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db17d792e604a4f279b3bd6621bdf2c17bc04000000000000000000c4006200607a9a76e5d9656a7154c75773902a1fdf399df3925130312d095e9c1f973d091cec77e7198c1a11a755761fe46169b2b5b8cdedb695cc425fe203d2f2655a76865c2cb4e2470fcfff248c0add5431a7fbcb0ebf69e2d560aa848a11cd521efaf4f66a09af93a089ab1daae4b518d7a5d95a017864487366d6d7ee7bb0749cacf56cf27409c60fca2e2981b22d08f874e0a9cb6fca7844f9dab530388eb1f43d4abbfc59d6f1b18fff80df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7003af92d11de48e8b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2270058ffebd7ccde2480ae40d6156e9a4a2039d0416e3f83074192c48c63384f52b8eeb60571e5bbbab3e6d2b557a52bee6f81968981811f832d064048c0e0bbe46984b2f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8c2fc8dda2e8b64185625bf4dd0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc349ab96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c09892c58000987e5c7954e9f3684d116b01ce0b8ef953de70e7cd9311c8b018956f8a42ca26ab295f1ecf617a8dc38e525f415a1bd46b38845ebca04061bacbf627f798a7f520078fee48f83b5989543729e57a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b5aa5264cb4a82cf080de1633aa4fd9c3e4455ac6a029a1513cb132d28c69a5fc6d17a5700d9bc22a4dda51c0bb5dd70d3155ed199e0e4f33dfef7f1efbb4f81f2f48a228cb93f41921220e18b54eaf8cfe1a783d5a99e95ecd6e86ae04ee8bd60235c53ccfc7eaa9a83a004f1aeffbad240825b7178e7bc5afb7c0000800000000000000500000000d2122e69200ad88c4ad1730185b1e9efd2d9e4f08948e1552331ee20a5228fcf0ed8f3337a5c1c2851f6338308ca045cb5206e8fd856ecb111d06d74f4526c4b0f2919f0e46c4f509d2c271f6be8f14d038b7ac58136c44d6e07162257615b59e4de239a32940ba0f372c8a91e04f5624d60c346b7bca4b656d80d23eedb18cb680015f78ee59adfd9d5aab9101d336f1be2c2136e4f108a8aaf6f61b21f722a0d8cd3fa65bbf3f6793df43e1bfb2d5cfd9acfbfb061e20e4313aeb9891096522d36b9bc739d567eeec3425b77e1f78fb9f306ea841cd2158733fb84f4494db2703314ad83bcb19d55bed59dac0261806b57dc61cd897d1849eb9332c0c2d0f905a3b861551ae0908dfee8d40600000000000000ff3aeed1ab5da8c0516dab40d42529a6105b0a2d9f860d83f83a375ccdc3202de525b450e0da386e372adfdd7ff7de73c3150b64c863485ec8dbeff8cb0d8e3a5e1eb725ad84d8d96ced5d70e5837e1531546700c98c9db7287db0fc213810895883cbaa6d3d4a023bef3eb70acb313ed257ec5984ed7a9e243e40e6e6afbd922635d4495a0c8783b1d826e1026707e10bf5d705a21e351d2aa8d1710b40c201786aac4396db7a156e1690c1247ae34f7ce471b8428ef5040722c91bc564286b3ccad3a47f3f88a446f3b14ccc9e30e95c90a63caf5cbee130d567d0b5357f4df69bef8303580846d8059d89bf706772c0473a8a50352359cd5722d02995556da0fb57082abd9a39ec9e01a09913e37a7955dde1dd7f2ea48d32b96e3fcadc95f0aa1a056799f429663582b39f5c5b60db6646a8e51732c052080b5acb161f0d581adc485f1c51d541e26a841977cd25da5bd9c804a49218d925257bc2d3e87d228accb4daeb84dac91b4fc760e80f444dd422fdad2161bc318a52828c3943e322e2df635b0af0d65a1afcd2"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff14000000632177fbac14143ae0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) 00:32:17 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) [ 2536.117721] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:32:18 executing program 0: perf_event_open(&(0x7f0000000480)={0x0, 0x70, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/mcfilter6\x00') preadv(r0, &(0x7f0000000100), 0x18d, 0x207200) [ 2536.161580] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2536.176044] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:18 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) [ 2536.217325] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:20 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0xffffffff00000000, 0x0) 00:32:20 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60102006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) 00:32:20 executing program 0: mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) chdir(&(0x7f0000000140)='./bus\x00') r0 = open(&(0x7f0000000040)='./file0\x00', 0x200c2, 0x0) write$nbd(r0, &(0x7f0000000d80)=ANY=[], 0x1) 00:32:20 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 2538.781142] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2538.803395] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2538.819746] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2538.866827] overlayfs: './file0' not a directory [ 2538.875038] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:20 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:20 executing program 2: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) 00:32:20 executing program 0: perf_event_open(&(0x7f0000000280)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x203, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socket$kcm(0x29, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000039c0)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b7000000000008009500f10100000000487591731cba12c07d57d995b61e89a4530f92304f242b416ae9eeefc0e9c60ebab1c176bf9bb4dde984510c82dc2b9381b72b100d0682fd0a0c4a06b29e220dc28dac72599456d4c4e6f3fe2d1dee18f638ac947b5e026a9705735b68727d6ef3834293812e927c03c7da1322da44c7f2ed1084a12f56d1cb398dff1db3df98588374e267846442f9e49b9e473c6c58a4ca03767c69cee1b6be486e4c9507af216bd889eff7dd5adb8e49f4a94615e49c08c9a20819e02cc22e6be4557cd4ed88b37ab8d7674c644dca2f1b4d745fd9d42f49db6d4a4762e5cc23dfc1adafd1e5a3e7f2e898961cb43e438c4e41ae43e8118e1407a601dae4b8b99bffffb1ac006c67767b03b95151aeb89e6d0843c625aa2285b6e4afd8c1cc3eb215ba22f43115f4d39dc7beedb130d9f2be90133a0e3ed34258b8c9370634060105baa664953514605fba3973aa021945b985a8a66e9cfa9d9e57033815717b4fdbe55b37cb8d7f41aacfbd4089ea1bd22440f64909a09b5a759a703e71f358e11ac8e13db17d792e604a4f279b3bd6621bdf2c17bc04000000000000000000c4006200607a9a76e5d9656a7154c75773902a1fdf399df3925130312d095e9c1f973d091cec77e7198c1a11a755761fe46169b2b5b8cdedb695cc425fe203d2f2655a76865c2cb4e2470fcfff248c0add5431a7fbcb0ebf69e2d560aa848a11cd521efaf4f66a09af93a089ab1daae4b518d7a5d95a017864487366d6d7ee7bb0749cacf56cf27409c60fca2e2981b22d08f874e0a9cb6fca7844f9dab530388eb1f43d4abbfc59d6f1b18fff80df4bf024f120bd715d82033f2fb7d8fc9e0d77b294e097e293db58992c0024ab2fd8e5e7003af92d11de48e8b4d32972cba6f49051cec1bf6f16231bbb90a2d201e5a47811a2270058ffebd7ccde2480ae40d6156e9a4a2039d0416e3f83074192c48c63384f52b8eeb60571e5bbbab3e6d2b557a52bee6f81968981811f832d064048c0e0bbe46984b2f0d0504255c22ee8674053d0e160e525536edf56a93d0a7a6f0889f4ee8964875fea6ff57ba6ae25c5e8ca4f78d5a01308243b08f1caa46be5244d64f8e875858e083144c642f71cdc8e5634c1360c056430f677ee7ed7ac1f9743786b2fb8c2fc8dda2e8b64185625bf4dd0fcfcc3d36c93230b7b059bc295aa0e38b1c3edc349ab96e73d2060acfd8145e4a5851bc4d6fdc5ad939d7795f3879baa88bd0c09892c58000987e5c7954e9f3684d116b01ce0b8ef953de70e7cd9311c8b018956f8a42ca26ab295f1ecf617a8dc38e525f415a1bd46b38845ebca04061bacbf627f798a7f520078fee48f83b5989543729e57a9e1d686bc86cd51704f309130f5347413776a7b7bea3c46c0c4c4b7c27c45057d95ac85ac1cdcee8e6fa31fc02137ed1fb4b21c13b9a2c5e3f7c9ef9c45a314a6f0b9352be92986d63263b5aa5264cb4a82cf080de1633aa4fd9c3e4455ac6a029a1513cb132d28c69a5fc6d17a5700d9bc22a4dda51c0bb5dd70d3155ed199e0e4f33dfef7f1efbb4f81f2f48a228cb93f41921220e18b54eaf8cfe1a783d5a99e95ecd6e86ae04ee8bd60235c53ccfc7eaa9a83a004f1aeffbad240825b7178e7bc5afb7c0000800000000000000500000000d2122e69200ad88c4ad1730185b1e9efd2d9e4f08948e1552331ee20a5228fcf0ed8f3337a5c1c2851f6338308ca045cb5206e8fd856ecb111d06d74f4526c4b0f2919f0e46c4f509d2c271f6be8f14d038b7ac58136c44d6e07162257615b59e4de239a32940ba0f372c8a91e04f5624d60c346b7bca4b656d80d23eedb18cb680015f78ee59adfd9d5aab9101d336f1be2c2136e4f108a8aaf6f61b21f722a0d8cd3fa65bbf3f6793df43e1bfb2d5cfd9acfbfb061e20e4313aeb9891096522d36b9bc739d567eeec3425b77e1f78fb9f306ea841cd2158733fb84f4494db2703314ad83bcb19d55bed59dac0261806b57dc61cd897d1849eb9332c0c2d0f905a3b861551ae0908dfee8d40600000000000000ff3aeed1ab5da8c0516dab40d42529a6105b0a2d9f860d83f83a375ccdc3202de525b450e0da386e372adfdd7ff7de73c3150b64c863485ec8dbeff8cb0d8e3a5e1eb725ad84d8d96ced5d70e5837e1531546700c98c9db7287db0fc213810895883cbaa6d3d4a023bef3eb70acb313ed257ec5984ed7a9e243e40e6e6afbd922635d4495a0c8783b1d826e1026707e10bf5d705a21e351d2aa8d1710b40c201786aac4396db7a156e1690c1247ae34f7ce471b8428ef5040722c91bc564286b3ccad3a47f3f88a446f3b14ccc9e30e95c90a63caf5cbee130d567d0b5357f4df69bef8303580846d8059d89bf706772c0473a8a50352359cd5722d02995556da0fb57082abd9a39ec9e01a09913e37a7955dde1dd7f2ea48d32b96e3fcadc95f0aa1a056799f429663582b39f5c5b60db6646a8e51732c052080b5acb161f0d581adc485f1c51d541e26a841977cd25da5bd9c804a49218d925257bc2d3e87d228accb4daeb84dac91b4fc760e80f444dd422fdad2161bc318a52828c3943e322e2df635b0af0d65a1afcd2"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x222}, 0x48) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x26e1, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe80, 0x6000, &(0x7f00000000c0)="b9ff03c6630d698cb89e0bf088ca1fffffff14000000632177fbac14143ae0", 0x0, 0x2f, 0x0, 0x0, 0xfffffffffffffe2a}, 0x28) 00:32:20 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60103006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2539.080538] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2539.097907] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2539.122658] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:21 executing program 2: r0 = open(0x0, 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2539.169962] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:21 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60104006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:21 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0xffffffffffffff12, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7c0d111317b1ff8ebff29f81219ec5b10d0d003f0aefd9448dbef1ffb4e3a6af87131512da528f6235fe35d30b3b5cb4877c1b89bbf83f6d749d5b00679601a3ab5cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cf7e9bc2df860c7a8cfc0ce7a24fe6f821e6e5e77267487dcf0208aaa5e3aeb1d921d2fdbb8587804a8e3eeb6ebca013835a981d333ca0915d7ae9d24a14f26", 0xfffffffffffffe13, 0x26a7d94d1c144252, 0x0, 0x0) [ 2539.365513] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2539.375535] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2539.386040] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2539.398628] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:23 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xe) 00:32:23 executing program 2: r0 = open(0x0, 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:23 executing program 0: 00:32:23 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60105006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:23 executing program 1: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000100)="45e9aed12f060000001e94193c25d86800278dcff47d01e0234353cb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97f459398655c81fd81b007008f9241e78f593f77a414d8e34b68074e089ddb0f67cf4c857370bc2c8e0459e83331b02000000abe01eca003d635ce2f0462c9a7977aee274424348eb84d8c9f10b154a5c234b3a04010c209a", 0x97}], 0x4, 0x0) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x26) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, 0x0, 0x0, 0x0) [ 2541.764685] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2541.778897] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2541.814849] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2541.854512] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:23 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:23 executing program 2: r0 = open(0x0, 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:23 executing program 0: 00:32:23 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60106006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:24 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:24 executing program 0: [ 2542.165406] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2542.190971] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2542.205386] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:24 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2542.255665] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:26 executing program 0: 00:32:26 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x21) 00:32:26 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60107006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:26 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:26 executing program 1: [ 2544.871365] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2544.896323] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2544.907931] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2544.946815] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:27 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:27 executing program 1: 00:32:27 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_dev$dri(&(0x7f0000000000)='/dev/dri/card#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f00000000c0)={0x10002, 0xa, 0xd9, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r1, 0xc01064b3, &(0x7f0000000140)={r2}) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) dup3(r3, 0xffffffffffffffff, 0x0) unlinkat(0xffffffffffffffff, 0x0, 0x200) r4 = syz_open_dev$dri(0x0, 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f00000000c0)={0x10002, 0xa, 0xd9, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_MAP_DUMB(r4, 0xc01064b3, &(0x7f0000000140)={r5}) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, &(0x7f0000000040)={0x0, 0x3, 0x1}) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) dup3(r6, r7, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) dup2(r0, r1) 00:32:27 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:27 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60108006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2545.158338] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2545.189326] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:32:27 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:27 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2545.218878] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:27 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2545.289681] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2545.298712] audit: type=1800 audit(1588638747.164:37): pid=23779 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16566 res=0 [ 2545.355849] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2545.424272] Process accounting resumed [ 2545.516127] Process accounting resumed 00:32:29 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xe00) 00:32:29 executing program 0: prlimit64(0x0, 0xe, &(0x7f00000001c0)={0x9, 0x400000008d}, 0x0) r0 = getpid() sched_setattr(r0, &(0x7f0000000040)={0x38, 0x1, 0x0, 0x0, 0x9}, 0x0) r1 = socket$inet6(0xa, 0x2, 0x0) recvmmsg(r1, &(0x7f0000008880), 0x400000000000249, 0x0, 0x0) tee(0xffffffffffffffff, 0xffffffffffffffff, 0x7, 0x0) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair(0x0, 0x0, 0x0, 0x0) sendmmsg$alg(0xffffffffffffffff, &(0x7f0000006040)=[{0x8004000, 0x0, 0x0}, {0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000480)="739a9484e2081d5a172d3decdbead70b861fc7bf50cd4029e5be226a6967ae4ad6bfb77de5c0779d54d1c7cb4bf54d41939ea9829c5abc5d56ee5ba47cf598b92f6573a1a06742c107d3e33332b9bf4e9637fa48c50581d6c95f69d3370669868e1576fda7ee131f51e0dab975e1ec04539b8ecbbf38daea889d144763bfbdd4fe5dfee2e57a1913f87615e42ca3d14e82698041b606eeaf7c121611cd84f44c6b74a18d2dc6370df00973f34c8fab113ca93e72e284acc6d175a509c12293ed677703991a94dc7a443f268a5f77d1b35422dcdb4750284b361a05b711e7e5d5d776f9ba3ce40b76a4d6f1d9ceada3ba1d67148c178df9dc13165dc22e2a21eb03c16d1cd708ea19c32e41e6c0488a088d81713371e95c990d1c8a54cd2600e92d25ed8bf597fe9ad76a662854837b36c4f4de93661c097e4f1c667da06bb8b8e32b8fca8f1be112c0149bef2e420d442dbed85030b34582bf4178e2832b825e46ba0cab0f4ba85ce0ed0f1c95d8ae19f0691f1786072629b7a758751715545e4683063094f38d549a85ac8f5ea0257f90920f08fb3f789b045f06a0ab3be633388dabbb397e574a9c924557dc3cb83f1ed576243a79318efdf80843cbcecc72897cba285c5ed9ddfe87789cabf53e16b0484a3f0e469e1cbe51596c0bb811b6617e431fff1773de8446d13b36cec17262497f312d4c6ad82b06deb2f7027e09bd301f116f186d0bb508c8233e5253510b17abafc265f00b6698f2c467d6171974ec6c5170ca5fd16cd21dd7348b6685b388d3842b3aedb90814cf58a4b81f1126cccf3634c86cad32ce18f703428ccc17fd89b5aad30858d0bc585ff722f281dfc242bb584e0d5db0fc2e54cd5b37097d0e795c794f758e1b02577983442284d8a8e604d8fda47afa7f73a46b6456e8fdef05a28a5150e443f52a2984f65954e40333af703d01806ee89239596a8a7c6a33d671c1ba5420a906657c5e46c3465495d31d124d98826fd7b17e25b8d2200e184879603649627b12cfdb5b69c93d73af2b30ba27599792d4368510dc07931fe1bffa26edc6f0f19a579ebf2a1a2de704d6adf764595ae19ffa2a41a214bab3fca301951bde3f815a118946d240bbc80fb1c5449fe0354a8d22513c38896b3b50c8b4a1981596ec71892fbf19603efcac420f6936b0928ff9ed9d0648723d793b58e7c42da480c490914621252d8f8d851960be95edcc8611a219a8812b800351f5b3a4b5e81b793a51fb7bce44642e6b996ff477ea4cf8812aacfcff7be778b63b4d21e17bf49761fc140f231d3a148dba95be6c6311f8dee5596c913b8712bd546462b6c0c0c1e7cb1664dcc9d13676dfe6bc6917340eb923fb540c5fb3af74ac59243976502ac74dc9947a1618a31448dc6cee8be3e827a22e7c80e95acf82b8266f32c35ef69975e1c1f60f3f21cb9cf8787d37638336f234db786939035d28112629f35752eae2c5f90e159d376d24ff606ff9dcc7f9f7bd7e84e8f003134ebf0be2bb9f87a3fa2e0a4deeeae97f70c7cb157799dcbdadc0fd818cc3877bde6f5cd30edc986eace5a085512f6d994cc7ff323959888cb4cf99757739a73834dcc6afa0546479d609f0bf9a9f6c70a2657d048654ed97128687e153f7ec02f0c4a9e231f361c8d9cf641c10a1b348ed70158e8eaec3b05800569cef34379d426469c7c534cd513edc7b5e121b495478acb3701471bcf03c98719be647dfb0d3583531f832376632a6407791375b96798457c9b471cf9e6bb82dea621408a9b7d32ebdd2ced912512625d5d5ce5e0332286470b2324689d2cf4c4b727a73f83c5db2cd9ee069e8b2507a9ebfbeced67b3b5ebfac622e0469087dcb2e23b57fe68536aad274ef97d5532748c25ca02e4308e7657a4e73bd290a0a11e10ecca97a96b492066933335b6cea18ae74c85e28d6d4b62eef7b9299ee87b440042c109be2e3de72bab49a16faa1d9303f4858fe797ca7e4eae187cb12417a2bd6f0342444fe929a72c676c7d29fe81f4fa42f1159fb5a74c1ec4f66e017d75a8adc0c2fb19eba0e523f54f67926842b7db951fd01fa56944c466f6be75ea7de166c3e071c629b8b8eab0eecb866b60014b27920c7d0207ef1b362122fa6bb5e0aee97e49a66d3be4bd2ccb27bdc4a2576a1c23e764091cecbadbf6bbdb7605de78bb26895df2430741a11a036ab161ca9f152def9c7ca02ac9a8ce4075dda516f327b30a074d50fd62a7bcdfd8294e4d138fe5b5373c28eba9c91c551d411a292de5855b33baac371e7e89feb001a5103da69a1f314ebf5899f266737e55452b2d1f06f4fffc80d80d95e5892fc9c5277715010fc51dcba39b4ac58957f8ac934539718095c38466c8edbb5d55f3065145660fcef59762b76307337c4532caca7cb829f6e2c09370d30993406656907c82329d42fe4d81497dff3248fee9dbed2b6ee2ec4b09aabf9c61c785ba7f8464b860fa48421e8ef7826be947399baaeed17a23ecaa90113e0b98d31774cb65c1252db07fa29f48182fb2acd0917cc7f5d14e427a73e06c69c1ceb9be71cca7ba63b035f1b05f396ed6456a912d2925dfc59c4aa132bc0fc3912cd33257eef12ad05ac0087692847df759634fbe8e5a9ed7bf0d28a11459167cceeb7ea27a9df01951181b924eedc0afab9b7ec367394c4fb16c754c0b2cc5f725277e2d5a41321894d2bce0fab2b3b854266d65e2bc007f658d547a62351aad089ff80dd41e66a62969fff6fd686b929b8e5c0e7403f31bdd0f7b1825fdf5faa8ce022dd02a17405f45874245bf9b39fca87bcbba56d33d9bf0bb70d5693c931f6edc6691fdd062bb467aa6b95858c80912ebad5d2cf3780aa53a217bb5bb6efed90335bb90a521c28fc39251ec3002f206d494ea741391e828da6b43747c0d6f2a4f48e434939ae12e521fed2520c0b87d3fa8efbe0e8e54320c1b6908241fb510f10c8d3a70f757a8c7a34a9b1af9b25fdd9e0ddf90145e946675a287419ac281110460d5c4aafb966131ce0103e2738ac6f4b84906bb3fea661de5463f61b9bf06302531c8516d9108e1ec25f67eb575ad5bd2713469db9ed9fa41e8255b75340e96b43fdf90652ac480a34deed3c96dad39180d3c5c3b74adba933476ea2c8a3e6db3843199a5fc30b9c77e97e8612c3c57730b473647543583c31dcd212f85d84580d1cdf83e9bb5d94c8904775898b6d503353309d44bec4e2b201136836678deb3ae725977c9aac1842328b2926b2e3600760d5d5bc9729425c2bf3996327d2b2556f6562f2b1727ec9ce27b4fb8293914c16ff27ddd696bba9cb182884e37af3d54667f78ac741aaa609a8ff8fc4a8ca77c0beb2b444357c47896b3ccd9d4a903def4bdc4ce46f5bdcaa6f437a3229dcc56a702fd761a519e27c2d2ac31fc83ac72bcb6f1319ac557442c84dc5adc3f65f50764ac1ed3b4e1afc72341f7cd8c4d0d419f29e4156c8ebfef7ebec4e28ce143078e9d8dcbd8e9b9cabdcf380017c708169d644716eca863d42285ab4da596ffd3f3061b483be69d65bd1fdf598698a513dc090435303676d611578cebbaf1915123759316281e57260d0750969ae379db6c73d432d9a696c2bcb4ef64ece2a6ca5f68e2d1c0cf7a2dc1709488fe5017b66c92e30bb843b0fcbbe211fe2771f8948246eaabec81193001da2c1ebb26f5342b38f87422b40364caa563fb94cc20cc7124a2ddefd065cf8958fc31f62d5cadde7afed69544047b98ba916ebf1d1770ecd6af299a7a39d8162e86ec16d26fe198214f85f776cee88b5fdbdaec41baf110e90d5d03cd7b53e195cd576969d6fc6f0d63c21e400ca979732f85db6bdd1190239059b7f3c04aa20fdfc94352a5ee03250ebf89d9edac3e38863cc860cdc35677da64fc32d7d58dd19beb72e75f5131840f0d2461dd1c2b22bd2b2bf7cd1eef7ad30e87185bd25b4566239ffac121b64e3a13c965fd3aef6ab499ae981fd606d1219ed60e2d70ff36f34d18612440704b99aca94f57629eedacebfbf9a74e0dc0d866ded600e21c41ba578f093ff0c32e0cb3e8758580989a80f121e05a0f18671536af42d549e8211e42bf433e8a343acf745212f91861e47732427c3aa9f997ed830c67f34e11cb27cc9416037da007fdc706276cb517ce57b000e842526f658aab4094285160d9877b0830b82a79bd6d17f77457fb5cedd05a0ed575b227a340cb8686e6b0765347c899ba609ae66e7a9617729ac48255227d95aa09a8eb793f505da1acb048703519d93b2d84b488129fbc305f5ca1e8bdcb4167eeb40d5057b3fed428f06e12f0496839495c38c3804f8d3707da911037e304e2f24fcf341a12fd7330aafa277adc50b6bead3a5df80e3749d24ff69a8498e4183517468b83d58346b504826e373384a11d735701f608ad55bc2249a92d6549205a6366663424c24f9b9297e9312bd49bcbb682eca9feed3615820ed795fb35660d8de3271c9033dc40ba98f67d75826a32a74ceca3a5c6cd64bf2023c95f3e9caa85c48ab3ea582f677e8f43dd12d7061c6d9b57e9bd6f53f8f2f6d4d51c4728fd294f1c8b5cf85d43e154592fd6875b73442d1679e60f8af27f6b17c206d5a13b4d7195980510414aa0f30931494ff59ba1ca2b0f36d71c9a3800244b115b943c3e7db1d5166d279440f27f40173518544db161126603fb8da2738da8cba5454ae98fc91d48334d81a9ea60e98b45bad10564ddf393fceb2f7ee38064334d2e8a052504b2e4311f1f60218285f770337976ab4598b8476062d0373f99633b51bffcfe2a007d2109281767afdccd600a5200b1a07a0d9abf8a8b0d4c72efb3f461c297a48b8ffd0ab704b8f224ae6c59a67dd98cd3c5ef8b4edfa845e2696f29b830682553728bd7af80f0da7b58687e8d7da3c13e9c5fedaff0191034fef3310524d4b09e890034ade1141527846f85b331541e90ed7fe175a5c5cb8b6252b2057cec0a99764e02d9144a92d4562cd92edb556f5cae3c7cf6627f4ab942218257fb0754d65fcb0f6e0b0197af435203cea5fbead9dc9ab522f12ed2d95eecaada7be1022c98ecfabbf3f5cb56328615d031580a6f24bade12040f0cee7f255f63bc7e943e414599ab67ef189a4d6e6ab33e8d37a46f24907bc158df5dc76f6ef776c6f309879c6050c0f32789019c84bde8c07e698db428e3c9279f92e1a0524a1144cbb37770cb6a84b27828d3a66291ac108fa2b2d9df5aad9f4d9b08c6a170fd096d52570c949fc14def89671a8cad0f326e3df0d837f9f93a2e4fb478b2d1f3d3e7f600ebeb7047e94a3c199abef788117eaf7bcf15b6acc8aa105cfa6d03966870bec4c9b0ac1eac43311ddc856952598fb06033b2b1f93813f202e2d76ee3660949b4cd93fb85a65c5d90483dfff352e11235b3c3f264dfe6b3e67c4f2d0dc28737c239de96775a4ea950ba6ffef7926af83c23ef7a270bb7c22be3b15341c6f00f7f76058f051d30563e74c0f13dd78ddb055ddfc1ab9c2a39e5d19aa930f0625e0196c8e16e3098e682efc3bcb8d7d9591d831a02d45e9bf32e46e77e4db1edb6acdb35d2ce3a111ae89c7157beff485fa052903a4e0516bb66022077c6b0d373e3d1e94f7c3025451b3c30281c42921599c76f74d700d742b4c8ca79ab2932db6f09f04f61a906ebafbecac383945de580c066767d946c29f00e0c818f2cad0eac86761a7f9eed587cb6a0eaed233c36ae50089044648eaca04784b5c187ad023c47e333a2c3a36c5a71705512a", 0x1000}, {&(0x7f0000001480)}, {&(0x7f0000000380)="a288793e35fc98ecbd400642f4a6d9c70898285946cdc9851452e6a777e52a48a21e9082b02b2c746bc443f200008ec8a0fc3354d15a60fcdb79095a005f5f45cdad15696e429ea0a9d3f1ad9436413d66fa4ea4c311a294eebaa9631449d5cb8f07f86eee98a20ef8221192219a45979395a04ff86e12e46fc87bd6008df3ded412c6db7f8b7e16097b2c6954b7b4b6e1c919ef9f9a12b7350ded0164f550647f0c61", 0xa3}, {&(0x7f0000002480)="eec302ed31948b1bf14a981a7a4490cb0fdb98b50546074d6b68cbcfd1ffa1c6e0d30179981df5d7693f6a7169c09133f95185cf5819c63f59b88427a7dbddf99e681deeec726c9f1996cf4b2f101c36e88e42d6bd8c54aefa58d36e8bc12ce2cad59faae2c69c4cc093ec5c060a988b39f69fdcad5dbe4e008ef502b10d20d6206bf1a679d47f25307f27d5cfff2f8c19b78ff26032a748cf1f5e8dd6fcf320e21ce4e8f2a502d2126a6b02402f79198d23f0e0ec09ca9b22d5d58f2e6587db7c1a7be3ea7a50c17e787df5f782a6f44cf115c84f4023e6ccb214395d99f5eeb2cb95070d8694657380a57b302e962a8b2a9eb1b51dc920e5229247b80d11a4b05e5d3faa0e754d2e2cd8be325b693e389540d4915c35b261f2d329ca67bbcf420d6ab8e6f764fcadbceeaa02afe5be449ca5e01a4cb6b695d91ac65af9aa984d890e8ec0c8b027b2fa4a7ea8c92e4f671a8535013b2f7396d047bef5d16fd64422eed4a051652cf5de4933c9d98dcf4d360356c67305e45de8c55881eec4f1e134c8121e71922b05a6b76b2380b0a84f5ea1ed3f6591bf2b7274ceaf9608c8b573fe5dbce547fa2f769643b81f9e11b065cd10156610c615044ad99009cf764ce1f44b40e8e543a57cd534ee74479f19bd497958165f70a54c25935f65c54494f6c50675e377642333ac63dd21aa9782a0863f6a08a9259b7e39b39496be70c44f52b2cfcb00366dc3e408d8ec4d1b2bb6fa5c9ef613d1dfeca4bc41b42f70e8c1e5db2bc99a0bf412621b537849e7f396e3681a57590b847c24153c661f4a78ec669b4f69c027238f8aaa3c4a3e3caa0cecf1f0ed3f05cca50e4ca0b6ad1c126a07b7ca8c5721be2febc102869d7fb2dcd8f31aa79ed094c1ae1a326b9f6da34faf9b73bb4b6f24c85a2f181222be426704202be4b0ebe389ce5e4701794e116d4c8e60ab04ab56fabea3decbccf156f749bcea1094425302e52205e40269e74f10afd6b1b3d059026050e42994096decbea2a9ff36e5d29a7f87420e4a670a0b63c24dd73c90f0cc22f5928ff2defc24e825391d2c468482c1835fd0418db3678978e46ddabb8f06817ae20eb04c94b52f3ebc9a67220b4253136d60c8ca36a799e4d6efb892495de29b3ee7a97b62fd89351c4eb066bd094bc0b44967fbb2899ef0eeafbccc8b2af75443d290aa74179e1bb91989a649b6d643b84eefef9a084b97ff663b6e32a56340a80af4e5b2523f9913003fb8139259b529bd56e08c1d94bfeb7fa44c8d836bb0ca1729e30a492fcae72972e0493f8eb528c3ab704750f5c4e9db0c62e62d0876287550e16897a34dc98f1f9b7c9db9b3754ea2101344cbea0d4f3d8a209d36aefb92b44f9feaa5d623dc9511b91f5ae13fa81a763e35fedc133b2a3c8c8906a207f2b799c5abf9a227df976702649ad18c9b57a751fa82a50b81185bbd1bc679a3fee2f1f380789edff533f0c0d9e01284b284fd2d89007027a1dd0c9fe0774287b5ffe2888020f1fb365f5edf6ff04101032c3d712704ff1893b3d49a6a6c28e15ee0ea9c38c809f998d4574bc5dd8beb024355fac7c96ee6b94ff7692ebeae2f06691ba59565ea8e13371b5ad661a5f5d77bdca7982d6a62ad0b33ca76adad2e73a549776f85af16458a28c8b199a816ea61a1d070e47f33a850956fd3e9cb0067ff567c3442e6b229e1d807f47aa82dd592624b704e6dda20b1deca675ebb3913ce54edeb38e691ac1fd24bceb7681a9b00579e4f8618926e4cbad9144e73f461675cdd425629c1c3270dc65ae84ea48141c9071139594e2c8aed62c008799d598cae9f9bb66cb69fc36b5ea23dcb5ea568c94103304e4f92c68df2202ac43b19bbf2e9eb2ba96f5e86b0a71e68b951d11c0aedeb426ec937c64f2a016583d0f4e228625a4d3d1d45da37565ceeccf822ec945225b1ac76d353645ecd40c0999b4ed80a2a0685084ddc5b3abd412c0ef7d1a0c33f793cd947a581783d72a08d9e52ddda31cd4ab81214c93d163661f6956e57d21560745ed3111652bf06dc7ba795d6b96f8b9d98bd4e9a4c4516a219ef569a5ec8cb424cee97137d6b3522b321bb44b58a0a616d19d9c570231c88788ff35b7282aa246535f8ad56b77f827f437f0aa0ce196e42044e95f968c977369fd1afadd3073f04cd260d3aced110c3f562aa60aa5f03e86ec7068b1b747ec8406a9ff26a85c3bcf32ae3089551395e12f407b4e6d9532ae5a47fad4c02696d568ffa27e7c83fe5999a1239adc16fac086be1b5e68e6a4e619ec9b4c5d3f11e289b3422e5ff59be35a197531cd691cada14df15cac390a2a9c3133e3ee0c4721e987c610b9a2d27e65a7c3cb1ffc8e20dd95920e331747238a584f1697e73a4badcc405de30e6dd6be7af34a93e17c0d67f0b909a1e5a0c332a5ddc304bf1dfbefc8f9e82dd7257e8b4b7c80bf346a8830bfc2fc4b35a558409f2eadf112af92efe62dce3f46d0f794da43b1ed04bfb1dd96acaf731c169f05ec05eef60956ce1e5507a854e4d16939abd69e333c9df35f54ee3efbab968e6a62e02b577fee55658ae1aae1739239a4c916dead6ae919794578b2b511770dcc575b2c0fd6bd45e6993573aff6cc1769f7d94fbc0f6cbd4b36d3c7d108a030da7606d22fc66f1edd172f3ef3fdd96d84f018abd3f714aaad63ad0d951b5f982a1003991e7343632a455e2451813236837b63468031bdd2e1081688db50a8bae96019ba46b509afe17c7456352faab3988d08656ec4f6786e23e1e531c4d2bb8a33d0b2275363aac6bd1304147942d5f98892a1cf0e58c2d9607b9a408e6c03343ef750a38023e7923ce3ba8008ca1fb06822f5c7f9fc84c0cd993aa2dad7f23428aba727fc7e06a75ab7f2b6b90947b07b18065cbdb3d01b79ebf0622e70a642de60380854cb935cf5417af3207a7fff9249a38d72a20a09a0d3925108553fc5fbdb58a724f3d84f206d9364fb74d68891b2d31437daf54690a6271a942700f0c99e55d73f6969d83604043bd1558291be22f3f32bf5b5397311c53f3284c5ddeda1cff3b08b1b44ac8a5569d0ea82366aa958bca46462b3a583cbc9843f8c7e8e40336d270726d28386930cd9aa326c0d0af5d14175805e0cdadd3cea05c4a033d955a470a7703bb05231daddb83cc4ff759e1b440114e8b809bf4d2e93ef173d6c70be1630325aaf81254d230cc1ab07fa174d21a0f18d244b26c1d73c54680f7ecaed02359a41012b7c3900b1966d27733f88a409e607506469e8577c4bfd8e3e1cc56aa9a3a9156219d7979cfbf1cf6f1f6c72ecfc432ff18ca09888cb1f1e403ab62d1591f0277f12e921fffa0a19adb86d56e6d16efbdfe0bf7b8a7ab29e70b8ec7af5e95a4e390b0bebfd50acd767c1927522c8ceb6750fbfd25fcfe581e97a63e1816b302b2e0348c16c298ef4cc4f3adcc9f450cd5f3f66d0dea6e99186a92f69fa4b0be92933c2859ba98447ce0c32d9d4525da65b67abbd0a84b872ef2abc305052a77d3bdedb16579ab4b8efad5cb92b54d3e8bdf75d3a65d24cc89884115ea72b5a46ec5b407f55276a7a83fcb27be9114a61285c75e5ede631c4b240cc46c1827df17a80467c9ad4e16074dd8fd37aa3be32e66d311bbc3bda4dd9aa92fc4ed0931a6488e33b3d75c480300d2b1e3d830414bfa2a8339ad13af91002af805a7f3926da71956ab8392342140834b2b1d66f896211fdb1242422b5b0d5b4db6d8e3c26fe9699b8b33af5daa4dd66905b1163463eab298c92402f1d0f70266e088fce002168202a525f523f2566ed15eb9b1c13bd7f0bae0132155a5d73643eb51924ce50c43adbb75738ac74aad0fa5f30dbb21033c7e9969c7312ad954b9c43bc9851ba8739013fac42db66d246b1e589d5c9326b015fdc35885688d35de7c46ff16e4e17c837ccac3ce621452885c16ad0ee12a5ef7ffbc3a5aabdf123b992bba4d1043526202849f33cba838241d72f9f58deb76a5c313b08bac6195e3743b6541074c13af948813b4febf4ee940137989cd9a1a7872a44b33100ee135b508822854a0cc5a50545e935005d344081d7a3845dac48c1cf1048920cf10a6a4d02e78af59b22bf57915b95e53979bec164de9090d6ee1604b0c933f76a381033f426c5501632c688940f9e3c7be3035a5bafbf9cc200a8e5617da279eb93f2a7ebc28b26a6a10b980b4bc312cada5b002414f4bf103fb55679f5b9555125d6e3b98f14bd2c2fb54a4363dae4401a6e6502630d516a6998c1252e2c45dac3d81d25b503cc8b3c7d796b2a54a5b3b027dc252d50adb4f896eea63dc39f40af22c0cd43fa11d52b7b29801b63b6e0db080be061f038afe220b4e0ccd25776b3d2947e9cdb27a9cdc1e6f5f3f85822c2798c27af1207c20b90cb9559c3c40d5395cf6b7e74f82a110cae84cf373db35a0c7caaf95ae1bfe2a38b370a9b75cca405d30fd92e149418e396a080bd7f9cc4850e0b35cde836b6eefb21df35308825b88f548f431974022b8bd9410931128875a34818e6680849dda7b38d2f90dc0c4d8293828a31223cb8e218b391aaae9e45d9076524ad2467c52fbab0fc98c7a637d93c4b038b58d8f2f05c449a86cbe170f846ffcdcfe6a8b1f57950634b0aae12fe231294758194bbf82364438332e0af6329397272d8294dbf9eb587c819e2653100f38e14d890affe1752a26e704b0e63ac8f643dd9cec2179c92c908f28d1eb4a4421c8761a121dcf7bc23b4ae38a96c6a47df3638f9a9f76f4c8cdba60a96e98d85ed39c009c84d088b7b08fc8314f0a049911ad7aa1cd0443f7d38517cfcc8217bfd8017e01afd7e63c51ef81e7b256258a7d58ef04a2eaf5b56d6ddc4184b621bba9f133fff602671bb2a2f2c36f017f158e4b0fb3c704f0a41f7547de8fdd5dd52e33dad4f1380f88d8cc52c8e252617d02679f40bd92abac082b518db58b0926acfcfd3bf567b50a636127667acb7dcdbea796edda3b9803c04ceec25751f1c5fd3f2bd215605079cdf3e1e086eade2af66862a7a2d75c5de2f2735889b25b4601913d3c148fb61c842a264f28945f5a29e448df719f3c0b80394572eb7e2c13c805d9f09057b7777091360e21117a1a376e10a6246fb24020e787655cf116e146a72a6730521b3f2408bcde6bc16de23922266e87e7acc1abba81f53e244aa5b664652c39ceba7e66e035988ed2a21a4ad724894fbba50bb4bd2daa2f9c23d8041a340e7401297a3799957503fea74237c9ab3fb94b9ea45b88db4eb927e9cf98305cd99b14f8638055150fa83f720bf12c5e128762e2c6e5a20daff9dfe542c743f6d8aac59e82a6d574a26d69e8e7aa176becee125b0913e6bdb05cc2bfae65ffca4faa6e4c2c15e9d349f6d8df584581dc054e4d3249868eb7b909bf12813d1a33f1c92d107608ccd6d0e9ff05a618470e9038c09f80a9ff8ea3e3ed45980fb67477e436e9e5773f5054f75a7a08113291f948255eec281b7365f1533bc27250bacf295ab4eb734ef27d98f0883e0ec93b06611caa98c0c32f10ee7bf94e2fc22d264ffc12d3a9b06b682f061a8d83535186a503fb4b0d8eb121e2d2f36a9164e94159cb7ee0559748c371d319173c94b5d38468c9f7359742030ddb5c7bde38662f0f41034e3324ba2b59bec0fb7d12d229ddde0bcbe99724e291bfff4b0c6f2e0dea6e9e34b66689bf061f6a639ab64898c3a07a0bef8316f8588f2492d9dd1761ee552e0dab05a92cb2dbd84efa74b291539b136ba25cc7632653ad", 0xffe}, {&(0x7f0000003480)}, {&(0x7f0000003580)}, {&(0x7f00000000c0)="9372346864f67eecba5a94953cc7c328fb6d5d01d03968b12f026329bfc9ed58cb2cf6ea2a8fac5f751d48ff6a30e7cab169e40ff3e36b005d401285a89e6cae0b7152494870cfea3aa6828c7541330333a2492563e45049e88805f5537cb094c2b52c11b0dc2eae50b1ad2214972882507f2b2cb117e92ce49afd2f", 0x7c}, {&(0x7f0000003680)}], 0x8, &(0x7f0000000280)=[@assoc={0x18, 0x117, 0x4, 0x20}, @op={0x18, 0x117, 0x3, 0x1}], 0x30, 0x40010}, {0x0, 0x0, &(0x7f0000004b40)=[{&(0x7f0000000400)}, {&(0x7f0000004680)="db9bcfc408cc014b811416dc6c55116f6592eeee2548c6a91afe696540144c6fbfc52f7538148b9f92a195d1e5157656e3f0", 0x32}, {&(0x7f0000004700)="133d20127255840fd255336975f2b3c68c3d8dc111662c0f0999353bc671442a4d7c551d3d9f758c4bb31252ccd6d09e9429a570575d50c92cc002351976da3ad45689b5303d46bf3eb1a5056e701ebc13d1a213dd3889ec44e94a94a404bc1390e67f20015fd7660d16b87d72b7902cb39b1883b0e806e060740fd096a7b1589725205b556b310a4966e433fd82def098bba8bd28cdbb0ddd4e54b27f7d49295bdebc", 0xa3}, {0x0}, {0x0}, {0x0}], 0x6, &(0x7f0000004bc0)=ANY=[@ANYBLOB="2000000000000000170100000200000007000000a04a93d1b57d9e0000000000180000000000000017010000040000000002000000000000180000000000000017010000030700"/80], 0x50}], 0x3, 0x0) fcntl$setpipe(r3, 0x407, 0x0) write(r3, &(0x7f0000000340), 0x41395527) vmsplice(r2, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) sched_setattr(0x0, &(0x7f0000000080)={0x30, 0x2, 0x1, 0x0, 0x3}, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f0000000440)}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, 0x0, 0xffffffffffffffff, 0x0) mkdir(&(0x7f0000000140)='./file0\x00', 0x0) clone(0x103, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x0, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r4, 0x84, 0x64, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x0, @ipv4={[0x0, 0x0, 0x0, 0xfec0000000000000], [], @local}}, @in={0x2, 0x0, @remote}], 0x2c) 00:32:29 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60109006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:29 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2547.942921] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2547.955284] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2547.966542] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2547.997635] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:30 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:30 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:30 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:30 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6010a006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:30 executing program 0: r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_mount_image$hfsplus(&(0x7f0000000180)='hfsplus\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000001380)={[{@force='force'}, {@session={'session'}}]}) [ 2548.364712] audit: type=1800 audit(1588638750.234:38): pid=23824 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16357 res=0 00:32:30 executing program 0: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, &(0x7f0000000180)) sendmsg$IPSET_CMD_PROTOCOL(0xffffffffffffffff, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x3c, 0x1, 0x6, 0x0, 0x0, 0x0, {0x3, 0x0, 0x9}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x24000854}, 0x44840) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, &(0x7f0000000240)={0x0, @in, 0x0, 0x9, 0x0, 0x0, 0x102}, 0x9c) listen(0xffffffffffffffff, 0x8001) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, &(0x7f0000000000)={r1, 0xfffffffd}, &(0x7f0000000080)=0x8) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r2, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xeb}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, 0x0, 0x0) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f00000007c0)='bbr\x00', 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf93a1a7511bf746bec66ba", 0xfe6a, 0x20c49a, 0x0, 0x27) 00:32:30 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, 0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2548.432371] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2548.519692] Process accounting resumed [ 2548.525262] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:32:30 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2548.576579] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2548.593205] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2548.620934] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2548.685565] audit: type=1800 audit(1588638750.554:39): pid=23852 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=15948 res=0 [ 2548.722275] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2548.779992] Process accounting resumed 00:32:32 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6010c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:32 executing program 0: socket(0x0, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="ec0100002800270d00"/20, @ANYRES32, @ANYBLOB="0480000000800000f2ff00000800010075333200c00102"], 0x1ec}}, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[], 0x1ec}}, 0x0) 00:32:32 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) 00:32:32 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:32 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x3f00) [ 2550.944201] audit: type=1800 audit(1588638752.814:40): pid=23869 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16948 res=0 [ 2550.976057] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:32:32 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) [ 2551.002338] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2551.005513] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2551.070628] Process accounting resumed [ 2551.074338] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2551.127446] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:33 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f", 0x1}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:33 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:33 executing program 0: timer_create(0x0, &(0x7f0000000000)={0x0, 0x12}, &(0x7f0000000180)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) timer_settime(0x0, 0x0, &(0x7f0000000300)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0) r2 = gettid() clock_nanosleep(0x0, 0x0, &(0x7f0000000040)={0x77359400}, 0x0) tkill(r2, 0x40100c000000013) 00:32:33 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r2, 0x0, 0x400) 00:32:33 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60122006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2551.403404] audit: type=1800 audit(1588638753.274:41): pid=23905 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16941 res=0 [ 2551.435164] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2551.444565] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:32:33 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2551.454107] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2551.475845] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2551.475925] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:33 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60123006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2551.717075] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2551.726764] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2551.737442] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2551.759219] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:35 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x4000) 00:32:35 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:35 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:35 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6012c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:35 executing program 0: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'hash\x00', 0x0, 0x0, 'wp256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f00000002c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) recvfrom$l2tp(r1, 0x0, 0x0, 0x0, 0x0, 0x0) [ 2554.032304] audit: type=1800 audit(1588638755.904:42): pid=23950 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16967 res=0 [ 2554.061986] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2554.070958] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2554.088486] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2554.109810] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2554.144437] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:36 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:36 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x0) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:36 executing program 0: syz_mount_image$vfat(0x0, &(0x7f0000000480)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup3(r0, r1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x40000000007fc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) mount$9p_unix(&(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f0000000000)='\xe9\x1fq\x89Y\x1e\x923aK\x00', &(0x7f00000001c0)='9p\x00', 0x0, &(0x7f0000000100)={'trans=unix,'}) 00:32:36 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:36 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6012d006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:36 executing program 0: clone(0x20002004ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) memfd_create(0x0, 0x0) mount(0x0, 0x0, 0x0, 0x0, 0x0) chdir(0x0) mkdir(&(0x7f0000000240)='./file1\x00', 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) creat(&(0x7f00000000c0)='./bus/file1\x00', 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) mount$overlay(0x400000, &(0x7f0000000000)='./bus\x00', &(0x7f0000000400)='overlay\x00', 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB='lowerdir=./bus,workdir=./file1,upperdir=./file0']) lsetxattr$security_capability(&(0x7f0000000100)='./bus/file1\x00', &(0x7f0000000180)='security.capability\x00', 0x0, 0x0, 0x0) [ 2554.450565] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:32:36 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2554.487613] audit: type=1800 audit(1588638756.354:43): pid=23981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16930 res=0 [ 2554.494010] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2554.524512] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2554.550503] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2554.569841] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2554.727365] overlayfs: upperdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. 00:32:38 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7900) 00:32:38 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60148006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:38 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:38 executing program 0: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000)='/dev/cachefiles\x00', 0x0, 0x0) close(r2) 00:32:38 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2557.044681] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2557.060022] audit: type=1800 audit(1588638758.934:44): pid=24019 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16209 res=0 [ 2557.064978] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2557.116313] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2557.126922] Process accounting resumed [ 2557.131881] audit: type=1804 audit(1588638758.964:45): pid=24019 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1246/file0" dev="sda1" ino=16209 res=1 [ 2557.186507] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:39 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:39 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:32:39 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000180)={0x1, 0x0, [{0x0, 0x1001, &(0x7f0000001f40)=""/4097}]}) 00:32:39 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:39 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6014c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:39 executing program 2: open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) [ 2557.448841] audit: type=1800 audit(1588638759.314:46): pid=24045 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16327 res=0 00:32:39 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2557.490247] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2557.503076] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2557.517191] Process accounting resumed [ 2557.547709] audit: type=1804 audit(1588638759.344:47): pid=24045 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1247/file0" dev="sda1" ino=16327 res=1 [ 2557.586128] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2557.634603] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2557.676955] audit: type=1800 audit(1588638759.524:48): pid=24064 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16242 res=0 [ 2557.701816] Process accounting resumed [ 2557.715701] audit: type=1804 audit(1588638759.524:49): pid=24064 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1248/file0" dev="sda1" ino=16242 res=1 00:32:41 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xb900) 00:32:41 executing program 2: open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) 00:32:41 executing program 0: r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='cmdline\x00') close(r0) openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000740)='/dev/loop-control\x00', 0x0, 0x0) ioctl$KDENABIO(r0, 0x4b36) 00:32:41 executing program 1: syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:41 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60160006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2560.166107] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2560.175096] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2560.188689] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2560.221555] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2560.248484] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:42 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0xffffffffffffffff, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:42 executing program 0: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000100)={0x2, 0x4e20, @multicast2}, 0x10) sendmsg$NBD_CMD_DISCONNECT(0xffffffffffffffff, 0x0, 0x0) open(0x0, 0x0, 0x0) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(0xffffffffffffffff, 0x0, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendto$inet(r0, 0x0, 0xffffffffffffff12, 0x20000000, &(0x7f0000000080)={0x2, 0x4e20}, 0x10) sendto$inet(r0, &(0x7f0000000140)="7c0d111317b1ff8ebff29f81219ec5b10d0d003f0aefd9448dbef1ffb4e3a6af87131512da528f6235fe35d30b3b5cb4877c1b89bbf83f6d749d5b00679601a3ab5cf1ad797252bb0c7b43e3e9763221cb2c8d76f824f4bea338f53aa75703f465e50e434e2193900c39ab79d37cf7e9bc2df860c7a8cfc0ce7a24fe6f821e6e5e77267487dcf0208aaa5e3aeb1d921d2fdbb8587804a8e3eeb6ebca013835a981d333ca0915d7ae9d24a14f26", 0xfffffffffffffe13, 0x26a7d94d1c144252, 0x0, 0x0) 00:32:42 executing program 2: open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0x400) 00:32:42 executing program 1: syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:42 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60168006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:42 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) [ 2560.507461] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2560.519535] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2560.533730] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2560.568500] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:42 executing program 0: r0 = socket(0x11, 0x800000003, 0x8) bind(r0, &(0x7f0000000280)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) r1 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r1, 0x6, 0x80000000000002, &(0x7f0000000040)=0x76, 0x4) bind$inet(r1, &(0x7f0000000280)={0x2, 0x4e23, @broadcast}, 0x10) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0xeb}]}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='dctcp\x00', 0x6) sendto$inet(r1, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000007c0)='bbr\x00', 0x4) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendto$inet(r1, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba7860ac5cf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf93a1a7511bf746bec66ba", 0xfe6a, 0x20c49a, 0x0, 0x27) [ 2560.608889] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x307400) 00:32:45 executing program 1: syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:45 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) 00:32:45 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6016c006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:45 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2563.229413] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2563.257267] audit: type=1804 audit(1588638765.124:50): pid=24151 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1267/bus" dev="sda1" ino=16869 res=1 [ 2563.262460] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2563.296724] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:32:45 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:45 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, 0xffffffffffffffff, 0x0, 0x400) 00:32:45 executing program 1: open(0x0, 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2563.507303] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2563.576640] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2563.616443] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:32:45 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x0) 00:32:45 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60174006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:45 executing program 1: open(0x0, 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:45 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x0) [ 2563.820517] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2563.935635] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2563.972889] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2563.998505] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2564.032666] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:48 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x400000) 00:32:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:32:48 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x0) 00:32:48 executing program 1: open(0x0, 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:48 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6017a006c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2566.244440] audit: type=1804 audit(1588638768.114:51): pid=24208 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1268/bus" dev="sda1" ino=16141 res=1 [ 2566.305923] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2566.311021] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2566.350258] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2566.375058] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2566.439068] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:48 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:48 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:48 executing program 2: mbind(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4003, &(0x7f0000000000)=0x9, 0x7, 0x0) mbind(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x4003, &(0x7f0000000040)=0x7fffffff, 0x7, 0x0) mlock2(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0) 00:32:48 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100036c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:48 executing program 2: r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000002e001f", @ANYRESDEC], 0x2c}}, 0x0) 00:32:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2566.697094] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2566.716098] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2566.744415] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2566.758760] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2566.766010] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. 00:32:48 executing program 2: r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100)='/dev/vhost-net\x00', 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000002c0)={'\x00', 0x6}) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000240)={0x1, 0x0, 0x0, &(0x7f0000000300)=""/246, 0x0}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f00000007c0)=ANY=[]) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x200000000001, r1}) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000180)) [ 2566.790494] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2566.850358] audit: type=1804 audit(1588638768.724:52): pid=24255 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1269/bus" dev="sda1" ino=16984 res=1 00:32:51 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60110046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:51 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x53b000) 00:32:51 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:51 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) perf_event_open(&(0x7f0000000100)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:32:51 executing program 2: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) bind(0xffffffffffffffff, &(0x7f0000000080)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) ioctl$VIDIOC_PREPARE_BUF(0xffffffffffffffff, 0xc058565d, 0x0) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x115, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd09f1f7098003000000912e9afd988fb466ffd306f08a01a20ca76d6a25912078ef6f3eb1ec3b969c40af0c0f0054"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2569.313295] audit: type=1804 audit(1588638771.184:53): pid=24281 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1270/bus" dev="sda1" ino=16990 res=1 [ 2569.353903] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2569.372867] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2569.413377] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2569.456089] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2569.519001] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:51 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:51 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:51 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60137046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:51 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2569.703508] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2569.719662] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2569.733308] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2569.746628] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:32:51 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2569.780665] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:51 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60138046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2569.822078] audit: type=1804 audit(1588638771.694:54): pid=24325 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1271/bus" dev="sda1" ino=16990 res=1 [ 2569.891353] audit: type=1800 audit(1588638771.754:55): pid=24330 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16978 res=0 00:32:51 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2569.966359] audit: type=1804 audit(1588638771.834:56): pid=24330 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1258/file0" dev="sda1" ino=16978 res=1 00:32:51 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2570.010049] Process accounting resumed [ 2570.017027] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2570.027158] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2570.040160] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2570.052882] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2570.094183] audit: type=1804 audit(1588638771.964:57): pid=24343 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1272/bus" dev="sda1" ino=16753 res=1 [ 2570.166346] audit: type=1800 audit(1588638772.034:58): pid=24348 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16999 res=0 [ 2570.210543] audit: type=1804 audit(1588638772.084:59): pid=24348 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1259/file0" dev="sda1" ino=16999 res=1 [ 2570.254721] Process accounting resumed 00:32:54 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:32:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x73a000) 00:32:54 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100056c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:54 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2572.338527] audit: type=1800 audit(1588638774.204:60): pid=24362 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16997 res=0 [ 2572.384794] audit: type=1804 audit(1588638774.244:61): pid=24361 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1273/bus" dev="sda1" ino=16998 res=1 [ 2572.422006] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2572.433595] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2572.458644] audit: type=1804 audit(1588638774.324:62): pid=24362 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1260/file0" dev="sda1" ino=16997 res=1 [ 2572.470781] Process accounting resumed [ 2572.507429] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2572.540084] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:54 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:54 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x77, 0x1) r1 = openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x5b30c0, 0x0) accept4$unix(r1, &(0x7f0000000300)=@abs, &(0x7f00000003c0)=0xffffff50, 0x80800) lchown(0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000380)) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) r2 = socket$unix(0x1, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r3 = socket$inet6_sctp(0xa, 0x5, 0x84) r4 = fcntl$dupfd(r2, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 00:32:54 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', 0x0, 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:54 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) 00:32:54 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100066c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:54 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) [ 2572.841790] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2572.864070] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:32:54 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', 0x0, 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2572.897291] Process accounting resumed [ 2572.905070] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2572.957690] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:32:54 executing program 2: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = shmget$private(0x0, 0x1000, 0x54001800, &(0x7f0000fff000/0x1000)=nil) shmat(r2, &(0x7f0000ff9000/0x4000)=nil, 0x5000) 00:32:54 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) [ 2573.097717] Process accounting resumed 00:32:57 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', 0x0, 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:57 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x743000) 00:32:57 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100076c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2575.400979] kauditd_printk_skb: 4 callbacks suppressed [ 2575.400991] audit: type=1800 audit(1588638777.274:67): pid=24432 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17018 res=0 [ 2575.443297] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2575.455493] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2575.468011] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2575.481595] audit: type=1804 audit(1588638777.354:68): pid=24432 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1263/file0" dev="sda1" ino=17018 res=1 [ 2575.483112] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2575.525090] Process accounting resumed 00:32:57 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:32:57 executing program 2: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r3 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000000240)="45e9aed12f060000000000000025d86800278dcff47d010000805acb271c787c8529d6e2e29840cb4895e22e494e8a87ce96ad5719a0541c2e6422467f2a97e7bacf2155c81fd803eb427664349470f593f77a415e8e34b68074e0", 0x5b}], 0x4, 0x0) ptrace$setopts(0x4206, r3, 0x0, 0x0) tkill(r3, 0x26) ptrace$cont(0x18, r3, 0x0, 0x0) ptrace$setregs(0xd, r3, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r3, 0x0, 0x0) 00:32:57 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:32:57 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:32:57 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100096c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2575.797923] audit: type=1800 audit(1588638777.664:69): pid=24462 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17023 res=0 00:32:57 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2575.846695] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2575.857908] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2575.884980] Process accounting resumed 00:32:57 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2575.906353] audit: type=1804 audit(1588638777.664:70): pid=24461 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1277/bus" dev="sda1" ino=17021 res=1 [ 2575.941765] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2575.965758] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2575.978105] audit: type=1804 audit(1588638777.734:71): pid=24462 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1264/file0" dev="sda1" ino=17023 res=1 [ 2575.998518] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. 00:32:57 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2576.004865] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2576.017478] audit: type=1804 audit(1588638777.834:72): pid=24476 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1278/bus" dev="sda1" ino=17012 res=1 [ 2576.041951] audit: type=1800 audit(1588638777.854:73): pid=24478 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17021 res=0 [ 2576.081346] audit: type=1804 audit(1588638777.944:74): pid=24483 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1265/file0" dev="sda1" ino=17021 res=1 00:32:58 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000a6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:32:58 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2576.131440] Process accounting resumed [ 2576.187620] audit: type=1800 audit(1588638778.054:75): pid=24490 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17026 res=0 [ 2576.216674] audit: type=1804 audit(1588638778.084:76): pid=24488 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1279/bus" dev="sda1" ino=17029 res=1 [ 2576.251999] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2576.323807] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2576.355196] Process accounting resumed [ 2576.363077] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2576.376038] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2576.419000] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:00 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x790000) 00:33:00 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:00 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:00 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:00 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:00 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:00 executing program 2: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$usbfs(&(0x7f0000000180)='/dev/bus/usb/00#/00#\x00', 0x77, 0x1) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_procfs(0x0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000040)=@usbdevfs_connect) openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000080)='/dev/cachefiles\x00', 0x0, 0x0) socket$unix(0x1, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 2578.864921] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2578.867168] hub 9-0:1.0: USB hub found [ 2578.879155] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2578.890387] hub 9-0:1.0: 8 ports detected [ 2578.918178] MINIX-fs: bad superblock or unable to read bitmaps [ 2578.921047] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2578.991157] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:00 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2579.066279] Process accounting resumed 00:33:00 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:01 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60104106c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2579.229347] MINIX-fs: bad superblock or unable to read bitmaps 00:33:01 executing program 2: [ 2579.275746] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2579.291431] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:33:01 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2579.339115] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2579.343694] Process accounting resumed [ 2579.388529] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2579.462768] MINIX-fs: bad superblock or unable to read bitmaps [ 2579.533225] Process accounting resumed 00:33:03 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xa07300) 00:33:03 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff010) [ 2581.469114] kauditd_printk_skb: 10 callbacks suppressed [ 2581.469128] audit: type=1804 audit(1588638783.334:87): pid=24583 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1283/bus" dev="sda1" ino=17217 res=1 00:33:03 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100206c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:03 executing program 2: 00:33:03 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {0x0, 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:03 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:03 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff010) 00:33:03 executing program 2: [ 2581.891602] audit: type=1804 audit(1588638783.764:88): pid=24590 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1284/bus" dev="sda1" ino=17266 res=1 [ 2581.925533] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:33:03 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r1, 0x0, 0xffffffff010) [ 2581.950910] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2581.976109] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:33:03 executing program 2: [ 2581.989695] audit: type=1800 audit(1588638783.774:89): pid=24592 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=15887 res=0 [ 2582.000323] minix_free_inode: bit 1 already cleared [ 2582.040178] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:03 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {0x0, 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:04 executing program 2: [ 2582.091641] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2582.117371] audit: type=1804 audit(1588638783.984:90): pid=24606 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1285/bus" dev="sda1" ino=17233 res=1 [ 2582.227688] audit: type=1800 audit(1588638784.094:91): pid=24614 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17201 res=0 [ 2582.277493] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2582.320066] minix_free_inode: bit 1 already cleared 00:33:06 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xb05300) 00:33:06 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:06 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100226c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:06 executing program 2: [ 2584.502777] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2584.512914] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2584.526954] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2584.538004] audit: type=1804 audit(1588638786.414:92): pid=24626 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1286/bus" dev="sda1" ino=17329 res=1 [ 2584.587497] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:06 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:06 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {0x0, 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:06 executing program 2: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x2000000000000074, 0x25d) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e23, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x220007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967480a41ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0xfe6a, 0x11, 0x0, 0x170) 00:33:06 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:06 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100236c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:06 executing program 2: clone(0x20002104ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) exit_group(0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="d00800002400ffffff7f0a000410ffffa6fffff7", @ANYRES32, @ANYBLOB="0000000bf1ffffff0000000b0800010063627100a40802000404060003000000050008a000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fd"], 0x8d0}}, 0x0) open(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_GET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000080)) sendmmsg$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) [ 2584.996378] audit: type=1800 audit(1588638786.864:93): pid=24651 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17015 res=0 [ 2585.022612] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2585.037283] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:33:07 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2585.062846] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2585.084836] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2585.102515] minix_free_inode: bit 1 already cleared 00:33:07 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880), 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2585.132066] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2585.284705] audit: type=1800 audit(1588638787.144:94): pid=24679 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17044 res=0 [ 2585.316947] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2585.332994] audit: type=1804 audit(1588638787.174:95): pid=24680 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1288/bus" dev="sda1" ino=17051 res=1 [ 2585.419849] minix_free_inode: bit 1 already cleared 00:33:09 executing program 2: r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f00000002c0)={0x0, 0x48, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000025000511d25a80648c63940d0524fc60040010000a0011000200000037153e370a00098002000000d1bd", 0x2e}], 0x1}, 0x0) 00:33:09 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xb90000) 00:33:09 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:09 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601002c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2587.535308] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 2587.551052] netlink: 'syz-executor.2': attribute type 9 has an invalid length. [ 2587.559083] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2587.571065] audit: type=1804 audit(1588638789.444:96): pid=24691 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1289/bus" dev="sda1" ino=17066 res=1 [ 2587.585477] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2587.620281] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2587.651591] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:09 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:09 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880), 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:09 executing program 2: syz_emit_ethernet(0x4a, &(0x7f0000000400)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "209200", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0) 00:33:09 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:09 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601002d6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2588.042206] audit: type=1800 audit(1588638789.914:97): pid=24717 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17072 res=0 00:33:09 executing program 2: r0 = socket(0x1000000010, 0x80002, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="d00800002400ffffff7f0a000410ffffa6fffff7", @ANYRES32, @ANYBLOB="0000000bf1ffffff0000000b0800010063627100a40802000404060003000000050008a000700300fdffffffffff00001f0000000500000000020000010000000000100083000000fdffffff07000000084900000100000002000000cf000000feffffff080000000180000003000000090000000200000000274a49ef6949a7bb000000050000000100000004000000ff7f000000000000000400000002000004000000ff0f0000f44f350001000000010400005eb768350100000008000000ffffffffc38d00001f000000040008830600000000000100f7ffffff030000000080ffff050000000600000006000000a900000000000000c0000000c0ffffff08000000018000000101000006000000b300000000000020050000000104000004000000070000000800000001010000c22e0000c0ffffff0500000004000000060000000900000008000000f7ffffff0800000003000000080000000400000001000080040000000400000000100000040000000700000009000000fcffffff01000000010000000900000000020000060e0000080000000200000002000000090000000800000007000000ab000000fb00000007000000ff0100000800000001040000070000000300000009000000ff07000008000000ffff0000a90100000900000005000000200000000500000001000000070000008eb7000000000080010000000000000007000000fffffffffcffffff01f0ffff000000003f00000003000000000100000080000000800000030000000500000005000000ffffffff0700000015ba000004000000070000000300000003000000ffffffff04000000554f00006ff800000700000003000000000200000600000008000000b300000006000000000000000007000001010000030000000080000000040000730a000001000080010000009e0c0000000800000100008000000000000000004000000000fefffff67d000004000000ff01000002000000000000004000000040000000ed000000010001000e0a05000000000000020000040000000600000002000000ff7f00000100000001000000060000007f000000020000000004000004000000090000009000000008000000b6000000040000000400000005000000f50a0000ffff0000060000008ff9ffff070000001eaaffff3f0000008000000000000000ff0c0000ff7f0000030000007f0000002d0000000800000000010000ff070000ffffffff2bab000002000000ace800000500000000000000e1bf934d070000001f000d000300000004000000070000000900000005000000030000000200000087d400000200000008000000000100007f0000000e000000080000000200000007000000ffffff7f06000000000000000500000001000000820000001f0000000004000001000000faffffff0500000006000000070000000300000010000500810306009fff04000800000004040600d90b0000ff00000005000000040000001ba2cc3b00000080010000003f000000ff0f0000bd52c97303000000be060000fffffffffffeffff7f000000ff0000008100000000db040009000000070000000300000000000000060000008f5e0000010000000002000006000000010100000200000007000000000000e0318900000104000000efff000600000004000000080000000400000002000000c00000000800000008000000f7ffffff05000000810000004d00000001000080eb0700001f000000090000000800000001000000000000000000000002000000ffff00000100000002000000000000e0a000000040000000ff000000f7ffffff0500000009000000070000000600000028080000030000000600000004000000be00000003000000070000000500000038080000faffffffffffffff47b5554d001000008100000007000000ffffff5e6d4e2d000100000002000000566b00002000000004000000020000008b01000001000000ffff000004000000ff0f0000050000002000000003000000e40d000007000000f8ffffff200000003f000000387f00000700000007000000c10a000009000000040000000400000000000000008000000100008009000000370b000000000000ff07000006000000bb7900000400000002000000ffffff7f0300000000000000090000000700000005000000000000807f0000000900000008000000fad4ffffff01000001010000010000003f0000000400000020f2ffff01000100ffff0000010000000200000008000000fbfffffff9ffffff040000004d000000060000000200000002000000070000004e0d0000000200000800000035000000300e00000700000000040000020000000180000020000000f2ffffff070000000500000000010000fffffeff0900000000080000070000000800000009000000ff7f00000900000004000000040000000000000006000000050000000100000009000000080000007e0700000300000000800000bf16000002000006000000ffee00000001000000000000000010f7006305000000000000000000007f00000010080000000000000100008002000000080000000101000003000000ffffff7ffffffffff7ffffff0600000003000000a6060000ff0300000700000001800000090000000200000000000000040000000080ffff00020000070000000500000001000100000000800000af06060000002b0a000005000000010000000500000009000000040000000500000002000000ffffff7ff30000000800000002000000ffff0000ff070000810000004000000075fc000009000000fbffffff0500000000000000810000000100000080000000d05e0000020000001f00000000000000ff010000451e00002d00000000000000ff0000001000030008001000ff070000010000001800010039"], 0x8d0}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000200), 0x10efe10675dec16, 0x0) [ 2588.069001] audit: type=1804 audit(1588638789.934:98): pid=24719 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1290/bus" dev="sda1" ino=17361 res=1 [ 2588.119060] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2588.132865] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2588.155141] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:33:10 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2588.184470] audit: type=1804 audit(1588638790.014:99): pid=24728 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1274/file0" dev="sda1" ino=17072 res=1 [ 2588.220021] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:10 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880), 0x0, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2588.254058] Process accounting resumed [ 2588.281684] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2588.319823] minix_free_inode: bit 1 already cleared 00:33:10 executing program 2: syz_mount_image$vfat(&(0x7f0000000040)='vfat\x00', &(0x7f00000002c0)='./file0\x00', 0x800000000e004, 0x1, &(0x7f0000000380)=[{&(0x7f0000000100)="eb3c906d6b66732e666174000204010002000270fff8", 0x16}], 0x0, 0x0) r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) ioctl$FITRIM(r0, 0x82307201, 0x0) ioctl$RTC_AIE_OFF(r0, 0x7002) r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) sendmsg$IPVS_CMD_DEL_SERVICE(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000140)={&(0x7f0000000080)={0x6c, 0x0, 0x200, 0x70bd26, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x20, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bond\x00'}, @IPVS_DAEMON_ATTR_MCAST_PORT={0x6, 0x7, 0x4e20}]}, @IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_PORT={0x6, 0x4, 0x4e23}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x3}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x1}, @IPVS_SVC_ATTR_SCHED_NAME={0xa, 0x6, 'lblcr\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x56}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x53}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x80}, 0xc000) pipe2(&(0x7f00000001c0), 0x80800) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg(0xffffffffffffffff, 0x0, 0x0) r2 = socket$inet6(0xa, 0x400000000001, 0x0) close(r2) r3 = socket$inet6_sctp(0xa, 0x801, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) r4 = getpid() sched_setscheduler(r4, 0x5, &(0x7f0000000380)) connect$inet6(r3, &(0x7f0000000080)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = open(&(0x7f0000000080)='./bus\x00', 0x141042, 0x0) ptrace$getsig(0x4202, 0x0, 0x0, &(0x7f0000000240)) ftruncate(r5, 0x200004) [ 2588.323866] audit: type=1804 audit(1588638790.194:100): pid=24736 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1291/bus" dev="sda1" ino=17017 res=1 [ 2588.524325] audit: type=1800 audit(1588638790.394:101): pid=24748 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17063 res=0 [ 2588.561559] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2588.630818] minix_free_inode: bit 1 already cleared 00:33:12 executing program 0: ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r0, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff010) 00:33:12 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x1000000) 00:33:12 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6", 0x193, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2590.563666] audit: type=1800 audit(1588638792.434:102): pid=24762 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17053 res=0 [ 2590.598628] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2590.649777] minix_free_inode: bit 1 already cleared 00:33:12 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:12 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60104376c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:12 executing program 2: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000000)="a298d0ef7f9ec0de6e18290bb84ef303d951ff45dd9b2c882a183144b0beac69ed7aa5981eb09e7937129d3b78003560810939b3d8b6ce5c5b0aa071a48ba86245b721abf90b4e42ba577270bb645b117bfc03fe760a3812e31aaa11c2de4f9677401a6ee692cd2435775006f336c1419579bc893608597f0e81b9762c20b2784f8af955c81f286b2e1026e04c326f1f623d1862ae2006c81dfb71f9b0c3da3beb7aafc397bac8ce61e7aa0624e2cdd1b3b5f002a73f47968a2ee768a4b3810c6929d61a41d63d0e0743ee1db392edad87e2e86fd00e7e54d453939e7356", 0xde}, {&(0x7f0000000100)="daf82f37f8a52419d91abdca883fac3456297c17748489047725da4bd4d729e4d805f912c4f61752f6e87614b3c7768926790c08a38878601f558bf732ccef", 0x3f}, {&(0x7f0000000140)="e000bb3de9cf9dc4deb608d74d7297fea0646262fdd2939ae74078d224b69a31336bee0e85fd0704ad1a10e3cbd0d7d9553fb0158ea52a03600588fb57aeb842f8ae4f2d999af2f9bee1711e029bbe4b8b697c4468841abbc54567a418ed53972ac90a04ceb2974233038420bbaec99454a9b97222bd52cfbe6e90733f7109dc9c35d135123cdad966b8b9f5f262a66ace57b78e097d617d930e3d3189a8673336adcb34068e3b8961b60940dfa33c447a8c144392f24027355fe7633e769911493af707000000000000882d23f61d3fd373a53cba7af133963a676fbbe5d146", 0xe0}, {&(0x7f0000000240)="1e28000000008633dec75d2a6e30e311d489f5ff41733f553ebf70b6b68a3459f598f55a204f867c8e67ee6e2fa6725d61410c3704f851259dff3df1a0fbc897b6af57", 0x43}, {&(0x7f00000002c0)="a8c1a4de22b766c8ba1ee8aff5a692d474c4ee8563a0c658f4ff8e84a6ce35bcaef88cd5a8aefd1f94dbd858b1cc36a97c8eda0c7c41566a3b08f67b7b215633c67ac72621270770e1986660d95309e6bfabe76672cf758d5ff8fc2c7a30c28b23c9a2ef3c740853a76ee3182de6ec9b4407506d327c15506024dbc47bcd6771c9d07fc70264f16a3f074b438848b2b58268828f6a9c910d99b58072a318207468cf06c57c8efcc06940159851678f00a6a0c4199da6e0d78d3c739da224f7577808382271d5d4eee624d9a95697f6297b073f47266c1cda99b854c2d6267b496e2ad369a9469a3e3f6266a8dc889db4c914657d99689d669e17817b1b27f4ce8090d2d155676eb8704d20ba267cf8f0da80eb89b628b0798cb1363ba6dd1da7873b3b77acddadcefc7d77efa3fc5a2def7be7af1b888ffedbd2c5a8f576aaecb254db4ca37be1bbcc9e05c80f150996ab989f7ec0525a725eef1d6467de0024f7a276b83d4b25b43e7586a2567e90c8141e2050a77e6db7a3d5077e0a26a5ce0c630aeb2b7e087fcda58d60df3693acd86ee86c1a9a8fba7544d5fddbca7bb53aa2233058fef13bc60bd83ec472d78f05dc0e78cf592b32919e5352732bcd47ba9c9226c00874378e1c40f0ff1fb80695aa91e08aa50c82ba1b2a68e5e0f8ac32bbe7e3846be7a9efdc4a4603fd5cdb31d1694903bb8fd48cb9b85c3e2d6b633cf7385c9ad83c110bdbd2fc6c4ebd2f36f04cb7a39c0e4afb8f75d048aa447e23b97d818b4fea2bbe48446e993cb95acd6a0399a21a0d91e0d0066ceee56f99822d3a571d4a2f015b3d13d1dff96efc124f54183e4477aa52824d5de5b41bb2585076c136271b1591479f120bfab275e8e528da5803a41ab3ccf92d718c3a3fc0a0f4c9fea59e01937c2db94a41cf225ce76f872d82e84387c3210881356a59279f940a94220b7152dba4af50e5b13b6122089600cd8c5033c338536e87fefa59a7cc4bedd7acd2a075b7803860c6124f0a0ac5a2d559d55b6ae1bcbe669081d6147194457b104c89055fb2b197967a15b54a51801578805f6f4eed5f2472c5aa3897e5d8ff7cf915a1520ac3cd2e12030010d6027bb0ca4d7f79752163a636376e13be8d788bf56fd539cc683fd3c0856300a4eea82a83e3120b1a9415852785a0d4addf3d594df34678e3f48c9939aee8abd4c0bab1ce18ddb82ef9d3c8ef8de520aa7facfce8f7723d73d9dea5f63343d92de9e7a0a7c6c78345f028a23ab1245cd4b705d2a0972bbc9d29cbb929bba8500f528da37ad35824222ff52e8176373413020f3db4e18d8c301e8bcb16f1c61e545cee9569616f400c8d5109a8ddd8da46e22581cac6ba668fd1ff4f12197af773c95a8f50a8a7f4c1a6dd2ed37659f63544ab54267be9cac1f2511368efbf818c2ed53685905f033a7d2d4cd01d38e6a35071513f8b37ae136037b377a2b9b0663e04310e9868f3c5359115e8ae9626d0de77b23fe78d707894d9693be0c84f9d649afa4610993e1ead61eb067b6d46850fd5521a602d590e18f1f1b6f9efead7696f12e507aca2b61160efd630e64446adfccbbda9ebd9257db602fedfda9dc4478ef7f8786d43861d1e5dc9afb1c4657dd4125fef0b351c82aa836fa5b5bdffefc597b2719e98aa8298653c57f5006e59818ffeb8e729031b9ef141d1cb50725779b98f372eea72e53a3e24666888547c770326b100824b0640c7f28d05b23249863f3597bfe7d71b0c3e10b30d43f618685c22ccd5613e0376ff8abae6e023b82deedcea9cf14cf75dab3b0883c915ae39478861340e54202e68aef226cfe670dcc28403c48b1c9b5e310d1e6e049d3eebd7d2834fe82c25fca365f3b85cc9a6374d0ea9c8492ede255a4050525c951974e6844b6f4cefb543dc00bcc6bec69a8756b189af1bb9338ab69bef90d4c3d7e569278759b665843f72f2d641bc46c15dc7193c2260fa8923ed3a6df2982a3cd28366cdb13aabc5f1dee32cb055b30da757f572fa25ca3207d1081079629d3c49138af8e9818d371bd2132402cac0280a4fa7dc701623d7e48e7e26f275d01f5462b10275a2c4508a3171674095723b1d1fcaed34467374a87a7816eada6a381b27d661535d10a2d536f9b8031d9684bce2307af1f7913431f876c2eef9e333f6e2d06976cc10d7c3739d0127d8260443a3a8f7a1409ca529d74587cc6cb10cf2a6883e69535c1beb704b8716e1cef7cd3c7f7977118f0a53cf1abfe9eea074fa5dc8f8738a3c80f28e4900d2de8b6b4ff976e34faac91d0214f939a2690e38ebc6e2e937c27bf0e70258559ff713c709f301907b1fecf69a282189fd129bbe749caea6ac9af5d3f25fcd03bd90fcc5371994000cd0e70cb1f85a507335658960c1b722cc093ebb23becaf7fb51cb0c4f2e1a369ba092ed27f202fa684977bdf4c7f892b59693dadae26d59c3b6bd5e164cda1e45fcbfe2ad54e0222ca512464d7c0fd52351c81df718202ed3eac92fcfce9874f9fedfa907118defb971761713ba9a17a4f413302572c9411261515dec861aff54e8b24a15e7da058a7c549e086955a97aed47dc6d1c654b3affb6384b283e4825406e695afc2358cb0dfa3654ef0854dbb615050add8a009f0da7cd63d74864e9bf81992b2d97cdc9e88dc5b2d85aabf2a3caf8c9a674005ed922f421c65a3c36ff9edb775179a844e99aff1bdae5c7b8d20b834576f0da791b2e33af205f53aa71acbb65044dfc862ae8b2b4210e39d0eddf124b673d853cc972bfad5bccbe28b07676b674ed0125d2601ac944b7af0ad4840d041bf3b01fb7c7145060f1eef290e27d198c58f1c2b1c190809178dfb3ba9e42ee0afbed84d0ee00299990712712425ac682f68636fb7b1b3690b9799a8167bb970b2dc7cbf8bea498bbb7e280a5bf9d888fa118393d7b874e1a9bfcb771bed2578aefed62f057e6325025a438d15f228992a536e2449f53b527766191b618846afa4c6cea46fd819f79f983409db03440be31fa97440dc82fbfa5f0ecd1695bd0fcec8f49f4d0cb38d38cba95cc9182af33f9d16f494a6d7b38a82834043b1d55ee6309b297b9b5be05c9863cb330d37bb9012d5a6ca9773381feebbefa6a239fb4ae1719893ee2eb578b1d71bcb4c1fb8329b97623cbcb144d53e08531a478073193d9f7bffa82a3c656526d7f7132b4b0b5e884121695170df1eeb329a9767d265c40fd73a91ce1f3c6dd68137c5665bb1339a9a78fb9f824ea5b7d76415d90622289745ded7e159ed931378f49604e4ca1c1a1a6db2cfd5c71744197f19abbce8c61fbe7915caa7ac0ae4305eecda87adcb80b5a097714063aefd4089ff897839085e0ea552d436e99ed78a571b39b0eee609d10b9c7c3b2da4be02d23ca3494a7e445ad2be7ceb93bfa8ff43bbe044aea346bb610351773d342f2e1f5d0cad573673ac9466ec64645a35f88f4447230a5780ebd7543b55e137053a08a7838657882c686994145fd698cb171d2c5ce9257790f9f3a4502f4e165076c2c7e6770d788939918ec926f8989df240c1bc981d9d8c392bf165c888e0e247802b7a9a48b2f03b245c5b577619b5f60e50e7aca22e36ae6265e3def2d97cb4825c7bda34150021c673d14c4e2130cf4edf7d27d63475bd478b6c2cd4ee406bb9c4d7b41fcc07868ba2b8cef4a640423140b2614bf4e13bc7811ed225a7369e148ddd7a3686088fa5a3211a47762021762667a8d09c6805c058cbdfde8336ee06008bec9d5ba585bb452827a955bf0a0caac5ad5ade021c03479026ab5f36c4dc79248f4384c24c39c43863d170c1452037e62700b55abda1dfb963ca8d75a770d5e3ebf9d8fbf0c3e15bdafe1540d04d5cb376a5f0fc6d44fc800eaee565d1acca2c2bb21a06de06a73198faf763299eedcb1604247d2dd0793253b97be8d1b42620a2d8a8c707c477e1b250ecbc2554c7d70aad1e69bad2a7947b4631f96ca8384c229e13c6ca9c812b6c80c9f547f0a214be75cb874cee77c8a68a56845b06cf42966575b0755561b7d191fbb6477ee51fe312980ca8efed2397eddfe8eae9992318354bcc2bdd95905b400c387e538ad98ebdd120818b35256fc00f5d84375f3c99d167e246eda1b2a972e1fc2b840ae55608a76603387b2aef4efd6f2e23a867ae637a8c7b21ddef4c218f9f85a1b700c24ac43a62d3bb04ac12cec14b44b9a01f3f5ec3f010761692f2a207ccc2ba86c2d1f3a9f78d301c897fac28131ce0960de4ea4bcf2bb1d823ce57d4b98d9d1edacef8c567e1582e6edd2a1572769b9b124c87d10184ccdda6adef747815fb492afa69849e6c0fddd2f95626b4dce85e3e92d986c34ef6f77b1401490698f521619a2f1dba7efcb06972e140b81fd7192226fef518cbb7aeb14f1858c51cc3676033e1aeec66bb3a40b284434662f98f68a602d331954b3499a1a3d5e73bc145c5466bfa3e81b1648334ccb0badacf551d93be02e6f55c817390f0deac63b47702ce472539c249de8797c35db5f06bbf0522102df1b5f14a1f958f4f906ed619b3a354a653fc40b014e3681da4138f2147585353d01604c55c2232f03761bc6280bb97649458dc45e51639901ddd5e97141e7789654cb557c5df2ea624cdd28df0dbf7065f16bbe87382f51ca132a21c525f91450f3c19bbffef9e7f45ba6cc29bd7974572e13e20a8242396e54e09e74303e65a588fb7dacbf83a367401805ef43f9f36dbcfdef5a65079d2e5d0b510d38ba0fd1461a095ab50e61aefa5daed2d56a41cd581fe0b583d27fa0ceb4d6630090ae96364587d8b3d6ea9a81e49f42c770fbda5d929b67acbab007e1f87e3d3e90d2696bfad2df55d3a04a15cef7dcae91afae16ebdf30bda154be56bb65adc888ecc7aab8a2b60834e0acc9b105ec19d2f490dded98927ff7e7a293991fe4eff7f7083e98cabf0111bd6612efd1ddf2878d4df154b74855b8fc73786ae4633f8adee42360b85c8d712651418c2a4afcb848ab1d06794a6b33e5cd9dd2580f17b5872283cf6080a03128ace583374672699f428ba30c5cecea0d9c3ff6a8bf1fa9b9765e8f7c1134a3bf0599fd4ccb936adede7889c415a68105d4354a78e43ee7b5e529d97f2b3fe25235072ef9fefdc4118ee7c801f62d57668918b30ed39a527a591926fa4b947a1a01008346850999da94573322b66e1642376806c7886f60dd30c9cc094da8c14a1997340f98e0306b79583701690e6ade214887611a4c9de33b6990d6f422422ea68a8c3169ece276b2335d5caedf4c6947dc62a78f4d47050de4913733adbc565b5ea8f6734aaf9ae02455e1fd0ccc1d6a130840ab19d2b5fca2b96cf05863a2c2aec0da1148b1dd7b09c14932d9c24c8658fd7c7c6bfe98640b32a873a3602decbafe6d9244621ac6e78ed1aeb6220c69e5d898accca8a7a1a2d7f9ce801bee84b7051eb37996f2fe0423eece74cea49cdb836f8eb30b0132a9ce06210891e451b25e2986a4ae4da751e761b85b91ad656029f31ff7121404508387fff0144cc12fe4ddcb4d0fa9a96cfb317d8dcde96ee19ff777c46f3e6290d4dfe13a117d83506ef60a8163cd992eb9266f5445f0a725e8424753f002b1946191b7786f18d97ef75936848d6b3b5b4a455ac7a1e3fc5a60f031f99b79acf7bb361085c9e6ea2b7ba46f00482263a080f9e4ed5dc43853dde634031d1806dbf63537d0ac1733390be5ee3dc981cce882ea2992ac21f87d146ea39934798833ac785100"/4096, 0x1000}], 0x5, 0x4) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x24) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) 00:33:12 executing program 0: ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r0, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff010) 00:33:12 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6", 0x193, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2591.080551] audit: type=1800 audit(1588638792.954:103): pid=24781 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17373 res=0 [ 2591.113683] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:33:13 executing program 0: ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r0 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r0, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r1 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r0, r1, 0x0, 0xffffffff010) [ 2591.149297] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2591.158386] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2591.186952] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:13 executing program 2: r0 = getpid() prctl$PR_SET_PTRACER(0x59616d61, r0) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r1 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) r3 = dup2(r2, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) vmsplice(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000000)="a298d0ef7f9ec0de6e18290bb84ef303d951ff45dd9b2c882a183144b0beac69ed7aa5981eb09e7937129d3b78003560810939b3d8b6ce5c5b0aa071a48ba86245b721abf90b4e42ba577270bb645b117bfc03fe760a3812e31aaa11c2de4f9677401a6ee692cd2435775006f336c1419579bc893608597f0e81b9762c20b2784f8af955c81f286b2e1026e04c326f1f623d1862ae2006c81dfb71f9b0c3da3beb7aafc397bac8ce61e7aa0624e2cdd1b3b5f002a73f47968a2ee768a4b3810c6929d61a41d63d0e0743ee1db392edad87e2e86fd00e7e54d453939e7356", 0xde}, {&(0x7f0000000100)="daf82f37f8a52419d91abdca883fac3456297c17748489047725da4bd4d729e4d805f912c4f61752f6e87614b3c7768926790c08a38878601f558bf732ccef", 0x3f}, {&(0x7f0000000140)="e000bb3de9cf9dc4deb608d74d7297fea0646262fdd2939ae74078d224b69a31336bee0e85fd0704ad1a10e3cbd0d7d9553fb0158ea52a03600588fb57aeb842f8ae4f2d999af2f9bee1711e029bbe4b8b697c4468841abbc54567a418ed53972ac90a04ceb2974233038420bbaec99454a9b97222bd52cfbe6e90733f7109dc9c35d135123cdad966b8b9f5f262a66ace57b78e097d617d930e3d3189a8673336adcb34068e3b8961b60940dfa33c447a8c144392f24027355fe7633e769911493af707000000000000882d23f61d3fd373a53cba7af133963a676fbbe5d146", 0xe0}, {&(0x7f0000000240)="1e28000000008633dec75d2a6e30e311d489f5ff41733f553ebf70b6b68a3459f598f55a204f867c8e67ee6e2fa6725d61410c3704f851259dff3df1a0fbc897b6af57", 0x43}, {&(0x7f00000002c0)="a8c1a4de22b766c8ba1ee8aff5a692d474c4ee8563a0c658f4ff8e84a6ce35bcaef88cd5a8aefd1f94dbd858b1cc36a97c8eda0c7c41566a3b08f67b7b215633c67ac72621270770e1986660d95309e6bfabe76672cf758d5ff8fc2c7a30c28b23c9a2ef3c740853a76ee3182de6ec9b4407506d327c15506024dbc47bcd6771c9d07fc70264f16a3f074b438848b2b58268828f6a9c910d99b58072a318207468cf06c57c8efcc06940159851678f00a6a0c4199da6e0d78d3c739da224f7577808382271d5d4eee624d9a95697f6297b073f47266c1cda99b854c2d6267b496e2ad369a9469a3e3f6266a8dc889db4c914657d99689d669e17817b1b27f4ce8090d2d155676eb8704d20ba267cf8f0da80eb89b628b0798cb1363ba6dd1da7873b3b77acddadcefc7d77efa3fc5a2def7be7af1b888ffedbd2c5a8f576aaecb254db4ca37be1bbcc9e05c80f150996ab989f7ec0525a725eef1d6467de0024f7a276b83d4b25b43e7586a2567e90c8141e2050a77e6db7a3d5077e0a26a5ce0c630aeb2b7e087fcda58d60df3693acd86ee86c1a9a8fba7544d5fddbca7bb53aa2233058fef13bc60bd83ec472d78f05dc0e78cf592b32919e5352732bcd47ba9c9226c00874378e1c40f0ff1fb80695aa91e08aa50c82ba1b2a68e5e0f8ac32bbe7e3846be7a9efdc4a4603fd5cdb31d1694903bb8fd48cb9b85c3e2d6b633cf7385c9ad83c110bdbd2fc6c4ebd2f36f04cb7a39c0e4afb8f75d048aa447e23b97d818b4fea2bbe48446e993cb95acd6a0399a21a0d91e0d0066ceee56f99822d3a571d4a2f015b3d13d1dff96efc124f54183e4477aa52824d5de5b41bb2585076c136271b1591479f120bfab275e8e528da5803a41ab3ccf92d718c3a3fc0a0f4c9fea59e01937c2db94a41cf225ce76f872d82e84387c3210881356a59279f940a94220b7152dba4af50e5b13b6122089600cd8c5033c338536e87fefa59a7cc4bedd7acd2a075b7803860c6124f0a0ac5a2d559d55b6ae1bcbe669081d6147194457b104c89055fb2b197967a15b54a51801578805f6f4eed5f2472c5aa3897e5d8ff7cf915a1520ac3cd2e12030010d6027bb0ca4d7f79752163a636376e13be8d788bf56fd539cc683fd3c0856300a4eea82a83e3120b1a9415852785a0d4addf3d594df34678e3f48c9939aee8abd4c0bab1ce18ddb82ef9d3c8ef8de520aa7facfce8f7723d73d9dea5f63343d92de9e7a0a7c6c78345f028a23ab1245cd4b705d2a0972bbc9d29cbb929bba8500f528da37ad35824222ff52e8176373413020f3db4e18d8c301e8bcb16f1c61e545cee9569616f400c8d5109a8ddd8da46e22581cac6ba668fd1ff4f12197af773c95a8f50a8a7f4c1a6dd2ed37659f63544ab54267be9cac1f2511368efbf818c2ed53685905f033a7d2d4cd01d38e6a35071513f8b37ae136037b377a2b9b0663e04310e9868f3c5359115e8ae9626d0de77b23fe78d707894d9693be0c84f9d649afa4610993e1ead61eb067b6d46850fd5521a602d590e18f1f1b6f9efead7696f12e507aca2b61160efd630e64446adfccbbda9ebd9257db602fedfda9dc4478ef7f8786d43861d1e5dc9afb1c4657dd4125fef0b351c82aa836fa5b5bdffefc597b2719e98aa8298653c57f5006e59818ffeb8e729031b9ef141d1cb50725779b98f372eea72e53a3e24666888547c770326b100824b0640c7f28d05b23249863f3597bfe7d71b0c3e10b30d43f618685c22ccd5613e0376ff8abae6e023b82deedcea9cf14cf75dab3b0883c915ae39478861340e54202e68aef226cfe670dcc28403c48b1c9b5e310d1e6e049d3eebd7d2834fe82c25fca365f3b85cc9a6374d0ea9c8492ede255a4050525c951974e6844b6f4cefb543dc00bcc6bec69a8756b189af1bb9338ab69bef90d4c3d7e569278759b665843f72f2d641bc46c15dc7193c2260fa8923ed3a6df2982a3cd28366cdb13aabc5f1dee32cb055b30da757f572fa25ca3207d1081079629d3c49138af8e9818d371bd2132402cac0280a4fa7dc701623d7e48e7e26f275d01f5462b10275a2c4508a3171674095723b1d1fcaed34467374a87a7816eada6a381b27d661535d10a2d536f9b8031d9684bce2307af1f7913431f876c2eef9e333f6e2d06976cc10d7c3739d0127d8260443a3a8f7a1409ca529d74587cc6cb10cf2a6883e69535c1beb704b8716e1cef7cd3c7f7977118f0a53cf1abfe9eea074fa5dc8f8738a3c80f28e4900d2de8b6b4ff976e34faac91d0214f939a2690e38ebc6e2e937c27bf0e70258559ff713c709f301907b1fecf69a282189fd129bbe749caea6ac9af5d3f25fcd03bd90fcc5371994000cd0e70cb1f85a507335658960c1b722cc093ebb23becaf7fb51cb0c4f2e1a369ba092ed27f202fa684977bdf4c7f892b59693dadae26d59c3b6bd5e164cda1e45fcbfe2ad54e0222ca512464d7c0fd52351c81df718202ed3eac92fcfce9874f9fedfa907118defb971761713ba9a17a4f413302572c9411261515dec861aff54e8b24a15e7da058a7c549e086955a97aed47dc6d1c654b3affb6384b283e4825406e695afc2358cb0dfa3654ef0854dbb615050add8a009f0da7cd63d74864e9bf81992b2d97cdc9e88dc5b2d85aabf2a3caf8c9a674005ed922f421c65a3c36ff9edb775179a844e99aff1bdae5c7b8d20b834576f0da791b2e33af205f53aa71acbb65044dfc862ae8b2b4210e39d0eddf124b673d853cc972bfad5bccbe28b07676b674ed0125d2601ac944b7af0ad4840d041bf3b01fb7c7145060f1eef290e27d198c58f1c2b1c190809178dfb3ba9e42ee0afbed84d0ee00299990712712425ac682f68636fb7b1b3690b9799a8167bb970b2dc7cbf8bea498bbb7e280a5bf9d888fa118393d7b874e1a9bfcb771bed2578aefed62f057e6325025a438d15f228992a536e2449f53b527766191b618846afa4c6cea46fd819f79f983409db03440be31fa97440dc82fbfa5f0ecd1695bd0fcec8f49f4d0cb38d38cba95cc9182af33f9d16f494a6d7b38a82834043b1d55ee6309b297b9b5be05c9863cb330d37bb9012d5a6ca9773381feebbefa6a239fb4ae1719893ee2eb578b1d71bcb4c1fb8329b97623cbcb144d53e08531a478073193d9f7bffa82a3c656526d7f7132b4b0b5e884121695170df1eeb329a9767d265c40fd73a91ce1f3c6dd68137c5665bb1339a9a78fb9f824ea5b7d76415d90622289745ded7e159ed931378f49604e4ca1c1a1a6db2cfd5c71744197f19abbce8c61fbe7915caa7ac0ae4305eecda87adcb80b5a097714063aefd4089ff897839085e0ea552d436e99ed78a571b39b0eee609d10b9c7c3b2da4be02d23ca3494a7e445ad2be7ceb93bfa8ff43bbe044aea346bb610351773d342f2e1f5d0cad573673ac9466ec64645a35f88f4447230a5780ebd7543b55e137053a08a7838657882c686994145fd698cb171d2c5ce9257790f9f3a4502f4e165076c2c7e6770d788939918ec926f8989df240c1bc981d9d8c392bf165c888e0e247802b7a9a48b2f03b245c5b577619b5f60e50e7aca22e36ae6265e3def2d97cb4825c7bda34150021c673d14c4e2130cf4edf7d27d63475bd478b6c2cd4ee406bb9c4d7b41fcc07868ba2b8cef4a640423140b2614bf4e13bc7811ed225a7369e148ddd7a3686088fa5a3211a47762021762667a8d09c6805c058cbdfde8336ee06008bec9d5ba585bb452827a955bf0a0caac5ad5ade021c03479026ab5f36c4dc79248f4384c24c39c43863d170c1452037e62700b55abda1dfb963ca8d75a770d5e3ebf9d8fbf0c3e15bdafe1540d04d5cb376a5f0fc6d44fc800eaee565d1acca2c2bb21a06de06a73198faf763299eedcb1604247d2dd0793253b97be8d1b42620a2d8a8c707c477e1b250ecbc2554c7d70aad1e69bad2a7947b4631f96ca8384c229e13c6ca9c812b6c80c9f547f0a214be75cb874cee77c8a68a56845b06cf42966575b0755561b7d191fbb6477ee51fe312980ca8efed2397eddfe8eae9992318354bcc2bdd95905b400c387e538ad98ebdd120818b35256fc00f5d84375f3c99d167e246eda1b2a972e1fc2b840ae55608a76603387b2aef4efd6f2e23a867ae637a8c7b21ddef4c218f9f85a1b700c24ac43a62d3bb04ac12cec14b44b9a01f3f5ec3f010761692f2a207ccc2ba86c2d1f3a9f78d301c897fac28131ce0960de4ea4bcf2bb1d823ce57d4b98d9d1edacef8c567e1582e6edd2a1572769b9b124c87d10184ccdda6adef747815fb492afa69849e6c0fddd2f95626b4dce85e3e92d986c34ef6f77b1401490698f521619a2f1dba7efcb06972e140b81fd7192226fef518cbb7aeb14f1858c51cc3676033e1aeec66bb3a40b284434662f98f68a602d331954b3499a1a3d5e73bc145c5466bfa3e81b1648334ccb0badacf551d93be02e6f55c817390f0deac63b47702ce472539c249de8797c35db5f06bbf0522102df1b5f14a1f958f4f906ed619b3a354a653fc40b014e3681da4138f2147585353d01604c55c2232f03761bc6280bb97649458dc45e51639901ddd5e97141e7789654cb557c5df2ea624cdd28df0dbf7065f16bbe87382f51ca132a21c525f91450f3c19bbffef9e7f45ba6cc29bd7974572e13e20a8242396e54e09e74303e65a588fb7dacbf83a367401805ef43f9f36dbcfdef5a65079d2e5d0b510d38ba0fd1461a095ab50e61aefa5daed2d56a41cd581fe0b583d27fa0ceb4d6630090ae96364587d8b3d6ea9a81e49f42c770fbda5d929b67acbab007e1f87e3d3e90d2696bfad2df55d3a04a15cef7dcae91afae16ebdf30bda154be56bb65adc888ecc7aab8a2b60834e0acc9b105ec19d2f490dded98927ff7e7a293991fe4eff7f7083e98cabf0111bd6612efd1ddf2878d4df154b74855b8fc73786ae4633f8adee42360b85c8d712651418c2a4afcb848ab1d06794a6b33e5cd9dd2580f17b5872283cf6080a03128ace583374672699f428ba30c5cecea0d9c3ff6a8bf1fa9b9765e8f7c1134a3bf0599fd4ccb936adede7889c415a68105d4354a78e43ee7b5e529d97f2b3fe25235072ef9fefdc4118ee7c801f62d57668918b30ed39a527a591926fa4b947a1a01008346850999da94573322b66e1642376806c7886f60dd30c9cc094da8c14a1997340f98e0306b79583701690e6ade214887611a4c9de33b6990d6f422422ea68a8c3169ece276b2335d5caedf4c6947dc62a78f4d47050de4913733adbc565b5ea8f6734aaf9ae02455e1fd0ccc1d6a130840ab19d2b5fca2b96cf05863a2c2aec0da1148b1dd7b09c14932d9c24c8658fd7c7c6bfe98640b32a873a3602decbafe6d9244621ac6e78ed1aeb6220c69e5d898accca8a7a1a2d7f9ce801bee84b7051eb37996f2fe0423eece74cea49cdb836f8eb30b0132a9ce06210891e451b25e2986a4ae4da751e761b85b91ad656029f31ff7121404508387fff0144cc12fe4ddcb4d0fa9a96cfb317d8dcde96ee19ff777c46f3e6290d4dfe13a117d83506ef60a8163cd992eb9266f5445f0a725e8424753f002b1946191b7786f18d97ef75936848d6b3b5b4a455ac7a1e3fc5a60f031f99b79acf7bb361085c9e6ea2b7ba46f00482263a080f9e4ed5dc43853dde634031d1806dbf63537d0ac1733390be5ee3dc981cce882ea2992ac21f87d146ea39934798833ac785100"/4096, 0x1000}], 0x5, 0x4) ptrace$setopts(0x4206, r1, 0x0, 0x0) tkill(r1, 0x24) ptrace$cont(0x18, r1, 0x0, 0x0) ptrace$setregs(0xd, r1, 0x0, &(0x7f0000000080)) ptrace$cont(0x20, r1, 0x0, 0x0) [ 2591.197553] minix_free_inode: bit 1 already cleared 00:33:13 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6", 0x193, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2591.273293] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:13 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60104386c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:13 executing program 0: r0 = open(0x0, 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2591.381131] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2591.408837] audit: type=1800 audit(1588638793.274:104): pid=24806 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17053 res=0 [ 2591.452947] minix_free_inode: bit 1 already cleared [ 2591.528631] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2591.544157] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2591.555634] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2591.582365] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:15 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xe000000) 00:33:15 executing program 0: r0 = open(0x0, 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:15 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:15 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64f", 0x25d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:15 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601003f6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:15 executing program 0: r0 = open(0x0, 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2594.108725] audit: type=1800 audit(1588638795.974:105): pid=24842 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17079 res=0 [ 2594.132236] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:33:16 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2594.154216] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2594.165993] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2594.175954] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2594.200407] minix_free_inode: bit 1 already cleared 00:33:16 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64f", 0x25d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2594.207852] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:16 executing program 2 (fault-call:5 fault-nth:0): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:16 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:16 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100406c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2594.355945] audit: type=1800 audit(1588638796.224:106): pid=24859 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17372 res=0 [ 2594.385168] FAULT_INJECTION: forcing a failure. [ 2594.385168] name failslab, interval 1, probability 0, space 0, times 0 [ 2594.407637] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2594.410764] CPU: 0 PID: 24860 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2594.423448] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2594.432907] Call Trace: [ 2594.435535] dump_stack+0x188/0x20d [ 2594.439277] should_fail.cold+0xa/0x1b [ 2594.443179] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2594.448296] ? __lock_is_held+0xad/0x140 [ 2594.452393] __should_failslab+0x115/0x180 00:33:16 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2594.456651] should_failslab+0x5/0xf [ 2594.460381] kmem_cache_alloc_trace+0x2c6/0x7a0 [ 2594.465076] alloc_pipe_info+0xb8/0x410 [ 2594.469076] splice_direct_to_actor+0x6df/0x8d0 [ 2594.473758] ? __inode_security_revalidate+0xd3/0x120 [ 2594.478962] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2594.483814] ? avc_policy_seqno+0x9/0x70 [ 2594.488421] ? selinux_file_permission+0x87/0x520 [ 2594.493285] ? do_splice_to+0x160/0x160 [ 2594.497274] ? security_file_permission+0x84/0x220 [ 2594.502264] do_splice_direct+0x1a8/0x270 [ 2594.506416] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2594.511274] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2594.516304] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2594.521072] do_sendfile+0x549/0xc10 [ 2594.524803] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2594.529402] ? wait_for_completion+0x3c0/0x3c0 [ 2594.533989] ? vfs_write+0x15b/0x550 [ 2594.537704] __x64_sys_sendfile64+0x1cc/0x210 [ 2594.542193] ? __ia32_sys_sendfile+0x220/0x220 [ 2594.546779] ? __ia32_sys_clock_settime+0x260/0x260 [ 2594.551802] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2594.556571] ? trace_hardirqs_off_caller+0x55/0x210 [ 2594.561593] ? do_syscall_64+0x21/0x620 [ 2594.565684] do_syscall_64+0xf9/0x620 [ 2594.569581] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2594.574778] RIP: 0033:0x45c829 [ 2594.577987] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2594.596905] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2594.604629] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2594.611907] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2594.619172] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2594.626445] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2594.633722] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2594.671331] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2594.681238] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2594.701873] minix_free_inode: bit 1 already cleared [ 2594.706684] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2594.728475] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:18 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x20000000) 00:33:18 executing program 2 (fault-call:5 fault-nth:1): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2596.635492] FAULT_INJECTION: forcing a failure. [ 2596.635492] name failslab, interval 1, probability 0, space 0, times 0 [ 2596.654643] CPU: 1 PID: 24885 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2596.662597] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2596.671960] Call Trace: [ 2596.674559] dump_stack+0x188/0x20d [ 2596.678208] should_fail.cold+0xa/0x1b [ 2596.682098] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2596.687196] ? __lock_is_held+0xad/0x140 [ 2596.691258] __should_failslab+0x115/0x180 [ 2596.695491] should_failslab+0x5/0xf [ 2596.699202] __kmalloc+0x2d3/0x770 [ 2596.702751] ? kmem_cache_alloc_trace+0x342/0x7a0 [ 2596.707596] ? alloc_pipe_info+0x18e/0x410 [ 2596.711849] alloc_pipe_info+0x18e/0x410 [ 2596.715904] splice_direct_to_actor+0x6df/0x8d0 [ 2596.720581] ? __inode_security_revalidate+0xd3/0x120 [ 2596.725767] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2596.730601] ? avc_policy_seqno+0x9/0x70 [ 2596.734674] ? selinux_file_permission+0x87/0x520 [ 2596.739516] ? do_splice_to+0x160/0x160 [ 2596.743493] ? security_file_permission+0x84/0x220 [ 2596.748442] do_splice_direct+0x1a8/0x270 [ 2596.752606] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2596.757456] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2596.762482] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2596.767241] do_sendfile+0x549/0xc10 [ 2596.771401] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2596.776023] ? wait_for_completion+0x3c0/0x3c0 [ 2596.780624] ? vfs_write+0x15b/0x550 [ 2596.784333] __x64_sys_sendfile64+0x1cc/0x210 [ 2596.788819] ? __ia32_sys_sendfile+0x220/0x220 [ 2596.793389] ? __ia32_sys_clock_settime+0x260/0x260 [ 2596.798408] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2596.803167] ? trace_hardirqs_off_caller+0x55/0x210 [ 2596.808221] ? do_syscall_64+0x21/0x620 [ 2596.812198] do_syscall_64+0xf9/0x620 [ 2596.816002] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2596.821198] RIP: 0033:0x45c829 [ 2596.824389] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2596.843340] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2596.851309] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2596.858583] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2596.865859] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2596.873160] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2596.880433] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:18 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {0x0}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:18 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:18 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64f", 0x25d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:18 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100486c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:18 executing program 2 (fault-call:5 fault-nth:2): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2597.143065] audit: type=1800 audit(1588638799.014:107): pid=24901 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17383 res=0 [ 2597.171046] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2597.184491] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2597.212688] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2597.230487] FAULT_INJECTION: forcing a failure. [ 2597.230487] name failslab, interval 1, probability 0, space 0, times 0 [ 2597.256147] audit: type=1804 audit(1588638799.124:108): pid=24910 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1301/bus" dev="sda1" ino=17391 res=1 [ 2597.256465] CPU: 1 PID: 24909 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2597.287976] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2597.290425] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2597.297353] Call Trace: [ 2597.297387] dump_stack+0x188/0x20d [ 2597.297409] should_fail.cold+0xa/0x1b [ 2597.297432] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2597.297454] ? __lock_is_held+0xad/0x140 [ 2597.325735] __should_failslab+0x115/0x180 [ 2597.330008] should_failslab+0x5/0xf [ 2597.333844] kmem_cache_alloc_node_trace+0x272/0x750 [ 2597.338975] ? lock_downgrade+0x740/0x740 [ 2597.343157] __kmalloc_node+0x38/0x70 [ 2597.346982] kvmalloc_node+0x61/0xf0 [ 2597.350719] iov_iter_get_pages_alloc+0x55a/0x1090 [ 2597.355667] ? __kernel_text_address+0x9/0x30 [ 2597.360182] ? unwind_get_return_address+0x5a/0xa0 [ 2597.365134] ? __save_stack_trace+0x8a/0xf0 [ 2597.369475] ? iov_iter_revert+0xa30/0xa30 [ 2597.373756] ? iov_iter_pipe+0xb4/0x2c0 [ 2597.377764] default_file_splice_read+0x19c/0x970 [ 2597.382635] ? kasan_kmalloc+0xbf/0xe0 [ 2597.384565] minix_free_inode: bit 1 already cleared [ 2597.386538] ? __kmalloc+0x15b/0x770 [ 2597.393086] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2597.395291] ? do_splice_direct+0x1a8/0x270 [ 2597.407760] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2597.412456] ? do_syscall_64+0xf9/0x620 [ 2597.416454] ? iter_file_splice_write+0xb30/0xb30 [ 2597.421342] ? mark_held_locks+0xf0/0xf0 [ 2597.425439] ? mark_held_locks+0xf0/0xf0 [ 2597.429512] ? mark_held_locks+0xf0/0xf0 [ 2597.433579] ? fsnotify+0x8ba/0xf00 [ 2597.437234] ? fsnotify_first_mark+0x200/0x200 [ 2597.441829] ? __inode_security_revalidate+0xd3/0x120 [ 2597.447031] ? security_file_permission+0x1c0/0x220 [ 2597.452069] ? security_file_permission+0x84/0x220 [ 2597.457014] ? rw_verify_area+0x10c/0x330 [ 2597.461175] ? iter_file_splice_write+0xb30/0xb30 [ 2597.466030] do_splice_to+0x10e/0x160 [ 2597.469852] splice_direct_to_actor+0x2b9/0x8d0 [ 2597.474537] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2597.479397] ? do_splice_to+0x160/0x160 [ 2597.483394] do_splice_direct+0x1a8/0x270 [ 2597.487558] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2597.492435] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2597.497485] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2597.502262] do_sendfile+0x549/0xc10 [ 2597.506003] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2597.510601] ? wait_for_completion+0x3c0/0x3c0 [ 2597.515203] ? vfs_write+0x15b/0x550 [ 2597.518933] __x64_sys_sendfile64+0x1cc/0x210 [ 2597.523449] ? __ia32_sys_sendfile+0x220/0x220 [ 2597.528137] ? __ia32_sys_clock_settime+0x260/0x260 [ 2597.533163] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2597.537924] ? trace_hardirqs_off_caller+0x55/0x210 [ 2597.542951] ? do_syscall_64+0x21/0x620 [ 2597.546974] do_syscall_64+0xf9/0x620 [ 2597.550792] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2597.555999] RIP: 0033:0x45c829 [ 2597.559200] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2597.578646] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2597.586374] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2597.593765] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2597.601044] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2597.608325] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2597.615619] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:19 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601004c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:19 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:19 executing program 2 (fault-call:5 fault-nth:3): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2597.735514] FAULT_INJECTION: forcing a failure. [ 2597.735514] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2597.753516] CPU: 0 PID: 24918 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2597.761454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2597.770832] Call Trace: [ 2597.773452] dump_stack+0x188/0x20d [ 2597.777110] should_fail.cold+0xa/0x1b [ 2597.781025] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2597.786167] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2597.790948] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2597.795987] ? __lock_is_held+0xad/0x140 [ 2597.800080] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2597.805130] alloc_pages_current+0xff/0x200 [ 2597.809479] push_pipe+0x3f6/0x780 [ 2597.815761] iov_iter_get_pages_alloc+0x5a9/0x1090 [ 2597.820724] ? __kernel_text_address+0x9/0x30 [ 2597.825248] ? unwind_get_return_address+0x5a/0xa0 [ 2597.830204] ? __save_stack_trace+0x8a/0xf0 [ 2597.835419] ? iov_iter_revert+0xa30/0xa30 [ 2597.839692] ? iov_iter_pipe+0xb4/0x2c0 [ 2597.843690] default_file_splice_read+0x19c/0x970 [ 2597.848554] ? kasan_kmalloc+0xbf/0xe0 [ 2597.852455] ? __kmalloc+0x15b/0x770 [ 2597.856195] ? do_splice_direct+0x1a8/0x270 [ 2597.860539] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2597.865230] ? do_syscall_64+0xf9/0x620 [ 2597.869257] ? iter_file_splice_write+0xb30/0xb30 [ 2597.874131] ? mark_held_locks+0xf0/0xf0 [ 2597.878201] ? mark_held_locks+0xf0/0xf0 [ 2597.882271] ? mark_held_locks+0xf0/0xf0 [ 2597.886342] ? fsnotify+0x8ba/0xf00 [ 2597.889976] ? fsnotify_first_mark+0x200/0x200 [ 2597.894567] ? __inode_security_revalidate+0xd3/0x120 [ 2597.899773] ? security_file_permission+0x1c0/0x220 [ 2597.904794] ? security_file_permission+0x84/0x220 [ 2597.909738] ? rw_verify_area+0x10c/0x330 [ 2597.913888] ? iter_file_splice_write+0xb30/0xb30 [ 2597.918738] do_splice_to+0x10e/0x160 [ 2597.922548] splice_direct_to_actor+0x2b9/0x8d0 [ 2597.927226] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2597.932093] ? do_splice_to+0x160/0x160 [ 2597.936110] do_splice_direct+0x1a8/0x270 [ 2597.940288] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2597.945161] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2597.950233] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2597.955011] do_sendfile+0x549/0xc10 [ 2597.958762] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2597.963368] ? wait_for_completion+0x3c0/0x3c0 [ 2597.967973] ? vfs_write+0x15b/0x550 [ 2597.971719] __x64_sys_sendfile64+0x1cc/0x210 [ 2597.976227] ? __ia32_sys_sendfile+0x220/0x220 [ 2597.980815] ? __ia32_sys_clock_settime+0x260/0x260 [ 2597.985846] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2597.990661] ? trace_hardirqs_off_caller+0x55/0x210 [ 2597.995719] ? do_syscall_64+0x21/0x620 [ 2597.999851] do_syscall_64+0xf9/0x620 [ 2598.003693] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2598.008919] RIP: 0033:0x45c829 [ 2598.012132] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2598.031393] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2598.039112] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2598.046392] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2598.053674] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2598.060954] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2598.068244] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:20 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc", 0x2c2, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:20 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100606c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2598.084997] audit: type=1804 audit(1588638799.954:109): pid=24929 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1302/bus" dev="sda1" ino=17387 res=1 [ 2598.198539] audit: type=1800 audit(1588638800.064:110): pid=24931 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16171 res=0 [ 2598.236371] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2598.274750] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2598.288785] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2598.300558] minix_free_inode: bit 1 already cleared [ 2598.305971] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2598.336484] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:21 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x21000000) 00:33:21 executing program 2 (fault-call:5 fault-nth:4): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2599.666060] FAULT_INJECTION: forcing a failure. [ 2599.666060] name failslab, interval 1, probability 0, space 0, times 0 [ 2599.677886] CPU: 0 PID: 24951 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2599.685797] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2599.695173] Call Trace: [ 2599.697784] dump_stack+0x188/0x20d [ 2599.701479] should_fail.cold+0xa/0x1b [ 2599.705372] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2599.710479] ? __lock_is_held+0xad/0x140 [ 2599.714558] __should_failslab+0x115/0x180 [ 2599.718800] should_failslab+0x5/0xf [ 2599.722517] kmem_cache_alloc_node_trace+0x272/0x750 [ 2599.727629] ? kernel_poison_pages+0x2c/0x2a0 [ 2599.732120] ? get_page_from_freelist+0x1082/0x3ef0 [ 2599.737127] __kmalloc_node+0x38/0x70 [ 2599.740937] kvmalloc_node+0x61/0xf0 [ 2599.744746] ? seq_dentry+0x2c0/0x2c0 [ 2599.748566] seq_read+0x805/0x10f0 [ 2599.752130] ? seq_dentry+0x2c0/0x2c0 [ 2599.755991] proc_reg_read+0x1bd/0x280 [ 2599.759911] ? proc_reg_unlocked_ioctl+0x270/0x270 [ 2599.764848] do_iter_read+0x46b/0x640 [ 2599.768654] vfs_readv+0xf0/0x160 [ 2599.772104] ? compat_rw_copy_check_uvector+0x400/0x400 [ 2599.777600] ? push_pipe+0x411/0x780 [ 2599.781331] ? iov_iter_get_pages_alloc+0x32b/0x1090 [ 2599.786731] ? iov_iter_revert+0xa30/0xa30 [ 2599.790984] default_file_splice_read+0x478/0x970 [ 2599.795976] ? kasan_kmalloc+0xbf/0xe0 [ 2599.799993] ? __kmalloc+0x15b/0x770 [ 2599.803879] ? iter_file_splice_write+0xb30/0xb30 [ 2599.808850] ? mark_held_locks+0xf0/0xf0 [ 2599.812916] ? mark_held_locks+0xf0/0xf0 [ 2599.817030] ? mark_held_locks+0xf0/0xf0 [ 2599.821189] ? fsnotify+0x8ba/0xf00 [ 2599.824824] ? fsnotify_first_mark+0x200/0x200 [ 2599.829422] ? __inode_security_revalidate+0xd3/0x120 [ 2599.834629] ? security_file_permission+0x1c0/0x220 [ 2599.839674] ? security_file_permission+0x84/0x220 [ 2599.844666] ? rw_verify_area+0x10c/0x330 [ 2599.849031] ? iter_file_splice_write+0xb30/0xb30 [ 2599.853919] do_splice_to+0x10e/0x160 [ 2599.857902] splice_direct_to_actor+0x2b9/0x8d0 [ 2599.862595] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2599.867464] ? do_splice_to+0x160/0x160 [ 2599.871446] do_splice_direct+0x1a8/0x270 [ 2599.875612] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2599.880493] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2599.885604] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2599.890379] do_sendfile+0x549/0xc10 [ 2599.894129] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2599.898718] ? wait_for_completion+0x3c0/0x3c0 [ 2599.903329] ? vfs_write+0x15b/0x550 [ 2599.907071] __x64_sys_sendfile64+0x1cc/0x210 [ 2599.911613] ? __ia32_sys_sendfile+0x220/0x220 [ 2599.916214] ? __ia32_sys_clock_settime+0x260/0x260 [ 2599.921257] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2599.926051] ? trace_hardirqs_off_caller+0x55/0x210 [ 2599.931092] ? do_syscall_64+0x21/0x620 [ 2599.935101] do_syscall_64+0xf9/0x620 [ 2599.938911] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2599.944190] RIP: 0033:0x45c829 [ 2599.947852] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2599.966792] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2599.974544] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2599.981910] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2599.989201] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2599.996578] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2600.003869] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:22 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(0xffffffffffffffff, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:22 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc", 0x2c2, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:22 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100686c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:22 executing program 2 (fault-call:5 fault-nth:5): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2600.251998] FAULT_INJECTION: forcing a failure. [ 2600.251998] name failslab, interval 1, probability 0, space 0, times 0 [ 2600.269029] CPU: 0 PID: 24968 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2600.271678] audit: type=1800 audit(1588638802.144:111): pid=24967 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17411 res=0 [ 2600.276956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2600.276963] Call Trace: [ 2600.276991] dump_stack+0x188/0x20d [ 2600.277015] should_fail.cold+0xa/0x1b [ 2600.277065] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2600.321391] ? __lock_is_held+0xad/0x140 [ 2600.325476] __should_failslab+0x115/0x180 [ 2600.329722] should_failslab+0x5/0xf [ 2600.333437] __kmalloc+0x2d3/0x770 [ 2600.337004] ? iter_file_splice_write+0x168/0xb30 [ 2600.341855] ? mark_held_locks+0xf0/0xf0 [ 2600.345926] iter_file_splice_write+0x168/0xb30 [ 2600.350604] ? mark_held_locks+0xf0/0xf0 [ 2600.354680] ? page_cache_pipe_buf_release+0x280/0x280 [ 2600.359991] ? __inode_security_revalidate+0xd3/0x120 [ 2600.365204] ? security_file_permission+0x84/0x220 [ 2600.370144] ? page_cache_pipe_buf_release+0x280/0x280 [ 2600.375438] direct_splice_actor+0x115/0x160 [ 2600.379855] splice_direct_to_actor+0x33f/0x8d0 [ 2600.384537] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2600.389405] ? do_splice_to+0x160/0x160 [ 2600.393409] do_splice_direct+0x1a8/0x270 [ 2600.397584] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2600.402452] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2600.407478] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2600.412245] do_sendfile+0x549/0xc10 [ 2600.415975] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2600.420566] ? wait_for_completion+0x3c0/0x3c0 [ 2600.425158] ? vfs_write+0x15b/0x550 [ 2600.428899] __x64_sys_sendfile64+0x1cc/0x210 [ 2600.433408] ? __ia32_sys_sendfile+0x220/0x220 [ 2600.438018] ? __ia32_sys_clock_settime+0x260/0x260 [ 2600.443055] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2600.447827] ? trace_hardirqs_off_caller+0x55/0x210 [ 2600.452854] ? do_syscall_64+0x21/0x620 [ 2600.456838] do_syscall_64+0xf9/0x620 [ 2600.460654] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2600.465862] RIP: 0033:0x45c829 [ 2600.469067] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2600.488112] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2600.495830] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2600.503127] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2600.510406] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2600.517682] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2600.524959] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2600.545108] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2600.555785] audit: type=1804 audit(1588638802.434:112): pid=24969 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1303/bus" dev="sda1" ino=17409 res=1 [ 2600.605454] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2600.624416] Process accounting resumed 00:33:22 executing program 2 (fault-call:5 fault-nth:6): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:22 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:22 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc", 0x2c2, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2600.649131] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2600.676600] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2600.711146] audit: type=1804 audit(1588638802.454:113): pid=24975 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1283/file0" dev="sda1" ino=17411 res=1 [ 2600.749640] minix_free_inode: bit 1 already cleared [ 2600.762795] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2600.794933] FAULT_INJECTION: forcing a failure. [ 2600.794933] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2600.830490] CPU: 1 PID: 24987 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2600.838436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2600.847814] Call Trace: [ 2600.850427] dump_stack+0x188/0x20d [ 2600.854084] should_fail.cold+0xa/0x1b [ 2600.857996] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2600.863252] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2600.867947] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2600.873002] ? __radix_tree_lookup+0x360/0x360 [ 2600.877612] ? check_preemption_disabled+0x41/0x280 [ 2600.882655] ? find_get_entry+0x397/0x900 [ 2600.886831] alloc_pages_current+0xff/0x200 [ 2600.891175] __page_cache_alloc+0x2ba/0x450 [ 2600.895518] ? ext4_xattr_get+0x181/0x9a0 [ 2600.899686] pagecache_get_page+0x22e/0xb20 [ 2600.904033] grab_cache_page_write_begin+0x73/0xa0 [ 2600.908995] ext4_da_write_begin+0x2b2/0x10d0 [ 2600.913510] ? mark_held_locks+0xa6/0xf0 [ 2600.917582] ? ext4_write_begin+0x15b0/0x15b0 [ 2600.922093] ? copy_page_from_iter+0x810/0x810 [ 2600.926712] generic_perform_write+0x1f8/0x4d0 [ 2600.931324] ? page_endio+0x950/0x950 [ 2600.935135] ? current_time+0x140/0x140 [ 2600.939137] ? lock_acquire+0x170/0x400 [ 2600.943132] ? ext4_file_write_iter+0x21f/0xf90 [ 2600.947831] __generic_file_write_iter+0x24c/0x610 [ 2600.952781] ext4_file_write_iter+0x2fe/0xf90 [ 2600.957283] ? do_splice_direct+0x1a8/0x270 [ 2600.961626] ? do_sendfile+0x549/0xc10 [ 2600.965516] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2600.970204] ? do_syscall_64+0xf9/0x620 [ 2600.974206] ? ext4_file_mmap+0x420/0x420 [ 2600.978368] ? __lock_is_held+0xad/0x140 [ 2600.982482] do_iter_readv_writev+0x50c/0x790 [ 2600.987013] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2600.991796] ? selinux_file_permission+0x87/0x520 [ 2600.996678] ? security_file_permission+0x84/0x220 [ 2601.001652] do_iter_write+0x185/0x5e0 [ 2601.006434] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2601.011468] ? __kmalloc+0x5f8/0x770 [ 2601.015195] ? iter_file_splice_write+0x168/0xb30 [ 2601.020056] vfs_iter_write+0x70/0xa0 [ 2601.023978] iter_file_splice_write+0x60c/0xb30 [ 2601.028677] ? page_cache_pipe_buf_release+0x280/0x280 [ 2601.033980] ? security_file_permission+0x84/0x220 [ 2601.038925] ? page_cache_pipe_buf_release+0x280/0x280 [ 2601.044221] direct_splice_actor+0x115/0x160 [ 2601.048653] splice_direct_to_actor+0x33f/0x8d0 [ 2601.053347] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2601.058214] ? do_splice_to+0x160/0x160 [ 2601.062208] do_splice_direct+0x1a8/0x270 [ 2601.066393] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2601.071266] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2601.076290] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2601.081059] do_sendfile+0x549/0xc10 [ 2601.084788] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2601.089383] ? wait_for_completion+0x3c0/0x3c0 [ 2601.094064] ? vfs_write+0x15b/0x550 [ 2601.097801] __x64_sys_sendfile64+0x1cc/0x210 [ 2601.102303] ? __ia32_sys_sendfile+0x220/0x220 [ 2601.106891] ? __ia32_sys_clock_settime+0x260/0x260 [ 2601.111926] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2601.116704] ? trace_hardirqs_off_caller+0x55/0x210 [ 2601.121744] ? do_syscall_64+0x21/0x620 [ 2601.125747] do_syscall_64+0xf9/0x620 [ 2601.129673] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2601.134893] RIP: 0033:0x45c829 [ 2601.138095] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2601.157038] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2601.164786] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2601.172072] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 00:33:23 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601006c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2601.179350] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2601.186643] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2601.194016] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2601.201838] audit: type=1804 audit(1588638802.704:114): pid=24989 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1304/bus" dev="sda1" ino=17400 res=1 00:33:23 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2601.329877] audit: type=1800 audit(1588638802.704:115): pid=24994 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17409 res=0 [ 2601.364925] audit: type=1804 audit(1588638803.104:116): pid=24997 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1284/file0" dev="sda1" ino=17409 res=1 [ 2601.394660] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2601.404574] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2601.414311] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2601.427934] audit: type=1804 audit(1588638803.294:117): pid=25002 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1305/bus" dev="sda1" ino=17400 res=1 [ 2601.452902] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2601.467459] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2601.520771] Process accounting resumed [ 2601.569894] minix_free_inode: bit 1 already cleared 00:33:24 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e", 0x2f4, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:24 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x3f000000) [ 2602.686842] audit: type=1800 audit(1588638804.554:118): pid=25019 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17414 res=0 [ 2602.721456] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2602.791657] minix_free_inode: bit 1 already cleared 00:33:25 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x0) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:25 executing program 2 (fault-call:5 fault-nth:7): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:25 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e", 0x2f4, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:25 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100746c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2603.267553] audit: type=1800 audit(1588638805.134:119): pid=25039 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17422 res=0 [ 2603.289562] FAULT_INJECTION: forcing a failure. [ 2603.289562] name failslab, interval 1, probability 0, space 0, times 0 [ 2603.305923] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2603.316679] CPU: 0 PID: 25041 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2603.324591] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2603.334072] Call Trace: [ 2603.336681] dump_stack+0x188/0x20d [ 2603.340329] should_fail.cold+0xa/0x1b [ 2603.344235] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2603.349359] ? __lock_is_held+0xad/0x140 [ 2603.352553] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2603.353448] __should_failslab+0x115/0x180 [ 2603.367083] should_failslab+0x5/0xf [ 2603.370812] __kmalloc+0x2d3/0x770 [ 2603.375233] ? ext4_find_extent+0x7d2/0xa50 [ 2603.379579] ? __lock_acquire+0x6ee/0x49c0 [ 2603.383832] ? kmem_cache_alloc+0x127/0x710 [ 2603.388176] ext4_find_extent+0x7d2/0xa50 [ 2603.392353] ext4_ext_map_blocks+0x1a1/0x5100 [ 2603.396875] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 2603.400141] audit: type=1804 audit(1588638805.274:120): pid=25053 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1306/bus" dev="sda1" ino=17429 res=1 [ 2603.401915] ? lock_acquire+0x170/0x400 [ 2603.401930] ? ext4_da_get_block_prep+0x5a7/0x1450 [ 2603.401952] ext4_da_get_block_prep+0xc10/0x1450 [ 2603.439648] ? create_page_buffers+0x212/0x380 [ 2603.444253] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2603.449462] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2603.449944] ? alloc_page_buffers+0x2c2/0x5c0 [ 2603.463402] ? do_raw_spin_lock+0xcb/0x240 [ 2603.467656] ? create_empty_buffers+0x52e/0x830 [ 2603.472341] ? __add_to_page_cache_locked+0x5b7/0xc50 [ 2603.477547] ? do_raw_spin_unlock+0x171/0x260 [ 2603.482067] ? _raw_spin_unlock+0x29/0x40 [ 2603.486240] ? create_page_buffers+0x190/0x380 [ 2603.490846] __block_write_begin_int+0x480/0x17a0 [ 2603.495708] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2603.501357] ? __breadahead_gfp+0xf0/0xf0 [ 2603.505535] ext4_da_write_begin+0x4d8/0x10d0 [ 2603.510063] ? ext4_write_begin+0x15b0/0x15b0 [ 2603.514579] ? copy_page_from_iter+0x810/0x810 [ 2603.519190] generic_perform_write+0x1f8/0x4d0 [ 2603.523797] ? __mnt_drop_write+0x50/0x80 [ 2603.527967] ? page_endio+0x950/0x950 [ 2603.531787] ? current_time+0x140/0x140 [ 2603.535778] ? lock_acquire+0x170/0x400 [ 2603.541244] ? ext4_file_write_iter+0x21f/0xf90 [ 2603.545955] __generic_file_write_iter+0x24c/0x610 [ 2603.545984] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2603.550902] ext4_file_write_iter+0x2fe/0xf90 [ 2603.550917] ? do_splice_direct+0x1a8/0x270 [ 2603.550928] ? do_sendfile+0x549/0xc10 [ 2603.550939] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2603.550953] ? do_syscall_64+0xf9/0x620 [ 2603.550967] ? ext4_file_mmap+0x420/0x420 [ 2603.550982] ? __lock_is_held+0xad/0x140 [ 2603.551004] do_iter_readv_writev+0x50c/0x790 [ 2603.551020] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2603.551033] ? selinux_file_permission+0x87/0x520 [ 2603.551059] ? security_file_permission+0x84/0x220 [ 2603.551079] do_iter_write+0x185/0x5e0 [ 2603.611548] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2603.616581] ? __kmalloc+0x5f8/0x770 [ 2603.620314] ? iter_file_splice_write+0x168/0xb30 [ 2603.625267] vfs_iter_write+0x70/0xa0 [ 2603.629095] iter_file_splice_write+0x60c/0xb30 [ 2603.633791] ? page_cache_pipe_buf_release+0x280/0x280 [ 2603.639112] ? security_file_permission+0x84/0x220 [ 2603.644081] ? page_cache_pipe_buf_release+0x280/0x280 [ 2603.649388] direct_splice_actor+0x115/0x160 [ 2603.653827] splice_direct_to_actor+0x33f/0x8d0 [ 2603.658534] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2603.663422] ? do_splice_to+0x160/0x160 [ 2603.667476] do_splice_direct+0x1a8/0x270 [ 2603.671650] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2603.676542] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2603.681577] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2603.685463] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2603.686376] do_sendfile+0x549/0xc10 [ 2603.699018] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2603.703627] ? wait_for_completion+0x3c0/0x3c0 [ 2603.708229] ? vfs_write+0x15b/0x550 [ 2603.711963] __x64_sys_sendfile64+0x1cc/0x210 [ 2603.716483] ? __ia32_sys_sendfile+0x220/0x220 [ 2603.721115] ? __ia32_sys_clock_settime+0x260/0x260 [ 2603.726148] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2603.730926] ? trace_hardirqs_off_caller+0x55/0x210 [ 2603.735968] ? do_syscall_64+0x21/0x620 [ 2603.739965] do_syscall_64+0xf9/0x620 [ 2603.743787] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2603.748995] RIP: 0033:0x45c829 00:33:25 executing program 2 (fault-call:5 fault-nth:8): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2603.752204] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2603.771127] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2603.778862] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2603.786180] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2603.793473] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2603.800857] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2603.808148] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:25 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601007a6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2603.854029] minix_free_inode: bit 1 already cleared 00:33:25 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2603.902147] FAULT_INJECTION: forcing a failure. [ 2603.902147] name failslab, interval 1, probability 0, space 0, times 0 [ 2603.914149] CPU: 0 PID: 25061 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2603.922102] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2603.931650] Call Trace: [ 2603.934264] dump_stack+0x188/0x20d [ 2603.938025] should_fail.cold+0xa/0x1b [ 2603.941944] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2603.947182] ? kasan_kmalloc+0xbf/0xe0 [ 2603.951090] ? __es_tree_search.isra.0+0x1af/0x210 [ 2603.956046] __should_failslab+0x115/0x180 [ 2603.960419] should_failslab+0x5/0xf [ 2603.964280] kmem_cache_alloc+0x44/0x710 [ 2603.968375] ? ext4_es_scan+0x6f0/0x6f0 [ 2603.972504] __es_insert_extent+0x2ae/0xf20 [ 2603.976856] ext4_es_insert_extent+0x22e/0x5e0 [ 2603.981473] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 2603.987305] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2603.992348] ? ext4_es_find_delayed_extent_range+0x7d7/0x9f0 [ 2603.998188] ext4_ext_put_gap_in_cache+0xe7/0x140 [ 2604.003079] ? ext4_zeroout_es+0x180/0x180 [ 2604.007340] ? ext4_find_extent+0x6bb/0xa50 [ 2604.011723] ext4_ext_map_blocks+0x1e77/0x5100 [ 2604.016336] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 2604.021386] ? lock_acquire+0x170/0x400 [ 2604.025375] ? ext4_da_get_block_prep+0x5a7/0x1450 [ 2604.030334] ext4_da_get_block_prep+0xc10/0x1450 [ 2604.035113] ? create_page_buffers+0x212/0x380 [ 2604.039714] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2604.045367] ? alloc_page_buffers+0x2c2/0x5c0 [ 2604.049879] ? do_raw_spin_lock+0xcb/0x240 [ 2604.054333] ? create_empty_buffers+0x52e/0x830 [ 2604.059029] ? __add_to_page_cache_locked+0x5b7/0xc50 [ 2604.064231] ? do_raw_spin_unlock+0x171/0x260 [ 2604.068745] ? _raw_spin_unlock+0x29/0x40 [ 2604.072899] ? create_page_buffers+0x190/0x380 [ 2604.077501] __block_write_begin_int+0x480/0x17a0 [ 2604.082364] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2604.088014] ? __breadahead_gfp+0xf0/0xf0 [ 2604.092186] ext4_da_write_begin+0x4d8/0x10d0 [ 2604.096697] ? ext4_write_begin+0x15b0/0x15b0 [ 2604.101200] ? copy_page_from_iter+0x810/0x810 [ 2604.105799] generic_perform_write+0x1f8/0x4d0 [ 2604.110418] ? __mnt_drop_write+0x50/0x80 [ 2604.114583] ? page_endio+0x950/0x950 [ 2604.118392] ? current_time+0x140/0x140 [ 2604.122378] ? lock_acquire+0x170/0x400 [ 2604.126362] ? ext4_file_write_iter+0x21f/0xf90 [ 2604.131038] __generic_file_write_iter+0x24c/0x610 [ 2604.135987] ext4_file_write_iter+0x2fe/0xf90 [ 2604.140494] ? do_splice_direct+0x1a8/0x270 [ 2604.144820] ? do_sendfile+0x549/0xc10 [ 2604.148724] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2604.153413] ? do_syscall_64+0xf9/0x620 [ 2604.157396] ? ext4_file_mmap+0x420/0x420 [ 2604.161828] ? __lock_is_held+0xad/0x140 [ 2604.165905] do_iter_readv_writev+0x50c/0x790 [ 2604.170408] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2604.175169] ? selinux_file_permission+0x87/0x520 [ 2604.180121] ? security_file_permission+0x84/0x220 [ 2604.185068] do_iter_write+0x185/0x5e0 [ 2604.188971] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2604.193993] ? __kmalloc+0x5f8/0x770 [ 2604.197720] ? iter_file_splice_write+0x168/0xb30 [ 2604.202600] vfs_iter_write+0x70/0xa0 [ 2604.206411] iter_file_splice_write+0x60c/0xb30 [ 2604.211118] ? page_cache_pipe_buf_release+0x280/0x280 [ 2604.216436] ? security_file_permission+0x84/0x220 [ 2604.221406] ? page_cache_pipe_buf_release+0x280/0x280 [ 2604.226707] direct_splice_actor+0x115/0x160 [ 2604.231138] splice_direct_to_actor+0x33f/0x8d0 [ 2604.235823] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2604.240682] ? do_splice_to+0x160/0x160 [ 2604.244676] do_splice_direct+0x1a8/0x270 [ 2604.248839] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2604.253707] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2604.258751] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2604.263528] do_sendfile+0x549/0xc10 [ 2604.267261] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2604.271863] ? wait_for_completion+0x3c0/0x3c0 [ 2604.276453] ? vfs_write+0x15b/0x550 [ 2604.280179] __x64_sys_sendfile64+0x1cc/0x210 [ 2604.284706] ? __ia32_sys_sendfile+0x220/0x220 [ 2604.289324] ? __ia32_sys_clock_settime+0x260/0x260 [ 2604.294360] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2604.299129] ? trace_hardirqs_off_caller+0x55/0x210 [ 2604.304158] ? do_syscall_64+0x21/0x620 [ 2604.308150] do_syscall_64+0xf9/0x620 [ 2604.311961] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2604.317165] RIP: 0033:0x45c829 [ 2604.320359] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2604.339268] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2604.347207] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 00:33:26 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e", 0x2f4, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2604.354491] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2604.361780] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2604.369050] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2604.376346] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:26 executing program 2 (fault-call:5 fault-nth:9): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2604.522281] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2604.538908] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2604.551876] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2604.564567] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2604.581687] minix_free_inode: bit 1 already cleared 00:33:26 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2604.638896] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2604.665018] FAULT_INJECTION: forcing a failure. [ 2604.665018] name failslab, interval 1, probability 0, space 0, times 0 [ 2604.676791] CPU: 0 PID: 25081 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2604.684691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2604.694054] Call Trace: [ 2604.696663] dump_stack+0x188/0x20d [ 2604.700333] should_fail.cold+0xa/0x1b [ 2604.704246] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2604.709372] ? __lock_acquire+0x6ee/0x49c0 [ 2604.713627] ? __es_tree_search.isra.0+0x1af/0x210 [ 2604.718582] __should_failslab+0x115/0x180 [ 2604.722835] should_failslab+0x5/0xf [ 2604.726588] kmem_cache_alloc+0x44/0x710 [ 2604.730677] ? ext4_es_can_be_merged+0x194/0x290 [ 2604.735449] __es_insert_extent+0x2ae/0xf20 [ 2604.739792] ext4_es_insert_extent+0x22e/0x5e0 [ 2604.744397] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 2604.750215] ? lock_downgrade+0x740/0x740 [ 2604.754386] ext4_da_get_block_prep+0x8e9/0x1450 [ 2604.759180] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2604.764822] ? retint_kernel+0x2d/0x2d [ 2604.768731] ? __block_write_begin_int+0x3c3/0x17a0 [ 2604.773851] __block_write_begin_int+0x480/0x17a0 [ 2604.778711] ? ext4_inode_attach_jinode.part.0+0x150/0x150 [ 2604.784371] ? __breadahead_gfp+0xf0/0xf0 [ 2604.788571] ext4_da_write_begin+0x4d8/0x10d0 [ 2604.793098] ? ext4_write_begin+0x15b0/0x15b0 [ 2604.797609] ? copy_page_from_iter+0x810/0x810 [ 2604.802224] generic_perform_write+0x1f8/0x4d0 [ 2604.806830] ? __mnt_drop_write+0x50/0x80 [ 2604.810995] ? page_endio+0x950/0x950 [ 2604.814807] ? current_time+0x140/0x140 [ 2604.818800] ? lock_acquire+0x170/0x400 [ 2604.822795] ? ext4_file_write_iter+0x21f/0xf90 [ 2604.827493] __generic_file_write_iter+0x24c/0x610 [ 2604.832467] ext4_file_write_iter+0x2fe/0xf90 [ 2604.836978] ? do_splice_direct+0x1a8/0x270 [ 2604.841755] ? do_sendfile+0x549/0xc10 [ 2604.845668] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2604.850360] ? do_syscall_64+0xf9/0x620 [ 2604.854354] ? ext4_file_mmap+0x420/0x420 [ 2604.858528] ? __lock_is_held+0xad/0x140 [ 2604.862629] do_iter_readv_writev+0x50c/0x790 [ 2604.867158] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2604.871932] ? selinux_file_permission+0x87/0x520 [ 2604.876795] ? security_file_permission+0x84/0x220 [ 2604.881759] do_iter_write+0x185/0x5e0 [ 2604.885667] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2604.890701] ? __kmalloc+0x5f8/0x770 [ 2604.894430] ? iter_file_splice_write+0x168/0xb30 [ 2604.899292] vfs_iter_write+0x70/0xa0 [ 2604.903119] iter_file_splice_write+0x60c/0xb30 [ 2604.907845] ? page_cache_pipe_buf_release+0x280/0x280 [ 2604.913154] ? security_file_permission+0x84/0x220 [ 2604.918112] ? page_cache_pipe_buf_release+0x280/0x280 [ 2604.923410] direct_splice_actor+0x115/0x160 [ 2604.927838] splice_direct_to_actor+0x33f/0x8d0 [ 2604.932528] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2604.937390] ? do_splice_to+0x160/0x160 [ 2604.941490] do_splice_direct+0x1a8/0x270 [ 2604.945655] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2604.950514] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2604.955645] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2604.960411] do_sendfile+0x549/0xc10 [ 2604.965118] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2604.969723] ? wait_for_completion+0x3c0/0x3c0 [ 2604.974330] ? vfs_write+0x15b/0x550 [ 2604.978105] __x64_sys_sendfile64+0x1cc/0x210 [ 2604.982652] ? __ia32_sys_sendfile+0x220/0x220 [ 2604.987231] ? __ia32_sys_clock_settime+0x260/0x260 [ 2604.992284] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2604.997064] ? trace_hardirqs_off_caller+0x55/0x210 [ 2605.002104] ? do_syscall_64+0x21/0x620 [ 2605.006095] do_syscall_64+0xf9/0x620 [ 2605.009917] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2605.015115] RIP: 0033:0x45c829 [ 2605.018299] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2605.037209] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2605.044935] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2605.052214] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2605.059521] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2605.066797] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2605.074080] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:27 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfeffffff) 00:33:27 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601bb806c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2605.731437] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2605.748225] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2605.764042] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2605.785730] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:28 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:28 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:28 executing program 2 (fault-call:5 fault-nth:10): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:28 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:28 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60180bb6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2606.398216] FAULT_INJECTION: forcing a failure. [ 2606.398216] name failslab, interval 1, probability 0, space 0, times 0 [ 2606.410395] CPU: 0 PID: 25126 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2606.414895] kauditd_printk_skb: 3 callbacks suppressed [ 2606.414907] audit: type=1800 audit(1588638808.284:124): pid=25123 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17449 res=0 [ 2606.418318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2606.418352] Call Trace: [ 2606.418382] dump_stack+0x188/0x20d [ 2606.443300] audit: type=1804 audit(1588638808.284:125): pid=25122 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1309/bus" dev="sda1" ino=17450 res=1 [ 2606.443368] should_fail.cold+0xa/0x1b [ 2606.454180] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2606.455328] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2606.455344] ? __lock_is_held+0xad/0x140 [ 2606.455368] __should_failslab+0x115/0x180 [ 2606.455384] should_failslab+0x5/0xf [ 2606.455402] kmem_cache_alloc+0x29f/0x710 [ 2606.515742] ext4_init_io_end+0x23/0x110 [ 2606.519815] ext4_writepages+0x1170/0x3450 [ 2606.520643] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2606.524439] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2606.524457] ? mark_buffer_dirty+0x107/0x630 [ 2606.524480] ? __lock_acquire+0x6ee/0x49c0 [ 2606.524496] ? ext4_mark_iloc_dirty+0x1834/0x2c00 [ 2606.524514] ? ext4_mark_inode_dirty+0x890/0x890 [ 2606.524532] ? mark_held_locks+0xf0/0xf0 [ 2606.557838] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2606.560951] ? ext4_mark_inode_dirty+0x890/0x890 [ 2606.560966] ? do_writepages+0xf3/0x2a0 [ 2606.560978] do_writepages+0xf3/0x2a0 [ 2606.560995] ? page_writeback_cpu_online+0x10/0x10 [ 2606.561012] ? lock_acquire+0x170/0x400 [ 2606.561026] ? do_raw_spin_unlock+0x171/0x260 [ 2606.561051] ? _raw_spin_unlock+0x29/0x40 [ 2606.585229] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2606.587641] __filemap_fdatawrite_range+0x27d/0x350 [ 2606.587660] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2606.587687] ? generic_perform_write+0x367/0x4d0 [ 2606.587705] file_write_and_wait_range+0x93/0x100 [ 2606.603933] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2606.609289] __generic_file_fsync+0x74/0x1f0 [ 2606.609312] ext4_sync_file+0x818/0x1440 [ 2606.609329] ? ext4_getfsmap+0x950/0x950 [ 2606.609345] vfs_fsync_range+0x138/0x220 [ 2606.609363] ext4_file_write_iter+0x75a/0xf90 [ 2606.609377] ? do_splice_direct+0x1a8/0x270 [ 2606.609395] ? do_sendfile+0x549/0xc10 [ 2606.666815] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2606.671512] ? do_syscall_64+0xf9/0x620 [ 2606.675517] ? ext4_file_mmap+0x420/0x420 [ 2606.679714] ? __lock_is_held+0xad/0x140 [ 2606.683850] do_iter_readv_writev+0x50c/0x790 [ 2606.688378] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2606.693177] ? selinux_file_permission+0x87/0x520 [ 2606.698049] ? security_file_permission+0x84/0x220 [ 2606.703018] do_iter_write+0x185/0x5e0 [ 2606.706938] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2606.711983] ? __kmalloc+0x5f8/0x770 [ 2606.715714] ? iter_file_splice_write+0x168/0xb30 [ 2606.720575] ? __lock_acquire+0x6ee/0x49c0 [ 2606.724874] vfs_iter_write+0x70/0xa0 [ 2606.728702] iter_file_splice_write+0x60c/0xb30 [ 2606.733403] ? page_cache_pipe_buf_release+0x280/0x280 [ 2606.738719] ? security_file_permission+0x84/0x220 [ 2606.743667] ? page_cache_pipe_buf_release+0x280/0x280 [ 2606.748974] direct_splice_actor+0x115/0x160 [ 2606.753408] splice_direct_to_actor+0x33f/0x8d0 [ 2606.758101] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2606.762972] ? do_splice_to+0x160/0x160 [ 2606.766971] do_splice_direct+0x1a8/0x270 [ 2606.771754] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2606.776629] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2606.781673] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2606.786461] do_sendfile+0x549/0xc10 [ 2606.790214] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2606.794818] ? wait_for_completion+0x3c0/0x3c0 [ 2606.799422] ? vfs_write+0x15b/0x550 [ 2606.803154] __x64_sys_sendfile64+0x1cc/0x210 [ 2606.807643] ? __ia32_sys_sendfile+0x220/0x220 [ 2606.812220] ? __ia32_sys_clock_settime+0x260/0x260 [ 2606.817236] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2606.821993] ? trace_hardirqs_off_caller+0x55/0x210 [ 2606.827060] ? do_syscall_64+0x21/0x620 [ 2606.831297] do_syscall_64+0xf9/0x620 [ 2606.835094] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2606.840273] RIP: 0033:0x45c829 [ 2606.843465] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2606.862409] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2606.870131] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2606.877398] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2606.884661] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2606.891940] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 00:33:28 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e6010fff6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2606.899240] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:28 executing program 2 (fault-call:5 fault-nth:11): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2606.945589] Process accounting resumed 00:33:28 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, 0x0, 0x0) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2606.972813] minix_free_inode: bit 1 already cleared 00:33:28 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2607.045435] audit: type=1804 audit(1588638808.914:126): pid=25141 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1310/bus" dev="sda1" ino=17438 res=1 [ 2607.076729] FAULT_INJECTION: forcing a failure. [ 2607.076729] name failslab, interval 1, probability 0, space 0, times 0 [ 2607.120828] CPU: 0 PID: 25137 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2607.128787] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2607.138157] Call Trace: [ 2607.140775] dump_stack+0x188/0x20d [ 2607.144436] should_fail.cold+0xa/0x1b [ 2607.148358] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2607.153243] audit: type=1800 audit(1588638808.994:127): pid=25147 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17442 res=0 [ 2607.153486] ? __lock_is_held+0xad/0x140 [ 2607.177287] __should_failslab+0x115/0x180 [ 2607.181715] should_failslab+0x5/0xf [ 2607.183921] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2607.185448] kmem_cache_alloc+0x29f/0x710 [ 2607.185464] ? ext4_put_io_end_defer+0xc3/0x3f0 [ 2607.185481] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2607.185494] ? kmem_cache_free+0x218/0x260 [ 2607.185512] ext4_init_io_end+0x23/0x110 [ 2607.185531] ext4_writepages+0x1230/0x3450 [ 2607.219529] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2607.224670] ? ext4_mark_iloc_dirty+0x1834/0x2c00 [ 2607.229540] ? ext4_mark_inode_dirty+0x890/0x890 [ 2607.234352] ? mark_held_locks+0xf0/0xf0 [ 2607.238456] ? ext4_mark_inode_dirty+0x890/0x890 [ 2607.243205] ? do_writepages+0xf3/0x2a0 [ 2607.247247] do_writepages+0xf3/0x2a0 [ 2607.251076] ? page_writeback_cpu_online+0x10/0x10 [ 2607.256031] ? lock_acquire+0x170/0x400 [ 2607.260021] ? do_raw_spin_unlock+0x171/0x260 [ 2607.264532] ? _raw_spin_unlock+0x29/0x40 [ 2607.268834] __filemap_fdatawrite_range+0x27d/0x350 [ 2607.273958] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2607.279358] ? generic_perform_write+0x367/0x4d0 [ 2607.284148] file_write_and_wait_range+0x93/0x100 [ 2607.289012] __generic_file_fsync+0x74/0x1f0 [ 2607.293455] ext4_sync_file+0x818/0x1440 [ 2607.297540] ? ext4_getfsmap+0x950/0x950 [ 2607.301628] vfs_fsync_range+0x138/0x220 [ 2607.305718] ext4_file_write_iter+0x75a/0xf90 [ 2607.310354] ? do_splice_direct+0x1a8/0x270 [ 2607.314692] ? do_sendfile+0x549/0xc10 [ 2607.318590] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2607.323267] ? do_syscall_64+0xf9/0x620 [ 2607.327264] ? ext4_file_mmap+0x420/0x420 [ 2607.331424] ? __lock_is_held+0xad/0x140 [ 2607.335519] do_iter_readv_writev+0x50c/0x790 [ 2607.340027] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2607.344793] ? selinux_file_permission+0x87/0x520 [ 2607.349650] ? security_file_permission+0x84/0x220 [ 2607.354596] do_iter_write+0x185/0x5e0 [ 2607.358498] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2607.363528] ? __kmalloc+0x5f8/0x770 [ 2607.367269] ? iter_file_splice_write+0x168/0xb30 [ 2607.372123] vfs_iter_write+0x70/0xa0 [ 2607.375936] iter_file_splice_write+0x60c/0xb30 [ 2607.380626] ? page_cache_pipe_buf_release+0x280/0x280 [ 2607.385949] ? security_file_permission+0x84/0x220 [ 2607.390890] ? page_cache_pipe_buf_release+0x280/0x280 [ 2607.396188] direct_splice_actor+0x115/0x160 [ 2607.400609] splice_direct_to_actor+0x33f/0x8d0 [ 2607.405292] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2607.410148] ? do_splice_to+0x160/0x160 [ 2607.414133] do_splice_direct+0x1a8/0x270 [ 2607.418289] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2607.423166] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2607.428210] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2607.432984] do_sendfile+0x549/0xc10 [ 2607.436740] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2607.441347] ? wait_for_completion+0x3c0/0x3c0 [ 2607.445943] ? vfs_write+0x15b/0x550 [ 2607.449668] __x64_sys_sendfile64+0x1cc/0x210 [ 2607.454170] ? __ia32_sys_sendfile+0x220/0x220 [ 2607.458757] ? __ia32_sys_clock_settime+0x260/0x260 [ 2607.463786] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2607.468546] ? trace_hardirqs_off_caller+0x55/0x210 [ 2607.473566] ? do_syscall_64+0x21/0x620 [ 2607.477584] do_syscall_64+0xf9/0x620 [ 2607.481395] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2607.486604] RIP: 0033:0x45c829 [ 2607.489804] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2607.508715] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 00:33:29 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, 0x0, 0x0) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2607.516433] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2607.523719] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2607.531101] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2607.538381] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2607.545665] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2607.585988] Process accounting resumed [ 2607.596147] minix_free_inode: bit 1 already cleared [ 2607.661734] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2607.671084] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2607.671647] audit: type=1804 audit(1588638809.554:128): pid=25154 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1311/bus" dev="sda1" ino=15975 res=1 [ 2607.684089] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2607.745835] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:30 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfffffffe) 00:33:30 executing program 2 (fault-call:5 fault-nth:12): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2608.757598] FAULT_INJECTION: forcing a failure. [ 2608.757598] name failslab, interval 1, probability 0, space 0, times 0 [ 2608.769559] CPU: 0 PID: 25168 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2608.777854] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2608.787212] Call Trace: [ 2608.789805] dump_stack+0x188/0x20d [ 2608.793428] should_fail.cold+0xa/0x1b [ 2608.797321] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2608.802423] ? __lock_is_held+0xad/0x140 [ 2608.806517] __should_failslab+0x115/0x180 [ 2608.810758] should_failslab+0x5/0xf [ 2608.814488] __kmalloc+0x2d3/0x770 [ 2608.818038] ? ext4_find_extent+0x7d2/0xa50 [ 2608.822468] ? __lock_acquire+0x6ee/0x49c0 [ 2608.826757] ext4_find_extent+0x7d2/0xa50 [ 2608.830918] ext4_ext_map_blocks+0x1a1/0x5100 [ 2608.835431] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 2608.840462] ? lock_acquire+0x170/0x400 [ 2608.844426] ? ext4_map_blocks+0x883/0x1970 [ 2608.848747] ext4_map_blocks+0x8e5/0x1970 [ 2608.852890] ? ext4_issue_zeroout+0x160/0x160 [ 2608.857411] ext4_writepages+0x1e5b/0x3450 [ 2608.861668] ? ext4_mark_inode_dirty+0x890/0x890 [ 2608.866441] ? mark_held_locks+0xf0/0xf0 [ 2608.870516] ? ext4_mark_inode_dirty+0x890/0x890 [ 2608.875263] ? do_writepages+0xf3/0x2a0 [ 2608.879232] do_writepages+0xf3/0x2a0 [ 2608.883028] ? page_writeback_cpu_online+0x10/0x10 [ 2608.887967] ? lock_acquire+0x170/0x400 [ 2608.891935] ? do_raw_spin_unlock+0x171/0x260 [ 2608.896424] ? _raw_spin_unlock+0x29/0x40 [ 2608.900596] __filemap_fdatawrite_range+0x27d/0x350 [ 2608.905646] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2608.911384] ? generic_perform_write+0x367/0x4d0 [ 2608.916172] file_write_and_wait_range+0x93/0x100 [ 2608.921044] __generic_file_fsync+0x74/0x1f0 [ 2608.925460] ext4_sync_file+0x818/0x1440 [ 2608.929550] ? ext4_getfsmap+0x950/0x950 [ 2608.933625] vfs_fsync_range+0x138/0x220 [ 2608.937697] ext4_file_write_iter+0x75a/0xf90 [ 2608.942194] ? do_splice_direct+0x1a8/0x270 [ 2608.946524] ? do_sendfile+0x549/0xc10 [ 2608.950431] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2608.955125] ? do_syscall_64+0xf9/0x620 [ 2608.959110] ? ext4_file_mmap+0x420/0x420 [ 2608.963307] ? __lock_is_held+0xad/0x140 [ 2608.967375] do_iter_readv_writev+0x50c/0x790 [ 2608.971879] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2608.976634] ? selinux_file_permission+0x87/0x520 [ 2608.981494] ? security_file_permission+0x84/0x220 [ 2608.986428] do_iter_write+0x185/0x5e0 [ 2608.990313] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2608.995333] ? __kmalloc+0x5f8/0x770 [ 2608.999073] ? iter_file_splice_write+0x168/0xb30 [ 2609.003938] vfs_iter_write+0x70/0xa0 [ 2609.007739] iter_file_splice_write+0x60c/0xb30 [ 2609.012429] ? page_cache_pipe_buf_release+0x280/0x280 [ 2609.017907] ? security_file_permission+0x84/0x220 [ 2609.022847] ? page_cache_pipe_buf_release+0x280/0x280 [ 2609.028140] direct_splice_actor+0x115/0x160 [ 2609.032745] splice_direct_to_actor+0x33f/0x8d0 [ 2609.037420] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2609.042263] ? do_splice_to+0x160/0x160 [ 2609.046239] do_splice_direct+0x1a8/0x270 [ 2609.050397] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2609.055253] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2609.060263] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2609.065014] do_sendfile+0x549/0xc10 [ 2609.068875] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2609.073476] ? wait_for_completion+0x3c0/0x3c0 [ 2609.078096] ? vfs_write+0x15b/0x550 [ 2609.081820] __x64_sys_sendfile64+0x1cc/0x210 [ 2609.086318] ? __ia32_sys_sendfile+0x220/0x220 [ 2609.090896] ? __ia32_sys_clock_settime+0x260/0x260 [ 2609.095915] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2609.100689] ? trace_hardirqs_off_caller+0x55/0x210 [ 2609.105733] ? do_syscall_64+0x21/0x620 [ 2609.110420] do_syscall_64+0xf9/0x620 [ 2609.114250] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2609.119464] RIP: 0033:0x45c829 [ 2609.122660] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2609.141590] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2609.149304] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2609.156582] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2609.163889] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2609.171271] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2609.178567] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:31 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100000a000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:31 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:31 executing program 2 (fault-call:5 fault-nth:13): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:31 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:31 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, 0x0, 0x0) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2609.441953] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2609.445169] FAULT_INJECTION: forcing a failure. [ 2609.445169] name failslab, interval 1, probability 0, space 0, times 0 [ 2609.460775] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2609.475403] audit: type=1804 audit(1588638811.344:129): pid=25184 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1312/bus" dev="sda1" ino=17465 res=1 [ 2609.496395] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2609.508263] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2609.528065] CPU: 0 PID: 25182 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2609.536014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2609.545389] Call Trace: [ 2609.548021] dump_stack+0x188/0x20d [ 2609.551681] should_fail.cold+0xa/0x1b [ 2609.555635] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2609.560816] ? __lock_is_held+0xad/0x140 [ 2609.561442] audit: type=1800 audit(1588638811.374:130): pid=25185 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17466 res=0 [ 2609.565543] ? is_bpf_text_address+0xa9/0x160 [ 2609.565569] __should_failslab+0x115/0x180 [ 2609.565586] should_failslab+0x5/0xf [ 2609.565603] kmem_cache_alloc+0x29f/0x710 [ 2609.602480] ext4_mb_new_blocks+0x5ab/0x3d30 [ 2609.606915] ? ext4_find_extent+0x7d2/0xa50 [ 2609.611269] ? ext4_ext_search_right+0x2c7/0xb50 [ 2609.616055] ? ext4_inode_to_goal_block+0x2df/0x3f0 [ 2609.621120] ext4_ext_map_blocks+0x28b5/0x5100 [ 2609.622977] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2609.625733] ? ext4_find_delalloc_cluster+0xb0/0xb0 [ 2609.638958] ext4_map_blocks+0x8e5/0x1970 [ 2609.643142] ? ext4_issue_zeroout+0x160/0x160 [ 2609.647681] ext4_writepages+0x1e5b/0x3450 [ 2609.651956] ? ext4_mark_inode_dirty+0x890/0x890 [ 2609.656742] ? mark_held_locks+0xf0/0xf0 [ 2609.660842] ? ext4_mark_inode_dirty+0x890/0x890 [ 2609.665617] ? do_writepages+0xf3/0x2a0 [ 2609.669691] do_writepages+0xf3/0x2a0 [ 2609.673540] ? page_writeback_cpu_online+0x10/0x10 [ 2609.678493] ? lock_acquire+0x170/0x400 [ 2609.682489] ? do_raw_spin_unlock+0x171/0x260 [ 2609.687011] ? _raw_spin_unlock+0x29/0x40 [ 2609.691188] __filemap_fdatawrite_range+0x27d/0x350 [ 2609.696227] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2609.701624] ? generic_perform_write+0x367/0x4d0 [ 2609.706412] file_write_and_wait_range+0x93/0x100 [ 2609.711280] __generic_file_fsync+0x74/0x1f0 [ 2609.715718] ext4_sync_file+0x818/0x1440 [ 2609.719802] ? ext4_getfsmap+0x950/0x950 [ 2609.723866] vfs_fsync_range+0x138/0x220 [ 2609.728063] ext4_file_write_iter+0x75a/0xf90 [ 2609.732576] ? do_splice_direct+0x1a8/0x270 [ 2609.736909] ? do_sendfile+0x549/0xc10 [ 2609.740912] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2609.745620] ? do_syscall_64+0xf9/0x620 [ 2609.749620] ? ext4_file_mmap+0x420/0x420 [ 2609.753794] ? __lock_is_held+0xad/0x140 [ 2609.757862] do_iter_readv_writev+0x50c/0x790 [ 2609.762438] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2609.767204] ? selinux_file_permission+0x87/0x520 [ 2609.772104] ? security_file_permission+0x84/0x220 [ 2609.777054] do_iter_write+0x185/0x5e0 [ 2609.781027] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2609.787550] ? __kmalloc+0x5f8/0x770 [ 2609.791257] ? iter_file_splice_write+0x168/0xb30 [ 2609.796132] vfs_iter_write+0x70/0xa0 [ 2609.799936] iter_file_splice_write+0x60c/0xb30 [ 2609.804608] ? page_cache_pipe_buf_release+0x280/0x280 [ 2609.809889] ? security_file_permission+0x84/0x220 [ 2609.814813] ? page_cache_pipe_buf_release+0x280/0x280 [ 2609.820087] direct_splice_actor+0x115/0x160 [ 2609.824500] splice_direct_to_actor+0x33f/0x8d0 [ 2609.829282] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2609.834143] ? do_splice_to+0x160/0x160 [ 2609.838116] do_splice_direct+0x1a8/0x270 [ 2609.842261] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2609.847132] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2609.852143] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2609.856906] do_sendfile+0x549/0xc10 [ 2609.860632] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2609.865281] ? wait_for_completion+0x3c0/0x3c0 [ 2609.869869] ? vfs_write+0x15b/0x550 [ 2609.873586] __x64_sys_sendfile64+0x1cc/0x210 [ 2609.878097] ? __ia32_sys_sendfile+0x220/0x220 [ 2609.882696] ? __ia32_sys_clock_settime+0x260/0x260 [ 2609.887754] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2609.892549] ? trace_hardirqs_off_caller+0x55/0x210 [ 2609.897586] ? do_syscall_64+0x21/0x620 [ 2609.901557] do_syscall_64+0xf9/0x620 [ 2609.905355] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2609.910536] RIP: 0033:0x45c829 [ 2609.913726] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2609.932651] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 00:33:31 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000025000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2609.940363] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2609.947657] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2609.954923] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2609.962187] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2609.969452] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:31 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x0, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2609.999810] Process accounting resumed [ 2610.006547] minix_free_inode: bit 1 already cleared 00:33:31 executing program 2 (fault-call:5 fault-nth:14): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:31 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x0, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2610.074635] audit: type=1804 audit(1588638811.944:131): pid=25197 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1313/bus" dev="sda1" ino=17451 res=1 00:33:32 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a", 0x31a, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2610.209476] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2610.233294] FAULT_INJECTION: forcing a failure. [ 2610.233294] name failslab, interval 1, probability 0, space 0, times 0 [ 2610.240735] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2610.245269] CPU: 1 PID: 25212 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2610.261965] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2610.271329] Call Trace: [ 2610.273937] dump_stack+0x188/0x20d [ 2610.275681] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2610.277667] should_fail.cold+0xa/0x1b [ 2610.277685] ? __es_remove_extent+0x473/0x7d0 [ 2610.277701] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2610.277718] ? __es_remove_extent+0x473/0x7d0 [ 2610.277734] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2610.277751] ? kmem_cache_free+0x218/0x260 [ 2610.313929] __should_failslab+0x115/0x180 [ 2610.318181] should_failslab+0x5/0xf [ 2610.321932] kmem_cache_alloc+0x44/0x710 [ 2610.326016] ? ext4_es_can_be_merged+0x194/0x290 [ 2610.330800] __es_insert_extent+0x2ae/0xf20 [ 2610.335153] ext4_es_insert_extent+0x22e/0x5e0 [ 2610.339761] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 2610.345592] ext4_map_blocks+0xb68/0x1970 [ 2610.349787] ? ext4_issue_zeroout+0x160/0x160 [ 2610.354346] ext4_writepages+0x1e5b/0x3450 [ 2610.358752] ? ext4_mark_inode_dirty+0x890/0x890 [ 2610.363557] ? mark_held_locks+0xf0/0xf0 [ 2610.367669] ? ext4_mark_inode_dirty+0x890/0x890 [ 2610.372450] ? do_writepages+0xf3/0x2a0 [ 2610.376463] do_writepages+0xf3/0x2a0 [ 2610.380287] ? page_writeback_cpu_online+0x10/0x10 [ 2610.385238] ? lock_acquire+0x170/0x400 [ 2610.389231] ? do_raw_spin_unlock+0x171/0x260 [ 2610.393745] ? _raw_spin_unlock+0x29/0x40 [ 2610.398019] __filemap_fdatawrite_range+0x27d/0x350 [ 2610.403081] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2610.408485] ? generic_perform_write+0x367/0x4d0 [ 2610.413290] file_write_and_wait_range+0x93/0x100 [ 2610.418163] __generic_file_fsync+0x74/0x1f0 [ 2610.422691] ext4_sync_file+0x818/0x1440 [ 2610.426770] ? ext4_getfsmap+0x950/0x950 [ 2610.430850] vfs_fsync_range+0x138/0x220 [ 2610.435038] ext4_file_write_iter+0x75a/0xf90 [ 2610.439603] ? do_splice_direct+0x1a8/0x270 [ 2610.444100] ? do_sendfile+0x549/0xc10 [ 2610.447997] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2610.452683] ? do_syscall_64+0xf9/0x620 [ 2610.456690] ? ext4_file_mmap+0x420/0x420 [ 2610.461120] ? __lock_is_held+0xad/0x140 [ 2610.465272] do_iter_readv_writev+0x50c/0x790 [ 2610.469788] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2610.474557] ? selinux_file_permission+0x87/0x520 [ 2610.479407] ? security_file_permission+0x84/0x220 [ 2610.484340] do_iter_write+0x185/0x5e0 [ 2610.488233] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2610.493295] ? __kmalloc+0x5f8/0x770 [ 2610.497096] ? iter_file_splice_write+0x168/0xb30 [ 2610.501949] vfs_iter_write+0x70/0xa0 [ 2610.505808] iter_file_splice_write+0x60c/0xb30 [ 2610.510487] ? page_cache_pipe_buf_release+0x280/0x280 [ 2610.515894] ? security_file_permission+0x84/0x220 [ 2610.520831] ? page_cache_pipe_buf_release+0x280/0x280 [ 2610.526117] direct_splice_actor+0x115/0x160 [ 2610.530519] splice_direct_to_actor+0x33f/0x8d0 [ 2610.535203] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2610.540058] ? do_splice_to+0x160/0x160 [ 2610.544026] do_splice_direct+0x1a8/0x270 [ 2610.548199] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2610.553066] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2610.558144] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2610.562914] do_sendfile+0x549/0xc10 [ 2610.566647] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2610.571245] ? wait_for_completion+0x3c0/0x3c0 [ 2610.575822] ? vfs_write+0x15b/0x550 [ 2610.580402] __x64_sys_sendfile64+0x1cc/0x210 [ 2610.584925] ? __ia32_sys_sendfile+0x220/0x220 [ 2610.589524] ? __ia32_sys_clock_settime+0x260/0x260 [ 2610.594538] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2610.599288] ? trace_hardirqs_off_caller+0x55/0x210 [ 2610.604320] ? do_syscall_64+0x21/0x620 [ 2610.608321] do_syscall_64+0xf9/0x620 [ 2610.612136] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2610.617433] RIP: 0033:0x45c829 [ 2610.620631] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2610.639534] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2610.647475] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2610.655139] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2610.662431] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2610.669709] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2610.677685] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2610.687831] audit: type=1804 audit(1588638812.124:132): pid=25207 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1314/bus" dev="sda1" ino=17461 res=1 [ 2610.714781] audit: type=1800 audit(1588638812.124:133): pid=25214 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17474 res=0 [ 2610.715311] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2610.757070] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2610.839824] Process accounting resumed 00:33:33 executing program 2 (fault-call:5 fault-nth:15): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:33 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x2000000000) 00:33:33 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x0, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:33 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a", 0x31a, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2611.768743] FAULT_INJECTION: forcing a failure. [ 2611.768743] name failslab, interval 1, probability 0, space 0, times 0 [ 2611.770403] kauditd_printk_skb: 1 callbacks suppressed [ 2611.770416] audit: type=1800 audit(1588638813.634:135): pid=25235 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16147 res=0 [ 2611.780547] CPU: 0 PID: 25234 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2611.813186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2611.822559] Call Trace: [ 2611.825172] dump_stack+0x188/0x20d [ 2611.828827] should_fail.cold+0xa/0x1b [ 2611.828864] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2611.832741] ? __es_remove_extent+0x473/0x7d0 [ 2611.832757] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2611.832772] ? __es_remove_extent+0x473/0x7d0 [ 2611.832788] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2611.832802] ? kmem_cache_free+0x218/0x260 [ 2611.832822] __should_failslab+0x115/0x180 [ 2611.832836] should_failslab+0x5/0xf [ 2611.832852] kmem_cache_alloc+0x44/0x710 [ 2611.876797] ? ext4_es_can_be_merged+0x194/0x290 [ 2611.881579] __es_insert_extent+0x2ae/0xf20 [ 2611.885928] ext4_es_insert_extent+0x22e/0x5e0 [ 2611.890542] ? ext4_es_find_delayed_extent_range+0x9f0/0x9f0 [ 2611.896386] ext4_map_blocks+0xb68/0x1970 [ 2611.898110] audit: type=1804 audit(1588638813.664:136): pid=25243 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1315/bus" dev="sda1" ino=16130 res=1 [ 2611.900586] ? ext4_issue_zeroout+0x160/0x160 [ 2611.900617] ext4_writepages+0x1e5b/0x3450 [ 2611.900649] ? ext4_mark_inode_dirty+0x890/0x890 [ 2611.900669] ? mark_held_locks+0xf0/0xf0 [ 2611.900697] ? ext4_mark_inode_dirty+0x890/0x890 [ 2611.947138] ? do_writepages+0xf3/0x2a0 [ 2611.951138] do_writepages+0xf3/0x2a0 [ 2611.954985] ? page_writeback_cpu_online+0x10/0x10 [ 2611.959943] ? lock_acquire+0x170/0x400 [ 2611.963942] ? do_raw_spin_unlock+0x171/0x260 [ 2611.968487] ? _raw_spin_unlock+0x29/0x40 [ 2611.972665] __filemap_fdatawrite_range+0x27d/0x350 [ 2611.977705] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2611.983105] ? generic_perform_write+0x367/0x4d0 [ 2611.988022] file_write_and_wait_range+0x93/0x100 [ 2611.992895] __generic_file_fsync+0x74/0x1f0 [ 2611.997512] ext4_sync_file+0x818/0x1440 [ 2612.001594] ? ext4_getfsmap+0x950/0x950 [ 2612.005688] vfs_fsync_range+0x138/0x220 [ 2612.009778] ext4_file_write_iter+0x75a/0xf90 [ 2612.014305] ? do_splice_direct+0x1a8/0x270 [ 2612.018680] ? do_sendfile+0x549/0xc10 [ 2612.022583] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2612.027267] ? do_syscall_64+0xf9/0x620 [ 2612.031249] ? ext4_file_mmap+0x420/0x420 [ 2612.035399] ? __lock_is_held+0xad/0x140 [ 2612.039489] do_iter_readv_writev+0x50c/0x790 [ 2612.044010] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2612.048790] ? selinux_file_permission+0x87/0x520 [ 2612.053681] ? security_file_permission+0x84/0x220 [ 2612.058627] do_iter_write+0x185/0x5e0 [ 2612.062516] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2612.072826] ? __kmalloc+0x5f8/0x770 [ 2612.076571] ? iter_file_splice_write+0x168/0xb30 [ 2612.081411] vfs_iter_write+0x70/0xa0 [ 2612.085210] iter_file_splice_write+0x60c/0xb30 [ 2612.089921] ? page_cache_pipe_buf_release+0x280/0x280 [ 2612.095225] ? security_file_permission+0x84/0x220 [ 2612.100176] ? page_cache_pipe_buf_release+0x280/0x280 [ 2612.105655] direct_splice_actor+0x115/0x160 [ 2612.110347] splice_direct_to_actor+0x33f/0x8d0 [ 2612.115019] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2612.119885] ? do_splice_to+0x160/0x160 [ 2612.123934] do_splice_direct+0x1a8/0x270 [ 2612.129746] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2612.134597] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2612.139715] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2612.144490] do_sendfile+0x549/0xc10 [ 2612.148238] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2612.152839] ? wait_for_completion+0x3c0/0x3c0 [ 2612.157437] ? vfs_write+0x15b/0x550 [ 2612.161163] __x64_sys_sendfile64+0x1cc/0x210 [ 2612.165685] ? __ia32_sys_sendfile+0x220/0x220 [ 2612.170415] ? __ia32_sys_clock_settime+0x260/0x260 [ 2612.175455] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2612.180250] ? trace_hardirqs_off_caller+0x55/0x210 [ 2612.185276] ? do_syscall_64+0x21/0x620 [ 2612.189269] do_syscall_64+0xf9/0x620 [ 2612.193069] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2612.198255] RIP: 0033:0x45c829 [ 2612.201447] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2612.220357] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2612.228137] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2612.235424] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2612.242750] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2612.250042] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2612.257669] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2612.303433] Process accounting resumed 00:33:34 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:34 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100002e000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:34 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x0, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:34 executing program 2 (fault-call:5 fault-nth:16): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:34 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a", 0x31a, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2612.454451] audit: type=1804 audit(1588638814.324:137): pid=25263 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1316/bus" dev="sda1" ino=16087 res=1 [ 2612.468891] FAULT_INJECTION: forcing a failure. [ 2612.468891] name failslab, interval 1, probability 0, space 0, times 0 00:33:34 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x0, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2612.493648] audit: type=1800 audit(1588638814.324:138): pid=25266 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16215 res=0 [ 2612.516915] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2612.528155] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2612.546316] CPU: 0 PID: 25265 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2612.554270] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2612.557449] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2612.563643] Call Trace: [ 2612.563669] dump_stack+0x188/0x20d [ 2612.563690] should_fail.cold+0xa/0x1b [ 2612.563706] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2612.563719] ? should_fail+0x142/0x7bc [ 2612.563742] __should_failslab+0x115/0x180 [ 2612.563756] should_failslab+0x5/0xf [ 2612.563773] kmem_cache_alloc+0x44/0x710 [ 2612.592618] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2612.596222] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2612.596241] ? mempool_alloc+0x340/0x340 [ 2612.596253] mempool_alloc+0x148/0x340 [ 2612.596270] ? mempool_destroy+0x30/0x30 [ 2612.615362] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2612.617980] ? mempool_destroy+0x30/0x30 [ 2612.644127] ? find_held_lock+0x2d/0x110 [ 2612.648210] ? __unlock_page_memcg+0x4f/0x100 [ 2612.652805] bvec_alloc+0xdb/0x2f0 [ 2612.656366] bio_alloc_bioset+0x437/0x610 [ 2612.660547] ? bvec_alloc+0x2f0/0x2f0 [ 2612.664431] ? __test_set_page_writeback+0x4fa/0x1a40 [ 2612.669774] ext4_bio_write_page+0xc02/0x142d [ 2612.674312] mpage_submit_page+0x14b/0x250 [ 2612.678572] mpage_map_and_submit_buffers+0x48b/0x7c0 [ 2612.683793] ? mpage_process_page_bufs+0x620/0x620 [ 2612.688753] ? ext4_issue_zeroout+0x160/0x160 [ 2612.693281] ext4_writepages+0x1f7a/0x3450 [ 2612.697557] ? ext4_mark_inode_dirty+0x890/0x890 [ 2612.702334] ? mark_held_locks+0xf0/0xf0 [ 2612.706458] ? ext4_mark_inode_dirty+0x890/0x890 [ 2612.711237] ? do_writepages+0xf3/0x2a0 [ 2612.715225] do_writepages+0xf3/0x2a0 [ 2612.719057] ? page_writeback_cpu_online+0x10/0x10 [ 2612.724018] ? lock_acquire+0x170/0x400 [ 2612.728454] ? do_raw_spin_unlock+0x171/0x260 [ 2612.733151] ? _raw_spin_unlock+0x29/0x40 [ 2612.737331] __filemap_fdatawrite_range+0x27d/0x350 [ 2612.742368] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2612.747772] ? generic_perform_write+0x367/0x4d0 [ 2612.752559] file_write_and_wait_range+0x93/0x100 [ 2612.757530] __generic_file_fsync+0x74/0x1f0 [ 2612.761979] ext4_sync_file+0x818/0x1440 [ 2612.766065] ? ext4_getfsmap+0x950/0x950 [ 2612.770287] vfs_fsync_range+0x138/0x220 [ 2612.774398] ext4_file_write_iter+0x75a/0xf90 [ 2612.778918] ? do_splice_direct+0x1a8/0x270 [ 2612.783261] ? do_sendfile+0x549/0xc10 [ 2612.787169] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2612.791855] ? do_syscall_64+0xf9/0x620 [ 2612.796028] ? ext4_file_mmap+0x420/0x420 [ 2612.800224] ? __lock_is_held+0xad/0x140 [ 2612.804346] do_iter_readv_writev+0x50c/0x790 [ 2612.808869] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2612.813648] ? selinux_file_permission+0x87/0x520 [ 2612.818515] ? security_file_permission+0x84/0x220 [ 2612.823461] do_iter_write+0x185/0x5e0 [ 2612.827348] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2612.832371] ? __kmalloc+0x5f8/0x770 [ 2612.836092] ? iter_file_splice_write+0x168/0xb30 [ 2612.840996] vfs_iter_write+0x70/0xa0 [ 2612.844923] iter_file_splice_write+0x60c/0xb30 [ 2612.847018] audit: type=1804 audit(1588638814.414:139): pid=25280 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1317/bus" dev="sda1" ino=16222 res=1 [ 2612.849615] ? page_cache_pipe_buf_release+0x280/0x280 [ 2612.849648] ? security_file_permission+0x84/0x220 [ 2612.849664] ? page_cache_pipe_buf_release+0x280/0x280 [ 2612.849686] direct_splice_actor+0x115/0x160 [ 2612.893431] splice_direct_to_actor+0x33f/0x8d0 [ 2612.898168] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2612.903009] ? do_splice_to+0x160/0x160 [ 2612.906987] do_splice_direct+0x1a8/0x270 [ 2612.911138] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2612.916046] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2612.921106] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2612.925869] do_sendfile+0x549/0xc10 [ 2612.929581] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2612.934160] ? wait_for_completion+0x3c0/0x3c0 [ 2612.938754] ? vfs_write+0x15b/0x550 [ 2612.942497] __x64_sys_sendfile64+0x1cc/0x210 [ 2612.947024] ? __ia32_sys_sendfile+0x220/0x220 [ 2612.951652] ? __ia32_sys_clock_settime+0x260/0x260 [ 2612.956732] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2612.961486] ? trace_hardirqs_off_caller+0x55/0x210 [ 2612.966503] ? do_syscall_64+0x21/0x620 [ 2612.970488] do_syscall_64+0xf9/0x620 [ 2612.974377] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2612.979586] RIP: 0033:0x45c829 [ 2612.982866] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00:33:34 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100002f000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2613.004569] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2613.012469] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2613.019797] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2613.027073] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2613.034338] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2613.041673] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:34 executing program 2 (fault-call:5 fault-nth:17): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:34 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x0, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2613.079999] Process accounting resumed [ 2613.144213] audit: type=1804 audit(1588638815.014:140): pid=25286 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1318/bus" dev="sda1" ino=16239 res=1 [ 2613.193756] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2613.210595] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2613.236969] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2613.237880] FAULT_INJECTION: forcing a failure. [ 2613.237880] name failslab, interval 1, probability 0, space 0, times 0 [ 2613.268740] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2613.291856] CPU: 0 PID: 25292 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2613.299799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2613.310126] Call Trace: [ 2613.312740] dump_stack+0x188/0x20d [ 2613.316392] should_fail.cold+0xa/0x1b [ 2613.320301] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2613.325426] ? find_held_lock+0x2d/0x110 [ 2613.329506] ? blk_queue_enter+0xa53/0xce0 [ 2613.333772] __should_failslab+0x115/0x180 [ 2613.338036] should_failslab+0x5/0xf [ 2613.341790] kmem_cache_alloc_node+0x55/0x730 [ 2613.347189] ? lock_downgrade+0x740/0x740 [ 2613.351370] create_task_io_context+0x2c/0x430 [ 2613.356595] generic_make_request_checks+0x1bc5/0x2310 [ 2613.361905] ? trace_event_raw_event_block_rq_requeue+0x5e0/0x5e0 [ 2613.368179] ? __ext4_handle_dirty_metadata+0x1de/0x580 [ 2613.373611] ? __brelse+0x84/0xa0 [ 2613.377075] ? ext4_mark_iloc_dirty+0x1834/0x2c00 [ 2613.381934] generic_make_request+0x24c/0x12d0 [ 2613.386537] ? blk_get_request+0x700/0x700 [ 2613.390853] ? __ext4_journal_get_write_access+0x6c/0xa0 [ 2613.396298] ? submit_bio+0xb1/0x430 [ 2613.400002] submit_bio+0xb1/0x430 [ 2613.403555] ? generic_make_request+0x12d0/0x12d0 [ 2613.408393] ? lock_downgrade+0x740/0x740 [ 2613.412549] ext4_io_submit+0x18a/0x220 [ 2613.416517] ext4_writepages+0x189d/0x3450 [ 2613.420765] ? ext4_mark_inode_dirty+0x890/0x890 [ 2613.425514] ? mark_held_locks+0xf0/0xf0 [ 2613.429594] ? ext4_mark_inode_dirty+0x890/0x890 [ 2613.434351] ? do_writepages+0xf3/0x2a0 [ 2613.438315] do_writepages+0xf3/0x2a0 [ 2613.442129] ? page_writeback_cpu_online+0x10/0x10 [ 2613.447048] ? lock_acquire+0x170/0x400 [ 2613.451028] ? do_raw_spin_unlock+0x171/0x260 [ 2613.455571] ? _raw_spin_unlock+0x29/0x40 [ 2613.459740] __filemap_fdatawrite_range+0x27d/0x350 [ 2613.464789] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2613.470213] ? generic_perform_write+0x367/0x4d0 [ 2613.474976] file_write_and_wait_range+0x93/0x100 [ 2613.479983] __generic_file_fsync+0x74/0x1f0 [ 2613.484427] ext4_sync_file+0x818/0x1440 [ 2613.488552] ? ext4_getfsmap+0x950/0x950 [ 2613.492697] vfs_fsync_range+0x138/0x220 [ 2613.496791] ext4_file_write_iter+0x75a/0xf90 [ 2613.501297] ? do_splice_direct+0x1a8/0x270 [ 2613.505629] ? do_sendfile+0x549/0xc10 [ 2613.509539] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2613.514206] ? do_syscall_64+0xf9/0x620 [ 2613.518195] ? ext4_file_mmap+0x420/0x420 [ 2613.522342] ? __lock_is_held+0xad/0x140 [ 2613.526404] do_iter_readv_writev+0x50c/0x790 [ 2613.530893] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2613.535773] ? selinux_file_permission+0x87/0x520 [ 2613.540637] ? security_file_permission+0x84/0x220 [ 2613.545609] do_iter_write+0x185/0x5e0 [ 2613.549524] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2613.554549] ? __kmalloc+0x5f8/0x770 [ 2613.558277] ? iter_file_splice_write+0x168/0xb30 [ 2613.563128] vfs_iter_write+0x70/0xa0 [ 2613.566933] iter_file_splice_write+0x60c/0xb30 [ 2613.571611] ? page_cache_pipe_buf_release+0x280/0x280 [ 2613.576895] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2613.581682] ? retint_kernel+0x2d/0x2d [ 2613.585570] ? page_cache_pipe_buf_release+0x280/0x280 [ 2613.590843] direct_splice_actor+0x115/0x160 [ 2613.595251] splice_direct_to_actor+0x33f/0x8d0 [ 2613.599923] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2613.604790] ? do_splice_to+0x160/0x160 [ 2613.608779] do_splice_direct+0x1a8/0x270 [ 2613.612922] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2613.617766] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2613.622782] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2613.627555] do_sendfile+0x549/0xc10 [ 2613.631287] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2613.635874] ? wait_for_completion+0x3c0/0x3c0 [ 2613.640459] ? vfs_write+0x15b/0x550 [ 2613.644184] __x64_sys_sendfile64+0x1cc/0x210 [ 2613.648822] ? __ia32_sys_sendfile+0x220/0x220 [ 2613.653398] ? __ia32_sys_clock_settime+0x260/0x260 [ 2613.658458] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2613.663270] ? trace_hardirqs_off_caller+0x55/0x210 [ 2613.668722] ? do_syscall_64+0x21/0x620 [ 2613.673382] do_syscall_64+0xf9/0x620 [ 2613.677205] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2613.682401] RIP: 0033:0x45c829 [ 2613.685677] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2613.704747] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2613.712462] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2613.719731] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2613.727007] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2613.734398] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2613.741689] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:36 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x2100000000) 00:33:36 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:36 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233f", 0x320, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2614.799002] audit: type=1800 audit(1588638816.664:141): pid=25306 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16245 res=0 [ 2614.837367] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2614.855259] audit: type=1804 audit(1588638816.694:142): pid=25305 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1319/bus" dev="sda1" ino=16247 res=1 [ 2614.929801] Process accounting resumed 00:33:37 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100004c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:37 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x2, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:37 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:37 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233f", 0x320, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:37 executing program 2 (fault-call:5 fault-nth:18): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2615.478080] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2615.487520] FAULT_INJECTION: forcing a failure. [ 2615.487520] name failslab, interval 1, probability 0, space 0, times 0 [ 2615.492231] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2615.499326] audit: type=1800 audit(1588638817.354:143): pid=25334 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16499 res=0 [ 2615.523855] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2615.540465] CPU: 0 PID: 25330 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2615.548383] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2615.556167] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2615.557792] Call Trace: [ 2615.568576] dump_stack+0x188/0x20d [ 2615.572227] should_fail.cold+0xa/0x1b [ 2615.576832] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2615.581951] ? __lock_acquire+0x6ee/0x49c0 [ 2615.586247] __should_failslab+0x115/0x180 [ 2615.588473] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2615.590499] should_failslab+0x5/0xf [ 2615.590514] kmem_cache_alloc+0x44/0x710 [ 2615.590536] ? mempool_alloc+0x340/0x340 [ 2615.590547] mempool_alloc+0x148/0x340 [ 2615.590571] ? mempool_destroy+0x30/0x30 [ 2615.590586] ? __lock_is_held+0xad/0x140 [ 2615.590611] bio_alloc_bioset+0x398/0x610 [ 2615.590626] ? bvec_alloc+0x2f0/0x2f0 [ 2615.590642] ? __lock_is_held+0xad/0x140 [ 2615.590658] submit_bh_wbc+0x141/0x760 [ 2615.590679] __sync_dirty_buffer+0x105/0x2e0 [ 2615.600125] audit: type=1804 audit(1588638817.474:144): pid=25336 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1320/bus" dev="sda1" ino=16513 res=1 [ 2615.602042] ext4_write_inode+0x43c/0x4d0 [ 2615.602058] ? __ext4_iget+0x3f00/0x3f00 [ 2615.602087] __writeback_single_inode+0xc7d/0x12d0 [ 2615.679677] writeback_single_inode+0x2a1/0x3f0 [ 2615.684378] sync_inode_metadata+0x93/0xd0 [ 2615.688633] ? sync_inode+0x20/0x20 [ 2615.692293] __generic_file_fsync+0x15d/0x1f0 [ 2615.696810] ext4_sync_file+0x818/0x1440 [ 2615.700894] ? ext4_getfsmap+0x950/0x950 [ 2615.705094] vfs_fsync_range+0x138/0x220 [ 2615.709182] ext4_file_write_iter+0x75a/0xf90 [ 2615.713786] ? do_splice_direct+0x1a8/0x270 [ 2615.718135] ? do_sendfile+0x549/0xc10 [ 2615.722072] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2615.726778] ? do_syscall_64+0xf9/0x620 [ 2615.730781] ? ext4_file_mmap+0x420/0x420 [ 2615.734956] ? __lock_is_held+0xad/0x140 [ 2615.739051] do_iter_readv_writev+0x50c/0x790 [ 2615.743607] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2615.748385] ? selinux_file_permission+0x87/0x520 [ 2615.753256] ? security_file_permission+0x84/0x220 [ 2615.758215] do_iter_write+0x185/0x5e0 [ 2615.762122] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2615.767150] ? __kmalloc+0x5f8/0x770 [ 2615.770899] ? iter_file_splice_write+0x168/0xb30 [ 2615.775761] vfs_iter_write+0x70/0xa0 [ 2615.779588] iter_file_splice_write+0x60c/0xb30 [ 2615.784397] ? page_cache_pipe_buf_release+0x280/0x280 [ 2615.789718] ? security_file_permission+0x84/0x220 [ 2615.794672] ? page_cache_pipe_buf_release+0x280/0x280 [ 2615.799968] direct_splice_actor+0x115/0x160 [ 2615.804394] splice_direct_to_actor+0x33f/0x8d0 [ 2615.809175] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2615.814034] ? do_splice_to+0x160/0x160 [ 2615.818041] do_splice_direct+0x1a8/0x270 [ 2615.822211] ? splice_direct_to_actor+0x8d0/0x8d0 00:33:37 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100026c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2615.827084] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2615.832115] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2615.836894] do_sendfile+0x549/0xc10 [ 2615.840668] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2615.845267] ? wait_for_completion+0x3c0/0x3c0 [ 2615.849867] ? vfs_write+0x15b/0x550 [ 2615.853623] __x64_sys_sendfile64+0x1cc/0x210 [ 2615.858136] ? __ia32_sys_sendfile+0x220/0x220 [ 2615.862749] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2615.867549] ? trace_hardirqs_off_caller+0x55/0x210 [ 2615.872588] ? do_syscall_64+0x21/0x620 [ 2615.876584] do_syscall_64+0xf9/0x620 [ 2615.880414] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2615.885608] RIP: 0033:0x45c829 [ 2615.888791] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2615.908407] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2615.916111] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2615.923376] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2615.930663] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2615.937927] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2615.945198] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:37 executing program 2 (fault-call:5 fault-nth:19): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:37 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(0xffffffffffffffff, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2615.993974] Process accounting resumed 00:33:38 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233f", 0x320, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2616.125028] FAULT_INJECTION: forcing a failure. [ 2616.125028] name failslab, interval 1, probability 0, space 0, times 0 [ 2616.138421] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2616.138613] CPU: 1 PID: 25356 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2616.155395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2616.164773] Call Trace: [ 2616.166982] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2616.167386] dump_stack+0x188/0x20d [ 2616.180037] should_fail.cold+0xa/0x1b [ 2616.184379] ? __schedule+0x86e/0x1d80 [ 2616.187574] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2616.188287] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2616.202392] ? __lock_acquire+0x6ee/0x49c0 [ 2616.206624] __should_failslab+0x115/0x180 [ 2616.210850] should_failslab+0x5/0xf [ 2616.214559] kmem_cache_alloc+0x44/0x710 [ 2616.218674] ? mempool_alloc+0x340/0x340 [ 2616.222745] mempool_alloc+0x148/0x340 [ 2616.226612] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2616.234801] ? mempool_destroy+0x30/0x30 [ 2616.238884] ? mark_held_locks+0xf0/0xf0 [ 2616.242958] ? init_wait_var_entry+0x1a0/0x1a0 [ 2616.247569] bio_alloc_bioset+0x398/0x610 [ 2616.251746] ? bvec_alloc+0x2f0/0x2f0 [ 2616.255566] ? __lock_is_held+0xad/0x140 [ 2616.259653] submit_bh_wbc+0x141/0x760 [ 2616.263565] write_dirty_buffer+0xaf/0x130 [ 2616.267818] sync_mapping_buffers+0x387/0xad0 [ 2616.272341] ? write_dirty_buffer+0x130/0x130 [ 2616.276857] ? _atomic_dec_and_lock_irqsave+0x240/0x240 [ 2616.282228] ? lock_downgrade+0x740/0x740 [ 2616.286385] ? iput+0xc8/0x840 [ 2616.289579] ext4_sync_file+0xd4e/0x1440 [ 2616.293639] ? ext4_getfsmap+0x950/0x950 [ 2616.297711] vfs_fsync_range+0x138/0x220 [ 2616.301785] ext4_file_write_iter+0x75a/0xf90 [ 2616.306277] ? do_splice_direct+0x1a8/0x270 [ 2616.310604] ? do_sendfile+0x549/0xc10 [ 2616.314494] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2616.319171] ? do_syscall_64+0xf9/0x620 [ 2616.323162] ? ext4_file_mmap+0x420/0x420 [ 2616.327413] ? __lock_is_held+0xad/0x140 [ 2616.331498] do_iter_readv_writev+0x50c/0x790 [ 2616.336016] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2616.340783] ? selinux_file_permission+0x87/0x520 [ 2616.345648] ? security_file_permission+0x84/0x220 [ 2616.350606] do_iter_write+0x185/0x5e0 [ 2616.354504] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2616.359527] ? __kmalloc+0x5f8/0x770 [ 2616.363252] ? iter_file_splice_write+0x168/0xb30 [ 2616.368131] vfs_iter_write+0x70/0xa0 [ 2616.371938] iter_file_splice_write+0x60c/0xb30 [ 2616.376613] ? page_cache_pipe_buf_release+0x280/0x280 [ 2616.381913] ? security_file_permission+0x84/0x220 [ 2616.386874] ? page_cache_pipe_buf_release+0x280/0x280 [ 2616.392149] direct_splice_actor+0x115/0x160 [ 2616.396568] splice_direct_to_actor+0x33f/0x8d0 [ 2616.401254] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2616.406109] ? do_splice_to+0x160/0x160 [ 2616.410124] do_splice_direct+0x1a8/0x270 [ 2616.414307] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2616.419438] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2616.424448] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2616.429220] do_sendfile+0x549/0xc10 [ 2616.432962] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2616.437592] ? wait_for_completion+0x3c0/0x3c0 [ 2616.442263] ? vfs_write+0x15b/0x550 [ 2616.446088] __x64_sys_sendfile64+0x1cc/0x210 [ 2616.450581] ? __ia32_sys_sendfile+0x220/0x220 [ 2616.455212] ? __ia32_sys_clock_settime+0x260/0x260 [ 2616.460291] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2616.465103] ? trace_hardirqs_off_caller+0x55/0x210 [ 2616.470250] ? do_syscall_64+0x21/0x620 [ 2616.474225] do_syscall_64+0xf9/0x620 [ 2616.478028] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2616.483312] RIP: 0033:0x45c829 [ 2616.486504] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2616.505416] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2616.513208] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2616.520484] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2616.527764] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2616.535030] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2616.542569] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2616.629645] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2616.709687] Process accounting resumed 00:33:39 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x400000000000) 00:33:39 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:39 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100036c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:39 executing program 2 (fault-call:5 fault-nth:20): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2617.827784] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2617.847714] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2617.858307] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2617.874188] kauditd_printk_skb: 2 callbacks suppressed [ 2617.874201] audit: type=1804 audit(1588638819.744:147): pid=25379 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1322/bus" dev="sda1" ino=16610 res=1 [ 2617.877607] FAULT_INJECTION: forcing a failure. [ 2617.877607] name failslab, interval 1, probability 0, space 0, times 0 [ 2617.916295] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2617.936940] CPU: 1 PID: 25381 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2617.944907] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2617.954265] Call Trace: [ 2617.956878] dump_stack+0x188/0x20d [ 2617.960549] should_fail.cold+0xa/0x1b [ 2617.964455] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2617.969573] ? __lock_acquire+0x6ee/0x49c0 [ 2617.973836] __should_failslab+0x115/0x180 [ 2617.978098] should_failslab+0x5/0xf [ 2617.981913] kmem_cache_alloc+0x44/0x710 [ 2617.985999] ? mempool_alloc+0x340/0x340 [ 2617.990077] mempool_alloc+0x148/0x340 [ 2617.993986] ? mempool_destroy+0x30/0x30 [ 2617.998065] ? __lock_is_held+0xad/0x140 [ 2618.002163] bio_alloc_bioset+0x398/0x610 [ 2618.006327] ? bvec_alloc+0x2f0/0x2f0 [ 2618.010136] ? __lock_is_held+0xad/0x140 [ 2618.014211] submit_bh_wbc+0x141/0x760 [ 2618.018121] __sync_dirty_buffer+0x105/0x2e0 [ 2618.022547] ext4_write_inode+0x43c/0x4d0 [ 2618.026703] ? __ext4_iget+0x3f00/0x3f00 [ 2618.030762] __writeback_single_inode+0xc7d/0x12d0 [ 2618.035687] writeback_single_inode+0x2a1/0x3f0 [ 2618.040391] sync_inode_metadata+0x93/0xd0 [ 2618.044616] ? sync_inode+0x20/0x20 [ 2618.048304] ? iput+0xc8/0x840 [ 2618.051494] ext4_sync_file+0xd75/0x1440 [ 2618.055689] ? ext4_getfsmap+0x950/0x950 [ 2618.059761] vfs_fsync_range+0x138/0x220 [ 2618.063817] ext4_file_write_iter+0x75a/0xf90 [ 2618.068324] ? do_splice_direct+0x1a8/0x270 [ 2618.072647] ? do_sendfile+0x549/0xc10 [ 2618.076550] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2618.081299] ? do_syscall_64+0xf9/0x620 [ 2618.085265] ? ext4_file_mmap+0x420/0x420 [ 2618.089515] ? __lock_is_held+0xad/0x140 [ 2618.093593] do_iter_readv_writev+0x50c/0x790 [ 2618.098104] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2618.102925] ? selinux_file_permission+0x87/0x520 [ 2618.107781] ? security_file_permission+0x84/0x220 [ 2618.112715] do_iter_write+0x185/0x5e0 [ 2618.116625] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2618.121644] ? __kmalloc+0x5f8/0x770 [ 2618.125352] ? iter_file_splice_write+0x168/0xb30 [ 2618.130198] vfs_iter_write+0x70/0xa0 [ 2618.134014] iter_file_splice_write+0x60c/0xb30 [ 2618.138769] ? page_cache_pipe_buf_release+0x280/0x280 [ 2618.144049] ? security_file_permission+0x84/0x220 [ 2618.150997] ? page_cache_pipe_buf_release+0x280/0x280 [ 2618.156284] direct_splice_actor+0x115/0x160 [ 2618.160773] splice_direct_to_actor+0x33f/0x8d0 [ 2618.165462] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2618.170317] ? do_splice_to+0x160/0x160 [ 2618.174309] do_splice_direct+0x1a8/0x270 [ 2618.178499] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2618.183460] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2618.188619] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2618.193392] do_sendfile+0x549/0xc10 [ 2618.197107] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2618.201680] ? wait_for_completion+0x3c0/0x3c0 [ 2618.206254] ? vfs_write+0x15b/0x550 [ 2618.209976] __x64_sys_sendfile64+0x1cc/0x210 [ 2618.214474] ? __ia32_sys_sendfile+0x220/0x220 [ 2618.219050] ? __ia32_sys_clock_settime+0x260/0x260 [ 2618.224190] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2618.228949] ? trace_hardirqs_off_caller+0x55/0x210 [ 2618.233972] ? do_syscall_64+0x21/0x620 [ 2618.237957] do_syscall_64+0xf9/0x620 [ 2618.241762] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2618.247032] RIP: 0033:0x45c829 [ 2618.250225] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2618.269195] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2618.276917] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2618.284183] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2618.291467] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2618.298732] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2618.305995] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:40 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:40 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259", 0x323, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:40 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100046c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:40 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:40 executing program 2 (fault-call:5 fault-nth:21): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2618.486375] audit: type=1800 audit(1588638820.354:148): pid=25398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16547 res=0 [ 2618.502867] FAULT_INJECTION: forcing a failure. [ 2618.502867] name failslab, interval 1, probability 0, space 0, times 0 [ 2618.529465] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2618.535442] CPU: 1 PID: 25401 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2618.545025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2618.554399] Call Trace: [ 2618.557009] dump_stack+0x188/0x20d [ 2618.560662] should_fail.cold+0xa/0x1b [ 2618.564576] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2618.569714] ? __schedule+0x86e/0x1d80 [ 2618.573664] __should_failslab+0x115/0x180 [ 2618.577925] should_failslab+0x5/0xf [ 2618.581665] kmem_cache_alloc+0x44/0x710 [ 2618.585844] ? mempool_alloc+0x340/0x340 [ 2618.586657] audit: type=1804 audit(1588638820.394:149): pid=25402 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1323/bus" dev="sda1" ino=16626 res=1 [ 2618.589924] mempool_alloc+0x148/0x340 [ 2618.589944] ? mempool_destroy+0x30/0x30 [ 2618.589961] ? mark_held_locks+0xf0/0xf0 [ 2618.589983] bio_alloc_bioset+0x398/0x610 [ 2618.590001] ? bvec_alloc+0x2f0/0x2f0 [ 2618.633847] ? __lock_is_held+0xad/0x140 [ 2618.638028] submit_bh_wbc+0x141/0x760 [ 2618.641938] write_dirty_buffer+0xaf/0x130 [ 2618.646205] sync_mapping_buffers+0x387/0xad0 [ 2618.650738] ? write_dirty_buffer+0x130/0x130 [ 2618.652543] audit: type=1804 audit(1588638820.404:150): pid=25398 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1297/file0" dev="sda1" ino=16547 res=1 [ 2618.655257] ? _atomic_dec_and_lock_irqsave+0x240/0x240 [ 2618.655275] ? lock_downgrade+0x740/0x740 [ 2618.655295] ? iput+0xc8/0x840 [ 2618.655316] ext4_sync_file+0xd4e/0x1440 [ 2618.695707] ? ext4_getfsmap+0x950/0x950 [ 2618.699788] vfs_fsync_range+0x138/0x220 [ 2618.703866] ext4_file_write_iter+0x75a/0xf90 [ 2618.708382] ? do_splice_direct+0x1a8/0x270 [ 2618.712712] ? do_sendfile+0x549/0xc10 [ 2618.716736] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2618.721413] ? do_syscall_64+0xf9/0x620 [ 2618.725402] ? ext4_file_mmap+0x420/0x420 [ 2618.729560] ? __lock_is_held+0xad/0x140 [ 2618.733647] do_iter_readv_writev+0x50c/0x790 [ 2618.738176] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2618.742950] ? selinux_file_permission+0x87/0x520 [ 2618.747812] ? security_file_permission+0x84/0x220 [ 2618.752762] do_iter_write+0x185/0x5e0 [ 2618.756681] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2618.761728] ? __kmalloc+0x5f8/0x770 [ 2618.765457] ? iter_file_splice_write+0x168/0xb30 [ 2618.770321] vfs_iter_write+0x70/0xa0 [ 2618.774137] iter_file_splice_write+0x60c/0xb30 [ 2618.778855] ? page_cache_pipe_buf_release+0x280/0x280 [ 2618.784181] ? security_file_permission+0x84/0x220 [ 2618.789133] ? page_cache_pipe_buf_release+0x280/0x280 [ 2618.794452] direct_splice_actor+0x115/0x160 [ 2618.798898] splice_direct_to_actor+0x33f/0x8d0 [ 2618.803599] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2618.808455] ? do_splice_to+0x160/0x160 [ 2618.812446] do_splice_direct+0x1a8/0x270 [ 2618.816688] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2618.821545] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2618.826585] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2618.831357] do_sendfile+0x549/0xc10 [ 2618.835101] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2618.839698] ? wait_for_completion+0x3c0/0x3c0 [ 2618.844298] ? vfs_write+0x15b/0x550 [ 2618.848053] __x64_sys_sendfile64+0x1cc/0x210 [ 2618.852572] ? __ia32_sys_sendfile+0x220/0x220 [ 2618.857172] ? __ia32_sys_clock_settime+0x260/0x260 [ 2618.862201] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2618.866964] ? trace_hardirqs_off_caller+0x55/0x210 [ 2618.872000] ? do_syscall_64+0x21/0x620 [ 2618.875988] do_syscall_64+0xf9/0x620 [ 2618.879941] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2618.885136] RIP: 0033:0x45c829 [ 2618.888328] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2618.907241] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2618.914963] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2618.922332] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2618.929610] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2618.936889] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2618.944260] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:40 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2619.012837] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2619.023374] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2619.052235] Process accounting resumed 00:33:40 executing program 2 (fault-call:5 fault-nth:22): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:40 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259", 0x323, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2619.065484] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2619.103996] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2619.134757] audit: type=1804 audit(1588638821.004:151): pid=25416 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1324/bus" dev="sda1" ino=16530 res=1 [ 2619.172360] FAULT_INJECTION: forcing a failure. [ 2619.172360] name failslab, interval 1, probability 0, space 0, times 0 [ 2619.212474] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2619.226009] CPU: 1 PID: 25419 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2619.233947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2619.243323] Call Trace: [ 2619.244323] audit: type=1800 audit(1588638821.064:152): pid=25423 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16754 res=0 [ 2619.245933] dump_stack+0x188/0x20d [ 2619.245957] should_fail.cold+0xa/0x1b [ 2619.245978] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2619.278301] ? __schedule+0x86e/0x1d80 [ 2619.282220] __should_failslab+0x115/0x180 [ 2619.286481] should_failslab+0x5/0xf [ 2619.290381] kmem_cache_alloc+0x44/0x710 [ 2619.294480] ? mempool_alloc+0x340/0x340 [ 2619.298560] mempool_alloc+0x148/0x340 [ 2619.302482] ? mempool_destroy+0x30/0x30 [ 2619.306571] ? mark_held_locks+0xf0/0xf0 [ 2619.310662] bio_alloc_bioset+0x398/0x610 [ 2619.314831] ? bvec_alloc+0x2f0/0x2f0 [ 2619.318652] ? __lock_is_held+0xad/0x140 [ 2619.322738] submit_bh_wbc+0x141/0x760 [ 2619.326648] write_dirty_buffer+0xaf/0x130 [ 2619.330905] sync_mapping_buffers+0x387/0xad0 [ 2619.335425] ? write_dirty_buffer+0x130/0x130 [ 2619.340031] ? _atomic_dec_and_lock_irqsave+0x240/0x240 [ 2619.345413] ? lock_downgrade+0x740/0x740 [ 2619.349586] ? iput+0xc8/0x840 [ 2619.352803] ext4_sync_file+0xd4e/0x1440 [ 2619.356977] ? ext4_getfsmap+0x950/0x950 [ 2619.361058] vfs_fsync_range+0x138/0x220 [ 2619.365169] ext4_file_write_iter+0x75a/0xf90 [ 2619.369689] ? do_splice_direct+0x1a8/0x270 [ 2619.374025] ? do_sendfile+0x549/0xc10 [ 2619.377930] ? __x64_sys_sendfile64+0x1cc/0x210 [ 2619.382623] ? do_syscall_64+0xf9/0x620 [ 2619.386617] ? ext4_file_mmap+0x420/0x420 [ 2619.390785] ? __lock_is_held+0xad/0x140 [ 2619.394883] do_iter_readv_writev+0x50c/0x790 [ 2619.399385] ? vfs_dedupe_file_range+0x6d0/0x6d0 [ 2619.404148] ? selinux_file_permission+0x87/0x520 [ 2619.408996] ? security_file_permission+0x84/0x220 [ 2619.414066] do_iter_write+0x185/0x5e0 [ 2619.417968] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2619.423004] ? __kmalloc+0x5f8/0x770 [ 2619.426755] ? iter_file_splice_write+0x168/0xb30 [ 2619.431612] vfs_iter_write+0x70/0xa0 [ 2619.435407] iter_file_splice_write+0x60c/0xb30 [ 2619.440080] ? page_cache_pipe_buf_release+0x280/0x280 [ 2619.445505] ? security_file_permission+0x84/0x220 [ 2619.450435] ? page_cache_pipe_buf_release+0x280/0x280 [ 2619.455721] direct_splice_actor+0x115/0x160 [ 2619.460144] splice_direct_to_actor+0x33f/0x8d0 [ 2619.464815] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2619.469657] ? do_splice_to+0x160/0x160 [ 2619.473629] do_splice_direct+0x1a8/0x270 [ 2619.477780] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2619.482627] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2619.487640] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2619.492441] do_sendfile+0x549/0xc10 [ 2619.496182] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2619.500773] ? wait_for_completion+0x3c0/0x3c0 [ 2619.505354] ? vfs_write+0x15b/0x550 [ 2619.509074] __x64_sys_sendfile64+0x1cc/0x210 [ 2619.513577] ? __ia32_sys_sendfile+0x220/0x220 [ 2619.518166] ? __ia32_sys_clock_settime+0x260/0x260 [ 2619.523186] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2619.527939] ? trace_hardirqs_off_caller+0x55/0x210 [ 2619.533127] ? do_syscall_64+0x21/0x620 [ 2619.537103] do_syscall_64+0xf9/0x620 [ 2619.540910] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2619.546097] RIP: 0033:0x45c829 [ 2619.549282] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2619.568187] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2619.575907] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2619.583174] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2619.590435] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2619.597707] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2619.604988] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2619.631776] Process accounting resumed 00:33:42 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x790000000000) 00:33:42 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100056c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:42 executing program 2 (fault-call:5 fault-nth:23): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:42 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, 0x0, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2620.893324] FAULT_INJECTION: forcing a failure. [ 2620.893324] name failslab, interval 1, probability 0, space 0, times 0 [ 2620.908851] CPU: 0 PID: 25438 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2620.916776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2620.926146] Call Trace: [ 2620.928751] dump_stack+0x188/0x20d [ 2620.932391] should_fail.cold+0xa/0x1b [ 2620.936299] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2620.941672] ? __lock_is_held+0xad/0x140 [ 2620.945761] __should_failslab+0x115/0x180 [ 2620.950008] should_failslab+0x5/0xf [ 2620.953726] kmem_cache_alloc_node_trace+0x272/0x750 [ 2620.958853] __kmalloc_node+0x38/0x70 [ 2620.962668] kvmalloc_node+0x61/0xf0 [ 2620.966395] iov_iter_get_pages_alloc+0x55a/0x1090 [ 2620.971338] ? debug_check_no_obj_freed+0x20a/0x42e [ 2620.976419] ? iov_iter_revert+0xa30/0xa30 [ 2620.980670] ? debug_check_no_obj_freed+0x20a/0x42e [ 2620.985705] ? iov_iter_pipe+0xb4/0x2c0 [ 2620.989693] default_file_splice_read+0x19c/0x970 [ 2620.994556] ? check_preemption_disabled+0x41/0x280 [ 2620.999633] ? trace_hardirqs_off+0x50/0x200 [ 2621.004072] ? iter_file_splice_write+0xb30/0xb30 [ 2621.008949] ? mark_held_locks+0xa6/0xf0 [ 2621.013028] ? iter_file_splice_write+0x516/0xb30 [ 2621.017879] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 2621.022472] ? iter_file_splice_write+0x558/0xb30 [ 2621.027327] ? fsnotify+0x8ba/0xf00 [ 2621.030964] ? fsnotify_first_mark+0x200/0x200 [ 2621.035557] ? __inode_security_revalidate+0xd3/0x120 [ 2621.040766] ? security_file_permission+0x1c0/0x220 [ 2621.045795] ? security_file_permission+0x84/0x220 [ 2621.050741] ? rw_verify_area+0x10c/0x330 [ 2621.054894] ? iter_file_splice_write+0xb30/0xb30 [ 2621.059744] do_splice_to+0x10e/0x160 [ 2621.063741] splice_direct_to_actor+0x2b9/0x8d0 [ 2621.068430] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2621.073283] ? do_splice_to+0x160/0x160 [ 2621.077272] do_splice_direct+0x1a8/0x270 [ 2621.081431] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2621.086293] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2621.091318] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2621.096093] do_sendfile+0x549/0xc10 [ 2621.099823] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2621.104436] ? wait_for_completion+0x3c0/0x3c0 [ 2621.109062] ? vfs_write+0x15b/0x550 [ 2621.112818] __x64_sys_sendfile64+0x1cc/0x210 [ 2621.117360] ? __ia32_sys_sendfile+0x220/0x220 [ 2621.121968] ? __ia32_sys_clock_settime+0x260/0x260 [ 2621.127019] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2621.131813] ? trace_hardirqs_off_caller+0x55/0x210 [ 2621.136841] ? do_syscall_64+0x21/0x620 [ 2621.140823] do_syscall_64+0xf9/0x620 [ 2621.144633] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2621.149829] RIP: 0033:0x45c829 [ 2621.153038] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2621.171952] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2621.179695] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2621.186975] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2621.194262] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2621.201556] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2621.208839] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 [ 2621.216879] audit: type=1804 audit(1588638822.784:153): pid=25441 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1325/bus" dev="sda1" ino=16851 res=1 [ 2621.314959] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2621.350622] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2621.366885] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2621.386983] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:43 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:43 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259", 0x323, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:43 executing program 2 (fault-call:5 fault-nth:24): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:43 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, 0x0, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:43 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100066c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2621.493257] audit: type=1800 audit(1588638823.364:154): pid=25459 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16254 res=0 [ 2621.543293] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2621.550068] FAULT_INJECTION: forcing a failure. [ 2621.550068] name failslab, interval 1, probability 0, space 0, times 0 [ 2621.584421] audit: type=1804 audit(1588638823.384:155): pid=25461 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1326/bus" dev="sda1" ino=16674 res=1 [ 2621.610779] CPU: 0 PID: 25462 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2621.621263] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2621.630988] Call Trace: [ 2621.634304] dump_stack+0x188/0x20d [ 2621.637957] should_fail.cold+0xa/0x1b [ 2621.641867] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2621.646994] ? __lock_is_held+0xad/0x140 [ 2621.651089] __should_failslab+0x115/0x180 [ 2621.655344] should_failslab+0x5/0xf [ 2621.659162] kmem_cache_alloc_node_trace+0x272/0x750 [ 2621.664296] __kmalloc_node+0x38/0x70 [ 2621.668131] kvmalloc_node+0x61/0xf0 [ 2621.671865] iov_iter_get_pages_alloc+0x55a/0x1090 [ 2621.676908] ? debug_check_no_obj_freed+0x20a/0x42e [ 2621.680313] Process accounting resumed [ 2621.681944] ? iov_iter_revert+0xa30/0xa30 [ 2621.681959] ? debug_check_no_obj_freed+0x20a/0x42e [ 2621.681976] ? iov_iter_pipe+0xb4/0x2c0 [ 2621.681995] default_file_splice_read+0x19c/0x970 [ 2621.682017] ? check_preemption_disabled+0x41/0x280 [ 2621.708974] ? trace_hardirqs_off+0x50/0x200 [ 2621.713440] ? iter_file_splice_write+0xb30/0xb30 [ 2621.718305] ? mark_held_locks+0xa6/0xf0 [ 2621.722382] ? iter_file_splice_write+0x516/0xb30 [ 2621.727251] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 2621.731848] ? iter_file_splice_write+0x558/0xb30 [ 2621.736701] ? fsnotify+0x8ba/0xf00 [ 2621.740347] ? fsnotify_first_mark+0x200/0x200 [ 2621.745055] ? __inode_security_revalidate+0xd3/0x120 [ 2621.750281] ? security_file_permission+0x1c0/0x220 [ 2621.755327] ? security_file_permission+0x84/0x220 [ 2621.760276] ? rw_verify_area+0x10c/0x330 [ 2621.764446] ? iter_file_splice_write+0xb30/0xb30 [ 2621.769310] do_splice_to+0x10e/0x160 [ 2621.773155] splice_direct_to_actor+0x2b9/0x8d0 [ 2621.777848] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2621.782709] ? do_splice_to+0x160/0x160 [ 2621.786704] do_splice_direct+0x1a8/0x270 [ 2621.790881] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2621.795746] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2621.800780] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2621.805575] do_sendfile+0x549/0xc10 [ 2621.809330] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2621.813930] ? wait_for_completion+0x3c0/0x3c0 [ 2621.818525] ? vfs_write+0x15b/0x550 [ 2621.822251] __x64_sys_sendfile64+0x1cc/0x210 [ 2621.826759] ? __ia32_sys_sendfile+0x220/0x220 [ 2621.831344] ? __ia32_sys_clock_settime+0x260/0x260 [ 2621.836383] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2621.841169] ? trace_hardirqs_off_caller+0x55/0x210 [ 2621.846214] ? do_syscall_64+0x21/0x620 [ 2621.850210] do_syscall_64+0xf9/0x620 [ 2621.854050] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2621.859254] RIP: 0033:0x45c829 [ 2621.862456] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2621.881989] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2621.889731] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2621.897012] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2621.904313] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2621.911596] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2621.918883] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:43 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, 0x0, 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2621.945692] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2621.977602] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:33:43 executing program 2 (fault-call:5 fault-nth:25): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2622.044148] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:43 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078", 0x325, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2622.074829] audit: type=1804 audit(1588638823.944:156): pid=25480 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1327/bus" dev="sda1" ino=16674 res=1 [ 2622.134706] FAULT_INJECTION: forcing a failure. [ 2622.134706] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2622.148240] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2622.152718] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2622.221054] CPU: 0 PID: 25482 Comm: syz-executor.2 Not tainted 4.19.120-syzkaller #0 [ 2622.229846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2622.229932] Process accounting resumed [ 2622.239215] Call Trace: [ 2622.239246] dump_stack+0x188/0x20d [ 2622.239265] should_fail.cold+0xa/0x1b [ 2622.239280] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2622.239303] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2622.239321] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2622.239340] ? __lock_is_held+0xad/0x140 [ 2622.272300] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2622.277341] alloc_pages_current+0xff/0x200 [ 2622.281702] push_pipe+0x3f6/0x780 [ 2622.285258] iov_iter_get_pages_alloc+0x5a9/0x1090 [ 2622.290327] ? debug_check_no_obj_freed+0x20a/0x42e [ 2622.295381] ? iov_iter_revert+0xa30/0xa30 [ 2622.299623] ? debug_check_no_obj_freed+0x20a/0x42e [ 2622.304667] ? iov_iter_pipe+0xb4/0x2c0 [ 2622.308660] default_file_splice_read+0x19c/0x970 [ 2622.313529] ? check_preemption_disabled+0x41/0x280 [ 2622.318689] ? trace_hardirqs_off+0x50/0x200 [ 2622.323207] ? iter_file_splice_write+0xb30/0xb30 [ 2622.328066] ? mark_held_locks+0xa6/0xf0 [ 2622.332138] ? iter_file_splice_write+0x516/0xb30 [ 2622.336992] ? lockdep_hardirqs_on+0x40b/0x5d0 [ 2622.341678] ? iter_file_splice_write+0x558/0xb30 [ 2622.346534] ? fsnotify+0x8ba/0xf00 [ 2622.350173] ? fsnotify_first_mark+0x200/0x200 [ 2622.354984] ? __inode_security_revalidate+0xd3/0x120 [ 2622.360221] ? security_file_permission+0x1c0/0x220 [ 2622.365273] ? security_file_permission+0x84/0x220 [ 2622.370238] ? rw_verify_area+0x10c/0x330 [ 2622.374404] ? iter_file_splice_write+0xb30/0xb30 [ 2622.380395] do_splice_to+0x10e/0x160 [ 2622.384215] splice_direct_to_actor+0x2b9/0x8d0 [ 2622.388908] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2622.393763] ? do_splice_to+0x160/0x160 [ 2622.397770] do_splice_direct+0x1a8/0x270 [ 2622.401934] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2622.406808] ? rcu_read_lock_sched_held+0x10a/0x130 [ 2622.411855] ? rcu_sync_lockdep_assert+0x69/0xa0 [ 2622.416623] do_sendfile+0x549/0xc10 [ 2622.420349] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2622.424939] ? wait_for_completion+0x3c0/0x3c0 [ 2622.429529] ? vfs_write+0x15b/0x550 [ 2622.433251] __x64_sys_sendfile64+0x1cc/0x210 [ 2622.437764] ? __ia32_sys_sendfile+0x220/0x220 [ 2622.442377] ? __ia32_sys_clock_settime+0x260/0x260 [ 2622.447430] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2622.452199] ? trace_hardirqs_off_caller+0x55/0x210 [ 2622.457250] ? do_syscall_64+0x21/0x620 [ 2622.461233] do_syscall_64+0xf9/0x620 [ 2622.465043] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2622.470236] RIP: 0033:0x45c829 [ 2622.473429] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2622.492334] RSP: 002b:00007f74b8b75c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2622.500054] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2622.507343] RDX: 0000000000000000 RSI: 0000000000000006 RDI: 0000000000000003 [ 2622.514625] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2622.521903] R10: 0000000000000400 R11: 0000000000000246 R12: 0000000000000007 [ 2622.529194] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f74b8b766d4 00:33:45 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7fffffffefff) 00:33:45 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280), 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:45 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100076c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:45 executing program 2 (fault-call:5 fault-nth:26): r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2623.944176] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2623.972660] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2623.993054] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2624.008334] kauditd_printk_skb: 1 callbacks suppressed [ 2624.008348] audit: type=1804 audit(1588638825.884:158): pid=25507 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1328/bus" dev="sda1" ino=17091 res=1 [ 2624.078081] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:46 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:33:46 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100096c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:46 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078", 0x325, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:46 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280), 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:46 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(0x0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2624.608495] audit: type=1800 audit(1588638826.474:159): pid=25529 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17093 res=0 [ 2624.645080] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2624.667065] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2624.677242] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2624.694525] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:46 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x2) [ 2624.706158] audit: type=1804 audit(1588638826.504:160): pid=25528 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1329/bus" dev="sda1" ino=17092 res=1 [ 2624.732509] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2624.760392] Process accounting resumed 00:33:46 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280), 0x0) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:46 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078", 0x325, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2624.932261] audit: type=1800 audit(1588638826.804:161): pid=25550 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17082 res=0 [ 2624.975933] audit: type=1804 audit(1588638826.834:162): pid=25549 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1330/bus" dev="sda1" ino=17059 res=1 [ 2625.008891] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2625.069594] Process accounting resumed 00:33:48 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x7ffffffff000) 00:33:48 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000a6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:48 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x3) 00:33:48 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933", 0x2) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:48 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2627.027052] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2627.038977] audit: type=1804 audit(1588638828.914:163): pid=25568 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1331/bus" dev="sda1" ino=17114 res=1 [ 2627.078433] MINIX-fs: bad superblock or unable to read bitmaps [ 2627.088961] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2627.133172] audit: type=1800 audit(1588638828.944:164): pid=25566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17154 res=0 [ 2627.155383] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2627.188704] audit: type=1804 audit(1588638828.974:165): pid=25566 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1303/file0" dev="sda1" ino=17154 res=1 [ 2627.193838] Process accounting resumed [ 2627.215015] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:49 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:49 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x4) 00:33:49 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933", 0x2) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:49 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:49 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100226c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2627.644837] audit: type=1800 audit(1588638829.514:166): pid=25600 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17114 res=0 [ 2627.682177] audit: type=1804 audit(1588638829.544:167): pid=25598 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1332/bus" dev="sda1" ino=17115 res=1 [ 2627.698922] MINIX-fs: bad superblock or unable to read bitmaps [ 2627.716671] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:33:49 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933", 0x2) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2627.738768] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2627.754274] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:33:49 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x5) [ 2627.803067] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2627.864804] Process accounting resumed 00:33:51 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xb90000000000) 00:33:51 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:51 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100236c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:51 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x6) 00:33:51 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb", 0x3) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2630.061516] kauditd_printk_skb: 2 callbacks suppressed [ 2630.061530] audit: type=1804 audit(1588638831.934:170): pid=25630 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1334/bus" dev="sda1" ino=17113 res=1 [ 2630.117695] MINIX-fs: bad superblock or unable to read bitmaps [ 2630.133080] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2630.160996] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2630.169921] audit: type=1800 audit(1588638831.974:171): pid=25632 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17234 res=0 [ 2630.175405] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2630.207003] audit: type=1804 audit(1588638832.074:172): pid=25645 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1305/file0" dev="sda1" ino=17234 res=1 [ 2630.263357] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2630.291530] Process accounting resumed 00:33:52 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:52 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x7) 00:33:52 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb", 0x3) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:52 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:52 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601002c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2630.684738] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2630.694726] audit: type=1800 audit(1588638832.574:173): pid=25666 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17124 res=0 [ 2630.709598] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2630.769535] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2630.770277] audit: type=1804 audit(1588638832.604:174): pid=25667 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1335/bus" dev="sda1" ino=17120 res=1 [ 2630.826783] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2630.838034] Process accounting resumed 00:33:52 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:52 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x8) [ 2630.856384] audit: type=1804 audit(1588638832.634:175): pid=25666 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1306/file0" dev="sda1" ino=17124 res=1 [ 2630.886869] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2630.939646] audit: type=1800 audit(1588638832.804:176): pid=25683 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17116 res=0 [ 2630.966077] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2631.015804] audit: type=1804 audit(1588638832.884:177): pid=25683 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1307/file0" dev="sda1" ino=17116 res=1 [ 2631.062374] Process accounting resumed 00:33:54 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x30740000000000) 00:33:54 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb", 0x3) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:54 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601002d6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:33:54 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x9) 00:33:54 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x1, &(0x7f0000000000)=[{&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2633.151435] audit: type=1800 audit(1588638835.024:178): pid=25701 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17477 res=0 [ 2633.185500] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2633.194939] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2633.216397] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2633.228965] audit: type=1804 audit(1588638835.094:179): pid=25706 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1336/bus" dev="sda1" ino=17480 res=1 [ 2633.283629] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2633.306315] Process accounting resumed [ 2633.347615] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:55 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe4, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:55 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xa) 00:33:55 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{0x0, 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:55 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:55 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100486c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2633.738930] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2633.777063] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:33:55 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:55 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xb) [ 2633.817597] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2633.858156] Process accounting resumed [ 2633.889595] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2633.934507] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:33:58 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xa0730000000000) 00:33:58 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{0x0, 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:58 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(0xffffffffffffffff, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:58 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xc) 00:33:58 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601004c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2636.239175] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2636.239850] kauditd_printk_skb: 5 callbacks suppressed [ 2636.239864] audit: type=1804 audit(1588638838.114:185): pid=25768 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1339/bus" dev="sda1" ino=17492 res=1 [ 2636.252988] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2636.301679] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2636.311393] audit: type=1800 audit(1588638838.144:186): pid=25772 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17496 res=0 [ 2636.318682] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2636.366343] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2636.393389] audit: type=1804 audit(1588638838.264:187): pid=25772 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1310/file0" dev="sda1" ino=17496 res=1 [ 2636.449168] Process accounting resumed 00:33:58 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:33:58 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xd) 00:33:58 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:33:58 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{0x0, 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:33:58 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100606c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2636.780195] audit: type=1800 audit(1588638838.654:188): pid=25801 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17488 res=0 00:33:58 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xe) [ 2636.818394] audit: type=1804 audit(1588638838.684:189): pid=25802 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1340/bus" dev="sda1" ino=17492 res=1 [ 2636.851742] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2636.894706] audit: type=1804 audit(1588638838.764:190): pid=25801 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1311/file0" dev="sda1" ino=17488 res=1 00:33:58 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2636.945175] Process accounting resumed [ 2636.952947] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2636.995027] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2637.026697] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2637.058977] audit: type=1804 audit(1588638838.924:191): pid=25820 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1341/bus" dev="sda1" ino=17085 res=1 [ 2637.069624] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:01 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xb0530000000000) 00:34:01 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:01 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x55) 00:34:01 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, 0x0, 0x0) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:01 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100686c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2639.284858] audit: type=1800 audit(1588638841.154:192): pid=25833 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17501 res=0 [ 2639.319444] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2639.329033] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2639.367051] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2639.404375] audit: type=1804 audit(1588638841.194:193): pid=25838 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1342/bus" dev="sda1" ino=17504 res=1 [ 2639.428461] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2639.454361] Process accounting resumed [ 2639.462195] audit: type=1804 audit(1588638841.304:194): pid=25848 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1312/file0" dev="sda1" ino=17501 res=1 [ 2639.499580] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:01 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:01 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xaa) 00:34:01 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:01 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:01 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601006c6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2639.834764] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2639.848482] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2639.858531] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2639.869207] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2639.870941] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:01 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:01 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x154) [ 2639.997358] Process accounting resumed 00:34:04 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xf0ffffff7f0000) 00:34:04 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100746c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:04 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040), 0x0, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:04 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x1a9) 00:34:04 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x0, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2642.308698] kauditd_printk_skb: 4 callbacks suppressed [ 2642.308710] audit: type=1800 audit(1588638844.174:199): pid=25897 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16024 res=0 [ 2642.345613] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2642.360994] audit: type=1804 audit(1588638844.234:200): pid=25898 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1345/bus" dev="sda1" ino=16146 res=1 [ 2642.411231] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2642.417763] audit: type=1804 audit(1588638844.274:201): pid=25897 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1314/file0" dev="sda1" ino=16024 res=1 [ 2642.438014] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2642.483387] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2642.507786] Process accounting resumed [ 2642.530259] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:04 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, 0x0, 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:04 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x1fe) 00:34:04 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:04 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000", 0x9, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:04 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601007a6c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2642.836376] audit: type=1800 audit(1588638844.704:202): pid=25932 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16177 res=0 [ 2642.863572] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. 00:34:04 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x253) [ 2642.878175] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:34:04 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2642.921117] audit: type=1804 audit(1588638844.764:203): pid=25932 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1315/file0" dev="sda1" ino=16177 res=1 [ 2642.953551] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2642.993050] Process accounting resumed [ 2643.003288] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2643.068704] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:07 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x100000000000000) 00:34:07 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000", 0x9, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:07 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x300) 00:34:07 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000075000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:07 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(0x0, 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2645.404261] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2645.416691] audit: type=1800 audit(1588638847.284:204): pid=25970 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16357 res=0 [ 2645.418916] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2645.451127] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2645.469088] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2645.491331] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2645.522435] audit: type=1804 audit(1588638847.394:205): pid=25980 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1316/file0" dev="sda1" ino=16357 res=1 [ 2645.572839] Process accounting resumed 00:34:07 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:07 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x3f7) 00:34:07 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xffffffff010) 00:34:07 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000", 0x9, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:07 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100000a000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2645.878200] audit: type=1800 audit(1588638847.744:206): pid=25997 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16401 res=0 [ 2645.898748] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2645.921318] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2645.923486] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. 00:34:07 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x402) 00:34:07 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xffffffff010) [ 2645.958692] audit: type=1804 audit(1588638847.784:207): pid=25995 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1349/bus" dev="sda1" ino=16393 res=1 [ 2645.963590] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2646.033674] Process accounting resumed [ 2646.091103] audit: type=1804 audit(1588638847.874:208): pid=25997 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1317/file0" dev="sda1" ino=16401 res=1 [ 2646.123033] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:10 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xe00000000000000) 00:34:10 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a00000000010000", 0xe, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:10 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x403) 00:34:10 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000025000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:10 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(0xffffffffffffffff, r2, 0x0, 0xffffffff010) [ 2648.398117] kauditd_printk_skb: 1 callbacks suppressed [ 2648.398129] audit: type=1800 audit(1588638850.264:210): pid=26022 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16329 res=0 [ 2648.438674] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2648.455777] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2648.480285] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2648.492331] audit: type=1804 audit(1588638850.364:211): pid=26033 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1351/bus" dev="sda1" ino=16609 res=1 [ 2648.505305] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2648.555818] audit: type=1804 audit(1588638850.394:212): pid=26046 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1318/file0" dev="sda1" ino=16329 res=1 [ 2648.608458] Process accounting resumed [ 2648.624016] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:10 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:10 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x404) 00:34:10 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) 00:34:10 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a00000000010000", 0xe, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:10 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100002e000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2648.913706] audit: type=1800 audit(1588638850.784:213): pid=26061 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16484 res=0 [ 2648.917907] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2648.962727] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2648.985680] audit: type=1804 audit(1588638850.824:214): pid=26065 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1352/bus" dev="sda1" ino=16498 res=1 00:34:10 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) 00:34:10 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x405) [ 2648.998853] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2649.065257] audit: type=1804 audit(1588638850.904:215): pid=26077 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1319/file0" dev="sda1" ino=16484 res=1 [ 2649.067555] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2649.108246] audit: type=1804 audit(1588638850.974:216): pid=26079 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1353/bus" dev="sda1" ino=16290 res=1 [ 2649.157534] Process accounting resumed [ 2649.157859] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:13 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x3f00000000000000) 00:34:13 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a00000000010000", 0xe, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:13 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0xffffffff010) 00:34:13 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x406) 00:34:13 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100002f000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2651.497323] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2651.503461] audit: type=1804 audit(1588638853.364:217): pid=26094 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1354/bus" dev="sda1" ino=16644 res=1 [ 2651.512085] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2651.551005] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2651.580242] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2651.592530] audit: type=1800 audit(1588638853.424:218): pid=26099 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16673 res=0 [ 2651.628566] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2651.674898] audit: type=1804 audit(1588638853.544:219): pid=26115 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1320/file0" dev="sda1" ino=16673 res=1 [ 2651.747480] Process accounting resumed 00:34:13 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:13 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x407) 00:34:13 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) 00:34:13 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100004c000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:13 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c9", 0x10, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2651.982396] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2651.991889] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:34:13 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) 00:34:13 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x408) [ 2652.038489] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2652.093346] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2652.107773] Process accounting resumed [ 2652.120837] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:16 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e601000075000000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:16 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x8000000000000000) 00:34:16 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c9", 0x10, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:16 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x409) 00:34:16 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x0) [ 2654.597630] kauditd_printk_skb: 4 callbacks suppressed [ 2654.597643] audit: type=1800 audit(1588638856.464:224): pid=26153 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16898 res=0 [ 2654.624967] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2654.639610] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2654.643316] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2654.664254] audit: type=1804 audit(1588638856.534:225): pid=26159 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1357/bus" dev="sda1" ino=16947 res=1 [ 2654.686338] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2654.717813] audit: type=1804 audit(1588638856.584:226): pid=26153 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1322/file0" dev="sda1" ino=16898 res=1 [ 2654.726184] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2654.784664] Process accounting resumed 00:34:16 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:16 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x40a) 00:34:16 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c9", 0x10, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:16 executing program 0: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:16 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000340000000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:16 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x40d) [ 2655.002686] audit: type=1800 audit(1588638856.874:227): pid=26190 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16803 res=0 [ 2655.025403] EXT4-fs (loop4): fragment/cluster size (2048) != block size (1024) [ 2655.032345] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. 00:34:16 executing program 0: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x2) 00:34:17 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000001770000000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2655.096248] audit: type=1800 audit(1588638856.924:228): pid=26191 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16868 res=0 [ 2655.127892] audit: type=1804 audit(1588638856.994:229): pid=26205 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1323/file0" dev="sda1" ino=16803 res=1 [ 2655.207879] Process accounting resumed [ 2655.234932] EXT4-fs (loop4): fragment/cluster size (2048) != block size (1024) 00:34:19 executing program 0: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000000000000340000000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:19 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xfeffffff00000000) 00:34:19 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f", 0x11, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:19 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x40f) [ 2657.604255] audit: type=1800 audit(1588638859.474:230): pid=26226 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16834 res=0 [ 2657.635014] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2657.701439] audit: type=1804 audit(1588638859.574:231): pid=26226 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1324/file0" dev="sda1" ino=16834 res=1 [ 2657.752140] Process accounting resumed 00:34:19 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:19 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c020000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:19 executing program 0: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:19 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x410) 00:34:19 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f", 0x11, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:19 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x448) [ 2658.017209] audit: type=1800 audit(1588638859.884:232): pid=26251 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=17025 res=0 [ 2658.062659] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2658.071479] audit: type=1800 audit(1588638859.924:233): pid=26252 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17122 res=0 00:34:20 executing program 0: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2658.131003] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2658.142377] Process accounting resumed [ 2658.166722] Process accounting resumed 00:34:20 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x44c) 00:34:20 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f", 0x11, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2658.172773] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2658.207438] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2658.265261] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2658.276380] Process accounting resumed [ 2658.329575] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2658.423967] Process accounting resumed 00:34:22 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xffefffffff7f0000) 00:34:22 executing program 0: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540", 0x30d, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:22 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c030000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2660.657121] kauditd_printk_skb: 6 callbacks suppressed [ 2660.657133] audit: type=1800 audit(1588638862.524:240): pid=26292 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=16346 res=0 [ 2660.697736] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2660.723519] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2660.724345] Process accounting resumed [ 2660.741795] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2660.747243] audit: type=1804 audit(1588638862.554:241): pid=26292 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1363/file0" dev="sda1" ino=16346 res=1 [ 2660.777109] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:22 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:22 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x44e) 00:34:22 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:22 executing program 0 (fault-call:7 fault-nth:0): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:22 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c040000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2661.060728] audit: type=1800 audit(1588638862.934:242): pid=26314 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17105 res=0 [ 2661.087674] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2661.099275] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2661.108716] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2661.117214] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2661.120897] FAULT_INJECTION: forcing a failure. [ 2661.120897] name failslab, interval 1, probability 0, space 0, times 0 [ 2661.126582] audit: type=1804 audit(1588638862.994:243): pid=26315 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1364/bus" dev="sda1" ino=17128 res=1 [ 2661.147183] CPU: 1 PID: 26315 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2661.169313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2661.174701] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2661.178700] Call Trace: [ 2661.189477] dump_stack+0x188/0x20d [ 2661.193117] should_fail.cold+0xa/0x1b [ 2661.197043] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2661.202181] __should_failslab+0x115/0x180 [ 2661.206446] should_failslab+0x5/0xf [ 2661.210181] kmem_cache_alloc_trace+0x2c6/0x7a0 [ 2661.214870] ? inode_has_perm.isra.0+0x175/0x210 [ 2661.219663] ? file_has_perm+0x23f/0x330 [ 2661.223728] alloc_pipe_info+0xb8/0x410 [ 2661.227727] splice_direct_to_actor+0x6df/0x8d0 [ 2661.232586] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2661.237449] ? selinux_file_permission+0x87/0x520 [ 2661.242289] ? do_splice_to+0x160/0x160 [ 2661.246271] ? security_file_permission+0x84/0x220 [ 2661.251313] do_splice_direct+0x1a8/0x270 [ 2661.255557] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2661.260659] ? security_file_permission+0x84/0x220 [ 2661.265605] do_sendfile+0x549/0xc10 [ 2661.269367] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2661.273949] ? wait_for_completion+0x3c0/0x3c0 [ 2661.278527] ? vfs_write+0x15b/0x550 [ 2661.282237] __x64_sys_sendfile64+0x1cc/0x210 [ 2661.286847] ? __ia32_sys_sendfile+0x220/0x220 [ 2661.291556] ? __ia32_sys_clock_settime+0x260/0x260 [ 2661.296578] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2661.301398] ? trace_hardirqs_off_caller+0x55/0x210 [ 2661.306429] ? do_syscall_64+0x21/0x620 [ 2661.310412] do_syscall_64+0xf9/0x620 [ 2661.314208] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2661.319401] RIP: 0033:0x45c829 [ 2661.322632] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2661.341557] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2661.349289] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2661.356650] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2661.364037] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2661.371393] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2661.378678] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:23 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x468) [ 2661.398646] audit: type=1804 audit(1588638863.264:244): pid=26328 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1327/file0" dev="sda1" ino=17105 res=1 00:34:23 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2661.461340] Process accounting resumed 00:34:23 executing program 0 (fault-call:7 fault-nth:1): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:23 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c050000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2661.559914] audit: type=1800 audit(1588638863.434:245): pid=26339 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17010 res=0 [ 2661.604235] audit: type=1804 audit(1588638863.474:246): pid=26340 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1365/bus" dev="sda1" ino=16317 res=1 [ 2661.625275] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2661.646570] FAULT_INJECTION: forcing a failure. [ 2661.646570] name failslab, interval 1, probability 0, space 0, times 0 [ 2661.665491] CPU: 1 PID: 26340 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2661.673412] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2661.682772] Call Trace: [ 2661.685373] dump_stack+0x188/0x20d [ 2661.689024] should_fail.cold+0xa/0x1b [ 2661.692923] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2661.698045] __should_failslab+0x115/0x180 [ 2661.702285] should_failslab+0x5/0xf [ 2661.706001] __kmalloc+0x2d3/0x770 [ 2661.709564] ? kmem_cache_alloc_trace+0x342/0x7a0 [ 2661.714411] ? alloc_pipe_info+0x18e/0x410 [ 2661.718654] ? file_has_perm+0x23f/0x330 [ 2661.722723] alloc_pipe_info+0x18e/0x410 [ 2661.726798] splice_direct_to_actor+0x6df/0x8d0 [ 2661.731475] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2661.736354] ? selinux_file_permission+0x87/0x520 [ 2661.741227] ? do_splice_to+0x160/0x160 [ 2661.745225] ? security_file_permission+0x84/0x220 [ 2661.750168] do_splice_direct+0x1a8/0x270 [ 2661.754328] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2661.759188] ? security_file_permission+0x84/0x220 [ 2661.764137] do_sendfile+0x549/0xc10 [ 2661.767866] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2661.772461] ? wait_for_completion+0x3c0/0x3c0 [ 2661.777057] ? vfs_write+0x15b/0x550 [ 2661.780784] __x64_sys_sendfile64+0x1cc/0x210 [ 2661.785303] ? __ia32_sys_sendfile+0x220/0x220 [ 2661.789889] ? __ia32_sys_clock_settime+0x260/0x260 [ 2661.794929] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2661.799697] ? trace_hardirqs_off_caller+0x55/0x210 [ 2661.804731] ? do_syscall_64+0x21/0x620 [ 2661.808722] do_syscall_64+0xf9/0x620 [ 2661.812565] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2661.817773] RIP: 0033:0x45c829 [ 2661.820980] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2661.840854] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2661.848583] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2661.855882] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2661.863164] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2661.870445] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2661.877732] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 [ 2661.900281] audit: type=1804 audit(1588638863.774:247): pid=26347 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1328/file0" dev="sda1" ino=17010 res=1 [ 2661.948043] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2661.959602] Process accounting resumed [ 2661.978080] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2661.988534] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2662.010044] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:25 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:25 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x46c) 00:34:25 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0xffffffff00000000) [ 2663.685726] audit: type=1800 audit(1588638865.554:248): pid=26359 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16349 res=0 [ 2663.697591] VFS: Can't find a Minix filesystem V1 | V2 | V3 on device loop1. [ 2663.779946] audit: type=1804 audit(1588638865.654:249): pid=26359 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1329/file0" dev="sda1" ino=16349 res=1 [ 2663.797056] Process accounting resumed 00:34:25 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000480)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:25 executing program 0 (fault-call:7 fault-nth:2): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:25 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c060000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:25 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x474) 00:34:25 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2664.120073] FAULT_INJECTION: forcing a failure. [ 2664.120073] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2664.132395] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2664.150045] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2664.159578] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:34:26 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x47a) [ 2664.168753] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2664.191495] CPU: 1 PID: 26384 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2664.199442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2664.208805] Call Trace: [ 2664.211427] dump_stack+0x188/0x20d [ 2664.215099] should_fail.cold+0xa/0x1b [ 2664.219010] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2664.224152] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2664.228847] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2664.233889] ? find_held_lock+0x2d/0x110 [ 2664.237969] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2664.243102] alloc_pages_current+0xff/0x200 [ 2664.247441] __page_cache_alloc+0x2ba/0x450 [ 2664.251814] __do_page_cache_readahead+0x1ac/0x6b0 [ 2664.256767] ? read_pages+0x610/0x610 [ 2664.260589] ? check_preemption_disabled+0x41/0x280 [ 2664.265626] ondemand_readahead+0x54d/0xcf0 [ 2664.269972] page_cache_sync_readahead+0x27b/0x520 [ 2664.274922] generic_file_read_iter+0x185b/0x2900 [ 2664.279784] ? kasan_kmalloc+0xbf/0xe0 [ 2664.283691] ? splice_direct_to_actor+0x6df/0x8d0 [ 2664.288546] ? do_splice_direct+0x1a8/0x270 [ 2664.292889] ? filemap_range_has_page+0x360/0x360 [ 2664.297745] ? mark_held_locks+0xf0/0xf0 [ 2664.301821] ? check_preemption_disabled+0x41/0x280 [ 2664.306863] ? avc_has_perm+0x384/0x5b0 [ 2664.310888] ext4_file_read_iter+0x17b/0x3a0 [ 2664.315316] generic_file_splice_read+0x3fa/0x6d0 [ 2664.320187] ? add_to_pipe+0x360/0x360 [ 2664.324112] ? security_file_permission+0x84/0x220 [ 2664.327843] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2664.329054] ? add_to_pipe+0x360/0x360 [ 2664.329076] do_splice_to+0x10e/0x160 [ 2664.329095] splice_direct_to_actor+0x2b9/0x8d0 [ 2664.329114] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2664.329131] ? do_splice_to+0x160/0x160 [ 2664.329150] do_splice_direct+0x1a8/0x270 [ 2664.362638] ? splice_direct_to_actor+0x8d0/0x8d0 00:34:26 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x487) [ 2664.367504] ? security_file_permission+0x84/0x220 [ 2664.372457] do_sendfile+0x549/0xc10 [ 2664.376200] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2664.380807] ? wait_for_completion+0x3c0/0x3c0 [ 2664.385408] ? vfs_write+0x15b/0x550 [ 2664.389145] __x64_sys_sendfile64+0x1cc/0x210 [ 2664.393677] ? __ia32_sys_sendfile+0x220/0x220 [ 2664.398274] ? __ia32_sys_clock_settime+0x260/0x260 [ 2664.403332] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2664.408108] ? trace_hardirqs_off_caller+0x55/0x210 [ 2664.413142] ? do_syscall_64+0x21/0x620 [ 2664.417134] do_syscall_64+0xf9/0x620 [ 2664.420975] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2664.426179] RIP: 0033:0x45c829 [ 2664.429383] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2664.448305] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2664.456035] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2664.463404] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2664.470689] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2664.477980] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2664.485265] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:26 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c070000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:26 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x4a1) 00:34:26 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2664.681626] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2664.733109] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2664.759989] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2664.773940] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2664.784841] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:28 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e22, 0x800, @remote, 0x3}, 0x1c) ptrace$setregs(0xf, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:28 executing program 0 (fault-call:7 fault-nth:3): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2666.766707] kauditd_printk_skb: 3 callbacks suppressed [ 2666.766722] audit: type=1804 audit(1588638868.634:253): pid=26430 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1367/bus" dev="sda1" ino=17136 res=1 [ 2666.767046] FAULT_INJECTION: forcing a failure. [ 2666.767046] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2666.808730] CPU: 0 PID: 26430 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2666.816639] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2666.826005] Call Trace: [ 2666.828623] dump_stack+0x188/0x20d [ 2666.832281] should_fail.cold+0xa/0x1b [ 2666.836293] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2666.841423] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2666.846123] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2666.851165] ? find_held_lock+0x2d/0x110 [ 2666.855252] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2666.860494] alloc_pages_current+0xff/0x200 [ 2666.865145] __page_cache_alloc+0x2ba/0x450 [ 2666.869494] __do_page_cache_readahead+0x1ac/0x6b0 [ 2666.874449] ? read_pages+0x610/0x610 [ 2666.878273] ? check_preemption_disabled+0x41/0x280 [ 2666.883330] ondemand_readahead+0x54d/0xcf0 [ 2666.887677] page_cache_sync_readahead+0x27b/0x520 [ 2666.892606] generic_file_read_iter+0x185b/0x2900 [ 2666.897446] ? kasan_kmalloc+0xbf/0xe0 [ 2666.901336] ? splice_direct_to_actor+0x6df/0x8d0 [ 2666.906179] ? do_splice_direct+0x1a8/0x270 [ 2666.910535] ? filemap_range_has_page+0x360/0x360 [ 2666.915448] ? mark_held_locks+0xf0/0xf0 [ 2666.919657] ? check_preemption_disabled+0x41/0x280 [ 2666.924685] ? avc_has_perm+0x384/0x5b0 [ 2666.928713] ext4_file_read_iter+0x17b/0x3a0 [ 2666.933141] generic_file_splice_read+0x3fa/0x6d0 [ 2666.937978] ? add_to_pipe+0x360/0x360 [ 2666.941885] ? security_file_permission+0x84/0x220 [ 2666.946825] ? add_to_pipe+0x360/0x360 [ 2666.950728] do_splice_to+0x10e/0x160 [ 2666.954542] splice_direct_to_actor+0x2b9/0x8d0 [ 2666.959341] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2666.964202] ? do_splice_to+0x160/0x160 [ 2666.968181] do_splice_direct+0x1a8/0x270 [ 2666.972333] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2666.977193] ? security_file_permission+0x84/0x220 [ 2666.982144] do_sendfile+0x549/0xc10 [ 2666.985872] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2666.990465] ? wait_for_completion+0x3c0/0x3c0 [ 2666.995142] ? vfs_write+0x15b/0x550 [ 2666.998854] __x64_sys_sendfile64+0x1cc/0x210 [ 2667.003348] ? __ia32_sys_sendfile+0x220/0x220 [ 2667.007922] ? __ia32_sys_clock_settime+0x260/0x260 [ 2667.012987] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2667.017740] ? trace_hardirqs_off_caller+0x55/0x210 [ 2667.022769] ? do_syscall_64+0x21/0x620 [ 2667.026743] do_syscall_64+0xf9/0x620 [ 2667.030562] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2667.035768] RIP: 0033:0x45c829 [ 2667.039393] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2667.058305] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 00:34:29 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x4c0) 00:34:29 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(0x0) umount2(&(0x7f0000000500)='./file0\x00', 0x0) 00:34:29 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000480)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:29 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c080000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2667.066008] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2667.073290] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2667.080584] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2667.087863] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2667.095132] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:29 executing program 0 (fault-call:7 fault-nth:4): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2667.193909] audit: type=1800 audit(1588638869.064:254): pid=26442 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17409 res=0 [ 2667.214382] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2667.233233] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2667.259680] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2667.284266] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:34:29 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x500) 00:34:29 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(0x0, 0x0) [ 2667.334369] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2667.349624] audit: type=1804 audit(1588638869.214:255): pid=26456 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1368/bus" dev="sda1" ino=17136 res=1 [ 2667.392648] FAULT_INJECTION: forcing a failure. [ 2667.392648] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2667.423676] CPU: 0 PID: 26456 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2667.431619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2667.440994] Call Trace: [ 2667.443623] dump_stack+0x188/0x20d [ 2667.447284] should_fail.cold+0xa/0x1b [ 2667.451201] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2667.456349] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2667.461046] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2667.466087] ? find_held_lock+0x2d/0x110 [ 2667.470173] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2667.475308] alloc_pages_current+0xff/0x200 [ 2667.479662] __page_cache_alloc+0x2ba/0x450 [ 2667.484018] __do_page_cache_readahead+0x1ac/0x6b0 [ 2667.488980] ? read_pages+0x610/0x610 [ 2667.492808] ? check_preemption_disabled+0x41/0x280 [ 2667.497941] ondemand_readahead+0x54d/0xcf0 [ 2667.502290] page_cache_sync_readahead+0x27b/0x520 [ 2667.507247] generic_file_read_iter+0x185b/0x2900 [ 2667.512117] ? kasan_kmalloc+0xbf/0xe0 [ 2667.516028] ? splice_direct_to_actor+0x6df/0x8d0 [ 2667.520889] ? do_splice_direct+0x1a8/0x270 [ 2667.525244] ? filemap_range_has_page+0x360/0x360 [ 2667.530112] ? mark_held_locks+0xf0/0xf0 [ 2667.534202] ? check_preemption_disabled+0x41/0x280 [ 2667.539258] ? avc_has_perm+0x384/0x5b0 [ 2667.543274] ext4_file_read_iter+0x17b/0x3a0 [ 2667.547716] generic_file_splice_read+0x3fa/0x6d0 [ 2667.552625] ? add_to_pipe+0x360/0x360 [ 2667.556363] audit: type=1800 audit(1588638869.424:256): pid=26465 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17377 res=0 [ 2667.556632] ? security_file_permission+0x84/0x220 [ 2667.556651] ? add_to_pipe+0x360/0x360 [ 2667.556665] do_splice_to+0x10e/0x160 [ 2667.556683] splice_direct_to_actor+0x2b9/0x8d0 [ 2667.593731] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2667.598596] ? do_splice_to+0x160/0x160 [ 2667.602601] do_splice_direct+0x1a8/0x270 [ 2667.606783] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2667.611660] ? security_file_permission+0x84/0x220 [ 2667.616623] do_sendfile+0x549/0xc10 [ 2667.620363] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2667.624963] ? wait_for_completion+0x3c0/0x3c0 [ 2667.629573] ? vfs_write+0x15b/0x550 [ 2667.633342] __x64_sys_sendfile64+0x1cc/0x210 [ 2667.637860] ? __ia32_sys_sendfile+0x220/0x220 [ 2667.642461] ? __ia32_sys_clock_settime+0x260/0x260 [ 2667.647518] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2667.652471] ? trace_hardirqs_off_caller+0x55/0x210 [ 2667.656089] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2667.657512] ? do_syscall_64+0x21/0x620 [ 2667.657532] do_syscall_64+0xf9/0x620 [ 2667.657552] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2667.657569] RIP: 0033:0x45c829 [ 2667.681378] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2667.700471] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2667.708200] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2667.715499] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2667.722795] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2667.730109] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 00:34:29 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x600) 00:34:29 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c090000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2667.737401] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:29 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(0x0, 0x0) [ 2667.794826] Process accounting resumed [ 2667.877089] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2667.898255] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2667.920715] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2667.937510] audit: type=1800 audit(1588638869.804:257): pid=26488 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17190 res=0 [ 2667.969847] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2667.980586] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2668.065367] Process accounting resumed 00:34:31 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x900) 00:34:31 executing program 0 (fault-call:7 fault-nth:5): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:31 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0a0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:31 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0xb) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x1) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2669.805311] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2669.833678] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2669.853776] audit: type=1804 audit(1588638871.724:258): pid=26509 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1369/bus" dev="sda1" ino=17514 res=1 [ 2669.854380] FAULT_INJECTION: forcing a failure. [ 2669.854380] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2669.884438] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2669.909282] CPU: 1 PID: 26509 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2669.917221] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2669.926600] Call Trace: [ 2669.929215] dump_stack+0x188/0x20d [ 2669.932895] should_fail.cold+0xa/0x1b [ 2669.936802] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2669.941940] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2669.946662] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2669.951711] ? find_held_lock+0x2d/0x110 [ 2669.955842] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2669.961076] alloc_pages_current+0xff/0x200 [ 2669.965454] __page_cache_alloc+0x2ba/0x450 [ 2669.969824] __do_page_cache_readahead+0x1ac/0x6b0 [ 2669.974787] ? read_pages+0x610/0x610 [ 2669.978606] ? check_preemption_disabled+0x41/0x280 [ 2669.983648] ondemand_readahead+0x54d/0xcf0 [ 2669.988033] page_cache_sync_readahead+0x27b/0x520 [ 2669.992989] generic_file_read_iter+0x185b/0x2900 [ 2669.998098] ? kasan_kmalloc+0xbf/0xe0 [ 2670.001996] ? splice_direct_to_actor+0x6df/0x8d0 [ 2670.006965] ? do_splice_direct+0x1a8/0x270 [ 2670.011305] ? filemap_range_has_page+0x360/0x360 [ 2670.016158] ? mark_held_locks+0xf0/0xf0 [ 2670.020225] ? check_preemption_disabled+0x41/0x280 [ 2670.025393] ? avc_has_perm+0x384/0x5b0 [ 2670.029408] ext4_file_read_iter+0x17b/0x3a0 [ 2670.033826] generic_file_splice_read+0x3fa/0x6d0 [ 2670.038765] ? add_to_pipe+0x360/0x360 [ 2670.042669] ? security_file_permission+0x84/0x220 [ 2670.047619] ? add_to_pipe+0x360/0x360 [ 2670.051557] do_splice_to+0x10e/0x160 [ 2670.055384] splice_direct_to_actor+0x2b9/0x8d0 [ 2670.060091] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2670.064944] ? do_splice_to+0x160/0x160 [ 2670.068935] do_splice_direct+0x1a8/0x270 [ 2670.073090] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2670.077986] ? security_file_permission+0x84/0x220 [ 2670.082980] do_sendfile+0x549/0xc10 [ 2670.086716] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2670.091323] ? wait_for_completion+0x3c0/0x3c0 [ 2670.096044] ? vfs_write+0x15b/0x550 [ 2670.099766] __x64_sys_sendfile64+0x1cc/0x210 [ 2670.104273] ? __ia32_sys_sendfile+0x220/0x220 [ 2670.108856] ? __ia32_sys_clock_settime+0x260/0x260 [ 2670.113894] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2670.118685] ? trace_hardirqs_off_caller+0x55/0x210 [ 2670.123744] ? do_syscall_64+0x21/0x620 [ 2670.127857] do_syscall_64+0xf9/0x620 [ 2670.131675] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2670.136889] RIP: 0033:0x45c829 [ 2670.140085] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2670.159001] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2670.166714] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2670.173999] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2670.181322] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2670.188621] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2670.195887] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:32 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, &(0x7f0000000480)}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:32 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(0x0, 0x0) 00:34:32 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xa00) [ 2670.210264] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:32 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c0c0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:32 executing program 0 (fault-call:7 fault-nth:6): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2670.313960] audit: type=1800 audit(1588638872.184:259): pid=26526 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16367 res=0 00:34:32 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xe00) [ 2670.364282] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2670.465903] Process accounting resumed [ 2670.479020] audit: type=1804 audit(1588638872.344:260): pid=26540 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1370/bus" dev="sda1" ino=17512 res=1 [ 2670.508537] FAULT_INJECTION: forcing a failure. [ 2670.508537] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2670.533220] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2670.549218] CPU: 0 PID: 26540 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2670.557156] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2670.566562] Call Trace: [ 2670.569187] dump_stack+0x188/0x20d [ 2670.572845] should_fail.cold+0xa/0x1b [ 2670.576612] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2670.576951] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2670.576979] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2670.576998] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2670.592495] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2670.595843] ? find_held_lock+0x2d/0x110 00:34:32 executing program 1 (fault-call:3 fault-nth:0): open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2670.595860] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2670.595881] alloc_pages_current+0xff/0x200 [ 2670.614815] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2670.619007] __page_cache_alloc+0x2ba/0x450 [ 2670.619028] __do_page_cache_readahead+0x1ac/0x6b0 [ 2670.619046] ? read_pages+0x610/0x610 [ 2670.644603] ? check_preemption_disabled+0x41/0x280 [ 2670.649645] ondemand_readahead+0x54d/0xcf0 [ 2670.653994] page_cache_sync_readahead+0x27b/0x520 [ 2670.658946] generic_file_read_iter+0x185b/0x2900 [ 2670.663842] ? kasan_kmalloc+0xbf/0xe0 [ 2670.667754] ? splice_direct_to_actor+0x6df/0x8d0 [ 2670.672589] ? do_splice_direct+0x1a8/0x270 [ 2670.676917] ? filemap_range_has_page+0x360/0x360 [ 2670.681756] ? mark_held_locks+0xf0/0xf0 [ 2670.685811] ? check_preemption_disabled+0x41/0x280 [ 2670.690821] ? avc_has_perm+0x384/0x5b0 [ 2670.694793] ext4_file_read_iter+0x17b/0x3a0 [ 2670.699230] generic_file_splice_read+0x3fa/0x6d0 [ 2670.704085] ? add_to_pipe+0x360/0x360 [ 2670.708352] ? security_file_permission+0x84/0x220 [ 2670.713270] ? add_to_pipe+0x360/0x360 [ 2670.717265] do_splice_to+0x10e/0x160 [ 2670.721064] splice_direct_to_actor+0x2b9/0x8d0 [ 2670.725746] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2670.730600] ? do_splice_to+0x160/0x160 [ 2670.734704] do_splice_direct+0x1a8/0x270 [ 2670.738861] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2670.743760] ? security_file_permission+0x84/0x220 [ 2670.748744] do_sendfile+0x549/0xc10 [ 2670.752458] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2670.757037] ? wait_for_completion+0x3c0/0x3c0 [ 2670.761625] ? vfs_write+0x15b/0x550 [ 2670.765342] __x64_sys_sendfile64+0x1cc/0x210 [ 2670.769842] ? __ia32_sys_sendfile+0x220/0x220 [ 2670.774445] ? __ia32_sys_clock_settime+0x260/0x260 [ 2670.779512] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2670.784281] ? trace_hardirqs_off_caller+0x55/0x210 [ 2670.789429] ? do_syscall_64+0x21/0x620 [ 2670.793449] do_syscall_64+0xf9/0x620 [ 2670.797264] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2670.802452] RIP: 0033:0x45c829 [ 2670.805651] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2670.824637] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2670.832346] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2670.839623] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2670.846963] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2670.854240] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 00:34:32 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xf00) [ 2670.861568] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 00:34:32 executing program 0 (fault-call:7 fault-nth:7): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:32 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c220000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2671.025365] audit: type=1804 audit(1588638872.894:261): pid=26554 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1371/bus" dev="sda1" ino=17441 res=1 [ 2671.026176] FAULT_INJECTION: forcing a failure. [ 2671.026176] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2671.075927] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2671.089023] CPU: 0 PID: 26554 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2671.091906] audit: type=1800 audit(1588638872.924:262): pid=26556 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17473 res=0 [ 2671.096941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 00:34:33 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x1200) [ 2671.096947] Call Trace: [ 2671.096971] dump_stack+0x188/0x20d [ 2671.096993] should_fail.cold+0xa/0x1b [ 2671.136480] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2671.141613] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2671.146304] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2671.151345] ? find_held_lock+0x2d/0x110 [ 2671.155423] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2671.160545] alloc_pages_current+0xff/0x200 [ 2671.162995] FAULT_INJECTION: forcing a failure. [ 2671.162995] name failslab, interval 1, probability 0, space 0, times 0 [ 2671.164887] __page_cache_alloc+0x2ba/0x450 [ 2671.164918] __do_page_cache_readahead+0x1ac/0x6b0 [ 2671.185384] ? read_pages+0x610/0x610 [ 2671.189206] ? check_preemption_disabled+0x41/0x280 [ 2671.194363] ondemand_readahead+0x54d/0xcf0 [ 2671.198714] page_cache_sync_readahead+0x27b/0x520 [ 2671.203674] generic_file_read_iter+0x185b/0x2900 [ 2671.208537] ? kasan_kmalloc+0xbf/0xe0 [ 2671.212433] ? splice_direct_to_actor+0x6df/0x8d0 [ 2671.217285] ? do_splice_direct+0x1a8/0x270 [ 2671.221637] ? filemap_range_has_page+0x360/0x360 [ 2671.226669] ? mark_held_locks+0xf0/0xf0 [ 2671.230749] ? check_preemption_disabled+0x41/0x280 [ 2671.235789] ? avc_has_perm+0x384/0x5b0 [ 2671.239783] ext4_file_read_iter+0x17b/0x3a0 [ 2671.244205] generic_file_splice_read+0x3fa/0x6d0 [ 2671.249059] ? add_to_pipe+0x360/0x360 [ 2671.252968] ? security_file_permission+0x84/0x220 [ 2671.257923] ? add_to_pipe+0x360/0x360 [ 2671.261824] do_splice_to+0x10e/0x160 [ 2671.265636] splice_direct_to_actor+0x2b9/0x8d0 [ 2671.270314] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2671.275173] ? do_splice_to+0x160/0x160 [ 2671.279169] do_splice_direct+0x1a8/0x270 [ 2671.283328] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2671.288195] ? security_file_permission+0x84/0x220 [ 2671.293141] do_sendfile+0x549/0xc10 [ 2671.296877] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2671.301468] ? wait_for_completion+0x3c0/0x3c0 [ 2671.306060] ? vfs_write+0x15b/0x550 [ 2671.309787] __x64_sys_sendfile64+0x1cc/0x210 [ 2671.314299] ? __ia32_sys_sendfile+0x220/0x220 [ 2671.318889] ? __ia32_sys_clock_settime+0x260/0x260 [ 2671.323919] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2671.328690] ? trace_hardirqs_off_caller+0x55/0x210 [ 2671.333721] ? do_syscall_64+0x21/0x620 [ 2671.337717] do_syscall_64+0xf9/0x620 [ 2671.341542] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2671.346751] RIP: 0033:0x45c829 [ 2671.349954] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2671.368867] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2671.376588] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2671.383865] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2671.391230] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2671.398520] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2671.405807] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 [ 2671.413123] CPU: 1 PID: 26562 Comm: syz-executor.1 Not tainted 4.19.120-syzkaller #0 [ 2671.421054] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2671.430434] Call Trace: [ 2671.433049] dump_stack+0x188/0x20d [ 2671.436716] should_fail.cold+0xa/0x1b [ 2671.440635] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2671.445778] __should_failslab+0x115/0x180 [ 2671.450039] should_failslab+0x5/0xf [ 2671.453771] kmem_cache_alloc+0x29f/0x710 [ 2671.457939] ? lock_downgrade+0x740/0x740 [ 2671.462124] ? vfs_write+0x2e6/0x550 [ 2671.465883] ? cap_capable+0x1eb/0x250 [ 2671.469793] getname_flags+0xd2/0x5b0 [ 2671.473603] ? security_capable+0x8e/0xc0 [ 2671.477780] user_path_mountpoint_at+0x23/0x40 [ 2671.482389] ksys_umount+0x14c/0xd90 [ 2671.486236] ? vfs_write+0x15b/0x550 [ 2671.489971] ? __detach_mounts+0x320/0x320 [ 2671.494225] ? ksys_write+0x1c8/0x2a0 [ 2671.498041] ? __ia32_sys_read+0xb0/0xb0 [ 2671.502120] ? __ia32_sys_clock_settime+0x260/0x260 [ 2671.507265] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2671.512040] ? trace_hardirqs_off_caller+0x55/0x210 [ 2671.517064] __x64_sys_umount+0x50/0x70 [ 2671.521037] do_syscall_64+0xf9/0x620 [ 2671.524839] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2671.530049] RIP: 0033:0x45c829 [ 2671.533256] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2671.552171] RSP: 002b:00007fadf18a4c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2671.559903] RAX: ffffffffffffffda RBX: 0000000000509dc0 RCX: 000000000045c829 [ 2671.567192] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000500 [ 2671.574485] RBP: 000000000078bfa0 R08: 0000000000000000 R09: 0000000000000000 [ 2671.581754] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000006 [ 2671.589022] R13: 0000000000000c48 R14: 00000000004ce78c R15: 00007fadf18a56d4 [ 2671.683849] Process accounting resumed [ 2671.725730] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2671.736611] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2671.772178] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2671.793909] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:34 executing program 1 (fault-call:3 fault-nth:1): open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2672.862858] audit: type=1800 audit(1588638874.734:263): pid=26583 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17518 res=0 [ 2672.897269] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2672.911615] FAULT_INJECTION: forcing a failure. [ 2672.911615] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2672.923573] CPU: 1 PID: 26583 Comm: syz-executor.1 Not tainted 4.19.120-syzkaller #0 [ 2672.931483] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2672.941429] Call Trace: [ 2672.944331] dump_stack+0x188/0x20d [ 2672.948033] should_fail.cold+0xa/0x1b [ 2672.952435] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2672.957712] ? mark_held_locks+0xf0/0xf0 [ 2672.961793] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2672.966603] ? avc_has_extended_perms+0x1030/0x1030 [ 2672.972035] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2672.977081] ? fs_reclaim_acquire+0x10/0x10 [ 2672.981418] ? should_fail+0x142/0x7bc [ 2672.985408] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2672.990883] cache_grow_begin+0x8e/0x8a0 [ 2672.995199] kmem_cache_alloc+0x648/0x710 [ 2672.999481] ? vfs_write+0x2e6/0x550 [ 2673.003204] ? cap_capable+0x1eb/0x250 [ 2673.007101] getname_flags+0xd2/0x5b0 [ 2673.010974] ? security_capable+0x8e/0xc0 [ 2673.015403] user_path_mountpoint_at+0x23/0x40 [ 2673.020143] ksys_umount+0x14c/0xd90 [ 2673.023879] ? vfs_write+0x15b/0x550 [ 2673.028075] ? __detach_mounts+0x320/0x320 [ 2673.032373] ? ksys_write+0x1c8/0x2a0 [ 2673.036225] ? __ia32_sys_read+0xb0/0xb0 [ 2673.040295] ? __ia32_sys_clock_settime+0x260/0x260 [ 2673.045410] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2673.050590] ? trace_hardirqs_off_caller+0x55/0x210 [ 2673.055797] __x64_sys_umount+0x50/0x70 [ 2673.059827] do_syscall_64+0xf9/0x620 [ 2673.063868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2673.069867] RIP: 0033:0x45c829 [ 2673.073201] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2673.093324] RSP: 002b:00007fadf18c5c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2673.101175] RAX: ffffffffffffffda RBX: 0000000000509dc0 RCX: 000000000045c829 [ 2673.108500] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000500 [ 2673.115779] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2673.123087] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2673.130476] R13: 0000000000000c48 R14: 00000000004ce78c R15: 00007fadf18c66d4 [ 2673.200332] Process accounting resumed 00:34:35 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x72, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:35 executing program 0 (fault-call:7 fault-nth:8): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:35 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x2000) 00:34:35 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c230000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:35 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) sendto$inet(0xffffffffffffffff, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) r0 = gettid() ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000080)=r0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r1, &(0x7f0000000140), 0xffffffffffffff58, 0x20008005, &(0x7f0000000100)={0x2, 0x4e20}, 0x10) pipe(&(0x7f0000000000)) ioctl$sock_FIOSETOWN(0xffffffffffffffff, 0x8901, &(0x7f0000000080)) shmctl$IPC_SET(0x0, 0x1, &(0x7f0000000140)={{0x3, 0x0, 0x0, 0x0, 0x0, 0x80, 0x1}, 0x8, 0x101, 0x7, 0x2, r0, 0x0, 0x61}) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r2 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r2, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r2, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x8, 0x0, @time, {0x2}, {}, @raw32={[0x8, 0x0, 0x1]}}], 0x1c) ptrace$setregs(0xd, r2, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r2, 0x0, 0x0) 00:34:35 executing program 1 (fault-call:3 fault-nth:2): open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2673.395688] audit: type=1800 audit(1588638875.264:264): pid=26600 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17529 res=0 [ 2673.430177] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2673.431275] FAULT_INJECTION: forcing a failure. [ 2673.431275] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2673.443764] audit: type=1804 audit(1588638875.294:265): pid=26598 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1372/bus" dev="sda1" ino=17527 res=1 [ 2673.469859] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2673.481273] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2673.494847] CPU: 1 PID: 26598 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2673.503217] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2673.512822] Call Trace: [ 2673.515458] dump_stack+0x188/0x20d [ 2673.519132] should_fail.cold+0xa/0x1b [ 2673.523067] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2673.528456] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2673.533352] ? __alloc_pages_slowpath+0x26a0/0x26a0 [ 2673.538678] ? find_held_lock+0x2d/0x110 [ 2673.543243] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2673.548398] alloc_pages_current+0xff/0x200 [ 2673.552893] __page_cache_alloc+0x2ba/0x450 [ 2673.557501] __do_page_cache_readahead+0x1ac/0x6b0 [ 2673.562629] ? read_pages+0x610/0x610 [ 2673.564625] ptrace attach of "/root/syz-executor.3"[26614] was attempted by "/root/syz-executor.3"[26615] [ 2673.566459] ? check_preemption_disabled+0x41/0x280 [ 2673.566481] ondemand_readahead+0x54d/0xcf0 [ 2673.566502] page_cache_sync_readahead+0x27b/0x520 [ 2673.566520] generic_file_read_iter+0x185b/0x2900 [ 2673.596113] ? kasan_kmalloc+0xbf/0xe0 [ 2673.600221] ? splice_direct_to_actor+0x6df/0x8d0 [ 2673.604921] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2673.605197] ? do_splice_direct+0x1a8/0x270 [ 2673.605222] ? filemap_range_has_page+0x360/0x360 [ 2673.605240] ? mark_held_locks+0xf0/0xf0 [ 2673.628987] ? check_preemption_disabled+0x41/0x280 [ 2673.630754] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2673.634055] ? avc_has_perm+0x384/0x5b0 [ 2673.634080] ext4_file_read_iter+0x17b/0x3a0 [ 2673.634098] generic_file_splice_read+0x3fa/0x6d0 [ 2673.634122] ? add_to_pipe+0x360/0x360 [ 2673.660094] ? security_file_permission+0x84/0x220 [ 2673.665382] ? add_to_pipe+0x360/0x360 [ 2673.669302] do_splice_to+0x10e/0x160 [ 2673.673136] splice_direct_to_actor+0x2b9/0x8d0 [ 2673.678014] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2673.682903] ? do_splice_to+0x160/0x160 [ 2673.686922] do_splice_direct+0x1a8/0x270 [ 2673.691532] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2673.697384] ? security_file_permission+0x84/0x220 [ 2673.702502] do_sendfile+0x549/0xc10 [ 2673.706283] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2673.711196] ? wait_for_completion+0x3c0/0x3c0 [ 2673.716219] ? vfs_write+0x15b/0x550 [ 2673.720157] __x64_sys_sendfile64+0x1cc/0x210 [ 2673.725023] ? __ia32_sys_sendfile+0x220/0x220 [ 2673.729725] ? __ia32_sys_clock_settime+0x260/0x260 [ 2673.734775] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2673.739660] ? trace_hardirqs_off_caller+0x55/0x210 [ 2673.744713] ? do_syscall_64+0x21/0x620 [ 2673.748727] do_syscall_64+0xf9/0x620 [ 2673.752687] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2673.758617] RIP: 0033:0x45c829 [ 2673.760192] audit: type=1804 audit(1588638875.364:266): pid=26613 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir147527572/syzkaller.fWXSDR/1338/file0" dev="sda1" ino=17529 res=1 [ 2673.761896] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2673.761905] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2673.761919] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2673.761927] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2673.761935] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2673.761943] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 00:34:35 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x3f00) 00:34:35 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c2c0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2673.761957] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 [ 2673.885239] FAULT_INJECTION: forcing a failure. [ 2673.885239] name failslab, interval 1, probability 0, space 0, times 0 [ 2673.918896] CPU: 0 PID: 26600 Comm: syz-executor.1 Not tainted 4.19.120-syzkaller #0 [ 2673.927189] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2673.936838] Call Trace: [ 2673.939465] dump_stack+0x188/0x20d [ 2673.943124] should_fail.cold+0xa/0x1b [ 2673.947050] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2673.952445] __should_failslab+0x115/0x180 [ 2673.956979] should_failslab+0x5/0xf [ 2673.960724] kmem_cache_alloc+0x44/0x710 [ 2673.965367] ? mempool_alloc+0x340/0x340 [ 2673.969571] mempool_alloc+0x148/0x340 [ 2673.973669] ? mempool_destroy+0x30/0x30 [ 2673.978207] ? sb_mark_inode_writeback+0xc8/0x490 [ 2673.983553] ? find_held_lock+0x2d/0x110 [ 2673.987826] ? __unlock_page_memcg+0x4f/0x100 [ 2673.992755] bio_alloc_bioset+0x398/0x610 [ 2673.997056] ? bvec_alloc+0x2f0/0x2f0 [ 2674.000898] submit_bh_wbc+0x141/0x760 [ 2674.005004] __block_write_full_page+0x77a/0x10f0 [ 2674.009879] ? check_disk_change+0x130/0x130 [ 2674.014410] block_write_full_page+0x21a/0x270 [ 2674.019381] ? check_disk_change+0x130/0x130 [ 2674.023820] __writepage+0x5e/0xe0 [ 2674.027797] write_cache_pages+0x82d/0x1450 [ 2674.032325] ? tag_pages_for_writeback+0x2f0/0x2f0 [ 2674.037400] ? clear_page_dirty_for_io+0xfe0/0xfe0 [ 2674.042766] ? mark_held_locks+0xf0/0xf0 [ 2674.046948] ? __lock_acquire+0x6ee/0x49c0 [ 2674.051212] ? find_held_lock+0x2d/0x110 [ 2674.055521] ? prepare_to_wait_event+0x145/0x6e0 [ 2674.060527] generic_writepages+0xe6/0x160 [ 2674.064953] ? write_cache_pages+0x1450/0x1450 [ 2674.069581] ? blkdev_readpages+0x30/0x30 [ 2674.074423] do_writepages+0xf3/0x2a0 [ 2674.078255] ? page_writeback_cpu_online+0x10/0x10 [ 2674.083211] ? lock_acquire+0x170/0x400 [ 2674.087223] ? do_raw_spin_unlock+0x171/0x260 [ 2674.091786] ? _raw_spin_unlock+0x29/0x40 [ 2674.096409] __filemap_fdatawrite_range+0x27d/0x350 [ 2674.102738] ? delete_from_page_cache_batch+0xd00/0xd00 [ 2674.108155] ? get_nr_dirty_inodes+0xd6/0x130 [ 2674.112679] __sync_blockdev+0x91/0xd0 [ 2674.116639] sync_filesystem+0x13a/0x250 [ 2674.120906] generic_shutdown_super+0x70/0x370 [ 2674.125701] kill_block_super+0x97/0xf0 [ 2674.129793] deactivate_locked_super+0x8c/0xf0 [ 2674.134554] deactivate_super+0x18d/0x1b0 [ 2674.138741] ? mount_ns+0x1d0/0x1d0 [ 2674.142583] ? dput+0x31/0x650 [ 2674.146066] cleanup_mnt+0xb8/0x150 [ 2674.149974] task_work_run+0x13f/0x1b0 [ 2674.154055] exit_to_usermode_loop+0x25a/0x2b0 [ 2674.158806] do_syscall_64+0x538/0x620 [ 2674.162868] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2674.168168] RIP: 0033:0x45c829 [ 2674.171555] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2674.190783] RSP: 002b:00007fadf18c5c78 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2674.198518] RAX: 0000000000000000 RBX: 0000000000509dc0 RCX: 000000000045c829 [ 2674.205945] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000500 [ 2674.213292] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 [ 2674.220639] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000004 [ 2674.228225] R13: 0000000000000c48 R14: 00000000004ce78c R15: 00007fadf18c66d4 00:34:36 executing program 0 (fault-call:7 fault-nth:9): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) 00:34:36 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x4e04) [ 2674.360621] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2674.371135] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2674.390317] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2674.406889] audit: type=1804 audit(1588638876.274:267): pid=26637 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1373/bus" dev="sda1" ino=17524 res=1 [ 2674.434940] FAULT_INJECTION: forcing a failure. [ 2674.434940] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 2674.438938] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2674.469964] CPU: 0 PID: 26637 Comm: syz-executor.0 Not tainted 4.19.120-syzkaller #0 [ 2674.470049] Process accounting resumed [ 2674.478106] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2674.478114] Call Trace: [ 2674.478141] dump_stack+0x188/0x20d [ 2674.478165] should_fail.cold+0xa/0x1b [ 2674.478187] ? fault_create_debugfs_attr+0x1e0/0x1e0 [ 2674.507007] __alloc_pages_nodemask+0x1c7/0x6a0 [ 2674.511803] ? __alloc_pages_slowpath+0x26a0/0x26a0 00:34:36 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c2d0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2674.516863] ? find_held_lock+0x2d/0x110 [ 2674.520958] ? __do_page_cache_readahead+0x3a8/0x6b0 [ 2674.526174] alloc_pages_current+0xff/0x200 [ 2674.530537] __page_cache_alloc+0x2ba/0x450 [ 2674.534892] __do_page_cache_readahead+0x1ac/0x6b0 [ 2674.540566] ? read_pages+0x610/0x610 [ 2674.544409] ? check_preemption_disabled+0x41/0x280 [ 2674.549641] ondemand_readahead+0x54d/0xcf0 [ 2674.554330] page_cache_sync_readahead+0x27b/0x520 [ 2674.559506] generic_file_read_iter+0x185b/0x2900 [ 2674.564567] ? kasan_kmalloc+0xbf/0xe0 [ 2674.568495] ? splice_direct_to_actor+0x6df/0x8d0 [ 2674.573532] ? do_splice_direct+0x1a8/0x270 [ 2674.577898] ? filemap_range_has_page+0x360/0x360 [ 2674.582864] ? mark_held_locks+0xf0/0xf0 [ 2674.586964] ? check_preemption_disabled+0x41/0x280 [ 2674.592072] ? avc_has_perm+0x384/0x5b0 [ 2674.596178] ext4_file_read_iter+0x17b/0x3a0 [ 2674.600731] generic_file_splice_read+0x3fa/0x6d0 [ 2674.606832] ? add_to_pipe+0x360/0x360 [ 2674.611014] ? security_file_permission+0x84/0x220 [ 2674.616146] ? add_to_pipe+0x360/0x360 [ 2674.621023] do_splice_to+0x10e/0x160 [ 2674.625056] splice_direct_to_actor+0x2b9/0x8d0 [ 2674.630021] ? generic_pipe_buf_nosteal+0x10/0x10 [ 2674.634899] ? do_splice_to+0x160/0x160 [ 2674.638920] do_splice_direct+0x1a8/0x270 [ 2674.643400] ? splice_direct_to_actor+0x8d0/0x8d0 [ 2674.648463] ? security_file_permission+0x84/0x220 [ 2674.653442] do_sendfile+0x549/0xc10 [ 2674.657733] ? do_compat_pwritev64+0x1b0/0x1b0 [ 2674.662484] ? wait_for_completion+0x3c0/0x3c0 [ 2674.667199] ? vfs_write+0x15b/0x550 [ 2674.671103] __x64_sys_sendfile64+0x1cc/0x210 [ 2674.676143] ? __ia32_sys_sendfile+0x220/0x220 [ 2674.680739] ? __ia32_sys_clock_settime+0x260/0x260 [ 2674.686190] ? trace_hardirqs_on_thunk+0x1a/0x1c [ 2674.691095] ? trace_hardirqs_off_caller+0x55/0x210 [ 2674.696729] ? do_syscall_64+0x21/0x620 [ 2674.700911] do_syscall_64+0xf9/0x620 [ 2674.704738] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2674.710280] RIP: 0033:0x45c829 [ 2674.713504] Code: 0d b7 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 db b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2674.734274] RSP: 002b:00007f328c6c0c78 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 2674.742370] RAX: ffffffffffffffda RBX: 00000000004fc2c0 RCX: 000000000045c829 [ 2674.750215] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000004 [ 2674.757692] RBP: 000000000078bf00 R08: 0000000000000000 R09: 0000000000000000 00:34:36 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x0) [ 2674.765560] R10: 00000ffffffff010 R11: 0000000000000246 R12: 0000000000000006 [ 2674.773414] R13: 00000000000008dc R14: 00000000004cb816 R15: 00007f328c6c16d4 [ 2674.828767] audit: type=1800 audit(1588638876.694:268): pid=26644 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17520 res=0 [ 2674.878528] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2674.924664] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2674.947980] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2674.958950] Process accounting resumed [ 2674.986834] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2675.022777] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:38 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x72, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:38 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) sysfs$2(0x2, 0x1, &(0x7f0000000200)=""/193) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:38 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xf0ff) 00:34:38 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x2) 00:34:38 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c480000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:38 executing program 0 (fault-call:7 fault-nth:10): r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2676.450877] audit: type=1800 audit(1588638878.324:269): pid=26670 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17543 res=0 [ 2676.486310] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2676.494574] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2676.530012] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:34:38 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xff7f) 00:34:38 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff010) [ 2676.574322] audit: type=1804 audit(1588638878.384:270): pid=26672 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1374/bus" dev="sda1" ino=17548 res=1 [ 2676.593232] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2676.629819] Process accounting resumed 00:34:38 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x3) [ 2676.686643] Process accounting resumed [ 2676.702281] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:38 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xffffff) 00:34:38 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c4c0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2676.831068] audit: type=1804 audit(1588638878.704:271): pid=26699 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1375/bus" dev="sda1" ino=17541 res=1 [ 2676.876930] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2676.911553] audit: type=1800 audit(1588638878.704:272): pid=26705 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=17548 res=0 00:34:38 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff002) [ 2676.960142] Process accounting resumed [ 2677.014745] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2677.061555] Process accounting resumed [ 2677.081226] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2677.108937] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2677.121164] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2677.149110] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:41 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x72, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:41 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) ioctl$sock_SIOCGPGRP(r1, 0x8904, &(0x7f0000000140)) tkill(r0, 0x3e) openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:41 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c600000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:41 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x7ffff000) 00:34:41 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x4) 00:34:41 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff003) [ 2679.456724] kauditd_printk_skb: 1 callbacks suppressed [ 2679.456736] audit: type=1800 audit(1588638881.324:274): pid=26738 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16147 res=0 [ 2679.503342] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2679.517893] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2679.554325] Process accounting resumed [ 2679.572689] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock 00:34:41 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xffffff00) 00:34:41 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x5) [ 2679.590504] audit: type=1804 audit(1588638881.364:275): pid=26739 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1377/bus" dev="sda1" ino=16306 res=1 [ 2679.624785] Process accounting resumed [ 2679.644668] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:34:41 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff004) [ 2679.720291] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:41 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c680000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2679.801248] audit: type=1800 audit(1588638881.674:276): pid=26772 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16182 res=0 [ 2679.840814] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:34:41 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0xffff88821b301400) [ 2679.855949] Process accounting resumed [ 2679.885578] Process accounting resumed 00:34:41 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x6) [ 2679.906013] audit: type=1804 audit(1588638881.754:277): pid=26773 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1378/bus" dev="sda1" ino=16061 res=1 [ 2679.952005] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2679.975382] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2679.999717] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2680.031623] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2680.056944] audit: type=1800 audit(1588638881.924:278): pid=26792 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16113 res=0 [ 2680.119850] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2680.140508] Process accounting resumed [ 2680.194710] Process accounting resumed 00:34:44 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c6c0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:44 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x7) 00:34:44 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xab, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:44 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r2, 0x0, 0x1ffeb, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$gtp(&(0x7f0000000000)='gtp\x00') sendmsg$GTP_CMD_NEWPDP(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000001c0)={0x34, r4, 0xc694d42685586125, 0x0, 0x0, {}, [@GTPA_MS_ADDRESS={0x8, 0x5, @initdev={0xac, 0x1e, 0x0, 0x0}}, @GTPA_LINK={0x8}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @multicast1}]}, 0x34}}, 0x0) sendmsg$GTP_CMD_DELPDP(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000040)={0x58, r4, 0x1200, 0x70bd2b, 0x25dfdbfb, {}, [@GTPA_I_TEI={0x8, 0x8, 0x1}, @GTPA_VERSION={0x8, 0x2, 0x1}, @GTPA_PEER_ADDRESS={0x8, 0x4, @local}, @GTPA_O_TEI={0x8, 0x9, 0x4}, @GTPA_FLOW={0x6, 0x6, 0x4}, @GTPA_TID={0xc, 0x3, 0x1}, @GTPA_O_TEI={0x8}, @GTPA_MS_ADDRESS={0x8, 0x5, @rand_addr=0x64010101}]}, 0x58}}, 0x4004881) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) r6 = fcntl$dupfd(r5, 0x0, r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) r9 = syz_genetlink_get_family_id$tipc2(&(0x7f00000003c0)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r8, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)={0x14, r9, 0x1707, 0x0, 0x0, {0x4}}, 0x14}}, 0x0) sendmsg$TIPC_NL_BEARER_GET(r1, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000200)={&(0x7f0000000880)={0x2ac, r9, 0x800, 0x70bd2c, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}, @TIPC_NLA_PUBL={0x54, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x7f}, @TIPC_NLA_PUBL_TYPE={0x8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffff8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x7}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3ff}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x3}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x60000000}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xfffffff8}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x80}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x1f56}]}, @TIPC_NLA_PUBL={0x3c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x6}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1ff}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x722}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x73}, @TIPC_NLA_PUBL_LOWER={0x8, 0x2, 0x2}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_SOCK={0x90, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_CON={0x84, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x91c7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7ff}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x6fd}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x9}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x4}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x10000}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x6}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xffff9de2}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xfffffffc}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x7}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x400}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xe72d}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x9}]}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0xfffffffe}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x80000001}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3f}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x4}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x4}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}]}, @TIPC_NLA_NET={0x5c, 0x7, 0x0, 0x1, [@TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x38cc}, @TIPC_NLA_NET_ADDR={0x8, 0x2, 0x8000}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0xffffffffffffffc0}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x9}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x172678b3}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x6}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x7bac4d4a}]}, @TIPC_NLA_LINK={0x34, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_PROP={0x24, 0x7, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}, @TIPC_NLA_PROP_MTU={0x8}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffff7}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x5}]}, @TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}, @TIPC_NLA_NODE={0x10, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}, @TIPC_NLA_NODE_UP={0x4}]}, @TIPC_NLA_MEDIA={0x78, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0x2c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x7fff}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x4}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x1}]}, @TIPC_NLA_MEDIA_PROP={0x1c, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x19}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x6}]}, @TIPC_NLA_MEDIA_NAME={0x7, 0x1, 'ib\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}, @TIPC_NLA_MEDIA_PROP={0x4}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x2ac}, 0x1, 0x0, 0x0, 0x40000}, 0x240400c1) ioctl$sock_SIOCBRDELBR(0xffffffffffffffff, 0x89a1, &(0x7f0000000280)='bond_slave_1\x00') sendfile(r0, r7, 0x0, 0x400) 00:34:44 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff005) 00:34:44 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) connect$inet(r2, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) splice(r1, 0x0, r2, 0x0, 0x80000200001ff, 0x6) ioctl$VIDIOC_S_PARM(r1, 0xc0cc5616, &(0x7f0000000200)={0x3, @raw_data="182d8741ff5267a2a285b6a1fb83a977668d8399158884780f919fce76b67f818b1f20e1a48d93f8972b4e6dcfdcc4384dc4572a24394052491dd00f15eea05409e772c0848cc7a102422d7ce73a2c4495d30efbf643f09e9958c482374f018d9a56ebbbd3af38127b3f67f89ef2667d0fc4ca8bba302dea1fe8b800a77571bc8c7bd7ab5a5cecb6d8905ec814af5fadd55250794325053d15dca28b62b78f59c4c68eff87f844563dfb15b2eea629812caac4da2748fafb0aa0cfbd3b91189c0d169e6e82ee45f8"}) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2682.476489] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2682.493510] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2682.510739] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2682.584244] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2682.600326] audit: type=1800 audit(1588638884.474:279): pid=26815 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16469 res=0 [ 2682.638330] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2682.656178] audit: type=1804 audit(1588638884.474:280): pid=26817 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1379/bus" dev="sda1" ino=16467 res=1 00:34:44 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c740000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2682.693186] Process accounting resumed 00:34:44 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0xb) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) 00:34:44 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x8) [ 2682.764871] Process accounting resumed 00:34:44 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff006) 00:34:44 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) pipe2(&(0x7f0000000100), 0x85800) sendmsg$nl_generic(r2, &(0x7f00000000c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000080)={&(0x7f0000000040)={0x18, 0x2e, 0x100, 0x70bd27, 0x25dfdbfd, {0x1a}, [@typed={0x4, 0x56}]}, 0x18}, 0x1, 0x0, 0x0, 0x8011}, 0x8000) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2682.876984] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2682.903044] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2682.928351] audit: type=1800 audit(1588638884.794:281): pid=26845 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16399 res=0 [ 2682.938276] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2682.960956] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2683.016638] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2683.023600] audit: type=1804 audit(1588638884.854:282): pid=26846 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1380/bus" dev="sda1" ino=16418 res=1 [ 2683.080815] Process accounting resumed 00:34:45 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff007) 00:34:45 executing program 2: pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r0, &(0x7f0000000140)=ANY=[], 0x4240a2a0) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000000000)={0x6, 0x7, 0x6}) r1 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r1, r4, 0x0, 0x400) 00:34:45 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c7a0000000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2683.167299] Process accounting resumed [ 2683.218305] audit: type=1804 audit(1588638885.084:283): pid=26863 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1381/bus" dev="sda1" ino=16425 res=1 [ 2683.288413] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2683.303869] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2683.316752] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2683.338899] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue 00:34:47 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xab, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:47 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x9) 00:34:47 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff008) 00:34:47 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0), 0x0) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:47 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c000300000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) 00:34:47 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setreuid(0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r3, 0x0, 0x0) syz_mount_image$jfs(&(0x7f00000001c0)='jfs\x00', &(0x7f0000000200)='./bus\x00', 0x6, 0x5, &(0x7f0000002440)=[{&(0x7f0000000240)="01672d4b14911985c0147601da0a04d2da9f4cecc46a540de639fe302fef9932e174e04983e4b7f086d0a62d8aa3f90529eb4c63f1dda7b2dc3f91a2248d28f5c179bea4cf81151b616caf89a7d802a16fbb2deabcc3bd762140233265", 0x5d, 0xffffffffffff4e72}, {&(0x7f00000002c0)="470c79323ffd533d73f6a28777e8a31f7f7361aa5ff0df8df5e212bf1f07f05e9b78ccae51d1a8e2ef22f82a2790b73e4cf0d038f8c16ef0ac66435aae5bbe81f4989a2b4eacd50af5177bcf1458f526eb593274d227b8f2e086659892531a2809f24a99790669b99f0a50d06202d585ebc4d1652dda806f0414028a236bc8859cba7c7185a1907732efa65904b6a02a73d8e28f74bdb3065acb19751bac1327d3ecebc434dc9753bd49b36aa1e41728c3309f8b322ad3fd8ce0c9b6b2e4be3bad3bcbf3dab2a3566bc74b45f3773e9f1cc55edcc69e8f52158687cf30e3ced3ad0c277bcda3433e0b03a8252af5b95fdc3a6529b9e9b6ca6847890043c0883d2fc138deea0c08ec35837eb9692917c39ce86c4935e4887abca771688399714c7a1faac063ac0c2fb93b76e8c38b339a89301e9e35bb7791e8490dda3a0f0e79c5154326d0b1da8ac3f9a860b0297173f8e1552e0bfaf8ef5475dd0a41685df2520835209e48ef3231a2c059e1e2a0ce36ae3a837044bf231e0e23519f71c56c8e79b6aa5309fae12a35eb2da6ba856c14e6c3c6125b377dc7590c1b7412a74687639128bc205e69c892231061328b7e16112b987e47b69287d35ca0da308f1300bfd613d390aefb4fd530c9cc93474174e9787b41aba3f4e266d860edb6d9b1b4edd3a2f82f495d8478e7a3f0d05b2d14c71a17dd2aa4ab6c57173a3eafb6ced5dd146f2d8cc45617540cf35451a6c13c5ff127781dee7dcc7e0763705ab0e86ac97210423b0e74c61f984e0f3575b1de1d4437e8586d85ed5d0af7fddfec9f4913d7f7a0d72b33bfd305d097b1304f9df77b44a91d3056df8b056b7b3777b9807213942b5e386be6f6fd54f2e487dc66b4b294107dd5e4154461e060d1413c46035d8b541827ae4517394ae256af125c5fb2ae6cc2faa7486d909988643c7a04af111272e7662d95432820746938939fb9d8644f75133eef2e2bb6637b5b947061aaa49fe800569cd8a3bea2afb67bd8d22404ed5300b310515f54359519e3fcf15bfd1cd223d5e389bfdc168ee04d89967d475fab35a4289ded024f04f72f19008b4ef4747e61f41fc2b81f55d77aff7568469a01895037e10bbfd7138c53fd0753ccda1b73594417c3fadaaef9ccaec8a639aed28d23fb4eefc931dd0923bd069912da2b977989968234edb73ec9d9ae3c90e057a1937b48d4499120ee6010d5d66651b10965da5e446f9592fb13a2ecbb4978b4d9f513575f80ed643102fc107416401dad8f208c2c256b936bca6c65a19247ccaa0ff753f2735af1d075279f85825f474cbda0f1cd41c3fad8345b5add1d0c6ad7bba3724e6a88d15c8a9bd5da76ad3ea845e0af870d99044a9243abe41ae95e0c1f64c0294230681b45f58e7d780de8352ae8fc7f050fbb012ecac0b76e585450eb2ef0a434eebed468b11bbe3a68bd14fe374cad4e35db820e4045980a96ab06063550c09ce9ae68d839d6883cd748fdd92567abd8521e55013d758295777d1055bf1c78b1b0b45fadba816a9e68f82f119be3f1e0998d0b1eead81d763d7fd604d0a0d1c1e4a48614a6ee1e6a1ca5adb9e8873b299a37e22ac001fc4e833f2fd6e4e1c1b4c9457a65dd14fcfe8587299f15aca56eb663160f2040485d6eaea39aec2a842a045832b5de445c416972ff69e2fd248a248a406d6da2e42ea0909e2c48a55c49793bb458a66fee097c45d6bdb1a0c6414f10aec33f4e69ebf48223bd894290e8dfda419095a0363832100d51379d0a0c98df7a78a4a73ce93a078f7d987996086a4c3506dddcd22a56bf82e52e5710189d27527422897f0eaf7bfb042d630211ca906ff36feae938f29701a3ded80f624b9f2a40aa5edb758fd7fb0e2b85bce06d6c0251f398729f689b52f4df7ff98e3f9101e84437c9ca499e9c58ae89e541e491bd251e752712eabbe1ca239259f016bb1e85890f35b86ca6f5e49af346123c278bdf3214ced66af69973eda7db9b62c212292e834eabd012aa25ee0576d74cbf86d315b953228806282c316f5f72e243210c631ad53d980b067ab1b746b5aa13eb5142430935e0aaf6788a8d14f2dc744f564562b867bd553ae9141021b4a58012abd4b464aa09a1124449b667fb7b4ba4aef536337e04dc1f05a5291164fe6854a2172a299c3187c52f6e65ba590342809160bbf9df942d7a25587cc299eafab1ed49fd002c4d57c1dcb4b5709b151422b39e5304d297feb66663081a40cb67e41fce27d7e85dc402e40aaa8bcc9b6f9acd12ab07caf4b88681e483b3e74d14fab303037131885e9cd4a45cd81a1c66a0fd6ab77fbdbdf1c1161be32f429f7f94585c114b0c00697f1b4c45cb99319129c854b4aa46547a4c599065598c4fc170ccaa9822b7a3ff244608e0e5106558de70ab332f90a15f0af8cd023144166857c8fa8185f2e246c5ee02ede0e1ed8c3eab533f928c750f80da594c41dd3856da2c6b41603eeee7f55095ba7fd717bb8f33eb1c11d359ac3cff6fcee16c54ae0082f352789df104460202cab336ef3ed6c245fb59ca2dcfb40ed4cbaf3395b79a27004fc476246beb2cc51ebd11a999bef13bb3e8f5af71154a1e449d4f7557a5b753d58c37e3a450ee046e15b31f45df88c60b1112f0ec419a5da0b3f518d17577a9e4d55d8a769eb5d9f49c510e9f881c3d821120ad8463c937a76da2ab8c5910e754ef7255bf95a0ee2b467ae1c9c03eb73787dae3fc77aaa00926380533e31c61c65412e1a66e2bd989f4991e51aab40374636c554058d2cfed21caa1227dfce6d3451a4b822a2e8b26f247ff35eee0d72f39f198d82a5fe148001c08786c70bf2116fc830f836e8235e8a4a04a8008b0b9ec3050990ce3550c92cb969e8fa4ec3e3f9ad981d96d6ece40c3af76ba639dc88f11a9f87ef8b9497f5e4ada9018054e313a7423473f9be9bd8ba8e40edf89b9b782cb5f55003de6d36391bc4492a5a05ef196c1b55f008640189a1a059bee8753911403a9f61715d3131c74e7f6b3f0a8429ab51caf0017fab6379962d633a3c36a8b059cf6329b8e874cc08dd2193daf5f786e60177fa74283b7cd3ff764ec2786710c25f9a8096b11e2c5e98f668f1fe59fe6e181552bd5c2a79f01f5c7689149cb672752af8d7142ad1804adb774a6ebcaf214fd2ea7083e304220e8b36591020c0d984611ba6891c7948e4af2223b3a5a18f376a5ade131ae3141c02469676a76d06814d4dbc1376611162aa1d270903074df14c43b1cf824750f3ad81bcee0f9e47aa66fa012562c063eb4e523bb72576ee681e5992a6dea8886e35898dba74af5fda18cddc7f5e282117921eaf7a569c0afebbbbcbeeb1f20f030aeb673b79ed3c0242de1f294c69b9df9ee672445955b05acc0cb4cc252f2362cf20cbbd5114fc3f17baf4b8f6ed2c06225f719e8d576326115f0ac38210ab2c98502325ed08eb97f5c1cf7b8da5d8593ccf0240a2bc1fa2967bebc8b56c14eb09a77a110d1e1803e220820ee931d17aada9cc61cc06a1d00474cde80e136344130c99553702ebc4ca49c4ab4ca8a53083da3d8e6c1a1ad877157354a5b87d245817afd1f37d2c2937fcbe6e665914da386797c4811e5fc429ec974e08910c61a9f043fc6d08947af02e505be1ba171f50e1d361a63231205cd62e8128c1ae716e41f15544a81cec8c9e5b633e657f846046e945eb7cd637fd674816740628ac1330e1a483f75a405f74d885589afc5dc6fed504c3877402ff36da5a10b81ff3bc27d78cd3d1453bff64029969de20b3c7b244630f9598e5fda383af3747cb14a1bdc7ae5482b766f48e8543df5659d5769e3f3c92086edba069c3492d3e0f9741a2081390dd5b8113f3ad1d9003eb801a143b93cc6ee9180561dbf5887f5f34a4e9d0751215c604f9bd5d42b416f084e7fdf290ec2d0453bf3e71f02810982b7f5642a49f2e79a5690dd69170f441738d5a15f9d05185417bf558d8e866686150c18c247b03937abcf0f0b21f88ebd7d8f45f00ab8e58676560b2336003b8a255a9f204227fc6923c036f3afa61a65da391f5a706c3df87376ab17646427171db06cd90b2e20e1375b98ace778568d2c94a49e4bbc1e8968401346acca98ea9df83ece4a30b31db0cf06c4d2a84a35e45f7df0d03c2495385921ad141e23c663d556cb9025f6fb1b3ca12e1c7585f6d3341382e3a6f717312c06d4745de5954b0ddc9b919de0aa1a9cf831fb2d71d9e7db3e651794138278dd8cfc23cc366baa0e5c19cb8b8adf0c30a2ad2d2a485719426786ddc753bd763f480df536f3388e50b23ef99c7c50a157eba0f95f079c4fa8196f550bec1101144d69bfd95ef4b2b076b1317e86577620df4320ab9d1160b2d23482b2cd3a7ff8ae90ed582dd0ee472599603874312a12a1bfeec15343c7c83285e2e3d584db7bf6804f377960e754373f91422fd1783f5c927df5b2cb9e962cb5eaf12a627f00cf7835f83e712c31d36a6ed404cd8c4e46d1614e3b8df8ba2e58326d43b8eb12b71950ed8f601a0474d23a510aec5f1e0f54936b1769cad26ab4825e8976d18fbe096e7f004629e14f5bc1594afd0e7fb55b5d2323c105395e29d409de0f9e87419a3c7c2dac9b65540ca32be7d378b806239a06d873e6cf558c12251ae9b9456b9521aadc9373f5bc4dce083ec3065f9385035ad34ba272447c5e7f8936563e8c7e73da597cb66f2a527d2ac3fe503ce62769fe916095f56ab2771f0f07ad94df38cb169fe85ffeb92455de131cd554ccd9d25c617b4fcd70335b317daf251131a341f7430b382cf37c77c97e2c14b9e40e8f934eb23588b3d445aa964690cecdeb18e47cc7d7b65974652329d6318f0cf171c3b5bc007121dd22535a7a2497727cd29dd961e897da70802fd76679210667c06a526a9a3a5ee43e784a7d620a3674b8bb82341a37ac75e3a240c1d26a3ba682c50c2ddbcd7f9b17e0e3b33d22c66225f60dc0b94307a85a87268edfa44b134287b2120b19552448c7c0202c99661a41becc3c483c9ae6b2092035265b73870ba6a0afc78678a0f3c61f70ef0d3308e2e8f01e597e0dd6193f2aa4d24e7088ace4b34058f5d541e790ac3cdbdc380af39f693c6ef20e353e01fe1b374f410d62146db82ac78596eca99c895c1e62c10fc595efcc010c6ad0d7811f0610b12b03489493b4529c488764da7f406222a4e7ee880062ac3ae453cc010d667012ee96b6f5dc7aaaeadc26325da8cee020f9499e94a404250a82159684858cc556603d26e1a12a1b1cbd5455b3b3e26fa1559e39ca39bed279f0266d49c2bcbf9cb3696b8621cb46ec96670d05bfc1a1e3719ec136385eae37ed701bad6f0283f428b06184057be89b3a169d4012a197bd9b00d2e8cc1680eb907652b41f3e3cedfa855928970eb2f11d443b80f2c4e464e2060cedc99017e23afa3ec32eefa569912b06aaf558b7a8e2dff74ec82c13e9ad05d9914fa5ac01796dce6425f4e2ffd310cc13500bc37f205a58ebb860a2e562b73ea7e1aee714539e2a6ca3e9f0a3651ce3113762107e6aea5a0ed85e938e25055dc54a03dea519734a632bbc27898ba3784e1ef5cd5eb20462d3afa145a8dd04369e55db33ce40bb394f33fd9bbaf256ab1ae372755966b49346a996be69975881321acd1d979486d281c86dc77d31e9ecec00c271a6bf9abdb4d99189aab597e6335ed724bb51ba90e3374fcd935534537e37a9808c5a41ca96d2077500c6c58ac26c9c56581b69ee04b933a8fe7d06533c8206", 0x1000, 0xffff}, {&(0x7f00000012c0)="b0a6b5088d42ceba28d4c084fc525cff8ae7a71339c89710b3fa1addf20150b6078f8738c664386060026906862e6c77272b34b7eb9d68fbd14a402eef90be5bfc4191dd085c8ca6a9312a7b8d1113d42af00857ee6f6827880819be9a5cb01cf8864e0d016ab670e797a915fee027ce1b3a0ab9", 0x74, 0x7}, {&(0x7f0000001340)="20873f08f5317d2b0db4bc1004039cb4027e0bfee2530bf172eec91d60c9bbea58c3ac51605dcab8eb9ae7e57ee02a3e35b34dba48e96de0ec14e66c69651ff96152c22b8f6c651f72ed4facfd56fa8b9bca1b49a377416c8dc2ad08c201e2841738b2176fc7ddf4c9f8835db303a1f1c65023985dd63eeda62bec87b813ac711da2e729d4fd9db7d18dfa5480658b9751838dd6c7281a123b295889bb518fe1c644bef4407028a8de4b9777cefe2316c84df48444deb8f00b3d414cd49a77a0a91827c52a1328fe1c84021d538b479df44d2dcdac55829ab974170f7dc3ee6daa6d51f678b631fcf6217f864a618246ddec8a0119ae238cf8035a225e52c68ff8dd2bf4107b20149b0843c942518d5b0e457b2208c842493f5dc08090255ef4a0bbdfaee4450a4999539db032b468e556fbac9cf5c57aadc923fcf863e9ca854c0e11e0496eefcaa53718c41283d96a5d8c0ee9b51b0fdd6d90e21c0ab05a5c5e4b6c61f2807c770ae29ee0d703bc1cd44b354dd1611d880fac6af8b71ab7353770e7e102f52ebf1fc1f80a1f4c997ef3e60faea705e789a3d14f6cfb3f00484c2b1416807cbf00459a017d440c0b20c5fd938c8796a57c2616f51803283feeac9a546a850ba442b378d997a4f00465a4624bcfc4a81a7c3a9f8b77827d93086d0b78a27e530a8a28fb43d1375284726afcca51815f5e4536beb88f39447b6038de3d4109a8365c525c3cba8261bbcc16274aa21b3cb0d8ff38703e9a8c92bb4a9f04d71e4a591f519bea662ac14fd982b2ceb4d9d44e623808bcc4383acd2780b3abc9957b1487af33da6ddffb93df832c35e0fc8478a868c277f0e59e2ef9f19c95031a33461c922aa1e71fa7655ddb694a4fb4fd72ee66d3fffeaa92ed14df809d95ab9b190923f692e8d8e258ede8842a2fcb6fd51ad4052d626f3f46fbd0b5119e1b0c255976f27d4dc3f5cb9c136775b88ec1e84cc3f2a2c37e2691235878140353648a6e74aa73a91ba519063ecf33b240c3f84b6da00092aa516221078b8c1fcd615feb0935f30bdd0d15e58cfae13fca996546b48084fe23c7334ab729f00ac2a9083c90ce36878d5d5a43ad2d63821fc199429994a81054f90164e43ded75b6443acc5d0156c3cae2298609786db02ca1e5139469aa6829182ff946d4a8476a0ad14483b78f0625bb80ab130bb5c578b9070c8a095639bfa58b8cbdaf20455c1d9813b1ab8cb94273fa3c3e6dbe9dcb5d7c857a52aa310c7d9c0518bb182e94be470b41038431b2137844108c1d925b2548e32c20eef5d1a367a4fbfa65749ebb3a7b52ecca40e648a9a388df9fc6b92aea92ea590e87fd1d5229e780c867380a39f32f61d37ac73b43656f8ec5e56471ed991bdea22bc3d2da517625b135a76e83170c66aa20df44d05507163a3325b4eb03bc59a1ef4bdd566111a01162bc8a99aae0b5fdc90b2fe7f9474ab578a068262e5385e63ab0cd4b07de0197e88ec3044dba732b4d01585fa6c7300db11dd1c0746be879d8415eeb9792811aeb04372b0d0ed83ae2baae8b99f6102629a6c94f07033c47c94ba01bb989514cbe6eae155a68c6c3d89a7a72a1b307513c810cf5974c21ea2746d52e44dc4244dde7257cce2164b8d4f35b561eb7e770f103e2207f14fdc8bd6c803af9f7bc56b30d70acf716068dcef16583ebd030da62f81664a23ec9ddafdf14429a401de2baf900477cbc8c412e2f637b2e9331cf7c64abf89fc72e607d0db44f23e60c2471817e7a1090adc77b0d1bbfc3d6a1557ca57d89581d3ac91a5f2540a10b19b5553f4a0e62f539a764e416796ac98658a023a5d65d9d83797cf09d5240715c4e09dc2bd79bd8c62e01dfcad389d611b3d7ac860e72edba05d69e647a66325350db127dbccaaa5ff456e55643779273c1e584697de08d93d75eaaeef842c2e61be8d3ae05e0d539c3d426a6e4c8e6ecd46c7f08f0afee11d717d29cdf56dfa07d0880bbd85299a2e5b40a705c38bd4af3717ecd381137cbcce2ec22559cf3602edafcd426a436a304ed78ec2b4e04ac81ce6c157c37006d3f4c737df1409af175377f902a154eca832022d9518008ffbbad177685c1cf66be4dabcc6893eaab5f633babb73aa34c60139085f860af039f8096c961a7307fa3991f74bfbabd3c15f337dff8db45e77aaf6308c8c880aae06e8029ddf8bb04c1a482374060ea91ed91aa5d9806be70fd40b73302c1cf3742b27acac4f27a7bf2f2d4ba1b49af87465b462f9e1ad898dae51b6eb9827d6c877590fd8078234b4e3f333cb85418a3d57d6f1e145e958b5ce38d92e7408d785ebc50fadd5866bc7373a271aec2ca7dd5622f8455aa221a5ed9703143a687ed529ad94130443a127a2712f507eebad835f7a8aada47e972ae869078bc4bad198ad4a34cdc29e07d6c508e94a5b49f516bf07d8270e5fec345dac6e61ea548ec2df6437428763738f2c9f6511e2ec24cdca3d39445a626883bb1a901eb207a5a9d62455c2acc386c09cc93cb7ff01c06b6adf043c178aebd4d95fea26090ea989e0d0a9b8136a5229759c4a5a309e66264d96fc7a69985fd32f007fd65d491b90e513da3fd5f351fee0bf40756e9cef3a8c331f5da55a041f7ff0d947ef1ea0504ebd8d087bc54a2b2390a5b10c49c32c1c7c09e5f76b1cab03356aca681da7144f922467bb1e20f074c80e0d2589cdb813be72795b61f95be533d75fb84d37e5581e83ef6436528f1fd3deb9875fad7c86517960bdaa32f69607e556c9a617bbdba61268a68dac1d1587489ba7f32c9015d83a92cb263a35292f6725c8ca173bdebf96d315ff7d6db1877a53cfd46c5f5aeb21cc7c1191decfc39528adb78b6be5b700ba57d72f26a28d4ff9ede80a83499376c00616f3d5a82b9bf19839d9ed423c26d7bc2e5ee09c112f0e3fa8260d01d9d34b1cf012843ba321525ab08a1107b50f4897600434adebc70914f7ff11c49fcf5dea1ac95327f90ed6706ec6d743f8d939c0bd443da1674cd4e3c2d00f83ccbd0accca4cf521542d324906e7ca141f19d971b7b736f336a960d9013c703ef56ba4c3a22e050bf8083a1a290de8efc06ac1a0f321287920d59bfaa0c1ad99cb08759cedb400d0c6cf76e16e1814d5862980e2f26f16e9c9c36aa843e37f82dd8768520f437a45eea5cca47f8918552586002936fd717f404a435270a76d6ed6f4f18537956af4c4aba4cc4ea9860ceefe26002d49444fef1414044b3adad66054a528fef2078fba0914a4cf70a7dd8e51496e1dfdb8de9165f74b9d5088f52a5335279862bc8d0a730952be6af571392c6aae808f3f2390c5044e8f8e444e30f959baffe3cf5f4e0a7900ba91d5362a527c1160db562c64a0fde830ca31b64824e0c4ac822d8d9b9d45e39d4cc0d02d74c0751ef3b2816bae5dd0af3d356100997371d18ae647730d06a9f4a21194093541a815a11eb45c6d66c709638a1bff1e002ba51291295268b4aaaaf1105b16d3843ae718e7a18687cbb0a49a3480df7c20ec0fad725c54942b885f582301b7354286730fc84243ebdb566237acd6d7aee1722282d2b546a002908a560f7be2c65927e7b6a53ed37e230469bb3fd7764fbbd04313df4c2545edba2bf71680f8d90b32d50c079ed855b107d15f968008212c7f984316e835c73eb152d93f388bfd692494f61434076e42edbf1db5d09305988c405f4f02b8c962cbc9eb640b5efb5120ea16964c9f37f8611b4deb68bcea588305367381c8664937b22e1c7ddd2fd10f238d2e3ebc99ccfe09aa5e9ab37881c097a33f65a2ce090e5ab034ea605930e3860638c21e7c220ea90676a163671f5c6178c907c322ddc58de0a772f538eecd6fd2c40866375c778aaa84dd0821905e77dc4a4bcec8c0d2a86eae539ab8fde8933690a905c56d3cb4df87187d6c08e4a4780bb04a7e05f4545b176d31a94fe4935afbf38ad29aa36227efca84685346ebe8977c0e4a5f912c8e80b600f732ae3f6a0da90f8ffe219d9b89e408512b1a764f41f64494fa3080f9b4cc16185a536d19c267328919af58c038162d7d82a0ba0ffae8efbc2a8197451aa4dec915b5c5849f3e16dccdbe06a4c1d46004245022f1a65055b3ecb7d1c32b79c9f6486680ce1514e7cfa1d6983b1336d112477971d01a28a1c5ec8b590f1b97b71e27125fc6c6d03ab71c888caf0e75e3ba1420c7455576cc878ceca07e4c9103df788027c7a53db8c10b1e8fcf96ffa7d5fd8b4f8d605f95bc1af9c44b7ab251d896bf423a5da5ea2c99700fddcfbeed1e3acf73797e13b60c6f61eec663904dbf042e85b32c581da1351f67ee77167b41c4e4f734745e6c4f8d35a48282f69e08a34a5fd39a1e03d9fb042b510f603231e3324ba1b6523d3b185d89c0ad31194ad7ae1a4e8195d22feb6c682dc09c6af78a8cd63fcf09073519a3f5683c2adc76a56a676f4ece5712b0843cc72c90f49aa958d9a4c0c483f486f9b51d25caad6b36f95c3a808ea616bbbe17785333aae665e0b9a7b64adc167104afc7739f344a36ec6f96142196f4a3ab991edfbe9d4f9a67619ec98f99ad82d673f0aa5d6144eafe476d91f4aec4f8a82a9be6f97b6c628dc6ab497d93f1f8cd3c9c3d741f78e511187dcc1ce962aa249422e62e2ae3a92e5281a00073f33ae42044c820081df1b0c5ac4b8c8fd81b18685577d7076d0b75975ecaff8afb66c2f00f516c4f6a0f34c7bb3cea85c8c717d0395f9b183e572b269a1f58d6c4aca362c9b4aa19201a8678ec5abc17aa77cd2d10d92a9d223f8c1615fedc03e8144fc78f9b0235badc2dd7d23359eb91e88bcbe522b0833fbd8152feeb4d08b6a3dd02cd8d3d982748e8b2d75dd044822624953ef13e1bd875bd48ae20d513a0474cb7dc34695bf549c2fa7c0ee8d3e5c5d9c4d7dd911cb6eae0ec6a7ef3ddb1763af0b3b3be87a3056fec00dce05c675b897b45c50a5185950deffdbdf7a89b8cda6b5605b0ffc3d2f35bdbb0313d45c891085fd31e8666e256f132a66de2c5ee0323bfba9d4c41f5f8f51951eac7907bc7833ebaabea1c4ec9062b2318141cb4bb96a4e68ba67fed334d4c9c73b08609f692970f09423ce55eb2380ac2a690b29b635afba163beed9965744009856044bc713288a1b843ff8e0ff6f000c8870c569390b126d9a140c53f427e0c7d48f78c2e3e9616440aafd3524c209fa978d79d0e5edbc0c9367a1d64fd0cef2703bacf3e122dbf6f7b69849a69399b1b6cdfafe542701a88f3769ffbda3402f50f0caf7a7868af50e6722002b985161dfd89cb3200f2aa17b22152503b28c6068e45b3021d44b84920fbef14bcc560d4d3510096a1006265988ef148707c540e64599442be89a09755a48c9b12269c57ae5a78587bff0758bd5351ed05543d6286718712037e57ecd6b96797cea8eb884a66ffb82d8c2bf0d51a9626a82fd1dd1cb4ef478d9e61e8190db3ee96ba3065a9534692c00b2e72275e0dcc7e54e42540b556ce498916951ced302b0584c3fcb04464f1496290cfaa04b53a4b838fd8d3af74ac1b67b883e526d8140a31f8f7e40be79b8faae570433f778e8f36a6587080a7c66de9f40f105190b77455e3b3d3a72d98f2bc46ef89f1e270e52551459329fcc0ce6d1d3cb87f9cb5eaa647eb194ec43f157a9e5a3d0459f2361370b8067955a064c185e9d54384414b78318caa6b58708f5adcdf8219beb6629d19e30b07f64f97df1c4aeb45c79f6945900455b101608717d5a5e128af08a9fafa721d882f4", 0x1000, 0x9}, {&(0x7f0000002340)="fbc5c0921eed8c1623ad5b205fae236a56874aef552d3d3e2357d37dda185e30a83d4afd86d59e720355d3e9e35bb0c698faec7e7763e3a5ba665ee9185648e4f3062ec37ba1353d90678e6c5688b15d2597ce05c546877d793bbf55cbd0e731ae05d53a79c9d9f361992971e3871287424a07de28f01ea9e7e9a88ed2265a1f1af9951dd471b1bf402c21f5db2ecb9b714f77ddb43f88028601194649adf17f1d960e5fdd841f9cd8d71e546ce7d7dbeef23f72380d2956d02c52bcea8fa00569622d5bce98f9387a48c358abc63e2a8715e2aaf454779a96aae4eba584916a417fffdb", 0xe4, 0x80000001}], 0x4001, &(0x7f0000002640)=ANY=[@ANYBLOB="71756f74612c756d61736b3d307830303030303030e980166f663038303030303030302c646973636172642c726573697a652c6e6f696e746567726974792c6769643d", @ANYRESHEX=0x0, @ANYBLOB=',errors=remount-ro,context=root,uid>', @ANYRESDEC=0x0, @ANYBLOB=',measure,pcr=00000000000000000031,smackfsdef=/dev/dri/card#\x00,obj_user=\'^*bdev,\x00']) r4 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r5) r6 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r6, r5, 0x0) syz_mount_image$jfs(&(0x7f00000001c0)='jfs\x00', &(0x7f0000000200)='./bus\x00', 0x6, 0x5, &(0x7f0000002440)=[{&(0x7f0000000240)="01672d4b14911985c0147601da0a04d2da9f4cecc46a540de639fe302fef9932e174e04983e4b7f086d0a62d8aa3f90529eb4c63f1dda7b2dc3f91a2248d28f5c179bea4cf81151b616caf89a7d802a16fbb2deabcc3bd762140233265", 0x5d, 0xffffffffffff4e72}, {&(0x7f00000002c0)="470c79323ffd533d73f6a28777e8a31f7f7361aa5ff0df8df5e212bf1f07f05e9b78ccae51d1a8e2ef22f82a2790b73e4cf0d038f8c16ef0ac66435aae5bbe81f4989a2b4eacd50af5177bcf1458f526eb593274d227b8f2e086659892531a2809f24a99790669b99f0a50d06202d585ebc4d1652dda806f0414028a236bc8859cba7c7185a1907732efa65904b6a02a73d8e28f74bdb3065acb19751bac1327d3ecebc434dc9753bd49b36aa1e41728c3309f8b322ad3fd8ce0c9b6b2e4be3bad3bcbf3dab2a3566bc74b45f3773e9f1cc55edcc69e8f52158687cf30e3ced3ad0c277bcda3433e0b03a8252af5b95fdc3a6529b9e9b6ca6847890043c0883d2fc138deea0c08ec35837eb9692917c39ce86c4935e4887abca771688399714c7a1faac063ac0c2fb93b76e8c38b339a89301e9e35bb7791e8490dda3a0f0e79c5154326d0b1da8ac3f9a860b0297173f8e1552e0bfaf8ef5475dd0a41685df2520835209e48ef3231a2c059e1e2a0ce36ae3a837044bf231e0e23519f71c56c8e79b6aa5309fae12a35eb2da6ba856c14e6c3c6125b377dc7590c1b7412a74687639128bc205e69c892231061328b7e16112b987e47b69287d35ca0da308f1300bfd613d390aefb4fd530c9cc93474174e9787b41aba3f4e266d860edb6d9b1b4edd3a2f82f495d8478e7a3f0d05b2d14c71a17dd2aa4ab6c57173a3eafb6ced5dd146f2d8cc45617540cf35451a6c13c5ff127781dee7dcc7e0763705ab0e86ac97210423b0e74c61f984e0f3575b1de1d4437e8586d85ed5d0af7fddfec9f4913d7f7a0d72b33bfd305d097b1304f9df77b44a91d3056df8b056b7b3777b9807213942b5e386be6f6fd54f2e487dc66b4b294107dd5e4154461e060d1413c46035d8b541827ae4517394ae256af125c5fb2ae6cc2faa7486d909988643c7a04af111272e7662d95432820746938939fb9d8644f75133eef2e2bb6637b5b947061aaa49fe800569cd8a3bea2afb67bd8d22404ed5300b310515f54359519e3fcf15bfd1cd223d5e389bfdc168ee04d89967d475fab35a4289ded024f04f72f19008b4ef4747e61f41fc2b81f55d77aff7568469a01895037e10bbfd7138c53fd0753ccda1b73594417c3fadaaef9ccaec8a639aed28d23fb4eefc931dd0923bd069912da2b977989968234edb73ec9d9ae3c90e057a1937b48d4499120ee6010d5d66651b10965da5e446f9592fb13a2ecbb4978b4d9f513575f80ed643102fc107416401dad8f208c2c256b936bca6c65a19247ccaa0ff753f2735af1d075279f85825f474cbda0f1cd41c3fad8345b5add1d0c6ad7bba3724e6a88d15c8a9bd5da76ad3ea845e0af870d99044a9243abe41ae95e0c1f64c0294230681b45f58e7d780de8352ae8fc7f050fbb012ecac0b76e585450eb2ef0a434eebed468b11bbe3a68bd14fe374cad4e35db820e4045980a96ab06063550c09ce9ae68d839d6883cd748fdd92567abd8521e55013d758295777d1055bf1c78b1b0b45fadba816a9e68f82f119be3f1e0998d0b1eead81d763d7fd604d0a0d1c1e4a48614a6ee1e6a1ca5adb9e8873b299a37e22ac001fc4e833f2fd6e4e1c1b4c9457a65dd14fcfe8587299f15aca56eb663160f2040485d6eaea39aec2a842a045832b5de445c416972ff69e2fd248a248a406d6da2e42ea0909e2c48a55c49793bb458a66fee097c45d6bdb1a0c6414f10aec33f4e69ebf48223bd894290e8dfda419095a0363832100d51379d0a0c98df7a78a4a73ce93a078f7d987996086a4c3506dddcd22a56bf82e52e5710189d27527422897f0eaf7bfb042d630211ca906ff36feae938f29701a3ded80f624b9f2a40aa5edb758fd7fb0e2b85bce06d6c0251f398729f689b52f4df7ff98e3f9101e84437c9ca499e9c58ae89e541e491bd251e752712eabbe1ca239259f016bb1e85890f35b86ca6f5e49af346123c278bdf3214ced66af69973eda7db9b62c212292e834eabd012aa25ee0576d74cbf86d315b953228806282c316f5f72e243210c631ad53d980b067ab1b746b5aa13eb5142430935e0aaf6788a8d14f2dc744f564562b867bd553ae9141021b4a58012abd4b464aa09a1124449b667fb7b4ba4aef536337e04dc1f05a5291164fe6854a2172a299c3187c52f6e65ba590342809160bbf9df942d7a25587cc299eafab1ed49fd002c4d57c1dcb4b5709b151422b39e5304d297feb66663081a40cb67e41fce27d7e85dc402e40aaa8bcc9b6f9acd12ab07caf4b88681e483b3e74d14fab303037131885e9cd4a45cd81a1c66a0fd6ab77fbdbdf1c1161be32f429f7f94585c114b0c00697f1b4c45cb99319129c854b4aa46547a4c599065598c4fc170ccaa9822b7a3ff244608e0e5106558de70ab332f90a15f0af8cd023144166857c8fa8185f2e246c5ee02ede0e1ed8c3eab533f928c750f80da594c41dd3856da2c6b41603eeee7f55095ba7fd717bb8f33eb1c11d359ac3cff6fcee16c54ae0082f352789df104460202cab336ef3ed6c245fb59ca2dcfb40ed4cbaf3395b79a27004fc476246beb2cc51ebd11a999bef13bb3e8f5af71154a1e449d4f7557a5b753d58c37e3a450ee046e15b31f45df88c60b1112f0ec419a5da0b3f518d17577a9e4d55d8a769eb5d9f49c510e9f881c3d821120ad8463c937a76da2ab8c5910e754ef7255bf95a0ee2b467ae1c9c03eb73787dae3fc77aaa00926380533e31c61c65412e1a66e2bd989f4991e51aab40374636c554058d2cfed21caa1227dfce6d3451a4b822a2e8b26f247ff35eee0d72f39f198d82a5fe148001c08786c70bf2116fc830f836e8235e8a4a04a8008b0b9ec3050990ce3550c92cb969e8fa4ec3e3f9ad981d96d6ece40c3af76ba639dc88f11a9f87ef8b9497f5e4ada9018054e313a7423473f9be9bd8ba8e40edf89b9b782cb5f55003de6d36391bc4492a5a05ef196c1b55f008640189a1a059bee8753911403a9f61715d3131c74e7f6b3f0a8429ab51caf0017fab6379962d633a3c36a8b059cf6329b8e874cc08dd2193daf5f786e60177fa74283b7cd3ff764ec2786710c25f9a8096b11e2c5e98f668f1fe59fe6e181552bd5c2a79f01f5c7689149cb672752af8d7142ad1804adb774a6ebcaf214fd2ea7083e304220e8b36591020c0d984611ba6891c7948e4af2223b3a5a18f376a5ade131ae3141c02469676a76d06814d4dbc1376611162aa1d270903074df14c43b1cf824750f3ad81bcee0f9e47aa66fa012562c063eb4e523bb72576ee681e5992a6dea8886e35898dba74af5fda18cddc7f5e282117921eaf7a569c0afebbbbcbeeb1f20f030aeb673b79ed3c0242de1f294c69b9df9ee672445955b05acc0cb4cc252f2362cf20cbbd5114fc3f17baf4b8f6ed2c06225f719e8d576326115f0ac38210ab2c98502325ed08eb97f5c1cf7b8da5d8593ccf0240a2bc1fa2967bebc8b56c14eb09a77a110d1e1803e220820ee931d17aada9cc61cc06a1d00474cde80e136344130c99553702ebc4ca49c4ab4ca8a53083da3d8e6c1a1ad877157354a5b87d245817afd1f37d2c2937fcbe6e665914da386797c4811e5fc429ec974e08910c61a9f043fc6d08947af02e505be1ba171f50e1d361a63231205cd62e8128c1ae716e41f15544a81cec8c9e5b633e657f846046e945eb7cd637fd674816740628ac1330e1a483f75a405f74d885589afc5dc6fed504c3877402ff36da5a10b81ff3bc27d78cd3d1453bff64029969de20b3c7b244630f9598e5fda383af3747cb14a1bdc7ae5482b766f48e8543df5659d5769e3f3c92086edba069c3492d3e0f9741a2081390dd5b8113f3ad1d9003eb801a143b93cc6ee9180561dbf5887f5f34a4e9d0751215c604f9bd5d42b416f084e7fdf290ec2d0453bf3e71f02810982b7f5642a49f2e79a5690dd69170f441738d5a15f9d05185417bf558d8e866686150c18c247b03937abcf0f0b21f88ebd7d8f45f00ab8e58676560b2336003b8a255a9f204227fc6923c036f3afa61a65da391f5a706c3df87376ab17646427171db06cd90b2e20e1375b98ace778568d2c94a49e4bbc1e8968401346acca98ea9df83ece4a30b31db0cf06c4d2a84a35e45f7df0d03c2495385921ad141e23c663d556cb9025f6fb1b3ca12e1c7585f6d3341382e3a6f717312c06d4745de5954b0ddc9b919de0aa1a9cf831fb2d71d9e7db3e651794138278dd8cfc23cc366baa0e5c19cb8b8adf0c30a2ad2d2a485719426786ddc753bd763f480df536f3388e50b23ef99c7c50a157eba0f95f079c4fa8196f550bec1101144d69bfd95ef4b2b076b1317e86577620df4320ab9d1160b2d23482b2cd3a7ff8ae90ed582dd0ee472599603874312a12a1bfeec15343c7c83285e2e3d584db7bf6804f377960e754373f91422fd1783f5c927df5b2cb9e962cb5eaf12a627f00cf7835f83e712c31d36a6ed404cd8c4e46d1614e3b8df8ba2e58326d43b8eb12b71950ed8f601a0474d23a510aec5f1e0f54936b1769cad26ab4825e8976d18fbe096e7f004629e14f5bc1594afd0e7fb55b5d2323c105395e29d409de0f9e87419a3c7c2dac9b65540ca32be7d378b806239a06d873e6cf558c12251ae9b9456b9521aadc9373f5bc4dce083ec3065f9385035ad34ba272447c5e7f8936563e8c7e73da597cb66f2a527d2ac3fe503ce62769fe916095f56ab2771f0f07ad94df38cb169fe85ffeb92455de131cd554ccd9d25c617b4fcd70335b317daf251131a341f7430b382cf37c77c97e2c14b9e40e8f934eb23588b3d445aa964690cecdeb18e47cc7d7b65974652329d6318f0cf171c3b5bc007121dd22535a7a2497727cd29dd961e897da70802fd76679210667c06a526a9a3a5ee43e784a7d620a3674b8bb82341a37ac75e3a240c1d26a3ba682c50c2ddbcd7f9b17e0e3b33d22c66225f60dc0b94307a85a87268edfa44b134287b2120b19552448c7c0202c99661a41becc3c483c9ae6b2092035265b73870ba6a0afc78678a0f3c61f70ef0d3308e2e8f01e597e0dd6193f2aa4d24e7088ace4b34058f5d541e790ac3cdbdc380af39f693c6ef20e353e01fe1b374f410d62146db82ac78596eca99c895c1e62c10fc595efcc010c6ad0d7811f0610b12b03489493b4529c488764da7f406222a4e7ee880062ac3ae453cc010d667012ee96b6f5dc7aaaeadc26325da8cee020f9499e94a404250a82159684858cc556603d26e1a12a1b1cbd5455b3b3e26fa1559e39ca39bed279f0266d49c2bcbf9cb3696b8621cb46ec96670d05bfc1a1e3719ec136385eae37ed701bad6f0283f428b06184057be89b3a169d4012a197bd9b00d2e8cc1680eb907652b41f3e3cedfa855928970eb2f11d443b80f2c4e464e2060cedc99017e23afa3ec32eefa569912b06aaf558b7a8e2dff74ec82c13e9ad05d9914fa5ac01796dce6425f4e2ffd310cc13500bc37f205a58ebb860a2e562b73ea7e1aee714539e2a6ca3e9f0a3651ce3113762107e6aea5a0ed85e938e25055dc54a03dea519734a632bbc27898ba3784e1ef5cd5eb20462d3afa145a8dd04369e55db33ce40bb394f33fd9bbaf256ab1ae372755966b49346a996be69975881321acd1d979486d281c86dc77d31e9ecec00c271a6bf9abdb4d99189aab597e6335ed724bb51ba90e3374fcd935534537e37a9808c5a41ca96d2077500c6c58ac26c9c56581b69ee04b933a8fe7d06533c8206", 0x1000, 0xffff}, {&(0x7f00000012c0)="b0a6b5088d42ceba28d4c084fc525cff8ae7a71339c89710b3fa1addf20150b6078f8738c664386060026906862e6c77272b34b7eb9d68fbd14a402eef90be5bfc4191dd085c8ca6a9312a7b8d1113d42af00857ee6f6827880819be9a5cb01cf8864e0d016ab670e797a915fee027ce1b3a0ab9", 0x74, 0x7}, {&(0x7f0000001340)="20873f08f5317d2b0db4bc1004039cb4027e0bfee2530bf172eec91d60c9bbea58c3ac51605dcab8eb9ae7e57ee02a3e35b34dba48e96de0ec14e66c69651ff96152c22b8f6c651f72ed4facfd56fa8b9bca1b49a377416c8dc2ad08c201e2841738b2176fc7ddf4c9f8835db303a1f1c65023985dd63eeda62bec87b813ac711da2e729d4fd9db7d18dfa5480658b9751838dd6c7281a123b295889bb518fe1c644bef4407028a8de4b9777cefe2316c84df48444deb8f00b3d414cd49a77a0a91827c52a1328fe1c84021d538b479df44d2dcdac55829ab974170f7dc3ee6daa6d51f678b631fcf6217f864a618246ddec8a0119ae238cf8035a225e52c68ff8dd2bf4107b20149b0843c942518d5b0e457b2208c842493f5dc08090255ef4a0bbdfaee4450a4999539db032b468e556fbac9cf5c57aadc923fcf863e9ca854c0e11e0496eefcaa53718c41283d96a5d8c0ee9b51b0fdd6d90e21c0ab05a5c5e4b6c61f2807c770ae29ee0d703bc1cd44b354dd1611d880fac6af8b71ab7353770e7e102f52ebf1fc1f80a1f4c997ef3e60faea705e789a3d14f6cfb3f00484c2b1416807cbf00459a017d440c0b20c5fd938c8796a57c2616f51803283feeac9a546a850ba442b378d997a4f00465a4624bcfc4a81a7c3a9f8b77827d93086d0b78a27e530a8a28fb43d1375284726afcca51815f5e4536beb88f39447b6038de3d4109a8365c525c3cba8261bbcc16274aa21b3cb0d8ff38703e9a8c92bb4a9f04d71e4a591f519bea662ac14fd982b2ceb4d9d44e623808bcc4383acd2780b3abc9957b1487af33da6ddffb93df832c35e0fc8478a868c277f0e59e2ef9f19c95031a33461c922aa1e71fa7655ddb694a4fb4fd72ee66d3fffeaa92ed14df809d95ab9b190923f692e8d8e258ede8842a2fcb6fd51ad4052d626f3f46fbd0b5119e1b0c255976f27d4dc3f5cb9c136775b88ec1e84cc3f2a2c37e2691235878140353648a6e74aa73a91ba519063ecf33b240c3f84b6da00092aa516221078b8c1fcd615feb0935f30bdd0d15e58cfae13fca996546b48084fe23c7334ab729f00ac2a9083c90ce36878d5d5a43ad2d63821fc199429994a81054f90164e43ded75b6443acc5d0156c3cae2298609786db02ca1e5139469aa6829182ff946d4a8476a0ad14483b78f0625bb80ab130bb5c578b9070c8a095639bfa58b8cbdaf20455c1d9813b1ab8cb94273fa3c3e6dbe9dcb5d7c857a52aa310c7d9c0518bb182e94be470b41038431b2137844108c1d925b2548e32c20eef5d1a367a4fbfa65749ebb3a7b52ecca40e648a9a388df9fc6b92aea92ea590e87fd1d5229e780c867380a39f32f61d37ac73b43656f8ec5e56471ed991bdea22bc3d2da517625b135a76e83170c66aa20df44d05507163a3325b4eb03bc59a1ef4bdd566111a01162bc8a99aae0b5fdc90b2fe7f9474ab578a068262e5385e63ab0cd4b07de0197e88ec3044dba732b4d01585fa6c7300db11dd1c0746be879d8415eeb9792811aeb04372b0d0ed83ae2baae8b99f6102629a6c94f07033c47c94ba01bb989514cbe6eae155a68c6c3d89a7a72a1b307513c810cf5974c21ea2746d52e44dc4244dde7257cce2164b8d4f35b561eb7e770f103e2207f14fdc8bd6c803af9f7bc56b30d70acf716068dcef16583ebd030da62f81664a23ec9ddafdf14429a401de2baf900477cbc8c412e2f637b2e9331cf7c64abf89fc72e607d0db44f23e60c2471817e7a1090adc77b0d1bbfc3d6a1557ca57d89581d3ac91a5f2540a10b19b5553f4a0e62f539a764e416796ac98658a023a5d65d9d83797cf09d5240715c4e09dc2bd79bd8c62e01dfcad389d611b3d7ac860e72edba05d69e647a66325350db127dbccaaa5ff456e55643779273c1e584697de08d93d75eaaeef842c2e61be8d3ae05e0d539c3d426a6e4c8e6ecd46c7f08f0afee11d717d29cdf56dfa07d0880bbd85299a2e5b40a705c38bd4af3717ecd381137cbcce2ec22559cf3602edafcd426a436a304ed78ec2b4e04ac81ce6c157c37006d3f4c737df1409af175377f902a154eca832022d9518008ffbbad177685c1cf66be4dabcc6893eaab5f633babb73aa34c60139085f860af039f8096c961a7307fa3991f74bfbabd3c15f337dff8db45e77aaf6308c8c880aae06e8029ddf8bb04c1a482374060ea91ed91aa5d9806be70fd40b73302c1cf3742b27acac4f27a7bf2f2d4ba1b49af87465b462f9e1ad898dae51b6eb9827d6c877590fd8078234b4e3f333cb85418a3d57d6f1e145e958b5ce38d92e7408d785ebc50fadd5866bc7373a271aec2ca7dd5622f8455aa221a5ed9703143a687ed529ad94130443a127a2712f507eebad835f7a8aada47e972ae869078bc4bad198ad4a34cdc29e07d6c508e94a5b49f516bf07d8270e5fec345dac6e61ea548ec2df6437428763738f2c9f6511e2ec24cdca3d39445a626883bb1a901eb207a5a9d62455c2acc386c09cc93cb7ff01c06b6adf043c178aebd4d95fea26090ea989e0d0a9b8136a5229759c4a5a309e66264d96fc7a69985fd32f007fd65d491b90e513da3fd5f351fee0bf40756e9cef3a8c331f5da55a041f7ff0d947ef1ea0504ebd8d087bc54a2b2390a5b10c49c32c1c7c09e5f76b1cab03356aca681da7144f922467bb1e20f074c80e0d2589cdb813be72795b61f95be533d75fb84d37e5581e83ef6436528f1fd3deb9875fad7c86517960bdaa32f69607e556c9a617bbdba61268a68dac1d1587489ba7f32c9015d83a92cb263a35292f6725c8ca173bdebf96d315ff7d6db1877a53cfd46c5f5aeb21cc7c1191decfc39528adb78b6be5b700ba57d72f26a28d4ff9ede80a83499376c00616f3d5a82b9bf19839d9ed423c26d7bc2e5ee09c112f0e3fa8260d01d9d34b1cf012843ba321525ab08a1107b50f4897600434adebc70914f7ff11c49fcf5dea1ac95327f90ed6706ec6d743f8d939c0bd443da1674cd4e3c2d00f83ccbd0accca4cf521542d324906e7ca141f19d971b7b736f336a960d9013c703ef56ba4c3a22e050bf8083a1a290de8efc06ac1a0f321287920d59bfaa0c1ad99cb08759cedb400d0c6cf76e16e1814d5862980e2f26f16e9c9c36aa843e37f82dd8768520f437a45eea5cca47f8918552586002936fd717f404a435270a76d6ed6f4f18537956af4c4aba4cc4ea9860ceefe26002d49444fef1414044b3adad66054a528fef2078fba0914a4cf70a7dd8e51496e1dfdb8de9165f74b9d5088f52a5335279862bc8d0a730952be6af571392c6aae808f3f2390c5044e8f8e444e30f959baffe3cf5f4e0a7900ba91d5362a527c1160db562c64a0fde830ca31b64824e0c4ac822d8d9b9d45e39d4cc0d02d74c0751ef3b2816bae5dd0af3d356100997371d18ae647730d06a9f4a21194093541a815a11eb45c6d66c709638a1bff1e002ba51291295268b4aaaaf1105b16d3843ae718e7a18687cbb0a49a3480df7c20ec0fad725c54942b885f582301b7354286730fc84243ebdb566237acd6d7aee1722282d2b546a002908a560f7be2c65927e7b6a53ed37e230469bb3fd7764fbbd04313df4c2545edba2bf71680f8d90b32d50c079ed855b107d15f968008212c7f984316e835c73eb152d93f388bfd692494f61434076e42edbf1db5d09305988c405f4f02b8c962cbc9eb640b5efb5120ea16964c9f37f8611b4deb68bcea588305367381c8664937b22e1c7ddd2fd10f238d2e3ebc99ccfe09aa5e9ab37881c097a33f65a2ce090e5ab034ea605930e3860638c21e7c220ea90676a163671f5c6178c907c322ddc58de0a772f538eecd6fd2c40866375c778aaa84dd0821905e77dc4a4bcec8c0d2a86eae539ab8fde8933690a905c56d3cb4df87187d6c08e4a4780bb04a7e05f4545b176d31a94fe4935afbf38ad29aa36227efca84685346ebe8977c0e4a5f912c8e80b600f732ae3f6a0da90f8ffe219d9b89e408512b1a764f41f64494fa3080f9b4cc16185a536d19c267328919af58c038162d7d82a0ba0ffae8efbc2a8197451aa4dec915b5c5849f3e16dccdbe06a4c1d46004245022f1a65055b3ecb7d1c32b79c9f6486680ce1514e7cfa1d6983b1336d112477971d01a28a1c5ec8b590f1b97b71e27125fc6c6d03ab71c888caf0e75e3ba1420c7455576cc878ceca07e4c9103df788027c7a53db8c10b1e8fcf96ffa7d5fd8b4f8d605f95bc1af9c44b7ab251d896bf423a5da5ea2c99700fddcfbeed1e3acf73797e13b60c6f61eec663904dbf042e85b32c581da1351f67ee77167b41c4e4f734745e6c4f8d35a48282f69e08a34a5fd39a1e03d9fb042b510f603231e3324ba1b6523d3b185d89c0ad31194ad7ae1a4e8195d22feb6c682dc09c6af78a8cd63fcf09073519a3f5683c2adc76a56a676f4ece5712b0843cc72c90f49aa958d9a4c0c483f486f9b51d25caad6b36f95c3a808ea616bbbe17785333aae665e0b9a7b64adc167104afc7739f344a36ec6f96142196f4a3ab991edfbe9d4f9a67619ec98f99ad82d673f0aa5d6144eafe476d91f4aec4f8a82a9be6f97b6c628dc6ab497d93f1f8cd3c9c3d741f78e511187dcc1ce962aa249422e62e2ae3a92e5281a00073f33ae42044c820081df1b0c5ac4b8c8fd81b18685577d7076d0b75975ecaff8afb66c2f00f516c4f6a0f34c7bb3cea85c8c717d0395f9b183e572b269a1f58d6c4aca362c9b4aa19201a8678ec5abc17aa77cd2d10d92a9d223f8c1615fedc03e8144fc78f9b0235badc2dd7d23359eb91e88bcbe522b0833fbd8152feeb4d08b6a3dd02cd8d3d982748e8b2d75dd044822624953ef13e1bd875bd48ae20d513a0474cb7dc34695bf549c2fa7c0ee8d3e5c5d9c4d7dd911cb6eae0ec6a7ef3ddb1763af0b3b3be87a3056fec00dce05c675b897b45c50a5185950deffdbdf7a89b8cda6b5605b0ffc3d2f35bdbb0313d45c891085fd31e8666e256f132a66de2c5ee0323bfba9d4c41f5f8f51951eac7907bc7833ebaabea1c4ec9062b2318141cb4bb96a4e68ba67fed334d4c9c73b08609f692970f09423ce55eb2380ac2a690b29b635afba163beed9965744009856044bc713288a1b843ff8e0ff6f000c8870c569390b126d9a140c53f427e0c7d48f78c2e3e9616440aafd3524c209fa978d79d0e5edbc0c9367a1d64fd0cef2703bacf3e122dbf6f7b69849a69399b1b6cdfafe542701a88f3769ffbda3402f50f0caf7a7868af50e6722002b985161dfd89cb3200f2aa17b22152503b28c6068e45b3021d44b84920fbef14bcc560d4d3510096a1006265988ef148707c540e64599442be89a09755a48c9b12269c57ae5a78587bff0758bd5351ed05543d6286718712037e57ecd6b96797cea8eb884a66ffb82d8c2bf0d51a9626a82fd1dd1cb4ef478d9e61e8190db3ee96ba3065a9534692c00b2e72275e0dcc7e54e42540b556ce498916951ced302b0584c3fcb04464f1496290cfaa04b53a4b838fd8d3af74ac1b67b883e526d8140a31f8f7e40be79b8faae570433f778e8f36a6587080a7c66de9f40f105190b77455e3b3d3a72d98f2bc46ef89f1e270e52551459329fcc0ce6d1d3cb87f9cb5eaa647eb194ec43f157a9e5a3d0459f2361370b8067955a064c185e9d54384414b78318caa6b58708f5adcdf8219beb6629d19e30b07f64f97df1c4aeb45c79f6945900455b101608717d5a5e128af08a9fafa721d882f4", 0x1000, 0x9}, {&(0x7f0000002340)="fbc5c0921eed8c1623ad5b205fae236a56874aef552d3d3e2357d37dda185e30a83d4afd86d59e720355d3e9e35bb0c698faec7e7763e3a5ba665ee9185648e4f3062ec37ba1353d90678e6c5688b15d2597ce05c546877d793bbf55cbd0e731ae05d53a79c9d9f361992971e3871287424a07de28f01ea9e7e9a88ed2265a1f1af9951dd471b1bf402c21f5db2ecb9b714f77ddb43f88028601194649adf17f1d960e5fdd841f9cd8d71e546ce7d7dbeef23f72380d2956d02c52bcea8fa00569622d5bce98f9387a48c358abc63e2a8715e2aaf454779a96aae4eba584916a417fffdb", 0xe4, 0x80000001}], 0x4001, &(0x7f0000002540)={[{@quota='quota'}, {@umask={'umask', 0x3d, 0x80000000}}, {@discard='discard'}, {@resize='resize'}, {@nointegrity='nointegrity'}, {@gid={'gid'}}, {@errors_remount='errors=remount-ro'}], [{@context={'context', 0x3d, 'root'}}, {@uid_gt={'uid>', r5}}, {@measure='measure'}, {@pcr={'pcr', 0x3d, 0x1f}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/dri/card#\x00'}}, {@obj_user={'obj_user', 0x3d, '\'^*bdev'}}]}) setresuid(0x0, r5, 0xee00) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) fcntl$dupfd(r7, 0x406, r7) r8 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000)='/dev/ttyS3\x00', 0x202000, 0x0) ioctl$TIOCMSET(r8, 0x5418, &(0x7f0000000040)=0x4) sendfile(r0, r7, 0x0, 0x400) [ 2685.569044] audit: type=1800 audit(1588638887.434:284): pid=26882 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16391 res=0 [ 2685.621590] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2685.634874] audit: type=1804 audit(1588638887.494:285): pid=26884 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1382/bus" dev="sda1" ino=16402 res=1 [ 2685.682799] jfs: Unrecognized mount option "umask=0x0000000é€of080000000" or missing value [ 2685.695188] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2685.700005] Process accounting resumed 00:34:47 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0xc) [ 2685.736588] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2685.749834] Process accounting resumed 00:34:47 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendmsg$NFNL_MSG_ACCT_DEL(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="d8000000030701030000000000000000050000010800054000000001340007800800024000000009080a0140000000040800014000000006080002400000000908000140ffffffff080001400000000508000540000000010c00034000000000000000000900010073797a31000000002400078008000140fffbff7f080001400000000608000140000000010800014000000800080005400000000234000780080001400000001f0800024000000007080002400000010008000140000000040800014000000000080002400000003e0800054000000002"], 0xd8}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendfile(r0, r3, 0x0, 0x400) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000000)={@private1, 0x8001, 0x0, 0x1, 0x3, 0x8, 0x800}, 0x20) timerfd_create(0x3, 0x40000) [ 2685.791000] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock 00:34:47 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff009) [ 2685.868227] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2685.885262] audit: type=1800 audit(1588638887.754:286): pid=26918 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16402 res=0 [ 2685.940706] MINIX-fs: mounting unchecked file system, running fsck is recommended 00:34:47 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c100400000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2685.971190] audit: type=1804 audit(1588638887.844:287): pid=26925 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1383/bus" dev="sda1" ino=16531 res=1 [ 2686.009061] Process accounting resumed 00:34:47 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0xd) 00:34:47 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) r3 = socket(0x10, 0x2, 0x0) getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r4) r5 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r5, r4, 0x0) syz_mount_image$jfs(&(0x7f00000001c0)='jfs\x00', &(0x7f0000000200)='./bus\x00', 0x6, 0x5, &(0x7f0000002440)=[{&(0x7f0000000240)="01672d4b14911985c0147601da0a04d2da9f4cecc46a540de639fe302fef9932e174e04983e4b7f086d0a62d8aa3f90529eb4c63f1dda7b2dc3f91a2248d28f5c179bea4cf81151b616caf89a7d802a16fbb2deabcc3bd762140233265", 0x5d, 0xffffffffffff4e72}, {&(0x7f00000002c0)="470c79323ffd533d73f6a28777e8a31f7f7361aa5ff0df8df5e212bf1f07f05e9b78ccae51d1a8e2ef22f82a2790b73e4cf0d038f8c16ef0ac66435aae5bbe81f4989a2b4eacd50af5177bcf1458f526eb593274d227b8f2e086659892531a2809f24a99790669b99f0a50d06202d585ebc4d1652dda806f0414028a236bc8859cba7c7185a1907732efa65904b6a02a73d8e28f74bdb3065acb19751bac1327d3ecebc434dc9753bd49b36aa1e41728c3309f8b322ad3fd8ce0c9b6b2e4be3bad3bcbf3dab2a3566bc74b45f3773e9f1cc55edcc69e8f52158687cf30e3ced3ad0c277bcda3433e0b03a8252af5b95fdc3a6529b9e9b6ca6847890043c0883d2fc138deea0c08ec35837eb9692917c39ce86c4935e4887abca771688399714c7a1faac063ac0c2fb93b76e8c38b339a89301e9e35bb7791e8490dda3a0f0e79c5154326d0b1da8ac3f9a860b0297173f8e1552e0bfaf8ef5475dd0a41685df2520835209e48ef3231a2c059e1e2a0ce36ae3a837044bf231e0e23519f71c56c8e79b6aa5309fae12a35eb2da6ba856c14e6c3c6125b377dc7590c1b7412a74687639128bc205e69c892231061328b7e16112b987e47b69287d35ca0da308f1300bfd613d390aefb4fd530c9cc93474174e9787b41aba3f4e266d860edb6d9b1b4edd3a2f82f495d8478e7a3f0d05b2d14c71a17dd2aa4ab6c57173a3eafb6ced5dd146f2d8cc45617540cf35451a6c13c5ff127781dee7dcc7e0763705ab0e86ac97210423b0e74c61f984e0f3575b1de1d4437e8586d85ed5d0af7fddfec9f4913d7f7a0d72b33bfd305d097b1304f9df77b44a91d3056df8b056b7b3777b9807213942b5e386be6f6fd54f2e487dc66b4b294107dd5e4154461e060d1413c46035d8b541827ae4517394ae256af125c5fb2ae6cc2faa7486d909988643c7a04af111272e7662d95432820746938939fb9d8644f75133eef2e2bb6637b5b947061aaa49fe800569cd8a3bea2afb67bd8d22404ed5300b310515f54359519e3fcf15bfd1cd223d5e389bfdc168ee04d89967d475fab35a4289ded024f04f72f19008b4ef4747e61f41fc2b81f55d77aff7568469a01895037e10bbfd7138c53fd0753ccda1b73594417c3fadaaef9ccaec8a639aed28d23fb4eefc931dd0923bd069912da2b977989968234edb73ec9d9ae3c90e057a1937b48d4499120ee6010d5d66651b10965da5e446f9592fb13a2ecbb4978b4d9f513575f80ed643102fc107416401dad8f208c2c256b936bca6c65a19247ccaa0ff753f2735af1d075279f85825f474cbda0f1cd41c3fad8345b5add1d0c6ad7bba3724e6a88d15c8a9bd5da76ad3ea845e0af870d99044a9243abe41ae95e0c1f64c0294230681b45f58e7d780de8352ae8fc7f050fbb012ecac0b76e585450eb2ef0a434eebed468b11bbe3a68bd14fe374cad4e35db820e4045980a96ab06063550c09ce9ae68d839d6883cd748fdd92567abd8521e55013d758295777d1055bf1c78b1b0b45fadba816a9e68f82f119be3f1e0998d0b1eead81d763d7fd604d0a0d1c1e4a48614a6ee1e6a1ca5adb9e8873b299a37e22ac001fc4e833f2fd6e4e1c1b4c9457a65dd14fcfe8587299f15aca56eb663160f2040485d6eaea39aec2a842a045832b5de445c416972ff69e2fd248a248a406d6da2e42ea0909e2c48a55c49793bb458a66fee097c45d6bdb1a0c6414f10aec33f4e69ebf48223bd894290e8dfda419095a0363832100d51379d0a0c98df7a78a4a73ce93a078f7d987996086a4c3506dddcd22a56bf82e52e5710189d27527422897f0eaf7bfb042d630211ca906ff36feae938f29701a3ded80f624b9f2a40aa5edb758fd7fb0e2b85bce06d6c0251f398729f689b52f4df7ff98e3f9101e84437c9ca499e9c58ae89e541e491bd251e752712eabbe1ca239259f016bb1e85890f35b86ca6f5e49af346123c278bdf3214ced66af69973eda7db9b62c212292e834eabd012aa25ee0576d74cbf86d315b953228806282c316f5f72e243210c631ad53d980b067ab1b746b5aa13eb5142430935e0aaf6788a8d14f2dc744f564562b867bd553ae9141021b4a58012abd4b464aa09a1124449b667fb7b4ba4aef536337e04dc1f05a5291164fe6854a2172a299c3187c52f6e65ba590342809160bbf9df942d7a25587cc299eafab1ed49fd002c4d57c1dcb4b5709b151422b39e5304d297feb66663081a40cb67e41fce27d7e85dc402e40aaa8bcc9b6f9acd12ab07caf4b88681e483b3e74d14fab303037131885e9cd4a45cd81a1c66a0fd6ab77fbdbdf1c1161be32f429f7f94585c114b0c00697f1b4c45cb99319129c854b4aa46547a4c599065598c4fc170ccaa9822b7a3ff244608e0e5106558de70ab332f90a15f0af8cd023144166857c8fa8185f2e246c5ee02ede0e1ed8c3eab533f928c750f80da594c41dd3856da2c6b41603eeee7f55095ba7fd717bb8f33eb1c11d359ac3cff6fcee16c54ae0082f352789df104460202cab336ef3ed6c245fb59ca2dcfb40ed4cbaf3395b79a27004fc476246beb2cc51ebd11a999bef13bb3e8f5af71154a1e449d4f7557a5b753d58c37e3a450ee046e15b31f45df88c60b1112f0ec419a5da0b3f518d17577a9e4d55d8a769eb5d9f49c510e9f881c3d821120ad8463c937a76da2ab8c5910e754ef7255bf95a0ee2b467ae1c9c03eb73787dae3fc77aaa00926380533e31c61c65412e1a66e2bd989f4991e51aab40374636c554058d2cfed21caa1227dfce6d3451a4b822a2e8b26f247ff35eee0d72f39f198d82a5fe148001c08786c70bf2116fc830f836e8235e8a4a04a8008b0b9ec3050990ce3550c92cb969e8fa4ec3e3f9ad981d96d6ece40c3af76ba639dc88f11a9f87ef8b9497f5e4ada9018054e313a7423473f9be9bd8ba8e40edf89b9b782cb5f55003de6d36391bc4492a5a05ef196c1b55f008640189a1a059bee8753911403a9f61715d3131c74e7f6b3f0a8429ab51caf0017fab6379962d633a3c36a8b059cf6329b8e874cc08dd2193daf5f786e60177fa74283b7cd3ff764ec2786710c25f9a8096b11e2c5e98f668f1fe59fe6e181552bd5c2a79f01f5c7689149cb672752af8d7142ad1804adb774a6ebcaf214fd2ea7083e304220e8b36591020c0d984611ba6891c7948e4af2223b3a5a18f376a5ade131ae3141c02469676a76d06814d4dbc1376611162aa1d270903074df14c43b1cf824750f3ad81bcee0f9e47aa66fa012562c063eb4e523bb72576ee681e5992a6dea8886e35898dba74af5fda18cddc7f5e282117921eaf7a569c0afebbbbcbeeb1f20f030aeb673b79ed3c0242de1f294c69b9df9ee672445955b05acc0cb4cc252f2362cf20cbbd5114fc3f17baf4b8f6ed2c06225f719e8d576326115f0ac38210ab2c98502325ed08eb97f5c1cf7b8da5d8593ccf0240a2bc1fa2967bebc8b56c14eb09a77a110d1e1803e220820ee931d17aada9cc61cc06a1d00474cde80e136344130c99553702ebc4ca49c4ab4ca8a53083da3d8e6c1a1ad877157354a5b87d245817afd1f37d2c2937fcbe6e665914da386797c4811e5fc429ec974e08910c61a9f043fc6d08947af02e505be1ba171f50e1d361a63231205cd62e8128c1ae716e41f15544a81cec8c9e5b633e657f846046e945eb7cd637fd674816740628ac1330e1a483f75a405f74d885589afc5dc6fed504c3877402ff36da5a10b81ff3bc27d78cd3d1453bff64029969de20b3c7b244630f9598e5fda383af3747cb14a1bdc7ae5482b766f48e8543df5659d5769e3f3c92086edba069c3492d3e0f9741a2081390dd5b8113f3ad1d9003eb801a143b93cc6ee9180561dbf5887f5f34a4e9d0751215c604f9bd5d42b416f084e7fdf290ec2d0453bf3e71f02810982b7f5642a49f2e79a5690dd69170f441738d5a15f9d05185417bf558d8e866686150c18c247b03937abcf0f0b21f88ebd7d8f45f00ab8e58676560b2336003b8a255a9f204227fc6923c036f3afa61a65da391f5a706c3df87376ab17646427171db06cd90b2e20e1375b98ace778568d2c94a49e4bbc1e8968401346acca98ea9df83ece4a30b31db0cf06c4d2a84a35e45f7df0d03c2495385921ad141e23c663d556cb9025f6fb1b3ca12e1c7585f6d3341382e3a6f717312c06d4745de5954b0ddc9b919de0aa1a9cf831fb2d71d9e7db3e651794138278dd8cfc23cc366baa0e5c19cb8b8adf0c30a2ad2d2a485719426786ddc753bd763f480df536f3388e50b23ef99c7c50a157eba0f95f079c4fa8196f550bec1101144d69bfd95ef4b2b076b1317e86577620df4320ab9d1160b2d23482b2cd3a7ff8ae90ed582dd0ee472599603874312a12a1bfeec15343c7c83285e2e3d584db7bf6804f377960e754373f91422fd1783f5c927df5b2cb9e962cb5eaf12a627f00cf7835f83e712c31d36a6ed404cd8c4e46d1614e3b8df8ba2e58326d43b8eb12b71950ed8f601a0474d23a510aec5f1e0f54936b1769cad26ab4825e8976d18fbe096e7f004629e14f5bc1594afd0e7fb55b5d2323c105395e29d409de0f9e87419a3c7c2dac9b65540ca32be7d378b806239a06d873e6cf558c12251ae9b9456b9521aadc9373f5bc4dce083ec3065f9385035ad34ba272447c5e7f8936563e8c7e73da597cb66f2a527d2ac3fe503ce62769fe916095f56ab2771f0f07ad94df38cb169fe85ffeb92455de131cd554ccd9d25c617b4fcd70335b317daf251131a341f7430b382cf37c77c97e2c14b9e40e8f934eb23588b3d445aa964690cecdeb18e47cc7d7b65974652329d6318f0cf171c3b5bc007121dd22535a7a2497727cd29dd961e897da70802fd76679210667c06a526a9a3a5ee43e784a7d620a3674b8bb82341a37ac75e3a240c1d26a3ba682c50c2ddbcd7f9b17e0e3b33d22c66225f60dc0b94307a85a87268edfa44b134287b2120b19552448c7c0202c99661a41becc3c483c9ae6b2092035265b73870ba6a0afc78678a0f3c61f70ef0d3308e2e8f01e597e0dd6193f2aa4d24e7088ace4b34058f5d541e790ac3cdbdc380af39f693c6ef20e353e01fe1b374f410d62146db82ac78596eca99c895c1e62c10fc595efcc010c6ad0d7811f0610b12b03489493b4529c488764da7f406222a4e7ee880062ac3ae453cc010d667012ee96b6f5dc7aaaeadc26325da8cee020f9499e94a404250a82159684858cc556603d26e1a12a1b1cbd5455b3b3e26fa1559e39ca39bed279f0266d49c2bcbf9cb3696b8621cb46ec96670d05bfc1a1e3719ec136385eae37ed701bad6f0283f428b06184057be89b3a169d4012a197bd9b00d2e8cc1680eb907652b41f3e3cedfa855928970eb2f11d443b80f2c4e464e2060cedc99017e23afa3ec32eefa569912b06aaf558b7a8e2dff74ec82c13e9ad05d9914fa5ac01796dce6425f4e2ffd310cc13500bc37f205a58ebb860a2e562b73ea7e1aee714539e2a6ca3e9f0a3651ce3113762107e6aea5a0ed85e938e25055dc54a03dea519734a632bbc27898ba3784e1ef5cd5eb20462d3afa145a8dd04369e55db33ce40bb394f33fd9bbaf256ab1ae372755966b49346a996be69975881321acd1d979486d281c86dc77d31e9ecec00c271a6bf9abdb4d99189aab597e6335ed724bb51ba90e3374fcd935534537e37a9808c5a41ca96d2077500c6c58ac26c9c56581b69ee04b933a8fe7d06533c8206", 0x1000, 0xffff}, {&(0x7f00000012c0)="b0a6b5088d42ceba28d4c084fc525cff8ae7a71339c89710b3fa1addf20150b6078f8738c664386060026906862e6c77272b34b7eb9d68fbd14a402eef90be5bfc4191dd085c8ca6a9312a7b8d1113d42af00857ee6f6827880819be9a5cb01cf8864e0d016ab670e797a915fee027ce1b3a0ab9", 0x74, 0x7}, {&(0x7f0000001340)="20873f08f5317d2b0db4bc1004039cb4027e0bfee2530bf172eec91d60c9bbea58c3ac51605dcab8eb9ae7e57ee02a3e35b34dba48e96de0ec14e66c69651ff96152c22b8f6c651f72ed4facfd56fa8b9bca1b49a377416c8dc2ad08c201e2841738b2176fc7ddf4c9f8835db303a1f1c65023985dd63eeda62bec87b813ac711da2e729d4fd9db7d18dfa5480658b9751838dd6c7281a123b295889bb518fe1c644bef4407028a8de4b9777cefe2316c84df48444deb8f00b3d414cd49a77a0a91827c52a1328fe1c84021d538b479df44d2dcdac55829ab974170f7dc3ee6daa6d51f678b631fcf6217f864a618246ddec8a0119ae238cf8035a225e52c68ff8dd2bf4107b20149b0843c942518d5b0e457b2208c842493f5dc08090255ef4a0bbdfaee4450a4999539db032b468e556fbac9cf5c57aadc923fcf863e9ca854c0e11e0496eefcaa53718c41283d96a5d8c0ee9b51b0fdd6d90e21c0ab05a5c5e4b6c61f2807c770ae29ee0d703bc1cd44b354dd1611d880fac6af8b71ab7353770e7e102f52ebf1fc1f80a1f4c997ef3e60faea705e789a3d14f6cfb3f00484c2b1416807cbf00459a017d440c0b20c5fd938c8796a57c2616f51803283feeac9a546a850ba442b378d997a4f00465a4624bcfc4a81a7c3a9f8b77827d93086d0b78a27e530a8a28fb43d1375284726afcca51815f5e4536beb88f39447b6038de3d4109a8365c525c3cba8261bbcc16274aa21b3cb0d8ff38703e9a8c92bb4a9f04d71e4a591f519bea662ac14fd982b2ceb4d9d44e623808bcc4383acd2780b3abc9957b1487af33da6ddffb93df832c35e0fc8478a868c277f0e59e2ef9f19c95031a33461c922aa1e71fa7655ddb694a4fb4fd72ee66d3fffeaa92ed14df809d95ab9b190923f692e8d8e258ede8842a2fcb6fd51ad4052d626f3f46fbd0b5119e1b0c255976f27d4dc3f5cb9c136775b88ec1e84cc3f2a2c37e2691235878140353648a6e74aa73a91ba519063ecf33b240c3f84b6da00092aa516221078b8c1fcd615feb0935f30bdd0d15e58cfae13fca996546b48084fe23c7334ab729f00ac2a9083c90ce36878d5d5a43ad2d63821fc199429994a81054f90164e43ded75b6443acc5d0156c3cae2298609786db02ca1e5139469aa6829182ff946d4a8476a0ad14483b78f0625bb80ab130bb5c578b9070c8a095639bfa58b8cbdaf20455c1d9813b1ab8cb94273fa3c3e6dbe9dcb5d7c857a52aa310c7d9c0518bb182e94be470b41038431b2137844108c1d925b2548e32c20eef5d1a367a4fbfa65749ebb3a7b52ecca40e648a9a388df9fc6b92aea92ea590e87fd1d5229e780c867380a39f32f61d37ac73b43656f8ec5e56471ed991bdea22bc3d2da517625b135a76e83170c66aa20df44d05507163a3325b4eb03bc59a1ef4bdd566111a01162bc8a99aae0b5fdc90b2fe7f9474ab578a068262e5385e63ab0cd4b07de0197e88ec3044dba732b4d01585fa6c7300db11dd1c0746be879d8415eeb9792811aeb04372b0d0ed83ae2baae8b99f6102629a6c94f07033c47c94ba01bb989514cbe6eae155a68c6c3d89a7a72a1b307513c810cf5974c21ea2746d52e44dc4244dde7257cce2164b8d4f35b561eb7e770f103e2207f14fdc8bd6c803af9f7bc56b30d70acf716068dcef16583ebd030da62f81664a23ec9ddafdf14429a401de2baf900477cbc8c412e2f637b2e9331cf7c64abf89fc72e607d0db44f23e60c2471817e7a1090adc77b0d1bbfc3d6a1557ca57d89581d3ac91a5f2540a10b19b5553f4a0e62f539a764e416796ac98658a023a5d65d9d83797cf09d5240715c4e09dc2bd79bd8c62e01dfcad389d611b3d7ac860e72edba05d69e647a66325350db127dbccaaa5ff456e55643779273c1e584697de08d93d75eaaeef842c2e61be8d3ae05e0d539c3d426a6e4c8e6ecd46c7f08f0afee11d717d29cdf56dfa07d0880bbd85299a2e5b40a705c38bd4af3717ecd381137cbcce2ec22559cf3602edafcd426a436a304ed78ec2b4e04ac81ce6c157c37006d3f4c737df1409af175377f902a154eca832022d9518008ffbbad177685c1cf66be4dabcc6893eaab5f633babb73aa34c60139085f860af039f8096c961a7307fa3991f74bfbabd3c15f337dff8db45e77aaf6308c8c880aae06e8029ddf8bb04c1a482374060ea91ed91aa5d9806be70fd40b73302c1cf3742b27acac4f27a7bf2f2d4ba1b49af87465b462f9e1ad898dae51b6eb9827d6c877590fd8078234b4e3f333cb85418a3d57d6f1e145e958b5ce38d92e7408d785ebc50fadd5866bc7373a271aec2ca7dd5622f8455aa221a5ed9703143a687ed529ad94130443a127a2712f507eebad835f7a8aada47e972ae869078bc4bad198ad4a34cdc29e07d6c508e94a5b49f516bf07d8270e5fec345dac6e61ea548ec2df6437428763738f2c9f6511e2ec24cdca3d39445a626883bb1a901eb207a5a9d62455c2acc386c09cc93cb7ff01c06b6adf043c178aebd4d95fea26090ea989e0d0a9b8136a5229759c4a5a309e66264d96fc7a69985fd32f007fd65d491b90e513da3fd5f351fee0bf40756e9cef3a8c331f5da55a041f7ff0d947ef1ea0504ebd8d087bc54a2b2390a5b10c49c32c1c7c09e5f76b1cab03356aca681da7144f922467bb1e20f074c80e0d2589cdb813be72795b61f95be533d75fb84d37e5581e83ef6436528f1fd3deb9875fad7c86517960bdaa32f69607e556c9a617bbdba61268a68dac1d1587489ba7f32c9015d83a92cb263a35292f6725c8ca173bdebf96d315ff7d6db1877a53cfd46c5f5aeb21cc7c1191decfc39528adb78b6be5b700ba57d72f26a28d4ff9ede80a83499376c00616f3d5a82b9bf19839d9ed423c26d7bc2e5ee09c112f0e3fa8260d01d9d34b1cf012843ba321525ab08a1107b50f4897600434adebc70914f7ff11c49fcf5dea1ac95327f90ed6706ec6d743f8d939c0bd443da1674cd4e3c2d00f83ccbd0accca4cf521542d324906e7ca141f19d971b7b736f336a960d9013c703ef56ba4c3a22e050bf8083a1a290de8efc06ac1a0f321287920d59bfaa0c1ad99cb08759cedb400d0c6cf76e16e1814d5862980e2f26f16e9c9c36aa843e37f82dd8768520f437a45eea5cca47f8918552586002936fd717f404a435270a76d6ed6f4f18537956af4c4aba4cc4ea9860ceefe26002d49444fef1414044b3adad66054a528fef2078fba0914a4cf70a7dd8e51496e1dfdb8de9165f74b9d5088f52a5335279862bc8d0a730952be6af571392c6aae808f3f2390c5044e8f8e444e30f959baffe3cf5f4e0a7900ba91d5362a527c1160db562c64a0fde830ca31b64824e0c4ac822d8d9b9d45e39d4cc0d02d74c0751ef3b2816bae5dd0af3d356100997371d18ae647730d06a9f4a21194093541a815a11eb45c6d66c709638a1bff1e002ba51291295268b4aaaaf1105b16d3843ae718e7a18687cbb0a49a3480df7c20ec0fad725c54942b885f582301b7354286730fc84243ebdb566237acd6d7aee1722282d2b546a002908a560f7be2c65927e7b6a53ed37e230469bb3fd7764fbbd04313df4c2545edba2bf71680f8d90b32d50c079ed855b107d15f968008212c7f984316e835c73eb152d93f388bfd692494f61434076e42edbf1db5d09305988c405f4f02b8c962cbc9eb640b5efb5120ea16964c9f37f8611b4deb68bcea588305367381c8664937b22e1c7ddd2fd10f238d2e3ebc99ccfe09aa5e9ab37881c097a33f65a2ce090e5ab034ea605930e3860638c21e7c220ea90676a163671f5c6178c907c322ddc58de0a772f538eecd6fd2c40866375c778aaa84dd0821905e77dc4a4bcec8c0d2a86eae539ab8fde8933690a905c56d3cb4df87187d6c08e4a4780bb04a7e05f4545b176d31a94fe4935afbf38ad29aa36227efca84685346ebe8977c0e4a5f912c8e80b600f732ae3f6a0da90f8ffe219d9b89e408512b1a764f41f64494fa3080f9b4cc16185a536d19c267328919af58c038162d7d82a0ba0ffae8efbc2a8197451aa4dec915b5c5849f3e16dccdbe06a4c1d46004245022f1a65055b3ecb7d1c32b79c9f6486680ce1514e7cfa1d6983b1336d112477971d01a28a1c5ec8b590f1b97b71e27125fc6c6d03ab71c888caf0e75e3ba1420c7455576cc878ceca07e4c9103df788027c7a53db8c10b1e8fcf96ffa7d5fd8b4f8d605f95bc1af9c44b7ab251d896bf423a5da5ea2c99700fddcfbeed1e3acf73797e13b60c6f61eec663904dbf042e85b32c581da1351f67ee77167b41c4e4f734745e6c4f8d35a48282f69e08a34a5fd39a1e03d9fb042b510f603231e3324ba1b6523d3b185d89c0ad31194ad7ae1a4e8195d22feb6c682dc09c6af78a8cd63fcf09073519a3f5683c2adc76a56a676f4ece5712b0843cc72c90f49aa958d9a4c0c483f486f9b51d25caad6b36f95c3a808ea616bbbe17785333aae665e0b9a7b64adc167104afc7739f344a36ec6f96142196f4a3ab991edfbe9d4f9a67619ec98f99ad82d673f0aa5d6144eafe476d91f4aec4f8a82a9be6f97b6c628dc6ab497d93f1f8cd3c9c3d741f78e511187dcc1ce962aa249422e62e2ae3a92e5281a00073f33ae42044c820081df1b0c5ac4b8c8fd81b18685577d7076d0b75975ecaff8afb66c2f00f516c4f6a0f34c7bb3cea85c8c717d0395f9b183e572b269a1f58d6c4aca362c9b4aa19201a8678ec5abc17aa77cd2d10d92a9d223f8c1615fedc03e8144fc78f9b0235badc2dd7d23359eb91e88bcbe522b0833fbd8152feeb4d08b6a3dd02cd8d3d982748e8b2d75dd044822624953ef13e1bd875bd48ae20d513a0474cb7dc34695bf549c2fa7c0ee8d3e5c5d9c4d7dd911cb6eae0ec6a7ef3ddb1763af0b3b3be87a3056fec00dce05c675b897b45c50a5185950deffdbdf7a89b8cda6b5605b0ffc3d2f35bdbb0313d45c891085fd31e8666e256f132a66de2c5ee0323bfba9d4c41f5f8f51951eac7907bc7833ebaabea1c4ec9062b2318141cb4bb96a4e68ba67fed334d4c9c73b08609f692970f09423ce55eb2380ac2a690b29b635afba163beed9965744009856044bc713288a1b843ff8e0ff6f000c8870c569390b126d9a140c53f427e0c7d48f78c2e3e9616440aafd3524c209fa978d79d0e5edbc0c9367a1d64fd0cef2703bacf3e122dbf6f7b69849a69399b1b6cdfafe542701a88f3769ffbda3402f50f0caf7a7868af50e6722002b985161dfd89cb3200f2aa17b22152503b28c6068e45b3021d44b84920fbef14bcc560d4d3510096a1006265988ef148707c540e64599442be89a09755a48c9b12269c57ae5a78587bff0758bd5351ed05543d6286718712037e57ecd6b96797cea8eb884a66ffb82d8c2bf0d51a9626a82fd1dd1cb4ef478d9e61e8190db3ee96ba3065a9534692c00b2e72275e0dcc7e54e42540b556ce498916951ced302b0584c3fcb04464f1496290cfaa04b53a4b838fd8d3af74ac1b67b883e526d8140a31f8f7e40be79b8faae570433f778e8f36a6587080a7c66de9f40f105190b77455e3b3d3a72d98f2bc46ef89f1e270e52551459329fcc0ce6d1d3cb87f9cb5eaa647eb194ec43f157a9e5a3d0459f2361370b8067955a064c185e9d54384414b78318caa6b58708f5adcdf8219beb6629d19e30b07f64f97df1c4aeb45c79f6945900455b101608717d5a5e128af08a9fafa721d882f4", 0x1000, 0x9}, {&(0x7f0000002340)="fbc5c0921eed8c1623ad5b205fae236a56874aef552d3d3e2357d37dda185e30a83d4afd86d59e720355d3e9e35bb0c698faec7e7763e3a5ba665ee9185648e4f3062ec37ba1353d90678e6c5688b15d2597ce05c546877d793bbf55cbd0e731ae05d53a79c9d9f361992971e3871287424a07de28f01ea9e7e9a88ed2265a1f1af9951dd471b1bf402c21f5db2ecb9b714f77ddb43f88028601194649adf17f1d960e5fdd841f9cd8d71e546ce7d7dbeef23f72380d2956d02c52bcea8fa00569622d5bce98f9387a48c358abc63e2a8715e2aaf454779a96aae4eba584916a417fffdb", 0xe4, 0x80000001}], 0x4001, &(0x7f0000002540)={[{@quota='quota'}, {@umask={'umask', 0x3d, 0x80000000}}, {@discard='discard'}, {@resize='resize'}, {@nointegrity='nointegrity'}, {@gid={'gid'}}, {@errors_remount='errors=remount-ro'}], [{@context={'context', 0x3d, 'root'}}, {@uid_gt={'uid>', r4}}, {@measure='measure'}, {@pcr={'pcr', 0x3d, 0x1f}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/dri/card#\x00'}}, {@obj_user={'obj_user', 0x3d, '\'^*bdev'}}]}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setreuid(0x0, r6) r7 = add_key$keyring(&(0x7f0000000080)='keyring\x00', &(0x7f0000000100)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$chown(0x4, r7, r6, 0x0) syz_mount_image$jfs(&(0x7f00000001c0)='jfs\x00', &(0x7f0000000200)='./bus\x00', 0x6, 0x5, &(0x7f00000024c0)=[{&(0x7f0000000240)="01672d4b14911985c0147601da0a04d2da9f4cecc46a540de639fe302fef9932e174e04983e4b7f086d0a62d8aa3f90529eb4c63f1dda7b2dc3f91a2248d28f5c179bea4cf81151b616caf89a7d802a16fbb2deabcc3bd762140233265", 0x5d, 0xffffffffffff4e72}, {&(0x7f00000002c0)="470c79323ffd533d73f6a28777e8a31f7f7361aa5ff0df8df5e212bf1f07f05e9b78ccae51d1a8e2ef22f82a2790b73e4cf0d038f8c16ef0ac66435aae5bbe81f4989a2b4eacd50af5177bcf1458f526eb593274d227b8f2e086659892531a2809f24a99790669b99f0a50d06202d585ebc4d1652dda806f0414028a236bc8859cba7c7185a1907732efa65904b6a02a73d8e28f74bdb3065acb19751bac1327d3ecebc434dc9753bd49b36aa1e41728c3309f8b322ad3fd8ce0c9b6b2e4be3bad3bcbf3dab2a3566bc74b45f3773e9f1cc55edcc69e8f52158687cf30e3ced3ad0c277bcda3433e0b03a8252af5b95fdc3a6529b9e9b6ca6847890043c0883d2fc138deea0c08ec35837eb9692917c39ce86c4935e4887abca771688399714c7a1faac063ac0c2fb93b76e8c38b339a89301e9e35bb7791e8490dda3a0f0e79c5154326d0b1da8ac3f9a860b0297173f8e1552e0bfaf8ef5475dd0a41685df2520835209e48ef3231a2c059e1e2a0ce36ae3a837044bf231e0e23519f71c56c8e79b6aa5309fae12a35eb2da6ba856c14e6c3c6125b377dc7590c1b7412a74687639128bc205e69c892231061328b7e16112b987e47b69287d35ca0da308f1300bfd613d390aefb4fd530c9cc93474174e9787b41aba3f4e266d860edb6d9b1b4edd3a2f82f495d8478e7a3f0d05b2d14c71a17dd2aa4ab6c57173a3eafb6ced5dd146f2d8cc45617540cf35451a6c13c5ff127781dee7dcc7e0763705ab0e86ac97210423b0e74c61f984e0f3575b1de1d4437e8586d85ed5d0af7fddfec9f4913d7f7a0d72b33bfd305d097b1304f9df77b44a91d3056df8b056b7b3777b9807213942b5e386be6f6fd54f2e487dc66b4b294107dd5e4154461e060d1413c46035d8b541827ae4517394ae256af125c5fb2ae6cc2faa7486d909988643c7a04af111272e7662d95432820746938939fb9d8644f75133eef2e2bb6637b5b947061aaa49fe800569cd8a3bea2afb67bd8d22404ed5300b310515f54359519e3fcf15bfd1cd223d5e389bfdc168ee04d89967d475fab35a4289ded024f04f72f19008b4ef4747e61f41fc2b81f55d77aff7568469a01895037e10bbfd7138c53fd0753ccda1b73594417c3fadaaef9ccaec8a639aed28d23fb4eefc931dd0923bd069912da2b977989968234edb73ec9d9ae3c90e057a1937b48d4499120ee6010d5d66651b10965da5e446f9592fb13a2ecbb4978b4d9f513575f80ed643102fc107416401dad8f208c2c256b936bca6c65a19247ccaa0ff753f2735af1d075279f85825f474cbda0f1cd41c3fad8345b5add1d0c6ad7bba3724e6a88d15c8a9bd5da76ad3ea845e0af870d99044a9243abe41ae95e0c1f64c0294230681b45f58e7d780de8352ae8fc7f050fbb012ecac0b76e585450eb2ef0a434eebed468b11bbe3a68bd14fe374cad4e35db820e4045980a96ab06063550c09ce9ae68d839d6883cd748fdd92567abd8521e55013d758295777d1055bf1c78b1b0b45fadba816a9e68f82f119be3f1e0998d0b1eead81d763d7fd604d0a0d1c1e4a48614a6ee1e6a1ca5adb9e8873b299a37e22ac001fc4e833f2fd6e4e1c1b4c9457a65dd14fcfe8587299f15aca56eb663160f2040485d6eaea39aec2a842a045832b5de445c416972ff69e2fd248a248a406d6da2e42ea0909e2c48a55c49793bb458a66fee097c45d6bdb1a0c6414f10aec33f4e69ebf48223bd894290e8dfda419095a0363832100d51379d0a0c98df7a78a4a73ce93a078f7d987996086a4c3506dddcd22a56bf82e52e5710189d27527422897f0eaf7bfb042d630211ca906ff36feae938f29701a3ded80f624b9f2a40aa5edb758fd7fb0e2b85bce06d6c0251f398729f689b52f4df7ff98e3f9101e84437c9ca499e9c58ae89e541e491bd251e752712eabbe1ca239259f016bb1e85890f35b86ca6f5e49af346123c278bdf3214ced66af69973eda7db9b62c212292e834eabd012aa25ee0576d74cbf86d315b953228806282c316f5f72e243210c631ad53d980b067ab1b746b5aa13eb5142430935e0aaf6788a8d14f2dc744f564562b867bd553ae9141021b4a58012abd4b464aa09a1124449b667fb7b4ba4aef536337e04dc1f05a5291164fe6854a2172a299c3187c52f6e65ba590342809160bbf9df942d7a25587cc299eafab1ed49fd002c4d57c1dcb4b5709b151422b39e5304d297feb66663081a40cb67e41fce27d7e85dc402e40aaa8bcc9b6f9acd12ab07caf4b88681e483b3e74d14fab303037131885e9cd4a45cd81a1c66a0fd6ab77fbdbdf1c1161be32f429f7f94585c114b0c00697f1b4c45cb99319129c854b4aa46547a4c599065598c4fc170ccaa9822b7a3ff244608e0e5106558de70ab332f90a15f0af8cd023144166857c8fa8185f2e246c5ee02ede0e1ed8c3eab533f928c750f80da594c41dd3856da2c6b41603eeee7f55095ba7fd717bb8f33eb1c11d359ac3cff6fcee16c54ae0082f352789df104460202cab336ef3ed6c245fb59ca2dcfb40ed4cbaf3395b79a27004fc476246beb2cc51ebd11a999bef13bb3e8f5af71154a1e449d4f7557a5b753d58c37e3a450ee046e15b31f45df88c60b1112f0ec419a5da0b3f518d17577a9e4d55d8a769eb5d9f49c510e9f881c3d821120ad8463c937a76da2ab8c5910e754ef7255bf95a0ee2b467ae1c9c03eb73787dae3fc77aaa00926380533e31c61c65412e1a66e2bd989f4991e51aab40374636c554058d2cfed21caa1227dfce6d3451a4b822a2e8b26f247ff35eee0d72f39f198d82a5fe148001c08786c70bf2116fc830f836e8235e8a4a04a8008b0b9ec3050990ce3550c92cb969e8fa4ec3e3f9ad981d96d6ece40c3af76ba639dc88f11a9f87ef8b9497f5e4ada9018054e313a7423473f9be9bd8ba8e40edf89b9b782cb5f55003de6d36391bc4492a5a05ef196c1b55f008640189a1a059bee8753911403a9f61715d3131c74e7f6b3f0a8429ab51caf0017fab6379962d633a3c36a8b059cf6329b8e874cc08dd2193daf5f786e60177fa74283b7cd3ff764ec2786710c25f9a8096b11e2c5e98f668f1fe59fe6e181552bd5c2a79f01f5c7689149cb672752af8d7142ad1804adb774a6ebcaf214fd2ea7083e304220e8b36591020c0d984611ba6891c7948e4af2223b3a5a18f376a5ade131ae3141c02469676a76d06814d4dbc1376611162aa1d270903074df14c43b1cf824750f3ad81bcee0f9e47aa66fa012562c063eb4e523bb72576ee681e5992a6dea8886e35898dba74af5fda18cddc7f5e282117921eaf7a569c0afebbbbcbeeb1f20f030aeb673b79ed3c0242de1f294c69b9df9ee672445955b05acc0cb4cc252f2362cf20cbbd5114fc3f17baf4b8f6ed2c06225f719e8d576326115f0ac38210ab2c98502325ed08eb97f5c1cf7b8da5d8593ccf0240a2bc1fa2967bebc8b56c14eb09a77a110d1e1803e220820ee931d17aada9cc61cc06a1d00474cde80e136344130c99553702ebc4ca49c4ab4ca8a53083da3d8e6c1a1ad877157354a5b87d245817afd1f37d2c2937fcbe6e665914da386797c4811e5fc429ec974e08910c61a9f043fc6d08947af02e505be1ba171f50e1d361a63231205cd62e8128c1ae716e41f15544a81cec8c9e5b633e657f846046e945eb7cd637fd674816740628ac1330e1a483f75a405f74d885589afc5dc6fed504c3877402ff36da5a10b81ff3bc27d78cd3d1453bff64029969de20b3c7b244630f9598e5fda383af3747cb14a1bdc7ae5482b766f48e8543df5659d5769e3f3c92086edba069c3492d3e0f9741a2081390dd5b8113f3ad1d9003eb801a143b93cc6ee9180561dbf5887f5f34a4e9d0751215c604f9bd5d42b416f084e7fdf290ec2d0453bf3e71f02810982b7f5642a49f2e79a5690dd69170f441738d5a15f9d05185417bf558d8e866686150c18c247b03937abcf0f0b21f88ebd7d8f45f00ab8e58676560b2336003b8a255a9f204227fc6923c036f3afa61a65da391f5a706c3df87376ab17646427171db06cd90b2e20e1375b98ace778568d2c94a49e4bbc1e8968401346acca98ea9df83ece4a30b31db0cf06c4d2a84a35e45f7df0d03c2495385921ad141e23c663d556cb9025f6fb1b3ca12e1c7585f6d3341382e3a6f717312c06d4745de5954b0ddc9b919de0aa1a9cf831fb2d71d9e7db3e651794138278dd8cfc23cc366baa0e5c19cb8b8adf0c30a2ad2d2a485719426786ddc753bd763f480df536f3388e50b23ef99c7c50a157eba0f95f079c4fa8196f550bec1101144d69bfd95ef4b2b076b1317e86577620df4320ab9d1160b2d23482b2cd3a7ff8ae90ed582dd0ee472599603874312a12a1bfeec15343c7c83285e2e3d584db7bf6804f377960e754373f91422fd1783f5c927df5b2cb9e962cb5eaf12a627f00cf7835f83e712c31d36a6ed404cd8c4e46d1614e3b8df8ba2e58326d43b8eb12b71950ed8f601a0474d23a510aec5f1e0f54936b1769cad26ab4825e8976d18fbe096e7f004629e14f5bc1594afd0e7fb55b5d2323c105395e29d409de0f9e87419a3c7c2dac9b65540ca32be7d378b806239a06d873e6cf558c12251ae9b9456b9521aadc9373f5bc4dce083ec3065f9385035ad34ba272447c5e7f8936563e8c7e73da597cb66f2a527d2ac3fe503ce62769fe916095f56ab2771f0f07ad94df38cb169fe85ffeb92455de131cd554ccd9d25c617b4fcd70335b317daf251131a341f7430b382cf37c77c97e2c14b9e40e8f934eb23588b3d445aa964690cecdeb18e47cc7d7b65974652329d6318f0cf171c3b5bc007121dd22535a7a2497727cd29dd961e897da70802fd76679210667c06a526a9a3a5ee43e784a7d620a3674b8bb82341a37ac75e3a240c1d26a3ba682c50c2ddbcd7f9b17e0e3b33d22c66225f60dc0b94307a85a87268edfa44b134287b2120b19552448c7c0202c99661a41becc3c483c9ae6b2092035265b73870ba6a0afc78678a0f3c61f70ef0d3308e2e8f01e597e0dd6193f2aa4d24e7088ace4b34058f5d541e790ac3cdbdc380af39f693c6ef20e353e01fe1b374f410d62146db82ac78596eca99c895c1e62c10fc595efcc010c6ad0d7811f0610b12b03489493b4529c488764da7f406222a4e7ee880062ac3ae453cc010d667012ee96b6f5dc7aaaeadc26325da8cee020f9499e94a404250a82159684858cc556603d26e1a12a1b1cbd5455b3b3e26fa1559e39ca39bed279f0266d49c2bcbf9cb3696b8621cb46ec96670d05bfc1a1e3719ec136385eae37ed701bad6f0283f428b06184057be89b3a169d4012a197bd9b00d2e8cc1680eb907652b41f3e3cedfa855928970eb2f11d443b80f2c4e464e2060cedc99017e23afa3ec32eefa569912b06aaf558b7a8e2dff74ec82c13e9ad05d9914fa5ac01796dce6425f4e2ffd310cc13500bc37f205a58ebb860a2e562b73ea7e1aee714539e2a6ca3e9f0a3651ce3113762107e6aea5a0ed85e938e25055dc54a03dea519734a632bbc27898ba3784e1ef5cd5eb20462d3afa145a8dd04369e55db33ce40bb394f33fd9bbaf256ab1ae372755966b49346a996be69975881321acd1d979486d281c86dc77d31e9ecec00c271a6bf9abdb4d99189aab597e6335ed724bb51ba90e3374fcd935534537e37a9808c5a41ca96d2077500c6c58ac26c9c56581b69ee04b933a8fe7d06533c8206", 0x1000, 0xffff}, {&(0x7f00000012c0)="b0a6b5088d42ceba28d4c084fc525cff8ae7a71339c89710b3fa1addf20150b6078f8738c664386060026906862e6c77272b34b7eb9d68fbd14a402eef90be5bfc4191dd085c8ca6a9312a7b8d1113d42af00857ee6f6827880819be9a5cb01cf8864e0d016ab670e797a915fee027ce1b3a0ab9", 0x74, 0x7}, {&(0x7f0000001340)="20873f08f5317d2b0db4bc1004039cb4027e0bfee2530bf172eec91d60c9bbea58c3ac51605dcab8eb9ae7e57ee02a3e35b34dba48e96de0ec14e66c69651ff96152c22b8f6c651f72ed4facfd56fa8b9bca1b49a377416c8dc2ad08c201e2841738b2176fc7ddf4c9f8835db303a1f1c65023985dd63eeda62bec87b813ac711da2e729d4fd9db7d18dfa5480658b9751838dd6c7281a123b295889bb518fe1c644bef4407028a8de4b9777cefe2316c84df48444deb8f00b3d414cd49a77a0a91827c52a1328fe1c84021d538b479df44d2dcdac55829ab974170f7dc3ee6daa6d51f678b631fcf6217f864a618246ddec8a0119ae238cf8035a225e52c68ff8dd2bf4107b20149b0843c942518d5b0e457b2208c842493f5dc08090255ef4a0bbdfaee4450a4999539db032b468e556fbac9cf5c57aadc923fcf863e9ca854c0e11e0496eefcaa53718c41283d96a5d8c0ee9b51b0fdd6d90e21c0ab05a5c5e4b6c61f2807c770ae29ee0d703bc1cd44b354dd1611d880fac6af8b71ab7353770e7e102f52ebf1fc1f80a1f4c997ef3e60faea705e789a3d14f6cfb3f00484c2b1416807cbf00459a017d440c0b20c5fd938c8796a57c2616f51803283feeac9a546a850ba442b378d997a4f00465a4624bcfc4a81a7c3a9f8b77827d93086d0b78a27e530a8a28fb43d1375284726afcca51815f5e4536beb88f39447b6038de3d4109a8365c525c3cba8261bbcc16274aa21b3cb0d8ff38703e9a8c92bb4a9f04d71e4a591f519bea662ac14fd982b2ceb4d9d44e623808bcc4383acd2780b3abc9957b1487af33da6ddffb93df832c35e0fc8478a868c277f0e59e2ef9f19c95031a33461c922aa1e71fa7655ddb694a4fb4fd72ee66d3fffeaa92ed14df809d95ab9b190923f692e8d8e258ede8842a2fcb6fd51ad4052d626f3f46fbd0b5119e1b0c255976f27d4dc3f5cb9c136775b88ec1e84cc3f2a2c37e2691235878140353648a6e74aa73a91ba519063ecf33b240c3f84b6da00092aa516221078b8c1fcd615feb0935f30bdd0d15e58cfae13fca996546b48084fe23c7334ab729f00ac2a9083c90ce36878d5d5a43ad2d63821fc199429994a81054f90164e43ded75b6443acc5d0156c3cae2298609786db02ca1e5139469aa6829182ff946d4a8476a0ad14483b78f0625bb80ab130bb5c578b9070c8a095639bfa58b8cbdaf20455c1d9813b1ab8cb94273fa3c3e6dbe9dcb5d7c857a52aa310c7d9c0518bb182e94be470b41038431b2137844108c1d925b2548e32c20eef5d1a367a4fbfa65749ebb3a7b52ecca40e648a9a388df9fc6b92aea92ea590e87fd1d5229e780c867380a39f32f61d37ac73b43656f8ec5e56471ed991bdea22bc3d2da517625b135a76e83170c66aa20df44d05507163a3325b4eb03bc59a1ef4bdd566111a01162bc8a99aae0b5fdc90b2fe7f9474ab578a068262e5385e63ab0cd4b07de0197e88ec3044dba732b4d01585fa6c7300db11dd1c0746be879d8415eeb9792811aeb04372b0d0ed83ae2baae8b99f6102629a6c94f07033c47c94ba01bb989514cbe6eae155a68c6c3d89a7a72a1b307513c810cf5974c21ea2746d52e44dc4244dde7257cce2164b8d4f35b561eb7e770f103e2207f14fdc8bd6c803af9f7bc56b30d70acf716068dcef16583ebd030da62f81664a23ec9ddafdf14429a401de2baf900477cbc8c412e2f637b2e9331cf7c64abf89fc72e607d0db44f23e60c2471817e7a1090adc77b0d1bbfc3d6a1557ca57d89581d3ac91a5f2540a10b19b5553f4a0e62f539a764e416796ac98658a023a5d65d9d83797cf09d5240715c4e09dc2bd79bd8c62e01dfcad389d611b3d7ac860e72edba05d69e647a66325350db127dbccaaa5ff456e55643779273c1e584697de08d93d75eaaeef842c2e61be8d3ae05e0d539c3d426a6e4c8e6ecd46c7f08f0afee11d717d29cdf56dfa07d0880bbd85299a2e5b40a705c38bd4af3717ecd381137cbcce2ec22559cf3602edafcd426a436a304ed78ec2b4e04ac81ce6c157c37006d3f4c737df1409af175377f902a154eca832022d9518008ffbbad177685c1cf66be4dabcc6893eaab5f633babb73aa34c60139085f860af039f8096c961a7307fa3991f74bfbabd3c15f337dff8db45e77aaf6308c8c880aae06e8029ddf8bb04c1a482374060ea91ed91aa5d9806be70fd40b73302c1cf3742b27acac4f27a7bf2f2d4ba1b49af87465b462f9e1ad898dae51b6eb9827d6c877590fd8078234b4e3f333cb85418a3d57d6f1e145e958b5ce38d92e7408d785ebc50fadd5866bc7373a271aec2ca7dd5622f8455aa221a5ed9703143a687ed529ad94130443a127a2712f507eebad835f7a8aada47e972ae869078bc4bad198ad4a34cdc29e07d6c508e94a5b49f516bf07d8270e5fec345dac6e61ea548ec2df6437428763738f2c9f6511e2ec24cdca3d39445a626883bb1a901eb207a5a9d62455c2acc386c09cc93cb7ff01c06b6adf043c178aebd4d95fea26090ea989e0d0a9b8136a5229759c4a5a309e66264d96fc7a69985fd32f007fd65d491b90e513da3fd5f351fee0bf40756e9cef3a8c331f5da55a041f7ff0d947ef1ea0504ebd8d087bc54a2b2390a5b10c49c32c1c7c09e5f76b1cab03356aca681da7144f922467bb1e20f074c80e0d2589cdb813be72795b61f95be533d75fb84d37e5581e83ef6436528f1fd3deb9875fad7c86517960bdaa32f69607e556c9a617bbdba61268a68dac1d1587489ba7f32c9015d83a92cb263a35292f6725c8ca173bdebf96d315ff7d6db1877a53cfd46c5f5aeb21cc7c1191decfc39528adb78b6be5b700ba57d72f26a28d4ff9ede80a83499376c00616f3d5a82b9bf19839d9ed423c26d7bc2e5ee09c112f0e3fa8260d01d9d34b1cf012843ba321525ab08a1107b50f4897600434adebc70914f7ff11c49fcf5dea1ac95327f90ed6706ec6d743f8d939c0bd443da1674cd4e3c2d00f83ccbd0accca4cf521542d324906e7ca141f19d971b7b736f336a960d9013c703ef56ba4c3a22e050bf8083a1a290de8efc06ac1a0f321287920d59bfaa0c1ad99cb08759cedb400d0c6cf76e16e1814d5862980e2f26f16e9c9c36aa843e37f82dd8768520f437a45eea5cca47f8918552586002936fd717f404a435270a76d6ed6f4f18537956af4c4aba4cc4ea9860ceefe26002d49444fef1414044b3adad66054a528fef2078fba0914a4cf70a7dd8e51496e1dfdb8de9165f74b9d5088f52a5335279862bc8d0a730952be6af571392c6aae808f3f2390c5044e8f8e444e30f959baffe3cf5f4e0a7900ba91d5362a527c1160db562c64a0fde830ca31b64824e0c4ac822d8d9b9d45e39d4cc0d02d74c0751ef3b2816bae5dd0af3d356100997371d18ae647730d06a9f4a21194093541a815a11eb45c6d66c709638a1bff1e002ba51291295268b4aaaaf1105b16d3843ae718e7a18687cbb0a49a3480df7c20ec0fad725c54942b885f582301b7354286730fc84243ebdb566237acd6d7aee1722282d2b546a002908a560f7be2c65927e7b6a53ed37e230469bb3fd7764fbbd04313df4c2545edba2bf71680f8d90b32d50c079ed855b107d15f968008212c7f984316e835c73eb152d93f388bfd692494f61434076e42edbf1db5d09305988c405f4f02b8c962cbc9eb640b5efb5120ea16964c9f37f8611b4deb68bcea588305367381c8664937b22e1c7ddd2fd10f238d2e3ebc99ccfe09aa5e9ab37881c097a33f65a2ce090e5ab034ea605930e3860638c21e7c220ea90676a163671f5c6178c907c322ddc58de0a772f538eecd6fd2c40866375c778aaa84dd0821905e77dc4a4bcec8c0d2a86eae539ab8fde8933690a905c56d3cb4df87187d6c08e4a4780bb04a7e05f4545b176d31a94fe4935afbf38ad29aa36227efca84685346ebe8977c0e4a5f912c8e80b600f732ae3f6a0da90f8ffe219d9b89e408512b1a764f41f64494fa3080f9b4cc16185a536d19c267328919af58c038162d7d82a0ba0ffae8efbc2a8197451aa4dec915b5c5849f3e16dccdbe06a4c1d46004245022f1a65055b3ecb7d1c32b79c9f6486680ce1514e7cfa1d6983b1336d112477971d01a28a1c5ec8b590f1b97b71e27125fc6c6d03ab71c888caf0e75e3ba1420c7455576cc878ceca07e4c9103df788027c7a53db8c10b1e8fcf96ffa7d5fd8b4f8d605f95bc1af9c44b7ab251d896bf423a5da5ea2c99700fddcfbeed1e3acf73797e13b60c6f61eec663904dbf042e85b32c581da1351f67ee77167b41c4e4f734745e6c4f8d35a48282f69e08a34a5fd39a1e03d9fb042b510f603231e3324ba1b6523d3b185d89c0ad31194ad7ae1a4e8195d22feb6c682dc09c6af78a8cd63fcf09073519a3f5683c2adc76a56a676f4ece5712b0843cc72c90f49aa958d9a4c0c483f486f9b51d25caad6b36f95c3a808ea616bbbe17785333aae665e0b9a7b64adc167104afc7739f344a36ec6f96142196f4a3ab991edfbe9d4f9a67619ec98f99ad82d673f0aa5d6144eafe476d91f4aec4f8a82a9be6f97b6c628dc6ab497d93f1f8cd3c9c3d741f78e511187dcc1ce962aa249422e62e2ae3a92e5281a00073f33ae42044c820081df1b0c5ac4b8c8fd81b18685577d7076d0b75975ecaff8afb66c2f00f516c4f6a0f34c7bb3cea85c8c717d0395f9b183e572b269a1f58d6c4aca362c9b4aa19201a8678ec5abc17aa77cd2d10d92a9d223f8c1615fedc03e8144fc78f9b0235badc2dd7d23359eb91e88bcbe522b0833fbd8152feeb4d08b6a3dd02cd8d3d982748e8b2d75dd044822624953ef13e1bd875bd48ae20d513a0474cb7dc34695bf549c2fa7c0ee8d3e5c5d9c4d7dd911cb6eae0ec6a7ef3ddb1763af0b3b3be87a3056fec00dce05c675b897b45c50a5185950deffdbdf7a89b8cda6b5605b0ffc3d2f35bdbb0313d45c891085fd31e8666e256f132a66de2c5ee0323bfba9d4c41f5f8f51951eac7907bc7833ebaabea1c4ec9062b2318141cb4bb96a4e68ba67fed334d4c9c73b08609f692970f09423ce55eb2380ac2a690b29b635afba163beed9965744009856044bc713288a1b843ff8e0ff6f000c8870c569390b126d9a140c53f427e0c7d48f78c2e3e9616440aafd3524c209fa978d79d0e5edbc0c9367a1d64fd0cef2703bacf3e122dbf6f7b69849a69399b1b6cdfafe542701a88f3769ffbda3402f50f0caf7a7868af50e6722002b985161dfd89cb3200f2aa17b22152503b28c6068e45b3021d44b84920fbef14bcc560d4d3510096a1006265988ef148707c540e64599442be89a09755a48c9b12269c57ae5a78587bff0758bd5351ed05543d6286718712037e57ecd6b96797cea8eb884a66ffb82d8c2bf0d51a9626a82fd1dd1cb4ef478d9e61e8190db3ee96ba3065a9534692c00b2e72275e0dcc7e54e42540b556ce498916951ced302b0584c3fcb04464f1496290cfaa04b53a4b838fd8d3af74ac1b67b883e526d8140a31f8f7e40be79b8faae570433f778e8f36a6587080a7c66de9f40f105190b77455e3b3d3a72d98f2bc46ef89f1e270e52551459329fcc0ce6d1d3cb87f9cb5eaa647eb194ec43f157a9e5a3d0459f2361370b8067955a064c185e9d54384414b78318caa6b58708f5adcdf8219beb6629d19e30b07f64f97df1c4aeb45c79f6945900455b101608717d5a5e128af08a9fafa721d882f4", 0x1000, 0x9}, {&(0x7f0000002340)="fbc5c0921eed8c1623ad5b205fae236a56874aef552d3d3e2357d37dda185e30a83d4afd86d59e720355d3e9e35bb0c698faec7e7763e3a5ba665ee9185648e4f3062ec37ba1353d90678e6c5688b15d2597ce05c546877d793bbf55cbd0e731ae05d53a79c9d9f361992971e3871287424a07de28f01ea9e7e9a88ed2265a1f1af9951dd471b1bf402c21f5db2ecb9b714f77ddb43f88028601194649adf17f1d960e5fdd841f9cd8d71e546ce7d7dbeef23f72380d2956d02c52bcea8fa00569622d5bce98f9387a48c358abc63e2a8715e2aaf454779a96aae4eba584916a417fffdb", 0xe4, 0x80000001}], 0x4001, &(0x7f0000002740)={[{@quota='quota'}, {@umask={'umask', 0x3d, 0x80000000}}, {@discard='discard'}, {@resize='resize'}, {@nointegrity='nointegrity'}, {@gid={'gid'}}, {@umask={'umask', 0x3d, 0x401}}], [{@context={'context', 0x3d, 'root'}}, {@fsmagic={'fsmagic', 0x3d, 0x4}}, {@measure='measure'}, {@pcr={'pcr', 0x3d, 0x1f}}, {@smackfsdef={'smackfsdef', 0x3d, '/dev/dri/card#\x00'}}, {@obj_user={'obj_user', 0x3d, '\'^*bdev'}}]}) mount$9p_tcp(&(0x7f0000000000)='127.0.0.1\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='9p\x00', 0x129f461, &(0x7f00000001c0)={'trans=tcp,', {'port', 0x3d, 0x4e23}, 0x2c, {[{@debug={'debug', 0x3d, 0x2}}, {@fscache='fscache'}, {@cache_mmap='cache=mmap'}, {@msize={'msize', 0x3d, 0x4}}], [{@uid_eq={'uid', 0x3d, r4}}, {@fsuuid={'fsuuid', 0x3d, {[0x0, 0x63, 0x57, 0x34, 0x35, 0x55, 0x35, 0x39], 0x2d, [0x32, 0x35, 0x63, 0x66], 0x2d, [0x63, 0x35, 0x37, 0x37], 0x2d, [0x64, 0x66, 0x36, 0x61], 0x2d, [0x64, 0x38, 0x61, 0x32, 0x66, 0x38, 0x37, 0x63]}}}, {@subj_type={'subj_type', 0x3d, 'ppp1#cgroup\''}}, {@fowner_eq={'fowner', 0x3d, r6}}]}}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r8, 0x0, 0x400) [ 2686.059183] Process accounting resumed [ 2686.181974] audit: type=1800 audit(1588638888.054:288): pid=26942 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16531 res=0 [ 2686.220455] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock [ 2686.243203] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2686.256412] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2686.289028] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2686.318926] Process accounting resumed [ 2686.360412] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2686.392891] Process accounting resumed 00:34:50 executing program 3: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() wait4(0x0, 0x0, 0x80000002, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xab, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 00:34:50 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff00a) 00:34:50 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x40000000002, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r1, 0x1, 0x19, &(0x7f0000000100)='batadv0\x00', 0x10) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000140)=ANY=[], 0x4240a2a0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) connect$inet(r4, &(0x7f0000000180)={0x2, 0x0, @multicast1}, 0x10) splice(r3, 0x0, r4, 0x0, 0x1ffeb, 0x0) r5 = fcntl$dupfd(0xffffffffffffffff, 0x406, r3) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) r6 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r6, 0x0, 0x400) [ 2688.597868] audit: type=1804 audit(1588638890.464:289): pid=26962 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1384/bus" dev="sda1" ino=16432 res=1 00:34:50 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0xf) 00:34:50 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c370400000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2688.707521] audit: type=1800 audit(1588638890.574:290): pid=26971 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=16645 res=0 [ 2688.734434] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock 00:34:50 executing program 0: r0 = open(&(0x7f0000000080)='./bus\x00', 0x1410c2, 0x0) ftruncate(r0, 0x88001) write$P9_RXATTRCREATE(r0, &(0x7f0000000040)={0x3ba}, 0x7) r1 = socket(0x11, 0x3, 0x0) setsockopt$packet_buf(r1, 0x107, 0xf, &(0x7f0000000280)="a933fb23", 0x4) bind(r1, &(0x7f0000000180)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0xffffffff00b) [ 2688.764667] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 2688.805359] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 2688.813532] Process accounting resumed [ 2688.833630] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 overlaps superblock [ 2688.868067] audit: type=1804 audit(1588638890.734:291): pid=26981 uid=0 auid=0 ses=4 subj=system_u:system_r:kernel_t:s0 op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir187076671/syzkaller.vDXwRA/1385/bus" dev="sda1" ino=16432 res=1 [ 2688.877243] Process accounting resumed 00:34:50 executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x1070c0, 0x0) syz_mount_image$minix(&(0x7f0000000140)='minix\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2, &(0x7f0000000000)=[{&(0x7f0000000040)="600084e002000a0000000001000000c98f13", 0x12, 0x400}, {&(0x7f0000000880)="ee9f84a43eccaf1315bb397d00c1b6dd820dd13916181dba620938cb30f1c21afe3d926298b25834e890092d642cafe5db21ba9494fcbcf66079b722e73be3a8708a3624250f9f59fbbe942997c6c1e83a34e5779e8a4f40fdb6ffe59ffe4903500d3cd8c8f3ed19ad176daf94cf7fcaf2922f8aab3becc60c8d39ddf43cd6d2e9301da3caa35719f25a83478559e0e891dcb756ee22964d03f37561f5797490a0b93506482822075ba96db35a440d046e44eb4a79986b518281609003b6fae04a18be9a83ce7efa2ab80f75c90d78f0b4179d674376db1f7ae8745641adcde0d245722744bcea2fac9445014ee2293985119573ffcc0c22eb0769de1e9e5db53aa3378a4426503010a7c6247265838211527a0132ccf883ee08a6ea1a785e47ce16663f1c744af49200d5f3bc326e7d9089a5f17d0ad05f06e48c205f9b6d087ba7d3b6745e65700c009572a65b4bfbf6687821bc723b61b5abe7357e68a9b0640bfb9c01000080000000000e840ecf379c576c05757d44b19de0e2aa364c42156219a72cc943a60f0410891ed134f35f5fe6b4cf3abbcb984436322358a7c9393724860d87253981f9e79dbeb789577ead0ede31e19a2b114a0e4d82b3e1023dd28b6382e67e3246d2912e55cf9928da32c1027cef7c6c610ea8fce149a7af20224b4e028601936ef9a78d80ff5567084ec128766e822d6124186d82e760128dd7de2653939d353c12f96deff3a28b022c784bd37df7f76640bcbcb01a4676d58b3e9c2baae66230e5f54a37527e8129d161b0c06f25648c55a7e5b2db528053c3e3864f41728b7935e575568ad114eb8c811bd89e07a398babbc64fbeab842688554783ed1551949a791e33799e59a34b6bdabc3458c379c735198292e5a272187449249d2c8a9aa58f3835a3e1716083bb04e4cbe140d1587a21e4ec2ae1f3ad81134df55903ffb8e173646352915a2c706709cf46538978224c0d6dc437cbfc37abfbd1b76feb5ca3aeb1ac8cbd40d5ba896f79ee8f76b0809f59b86862648774d2ace98b825e7a465b5dd80e491965971e7797aba3968441c77717a24ca41efb160c030cfc8e73872540ef4e5aecb0de86dd2a75bee61a9303a332233ff5a259b078a6", 0x326, 0x34f9}], 0x0, 0x0) acct(&(0x7f0000000480)='./file0\x00') umount2(&(0x7f0000000500)='./file0\x00', 0x10) [ 2688.917774] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue [ 2688.990282] ================================================================== [ 2688.998241] BUG: KASAN: use-after-free in get_block+0x11e1/0x1300 [ 2689.004522] Write of size 2 at addr ffff88821293b7b8 by task syz-executor.1/6587 [ 2689.012066] [ 2689.013714] CPU: 0 PID: 6587 Comm: syz-executor.1 Not tainted 4.19.120-syzkaller #0 [ 2689.021520] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2689.030912] Call Trace: [ 2689.033551] dump_stack+0x188/0x20d 00:34:50 executing program 5: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) r0 = gettid() pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x4240a2a0) r2 = perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000300)='cgroup.controllers\x00', 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000017c0)={r3, 0xc0, &(0x7f0000001700)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000015c0)=0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000380), 0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=0x5}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000440)={0xffffffffffffffff, r2, 0x0, 0x9, &(0x7f0000000300)='selinux:\x00', r4}, 0x30) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000140)={r0, r1, 0x0, 0x1, &(0x7f0000000000)='\x00', r4}, 0x30) r5 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r5, &(0x7f000099e000)={0x2, 0x4e20, @multicast1}, 0x10) wait4(0x0, 0x0, 0x1, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)="0f34", 0x2}], 0x1, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) process_vm_writev(0x0, &(0x7f0000000080)=[{0x0}, {0x0}, {&(0x7f00000001c0)=""/1, 0x1}], 0x3, 0x0, 0x0, 0x0) tkill(r0, 0x15) write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0xe7, &(0x7f0000000480)="f71559c80aa4cefd3b79e76a039acbd61caef13fff703cc78e402a21c67dbe3ec9ee6c2a3b818b0000000009eb2b5c9a61000039dfad3ec35ca3dfaa6d0e35475ace78a33eb2b7fcfdd45d247a877bbcdd0307b91e8e05257ee498343d11310dda51e11dc0d92d614498a96fd09b90c0b306ef4fcd32316c48f327739494cfd766e8741d9783e4dc2a1cccb48f7d11a12e7714d3b2ab3f7e145069c031dff4e03cebb733218d3f00c1505b36dae61f9430afbad35132ad1172403fa3de92466d47fa032032453d60b2a1c1080000000000000095c32dd6fb7092e7a73ceffe3f8c450343d34abd"}}], 0x1c) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) [ 2689.037212] ? get_block+0x11e1/0x1300 [ 2689.045040] print_address_description.cold+0x7c/0x212 [ 2689.050344] ? get_block+0x11e1/0x1300 [ 2689.054253] kasan_report.cold+0x88/0x2b9 [ 2689.058431] get_block+0x11e1/0x1300 [ 2689.062174] ? block_to_path.isra.0+0x300/0x300 [ 2689.066876] ? lock_downgrade+0x740/0x740 [ 2689.071046] minix_get_block+0xe5/0x110 [ 2689.075043] __block_write_begin_int+0x480/0x17a0 [ 2689.079925] ? minix_rename+0x8c0/0x8c0 [ 2689.083927] ? __breadahead_gfp+0xf0/0xf0 [ 2689.088095] ? pagecache_get_page+0x1b3/0xb20 00:34:50 executing program 4: sendmsg$NL80211_CMD_SET_REG(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="a8003ef3", @ANYRES16, @ANYBLOB="00042dbd7000fddbdf251a0000001c00228008000700020000000800010009000000080002000300000005009200010000001c0022800800040021c10000080003007d000000080003000800000008009a00020000004c0022800800040028000000080005000400000008000700010000000800030001000000084fcd971fdcd15cf93b0007000500000008000500b66800000800050001"], 0xa8}}, 0x0) r0 = socket$unix(0x1, 0x5, 0x0) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) sendmsg$AUDIT_GET(0xffffffffffffffff, &(0x7f00000001c0)={&(0x7f0000000040), 0xc, 0x0}, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x23, &(0x7f0000000240)=[{&(0x7f00000000c0)="800000003804000019000300e60100006c380400000000000100000001000000004000000040000080000000000000006d5ebe5a0000ffff53ef", 0x4db, 0x400}], 0x4801, 0x0) [ 2689.092644] ? wait_for_stable_page+0x124/0x3b0 [ 2689.097341] ? minix_rename+0x8c0/0x8c0 [ 2689.101330] block_write_begin+0x58/0x2e0 [ 2689.105483] minix_write_begin+0x35/0xe0 [ 2689.109546] generic_perform_write+0x1f8/0x4d0 [ 2689.114224] ? page_endio+0x950/0x950 [ 2689.118027] ? current_time+0x140/0x140 [ 2689.122111] ? lock_acquire+0x170/0x400 [ 2689.126189] __generic_file_write_iter+0x24c/0x610 [ 2689.131183] generic_file_write_iter+0x37f/0x729 [ 2689.135944] ? mark_held_locks+0xf0/0xf0 [ 2689.140009] __vfs_write+0x512/0x760 [ 2689.143744] ? kernel_read+0x110/0x110 [ 2689.147664] ? lock_acquire+0x170/0x400 [ 2689.151649] ? do_acct_process+0xebd/0x10e0 [ 2689.156867] __kernel_write+0x109/0x370 [ 2689.160839] do_acct_process+0xcd8/0x10e0 [ 2689.164979] ? acct_on+0x760/0x760 [ 2689.168510] ? find_held_lock+0x2d/0x110 [ 2689.172656] ? lock_downgrade+0x740/0x740 [ 2689.176808] acct_pin_kill+0x29/0xf0 [ 2689.180536] pin_kill+0x17a/0x7e0 [ 2689.183987] ? lock_downgrade+0x740/0x740 [ 2689.188145] ? pin_insert+0x50/0x50 [ 2689.191780] ? finish_wait+0x260/0x260 [ 2689.195675] ? mnt_pin_kill+0x6c/0x1c0 [ 2689.199570] ? check_preemption_disabled+0x41/0x280 [ 2689.204583] ? mnt_pin_kill+0x6c/0x1c0 [ 2689.208513] mnt_pin_kill+0x6c/0x1c0 [ 2689.212236] cleanup_mnt+0x116/0x150 [ 2689.215951] task_work_run+0x13f/0x1b0 [ 2689.219869] exit_to_usermode_loop+0x25a/0x2b0 [ 2689.224481] do_syscall_64+0x538/0x620 [ 2689.228405] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2689.233621] RIP: 0033:0x45f257 [ 2689.236804] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 8f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2689.259777] RSP: 002b:00007ffd3d5bb578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2689.267493] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045f257 [ 2689.274767] RDX: 0000000000402ff8 RSI: 0000000000000002 RDI: 00007ffd3d5bb620 [ 2689.282063] RBP: 0000000000000f65 R08: 0000000000000000 R09: 000000000000000c [ 2689.289341] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffd3d5bc6b0 [ 2689.296627] R13: 0000000001779940 R14: 0000000000000000 R15: 00007ffd3d5bc6b0 [ 2689.303946] [ 2689.305623] The buggy address belongs to the page: [ 2689.310686] page:ffffea00084a4ec0 count:0 mapcount:0 mapping:0000000000000000 index:0x1 [ 2689.318822] flags: 0x57ffe0000000000() [ 2689.322713] raw: 057ffe0000000000 ffffea00084cf348 ffffea00084a4fc8 0000000000000000 [ 2689.330603] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 2689.338501] page dumped because: kasan: bad access detected [ 2689.344292] [ 2689.345931] Memory state around the buggy address: [ 2689.350866] ffff88821293b680: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2689.358230] ffff88821293b700: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2689.365584] >ffff88821293b780: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2689.372945] ^ [ 2689.378126] ffff88821293b800: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2689.385478] ffff88821293b880: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 2689.392833] ================================================================== [ 2689.400181] Disabling lock debugging due to kernel taint [ 2689.407814] Kernel panic - not syncing: panic_on_warn set ... [ 2689.407814] [ 2689.415209] CPU: 0 PID: 6587 Comm: syz-executor.1 Tainted: G B 4.19.120-syzkaller #0 [ 2689.424397] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 2689.433847] Call Trace: [ 2689.436470] dump_stack+0x188/0x20d [ 2689.440138] panic+0x26a/0x50e 00:34:51 executing program 2: r0 = open(&(0x7f0000000180)='./bus\x00', 0x151042, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) lstat(&(0x7f0000000000)='./bus\x00', &(0x7f0000000040)) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f00000005c0)='/proc/sysvipc/sem\x00', 0x0, 0x0) sendfile(r0, r3, 0x0, 0x400) [ 2689.443338] ? __warn_printk+0xf3/0xf3 [ 2689.447281] ? preempt_schedule_common+0x4a/0xc0 [ 2689.452049] ? get_block+0x11e1/0x1300 [ 2689.455955] ? ___preempt_schedule+0x16/0x18 [ 2689.460373] ? trace_hardirqs_on+0x55/0x210 [ 2689.464709] ? get_block+0x11e1/0x1300 [ 2689.468612] kasan_end_report+0x43/0x49 [ 2689.472598] kasan_report.cold+0xa4/0x2b9 [ 2689.476766] get_block+0x11e1/0x1300 [ 2689.480502] ? block_to_path.isra.0+0x300/0x300 [ 2689.485192] ? lock_downgrade+0x740/0x740 [ 2689.489354] minix_get_block+0xe5/0x110 [ 2689.493339] __block_write_begin_int+0x480/0x17a0 [ 2689.498194] ? minix_rename+0x8c0/0x8c0 [ 2689.502965] ? __breadahead_gfp+0xf0/0xf0 [ 2689.507125] ? pagecache_get_page+0x1b3/0xb20 [ 2689.511635] ? wait_for_stable_page+0x124/0x3b0 [ 2689.516314] ? minix_rename+0x8c0/0x8c0 [ 2689.520308] block_write_begin+0x58/0x2e0 [ 2689.524475] minix_write_begin+0x35/0xe0 [ 2689.528557] generic_perform_write+0x1f8/0x4d0 [ 2689.533165] ? page_endio+0x950/0x950 [ 2689.536982] ? current_time+0x140/0x140 [ 2689.540972] ? lock_acquire+0x170/0x400 [ 2689.544951] __generic_file_write_iter+0x24c/0x610 [ 2689.549894] generic_file_write_iter+0x37f/0x729 [ 2689.554670] ? mark_held_locks+0xf0/0xf0 [ 2689.558752] __vfs_write+0x512/0x760 [ 2689.562469] ? kernel_read+0x110/0x110 [ 2689.566370] ? lock_acquire+0x170/0x400 [ 2689.570364] ? do_acct_process+0xebd/0x10e0 [ 2689.574693] __kernel_write+0x109/0x370 [ 2689.578761] do_acct_process+0xcd8/0x10e0 [ 2689.582940] ? acct_on+0x760/0x760 [ 2689.586478] ? find_held_lock+0x2d/0x110 [ 2689.590539] ? lock_downgrade+0x740/0x740 [ 2689.594688] acct_pin_kill+0x29/0xf0 [ 2689.598401] pin_kill+0x17a/0x7e0 [ 2689.601856] ? lock_downgrade+0x740/0x740 [ 2689.606009] ? pin_insert+0x50/0x50 [ 2689.609641] ? finish_wait+0x260/0x260 [ 2689.613530] ? mnt_pin_kill+0x6c/0x1c0 [ 2689.617416] ? check_preemption_disabled+0x41/0x280 [ 2689.622444] ? mnt_pin_kill+0x6c/0x1c0 [ 2689.626340] mnt_pin_kill+0x6c/0x1c0 [ 2689.630052] cleanup_mnt+0x116/0x150 [ 2689.634405] task_work_run+0x13f/0x1b0 [ 2689.638293] exit_to_usermode_loop+0x25a/0x2b0 [ 2689.642886] do_syscall_64+0x538/0x620 [ 2689.646870] entry_SYSCALL_64_after_hwframe+0x49/0xbe [ 2689.652070] RIP: 0033:0x45f257 [ 2689.655277] Code: 64 89 04 25 d0 02 00 00 58 5f ff d0 48 89 c7 e8 8f be ff ff 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 01 f0 ff ff 0f 83 ad 8c fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 2689.674375] RSP: 002b:00007ffd3d5bb578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 2689.682138] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000000045f257 [ 2689.689420] RDX: 0000000000402ff8 RSI: 0000000000000002 RDI: 00007ffd3d5bb620 [ 2689.696693] RBP: 0000000000000f65 R08: 0000000000000000 R09: 000000000000000c [ 2689.704485] R10: 0000000000000005 R11: 0000000000000246 R12: 00007ffd3d5bc6b0 [ 2689.712188] R13: 0000000001779940 R14: 0000000000000000 R15: 00007ffd3d5bc6b0 [ 2689.720762] Kernel Offset: disabled [ 2689.725202] Rebooting in 86400 seconds..